Analysis Overview
SHA256
6668bc4691a6691ad316b338a5829e7de3612765c50ebe4e63344bf177332721
Threat Level: Known bad
The file New Text Document.txt was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: SetClipboardViewer
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies registry class
NTFS ADS
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 16:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 16:26
Reported
2024-05-25 16:30
Platform
win10-20240404-en
Max time kernel
219s
Max time network
216s
Command Line
Signatures
Lumma Stealer
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Insomnia.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.0.879002232\1864441663" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {298fe8ef-23aa-4164-a5a4-e5fa0ebd1d06} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 1764 1b3c1bb6b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.1.1602092645\1497421186" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a18fb154-bdd6-4fef-9c90-2414dc29aa6a} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 2120 1b3b696f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.2.1093486964\2073790665" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2828 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18ea10e-dfd9-426c-b759-51149263bdb3} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 2712 1b3c5a9f458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.3.139370399\1247811031" -childID 2 -isForBrowser -prefsHandle 3456 -prefMapHandle 3452 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089b125f-a1d1-428c-9d75-a6a370bc1699} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 3468 1b3c6812858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.4.994785636\1387813223" -childID 3 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18399ab2-6e40-4805-9896-ab767b456a10} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 3972 1b3c41dfe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.5.1673545831\902324264" -childID 4 -isForBrowser -prefsHandle 4516 -prefMapHandle 4500 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {658f3958-c1e0-4c23-8138-fe27a3d0bad3} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 4552 1b3c41e0458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.6.109747258\1223570093" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eb10e55-32e5-4f54-b389-b88d09e74de9} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 4900 1b3c7ccce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.7.830854621\1679214566" -childID 6 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f434e6f1-2b41-4003-9a75-76f70ec9e6eb} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 5080 1b3c7ef2458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.8.1361581615\1145923346" -childID 7 -isForBrowser -prefsHandle 5484 -prefMapHandle 5504 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04581c3d-5f95-45a8-9d8d-57a878c90217} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 5516 1b3b695be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.9.1026752147\1997710702" -childID 8 -isForBrowser -prefsHandle 5644 -prefMapHandle 5640 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffd17a7-2118-4df3-96ca-8cbfc7a3101b} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 5768 1b3c9873858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1376.10.857247456\1359565228" -childID 9 -isForBrowser -prefsHandle 4920 -prefMapHandle 4488 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7629da-6bf1-4209-80c6-4f9cac8b58f3} 1376 "\\.\pipe\gecko-crash-server-pipe.1376" 3752 1b3c78d3558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Insomnia\Themes\Insomnia.json
