Analysis Overview
Threat Level: Likely malicious
The file https://file.io/fEWto2hrZPok was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Themida packer
Checks whether UAC is enabled
Writes to the Master Boot Record (MBR)
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
NTFS ADS
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 16:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 16:27
Reported
2024-06-16 16:32
Platform
win10-20240404-de
Max time kernel
283s
Max time network
285s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630290865485392" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3611" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 9000310000000000d058d18310005448454d49447e312e305f520000740009000400efbed058af83d058d1832e0000003fac01000000080000000000000000000000000000001d41d6005400680065006d006900640061005f007800330032005f007800360034005f00760033002e0030002e0034002e0030005f00520065007000610063006b006500640000001c000000 | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7547db2d0ac0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1694" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "122" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3699" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{3A1D64DF-C89D-4FAB-A734-FD7F2F68C6DB} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "648" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "321" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3" | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Themida_x32_x64_v3.0.4.0_Repacked.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://file.io/fEWto2hrZPok"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.0.456095056\183796661" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69d37d3a-ed41-4246-a785-1dfdb68e5685} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 1764 1a2cf8ce258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.1.659335164\207256087" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da518727-b4b8-410d-a1c9-21a144a13755} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2120 1a2c4872258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.2.776133665\1686335531" -childID 1 -isForBrowser -prefsHandle 2656 -prefMapHandle 2788 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a264e0aa-3caf-48ad-9f2a-1f28a0584675} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2684 1a2cf85ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.3.369668541\705015257" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3400 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6b1bc4f-08f9-4138-a9a3-3a036ab42077} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3452 1a2c486ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.4.1616530708\282712781" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c045ed8-084e-48f3-a713-cb6ccc4bc81d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4200 1a2d58adb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.5.940163582\825776445" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4820 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c974dae5-36a8-4580-a0b2-93712759c045} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4836 1a2d6044658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.6.107650641\386046970" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {617706fb-4118-4978-aba9-8f6164db9bcd} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4964 1a2d6637558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.7.1879411051\1327639729" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f6d1a4-9762-4d7b-8038-122b7ef7a0fa} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5164 1a2d663a558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.8.844555288\120142238" -childID 7 -isForBrowser -prefsHandle 5032 -prefMapHandle 5388 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aafb6dfb-2d28-4e82-a299-55e6fbce619c} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5536 1a2d780a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.9.1729937139\400894989" -childID 8 -isForBrowser -prefsHandle 9680 -prefMapHandle 9684 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dae362ee-1c48-424b-9497-b6b15ff81c35} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9672 1a2d7fb6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.10.563993512\1089456400" -childID 9 -isForBrowser -prefsHandle 9040 -prefMapHandle 9052 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb34e3ea-b4c8-4c40-910b-8090a6845a44} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3488 1a2d6022558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.11.836434496\1013520959" -parentBuildID 20221007134813 -prefsHandle 8908 -prefMapHandle 9040 -prefsLen 26464 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acb694db-3613-45e7-b8a5-8bbcb587389d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8876 1a2d72f1958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.12.1945353421\1180524167" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9188 -prefMapHandle 8896 -prefsLen 26464 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c0f5faf-5e2a-4262-b76b-761dfa1e56ab} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8832 1a2d72f1658 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.13.376712276\1312352645" -childID 10 -isForBrowser -prefsHandle 8588 -prefMapHandle 8696 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32c724ec-95e6-46a3-be36-629d5142889b} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8576 1a2d458d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.14.1742034339\1038768812" -childID 11 -isForBrowser -prefsHandle 8352 -prefMapHandle 8348 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d70a58-b4ab-42dc-9e44-3c23642950d1} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8364 1a2d780ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.15.95905660\1372755915" -childID 12 -isForBrowser -prefsHandle 8384 -prefMapHandle 8280 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e8f366-9343-443b-9405-787d4d457842} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8188 1a2d9daa958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.16.164408489\1730769102" -childID 13 -isForBrowser -prefsHandle 8204 -prefMapHandle 7964 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f270856f-a82c-437b-9ca2-7f66e63a0e50} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8216 1a2da26c658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.17.2128971531\927668264" -childID 14 -isForBrowser -prefsHandle 8248 -prefMapHandle 8244 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30d9ee2-f062-4aad-9d2e-87c55f102216} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7948 1a2da26bd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.18.217909128\112151227" -childID 15 -isForBrowser -prefsHandle 7968 -prefMapHandle 7956 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0d31fa-1898-44d8-b238-2a2a18e06bef} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7836 1a2da26cf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.19.1441239982\924365580" -childID 16 -isForBrowser -prefsHandle 7268 -prefMapHandle 7264 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74944497-e346-41a2-b26c-28d22d44f170} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7284 1a2daae2658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.20.1288210307\846770643" -childID 17 -isForBrowser -prefsHandle 4560 -prefMapHandle 4596 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42b4bef3-e085-47ad-a0b5-288eb4dd1ebb} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7292 1a2d22b7558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.21.2062598956\1020096291" -childID 18 -isForBrowser -prefsHandle 7396 -prefMapHandle 6900 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc3e0663-855d-4a24-85a7-865764f5eada} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6876 1a2da31bd58 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.22.1254577574\464377914" -childID 19 -isForBrowser -prefsHandle 6608 -prefMapHandle 6604 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06e70f3-a030-4c0e-96c2-9b41b190b1ea} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6624 1a2d4109158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.23.1664219326\1721124832" -childID 20 -isForBrowser -prefsHandle 6620 -prefMapHandle 6616 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24fe00a7-7962-4faa-a36f-edaac344ec73} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7288 1a2d4109a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.24.1004782750\1232701846" -childID 21 -isForBrowser -prefsHandle 7564 -prefMapHandle 6732 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a92ca7d-5c82-4466-913a-b0c3c7214fb6} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7112 1a2d410a358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.25.1183511128\410703583" -childID 22 -isForBrowser -prefsHandle 7964 -prefMapHandle 7420 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f8a70d9-0173-412d-a269-ec17bb79850d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6620 1a2da536e58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Themida_x32_x64_v3.0.4.0_Repacked.rar"
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe"
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.26.66283982\1723047125" -childID 23 -isForBrowser -prefsHandle 8632 -prefMapHandle 9412 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25f9e75-1469-4e03-bf53-3f746b5a8348} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5844 1a2d6638158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.27.1223018639\1133571087" -childID 24 -isForBrowser -prefsHandle 4880 -prefMapHandle 4896 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {001cb870-a272-4155-8a8e-7047f282d4e0} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4872 1a2d41e6558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9fe139758,0x7ff9fe139768,0x7ff9fe139778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x64,0x68,0x6c,0x244,0x70,0x7ff64d2b7688,0x7ff64d2b7698,0x7ff64d2b76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3840 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3032 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1784,i,8837714469934870470,12333665424192067068,131072 /prefetch:8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe
"C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| BE | 2.17.107.186:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| AT | 3.161.119.14:443 | www.file.io | tcp |
| AT | 3.161.119.14:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| AT | 13.32.1.186:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 14.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.11.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.22.66.18.in-addr.arpa | udp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | polyfill.io | udp |
| US | 104.18.51.3:443 | polyfill.io | tcp |
| US | 104.18.51.3:443 | polyfill.io | tcp |
| US | 8.8.8.8:53 | 186.1.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| AT | 3.161.119.14:443 | www.file.io | tcp |
| AT | 3.161.119.14:443 | www.file.io | tcp |
| DE | 172.217.18.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| DE | 172.217.18.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 151.101.129.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 151.101.129.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| AT | 13.32.1.186:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.46.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 142.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 2.18.27.86:443 | assets.msn.com | tcp |
| US | 2.18.27.86:443 | assets.msn.com | tcp |
| US | 2.18.27.86:443 | assets.msn.com | tcp |
| US | 2.18.27.86:443 | assets.msn.com | tcp |
| US | 20.189.173.4:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.4:443 | browser.events.data.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | 86.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:50366 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:50372 | tcp | |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | file.io | udp |
| AT | 3.161.119.14:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| GB | 143.244.38.136:443 | vmhb.b-cdn.net | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 151.101.129.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 142.250.185.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| DE | 142.250.185.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| BE | 108.177.15.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| AT | 13.32.110.48:443 | cdn.exelator.com | tcp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| AT | 18.66.22.14:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| AT | 3.161.119.86:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | e4536.g.akamaiedge.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 23.53.174.156:443 | e4536.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | 130.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.22.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | convex-rr.global.dual.dotomi.weighted.com.akadns.net | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | convex-rr.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| GB | 195.181.164.20:443 | load77.exelator.com | tcp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 184.73.159.40:443 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.159.73.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| AT | 18.66.16.134:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| US | 104.18.43.178:443 | elb.the-ozone-project.com | tcp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| IE | 54.228.28.223:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| FR | 164.132.25.176:443 | euw2.smartadserver.com | tcp |