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49793 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.111.230.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49799 | tcp | |
| US | 8.8.8.8:53 | insomniahack.fun | udp |
| US | 172.67.164.63:443 | insomniahack.fun | tcp |
| US | 8.8.8.8:53 | insomniahack.fun | udp |
| US | 8.8.8.8:53 | insomniahack.fun | udp |
| US | 8.8.8.8:53 | 63.164.67.172.in-addr.arpa | udp |
| US | 172.67.164.63:443 | insomniahack.fun | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 172.67.164.63:443 | insomniahack.fun | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 8.8.8.8:53 | 80.32.21.104.in-addr.arpa | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | 202.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.62.21.104.in-addr.arpa | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | 3.71.21.104.in-addr.arpa | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | 81.85.21.104.in-addr.arpa | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | 197.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.197.67.172.in-addr.arpa | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | 87.55.21.104.in-addr.arpa | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\abbc7540-50c5-4783-8cfa-e568e0d978a4
| MD5 | 30510b02e99c62f8cf2cb9fc329e0593 |
| SHA1 | 51f00e28bb2e32c943f376b0bcc48a1ad68bf96e |
| SHA256 | 14da09cea431d67fa6bcf37e885d61d3a1eab97bb9a3ee408d8d6a5dfcdea873 |
| SHA512 | 4c05c1fb6651ff7616fcd3275a2adbb73b965c63b8adad2b0c0cca6f58748d91f9836dbece8a2ab8d6674ec29695fa77dd1000034c79a64bc8ef9fac32f429e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\b2342834-33bc-4dcd-bb8e-3a251471d157
| MD5 | 95eaca144ba4ee867fdf1a5126e3f6a1 |
| SHA1 | cb9c102eee71913adda4a0a6f176e3c9ec48323a |
| SHA256 | 31d7c4d16ebd5c876a0c0b6ec52bfdb1e209cb9b28dc8e1100f9f469efa6a2e8 |
| SHA512 | a5ec6ab5cf9ed398025b070c641cabe85374023f30e165e59f7b03e0b49cf694c916e5f258f2f6393a8b29279cad53f8e5d33401ae75d10110a1d348ebcaebbd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 0e02fe88f7e951adb6a05114461e6f36 |
| SHA1 | f90b30df8ca363d1562cad7cb1e70eb036653676 |
| SHA256 | 432c6b7f51e4ee12fbe5451d9d1e31af349110b7105b0628cce53615f2415a03 |
| SHA512 | 690840fb3c18cb1dcb96a59524d7249726a272e1fb0b2ab875413c0ad9ac2cc58688bb92fb53afb8b49141c0e3955fd197e15c8f47489ff3abff1eeb4b07a256 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 86a095355036624a389abf02117afc56 |
| SHA1 | b4f3c72ef947e2ee02176ee4e726e451ac974308 |
| SHA256 | 2caa183b5cf94ec8b2035d303b0e6f15de8a43e11bb3db3609088c26a7f36733 |
| SHA512 | 4e915d71c31c4caa5df98204e1275c25f24b29dad9061d6afcb03e5cd91d82931214b1d99a4911a6c85b035f1619ba5ace0e3bdd204c3bfbc5eb75ce5fda0c67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 637e42544bf4e4e5c858d87fceb302a2 |
| SHA1 | 1d747ea0d89437cd39d02c76ed70df3b7c505ee1 |
| SHA256 | 5a519846989ec4eed303d9fe8b5554410b502177bb6b4199c6cf25290a4913c2 |
| SHA512 | bde691d8015773707c4445155ba1ad419033c335bb11ca325b9c249e8aed83fefd096bab28806213ad368508e2a5be362c4a5a8038dae40246a8bf0a246cb8cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | c9bda9a9c86979d093c0b92ed2ce2c88 |
| SHA1 | 7fedf8956b6a50969529ed56a7bbdcc71d683336 |
| SHA256 | 6c105230842b332b3e67edb0accedd65e58cfc2e5b698a282fa607d8a3892183 |
| SHA512 | f5e5152283f1dd9f82a74d66491acfef293857e877a137e249bded670bcbcb9a5eabb1ba994fe3e378b2321e54d507b9cacc9f1cee62618139236ae62297ac81 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\16FC9DCFDAE3F84629A75E7FC24C2D2BD5E10A6A
| MD5 | b50ba5d642824c12fad56aa46b02ccb4 |
| SHA1 | 1eaf2656f32ac8a4eed8b2feaed2bc524a5f69af |
| SHA256 | f32d0851ce5fb9b4bd23dc057158670bc059cb9c49466d3a36a43e936441b8f4 |
| SHA512 | 4a406a0b465697afd2e2d71b8aeba799367b670ee0fc2df25816e2f8d687fdeeab279da5b2516467f7d288425cc444a84328884b0196e76143ca9c1dc99a5e75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 439d98f1b9629a4ce41ba6da687d9492 |
| SHA1 | c61e838cd19d107607a370c16b545385a83361fc |
| SHA256 | fbc489e8d6c2a0e5b760525bff150d588a56f3a45ee3cca4e92612687e024481 |
| SHA512 | 86380221701541bf54a5f170963342889430e9e9d7c2b27c56555ea4139839e44dbd7bda397ddcc36522fd3ca6cb93f97463078d4050b11b6a381def02bc3e37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d27780968cda22d3d849fa8e23d3cdf8 |
| SHA1 | 8b237b126027826cac12f6947dc085824a1d6616 |
| SHA256 | aea3efe91b7faf7604dea7f2ac70948a9fdd7495311d8b8c4d505073339d0d20 |
| SHA512 | 812d2feac1df82736a2d16b6bf3a938c129a40788154d5fe47391a6160b5400788ca3c41711d14201421f1db2ea63bad59a83f2dfed09df5db9411a6e097a0c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 3bc240d2cc7e4e957823d233a23e2584 |
| SHA1 | 7c8f81f2b1c26fb1c96cc43a7528ad554dc10a78 |
| SHA256 | da90b7dcb8febabde63d0dc30e91baa31a83c4ff516ab94205b306a312c19a3c |
| SHA512 | ac4537ee5b8b25f232eb2b7dd89dfdeb48d66cf6dd86dc8ac61c26fa9174ab4d1227db44b56f23604833618c43ba7914128fedf9750fa0e839eac10782d25163 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 73e45e4fdf02cfd9ee940374c1c7529a |
| SHA1 | 7cbdfc48f2318ec41b6368acfad4e54551c74680 |
| SHA256 | 791b354e89f6c7c96547295c87af8b3c6e1d3b1eb33e09db61c59541aded1b68 |
| SHA512 | 77b1efc8102a0ab7c8994eed09f4427d53c3e4e8056a98718ac83cefd5f6f275f058700c6e62b11748c1259a2bcb1136c63d9276c570ce5c38899c90b001181a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a5c6771eb3e74469c5867af85e346c6d |
| SHA1 | d48bc3f37099f126db890a84d89ea9b0772c63d6 |
| SHA256 | 4d5609f371089b18ad7926aba6901a01eda673e7643fd3bf3003e8effc76ed6e |
| SHA512 | 70b937121cece9d401ca43e9b7a48fea7d1f44c67fd267bb56372ac853c4b735afd88024369bbbb820f5e9ec244b9756ab09f546b41c5483a51945af87aacbe3 |
C:\Users\Admin\Downloads\Insomnia.XpE1jcZF.zip.part
| MD5 | feebd99c1391865bf83ff4d5ee6559c3 |
| SHA1 | c527f1e92dcf14dc1905b659b0cae3c305be2e20 |
| SHA256 | 6280581909b1e41fe0130ed982b8cceca1ccc4f16d293983790a0497c2f2a24e |
| SHA512 | 790fe81dbc88e7284447de6caa0c776434922301dc96f5147be3d9b14640660a0de9e057f47d86d0d6b7801d6693ceb06ee73a4a670c7ce91dfb681bad12b001 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eac10ddcbe016fcfa76ee64ef45fe72d |
| SHA1 | d0c050c826bd7857035c7e6c20e57b0bfcd248db |
| SHA256 | 2fededbf236aa4c6b202f07ed55592eb8f8a64594fddd7952cc67d569cca893d |
| SHA512 | bbe14511ca66a30cc1314fc71688d1e5704ca5d71b6674a9989bbae57f4d946ed2eeae5b880ae01f1a536bd0c0990f1a7a2b713076870bf5172bc2abb33053e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7c91e45f5ecad99885347c36d2b52806 |
| SHA1 | e0720cd8f17c0d7467f1db5efca300d0700fe892 |
| SHA256 | c4161a2d1791d2a722a94ee66d2d62ea784956b0f1eefdbf4fc64212a41848b3 |
| SHA512 | 49d96add42cd5b5a2e6436080e1546e66f9ddbe23c295102e7d50db7cadd425f1397a7c43bc7c78148f4c5ae6618b918d92a96e76b1b3b0f862b9132005f8dd9 |