| FR | 164.132.25.176:443 | euw2.smartadserver.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| FR | 185.255.84.150:443 | hb-api-fra02.omnitagjs.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.16.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.111.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2dec9d2da20085d8f624de871de4ea18.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| DE | 172.217.18.1:443 | 2dec9d2da20085d8f624de871de4ea18.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| GB | 2.21.185.247:443 | e11385.dscd.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| DE | 172.217.18.1:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 96.46.186.186:443 | track4.aniview.com | tcp |
| US | 8.8.8.8:53 | track-sc-was.aniview.com | udp |
| US | 2.18.27.73:443 | feed.avplayer.com | tcp |
| GB | 104.91.71.145:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | track-sc-was.aniview.com | udp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | 1.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.185.21.2.in-addr.arpa | udp |
| DE | 142.250.185.97:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.185.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| FR | 143.244.56.50:443 | cdn1.vntsm.com | tcp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 8.8.8.8:53 | 97.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 2.21.185.247:443 | play.aniview.com | tcp |
| GB | 104.91.71.145:443 | content1.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 104.91.71.139:443 | player.aniview.com | tcp |
| GB | 104.91.71.139:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | go1sc.aniview.com | udp |
| US | 8.8.8.8:53 | go1sc.aniview.com | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.146.0.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 23.53.112.216:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | e6115.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | e6115.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| FR | 178.32.197.52:443 | ssbsync.smartadserver.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| IE | 34.248.176.147:443 | ap.lijit.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 44.218.252.27:443 | ssp.disqus.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| AT | 3.161.119.58:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.176.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.252.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| US | 8.8.8.8:53 | a-emea.rfihub.com.akadns.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | a-emea.rfihub.com.akadns.net | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| AT | 3.161.119.58:443 | api-2-0.spot.im | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 74.121.140.211:443 | pixel-origin.mathtag.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 208.93.169.131:443 | am1-direct-bgp.contextweb.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.213.189.168:443 | match.prod.bidr.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| DE | 35.156.10.230:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 23.46.73.76:443 | eus.rubiconproject.com | tcp |
| NL | 23.46.73.76:443 | eus.rubiconproject.com | tcp |
| US | 174.129.13.121:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 50.31.142.95:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 23.46.73.76:443 | eus.rubiconproject.com | tcp |
| NL | 23.46.73.76:443 | eus.rubiconproject.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.33.174.54.in-addr.arpa | udp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.189.213.52.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | 230.10.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| AT | 13.32.110.27:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.65.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.13.129.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 52.54.47.200:443 | qvdt3feo.com | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| DE | 142.250.185.227:443 | www.google.co.uk | tcp |
| DE | 142.250.185.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | zeta-ssp-385516103.us-east-1.elb.amazonaws.com | udp |
| DE | 142.250.185.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | zeta-ssp-385516103.us-east-1.elb.amazonaws.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 52.54.47.200:443 | qvdt3feo.com | tcp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| DE | 142.250.185.202:443 | imasdk.googleapis.com | udp |
| DE | 142.250.186.98:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.110.32.13.in-addr.arpa | udp |
| DE | 142.250.186.98:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.47.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | chidc2.outbrain.org | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | 98.186.250.142.in-addr.arpa | udp |
| NL | 81.17.55.108:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 67.1.166.69.in-addr.arpa | udp |
| DE | 142.250.184.198:443 | s0.2mdn.net | tcp |
| DE | 142.250.184.198:443 | s0.2mdn.net | tcp |
| DE | 142.250.184.198:443 | s0.2mdn.net | tcp |
| DE | 142.250.184.198:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | chidc2.outbrain.org | udp |
| US | 8.8.8.8:53 | imgsync-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com | udp |
| DE | 142.250.184.198:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | imgsync-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | sync-sc.aniview.com | udp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | sync-sc.aniview.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | 108.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid-server-perf-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | prebid-server-perf-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | 1.cpm.ak-is2.net | udp |