memory/3132-489-0x0000000000180000-0x0000000000181000-memory.dmp
memory/3132-491-0x0000000000180000-0x0000000000181000-memory.dmp
memory/5004-490-0x0000000000400000-0x0000000000454000-memory.dmp
memory/5004-492-0x0000000000400000-0x0000000000454000-memory.dmp
memory/444-495-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/2432-499-0x0000000000E30000-0x0000000000E31000-memory.dmp
memory/3164-503-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/4804-507-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2832-511-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/2704-516-0x0000000000090000-0x0000000000091000-memory.dmp
memory/2832-538-0x0000000000680000-0x0000000000681000-memory.dmp
memory/5288-562-0x0000000000810000-0x0000000000811000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 5e418b84f110e68561b58323fb3ff238 |
| SHA1 | c641317cd3cb259b4738a0940a852880f35a75b1 |
| SHA256 | 05d9f1d4c528407a53245288d8cf2a752db6a398675f710a4398569b1241c8d7 |
| SHA512 | 2461ce3a31b8d771ab4ba978b05d9dadde3ca477aad7f38118ff65407b2b8d8178235382978b82d6d3ac85697f4afeea217c1556d92e41a797d3bdee4fd63de1 |
memory/5352-560-0x0000000000630000-0x0000000000631000-memory.dmp
memory/5324-557-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/5240-553-0x00000000000C0000-0x00000000000C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 357fb8260fcacb513dae5fd704990192 |
| SHA1 | 31d72dccf9572789ed104ff2558bc41541298013 |
| SHA256 | e53ee6d1e697cc655fff6e368627f59e33ed993e3634536175928354ffff2276 |
| SHA512 | 629f374c5f7dca969bf2db1d86965ef36922d33769e6d8f572fd417f04198511e006a4a5e466b330b1073ec03ade3df107f458127160e13589968b0d8f3da0e9 |
memory/5152-540-0x0000000000710000-0x0000000000711000-memory.dmp
memory/4196-533-0x0000000000A40000-0x0000000000A41000-memory.dmp
memory/4804-529-0x0000000000400000-0x0000000000401000-memory.dmp
memory/1852-520-0x0000000000FB0000-0x0000000000FB1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\MMC\taskschd
| MD5 | 9048685615ad760b4f9b63d376161515 |
| SHA1 | a4a6ce977bcbfe363fefe07fa799a8887c49287a |
| SHA256 | 15ef6191e18d72a490c3ccb3d4845cd253c0d727690d7fb3b96bd7e5da7c1db8 |
| SHA512 | 7058423ae9b7b0a106057dd51e5158dae395a3dbfd46fe59e8744877723edcc953a5cee77500f86efaf71fa3e81071da0b086a81a4d1cbea8a65c4f6275b2e20 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mmc.exe.log
| MD5 | ca52aa53b6dc75b565896128eed64ae4 |
| SHA1 | 2348a96b879c03a785e56379abfec1fb9bdbb6ac |
| SHA256 | 3b47c96e926dc843f5b52e8d88ab3fa80f4d4689f217c5e8e07ccd7d26ef005c |
| SHA512 | 653ab06fb2a81fd297a438aa22f0eccaea78a500d360d94fa62b2a75075b47263f76eb0ddc4494591c80a4f5d8e5ece38734290924ca47ca0b692a3be7d69a94 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 16:26
Reported
2024-05-25 16:30
Platform
win11-20240508-en
Max time kernel
219s
Max time network
221s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3408 set thread context of 3812 | N/A | C:\Users\Admin\Desktop\Insomnia\Insomnia.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2180 set thread context of 1528 | N/A | C:\Users\Admin\Desktop\Insomnia\Insomnia.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3420 set thread context of 2984 | N/A | C:\Users\Admin\Desktop\Insomnia\Insomnia.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611280115553255" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Insomnia.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\New Text Document.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd1a41ab58,0x7ffd1a41ab68,0x7ffd1a41ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4212 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4320 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4668 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4796 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4204 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4984 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4580 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Insomnia\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia\Insomnia.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 --field-trial-handle=1792,i,7263183575409038588,3504952571908664731,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.164.63:443 | insomniahack.fun | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.164.63:443 | insomniahack.fun | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 63.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.2.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 172.67.220.163:443 | averageaattractiionsl.shop | tcp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| GB | 184.28.176.104:443 | tcp | |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 13.69.116.104:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 13.107.246.64:443 | fp-afd-nocache-ccp.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| SE | 184.31.15.242:443 | ow1.res.office365.com | tcp |
Files
\??\pipe\crashpad_5000_LUKYQXXQBPVJEXLK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d5bfcf09fa59f194f9b5f0f5d979b66c |
| SHA1 | 7354b00523dfdd73cdbf1a2d48985d608195096a |
| SHA256 | 098fff0b58a1bc730747bdfdbd1a064a5c68cb2067d0fc329f64606ba5da1b4d |
| SHA512 | 74518effb7b18d6c5bb02fa00bef13b951de45b6f7c78c0aa512c88c206f75371d02850ce3eacd5fcaaf37ac66835590bc5e7483d77afe20c888a8f297e2c207 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b05154d1fd6b1ec1168b464975514a61 |
| SHA1 | ec9a43b1766ca6d3f61beccc0bc548e5b72960da |
| SHA256 | bb2efcc1cef43ee53a169a3a60bdfc6555661939b62d2d4716909a069d489fdf |
| SHA512 | 843d187de77218b5da7c3b32fd00389b3e4caf6bd84553c4ffed56799cbe88a943bbdd9bdf7be74daef0d6fa5e733a1e4ed53804087df90d311ade94b2901c90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 02ec1a40c5d9c889979622e7c16eefd3 |
| SHA1 | 9a3f0e323b8481d495cfe42b74a675ed587e2942 |
| SHA256 | d9f559fa78212964e3c65843fe8bd8180afa8ddd1bd92681abdac00b27766280 |
| SHA512 | 28f76ddefb710d040a51571c494fe5c194a48d343a17900ea27a7903f4d5b7f6fb4e111de47b710f2178add761cb65ed3ecab56b62e2ac63d5436a981120c195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 292c845e341503e96c44993ea372cb31 |
| SHA1 | e6f1b91b5b48773091dac0db452f7d19d2848723 |
| SHA256 | c010bf136d36858be8f5cfd25f7c778ed15eb61b5869c02b666a3a2cf39da844 |
| SHA512 | dfdf336d397bb0c1d3bdc61b4a7a222fd5b2d14ae4142b95f87c6a130c0a1f9f8ffd113ac59550f5290c346259a48f88dfbd3dc6a44b88f4107ce99c88a596f7 |
C:\Users\Admin\Downloads\Insomnia.zip.crdownload
| MD5 | a67c705eb6ebe78918678e9ad7e5c61f |
| SHA1 | 1078470a5c7d96336587b9837ca9f8791cf31ac7 |
| SHA256 | fcb17657f70564e9c12bc1c210b95c298dbcb19cd676e71a13ce605e9620a6ff |
| SHA512 | c739c3ef4f559411da20d715ce98a09277ac6727218f6e725c2f3d0a6706bdae34bfae67ea61925033dac67a28bef4398a530650b0126f87744978f18b4d680d |
C:\Users\Admin\Downloads\Insomnia.zip:Zone.Identifier
| MD5 | 554ac16a605d13af6ac3a04975b4a1d9 |
| SHA1 | 7e99d00d3f9ce8e7aa8ecef81c71f8919338c846 |
| SHA256 | d244f2b0db336125253e6937cd0b5e5e0dd879f517c700ff9bd0ce54ebb777c8 |
| SHA512 | 7d2b11e1bc606c462e850e9276877686456e9e759d080ae7d716bf406a33f505bc83be6f17ce9745975dbd6c8550ac893d58bbeb0b5420dd533e52d1f96d12ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1da9d020a74e6ed2a31c28aa27d2082c |
| SHA1 | ccdf7027554356c30cd38fbc6526f12e260910d5 |
| SHA256 | 7248675f7dd3558d6f76f3d5b123e8b7169262e76373437fe2a17370d46d3087 |
| SHA512 | 6da9030e719541218022a16ff2fc45869311e3e8fa3937a9b7b1bbc4a9db527642d7bba0240dd61cd5c1f8847f0723cfb7285268c1e2e8e52fb989d65cd1533d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 37d59f546d7cb6a5bdce1f10a7dab21d |
| SHA1 | 6798bd8e46644885a219e0f62743e4e86bffb9f8 |
| SHA256 | 956dfcce79a5b4eaebabac32a9c9438bf77348a185df8c5641615f51a4953007 |
| SHA512 | e97db2b708c6bb2afee6db71605e221faadcafe5a314d5643a7dc7d561f33ea287cd3eac6510c7ea74c4a4b257b803e0f36b2921f7c998a6bb78b7099eecd04a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 426862f897632690c766a0c468caae2d |
| SHA1 | fce7606d72d1241eb37b7c486c70a71c6fdcffe8 |
| SHA256 | fc382e2cfa5243f00a29cbbe5bc7cc24d54408dd9dcb2ae4843620d8f85f2557 |
| SHA512 | 6a80a2e65885b95860c76640b1fda2f855d702b14b4b153faf0e2bf0232354e56f42aa807c59950a99d023d7a5286763eb9dbd299da66655af683e9e7f2805e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4cdf4fa4ecae99b0100ef5b5b9d7f92e |
| SHA1 | db63baf9827358a3f1aa504022d9d494d354a9b7 |
| SHA256 | e895c096c5d62e7992fc686265ef4874b0bb3a827f4d24091b2c8c2f7e9faf61 |
| SHA512 | 96e5db1d70425eb89c107185bf58cd076a19232ce5ac8031ac1d43b27efca2cced7c0be4892e5515d394035fcb975952cb5d359b87a7fa21a8d5b67d52b51d89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580318.TMP
| MD5 | 3a942e07bf0bf9bbbe6b37d8c10a0d20 |
| SHA1 | b9d11e87b4abf368b61a4daef84206b45d179a17 |
| SHA256 | bf99ddb8e594b3c96daf99788ba1cf94a72629f3f2866349814a725300a2663a |
| SHA512 | f09b73864a048aa42fef01166c884a3c198981b81c439c133dbb44e65f451a8bd5eaa949e7dbfaa630e986adf39e998feba29b3c88ef2078465d529a7829c3c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49a77ac98205df6be3c416c9a9f81ca7 |
| SHA1 | 8dab04d1a18b8e379c55afb9fff2ac3ae29c56a2 |
| SHA256 | 8aa81801ef16af32037857089bb8982b88e34e840b471e169277fa0bf6ff5d20 |
| SHA512 | 9ef08fd7440db5635dc1c64f45a915c282a3b1c32768683357a42f5da1132e4ec07ffc8a8a294578e70bad31b5c70342663606dc449a91b843c366cb268d5a66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | efb5dadb0afd086c284915954695c1f8 |
| SHA1 | 3cc7b841e2ee36b3c9bdd4647a9f8be4c38a7cf6 |
| SHA256 | f67d5af64f638ff7c4ba54b04bb884d5e86f0032a5b51ff8b79b0ad81c7df757 |
| SHA512 | 5374dce5a64f4ae64892e44e039e138a5ead2065aefa23bdd28e9241fe3c4902fd794f5e7ac0e8bab4b9727d5468403d528b93db579f4ed632814c149c4d8656 |
memory/3408-177-0x0000000000740000-0x0000000000741000-memory.dmp
memory/3408-179-0x0000000000740000-0x0000000000741000-memory.dmp
memory/3812-178-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3812-180-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2180-183-0x00000000009B0000-0x00000000009B1000-memory.dmp
memory/3420-187-0x0000000001010000-0x0000000001011000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 870940ef6e7f614fea177569c33f4333 |
| SHA1 | a9548044247fca35ee3bced2b9fa948bc79216a6 |
| SHA256 | cb9bbd57dfd43d3828ed51022f423b52a16b352908a89348755bf65cec84278c |
| SHA512 | eaab1ddbeca17a1098f264971206007e869ee4e4e604f862ea28c96730b1c335a3efcad75260fce29725539d120466be982e30907c3dd13e506bb518e3fb094a |