| DK | 37.157.3.26:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | 1.cpm.ak-is2.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | track-sc.avplayer.com | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | track-sc.avplayer.com | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 2.21.184.63:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.184.21.2.in-addr.arpa | udp |
| GB | 2.21.184.63:443 | hbx.media.net | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | tcp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | tcp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | tcp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| AE | 172.217.17.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| AE | 172.217.17.35:443 | csi.gstatic.com | tcp |
| AE | 172.217.17.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| AE | 172.217.17.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| AE | 172.217.17.35:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 35.17.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| FR | 164.132.25.176:443 | euw2.smartadserver.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | track-sc-was.aniview.com | udp |
| US | 8.8.8.8:53 | track-sc-was.aniview.com | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 69.173.156.150:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| DE | 3.78.111.63:443 | btlr-eu-central-1.sharethrough.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fn-instant-performance-mode.netlify.app | udp |
| DE | 3.72.140.173:443 | fn-instant-performance-mode.netlify.app | tcp |
| US | 8.8.8.8:53 | 173.140.72.3.in-addr.arpa | udp |
| DE | 3.72.140.173:443 | fn-instant-performance-mode.netlify.app | tcp |
| DE | 3.72.140.173:443 | fn-instant-performance-mode.netlify.app | tcp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| FR | 164.132.25.176:443 | euw2.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 52.89.130.134:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 52.89.130.134:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| NL | 145.40.97.66:443 | am6-prebid.a-mx.net | tcp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 69.173.156.150:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.89.52.in-addr.arpa | udp |
| DE | 142.250.185.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| DE | 18.184.231.156:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| DE | 142.250.185.194:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.231.184.18.in-addr.arpa | udp |
| AE | 172.217.17.35:443 | csi.gstatic.com | udp |
| AE | 172.217.17.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 23.220.113.164:443 | e11385.dscd.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 164.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| DE | 142.250.185.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 68.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.181.250.142.in-addr.arpa | udp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.185.250.142.in-addr.arpa | udp |
| DE | 142.250.185.174:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 174.185.250.142.in-addr.arpa | udp |
| DE | 142.250.186.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 110.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| DE | 142.250.185.142:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 142.185.250.142.in-addr.arpa | udp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | hexed.it | udp |
| US | 172.67.130.218:443 | hexed.it | tcp |
| US | 172.67.130.218:443 | hexed.it | tcp |
| US | 172.67.130.218:443 | hexed.it | udp |
| US | 8.8.8.8:53 | 218.130.67.172.in-addr.arpa | udp |
| US | 172.67.130.218:443 | hexed.it | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 142.250.185.202:443 | content-autofill.googleapis.com | tcp |
| DE | 142.250.185.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | fn-instant-performance-mode.netlify.app | udp |
| DE | 52.58.254.253:443 | fn-instant-performance-mode.netlify.app | tcp |
| US | 8.8.8.8:53 | 253.254.58.52.in-addr.arpa | udp |
| DE | 52.58.254.253:443 | fn-instant-performance-mode.netlify.app | tcp |
Files
memory/2324-16-0x00000207D6720000-0x00000207D6730000-memory.dmp
memory/2324-0-0x00000207D6620000-0x00000207D6630000-memory.dmp
memory/2324-35-0x00000207D3AD0000-0x00000207D3AD2000-memory.dmp
C:\Windows\INF\netsstpa.PNF
| MD5 | 01e21456e8000bab92907eec3b3aeea9 |
| SHA1 | 39b34fe438352f7b095e24c89968fca48b8ce11c |
| SHA256 | 35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f |
| SHA512 | 9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec |
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
memory/4400-70-0x000001A00B500000-0x000001A00B502000-memory.dmp
memory/4400-68-0x000001A00B3E0000-0x000001A00B3E2000-memory.dmp
memory/4400-65-0x000001A00B3B0000-0x000001A00B3B2000-memory.dmp
memory/3284-171-0x00000196443C0000-0x00000196443E0000-memory.dmp
memory/3284-176-0x0000019644650000-0x0000019644670000-memory.dmp
memory/2324-391-0x00000207DCD80000-0x00000207DCD81000-memory.dmp
memory/2324-390-0x00000207DCD70000-0x00000207DCD71000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G6E0IZ4E\favicon[1].ico
| MD5 | ed885416386e5d652b8a740a39d83190 |
| SHA1 | 21566c30c29f5bb3f3c837ff85220fd0cc90952e |
| SHA256 | 3f536bef77664cfc9422814bc241691947ea3a91fac3d62b0ccdaa086a8a5d6d |
| SHA512 | 7eb82e6a0d72afadb92148d0747c590b0cc3d959bba326ebc686f4652d4dd7e4699ec8e8a4152dc763a9d3a1efe933fb461ea3637058ec03e073f6caf5ea5d97 |
memory/4400-399-0x000001A01E9A0000-0x000001A01EAA0000-memory.dmp
memory/4400-415-0x000001A01EEA0000-0x000001A01EEC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SJQZ8MQQ\warmup[1].gif
| MD5 | 325472601571f31e1bf00674c368d335 |
| SHA1 | 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a |
| SHA256 | b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b |
| SHA512 | 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc |
memory/3284-458-0x00000196454C0000-0x00000196455C0000-memory.dmp
memory/3284-465-0x0000019655C00000-0x0000019655C20000-memory.dmp
memory/3284-477-0x00000196559E0000-0x0000019655A00000-memory.dmp
memory/3284-481-0x0000019655F00000-0x0000019656000000-memory.dmp
memory/3284-493-0x00000196566C0000-0x00000196566E0000-memory.dmp
memory/3284-498-0x0000019656780000-0x00000196567A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TAJNILJV\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ee60230362948a26d78145046a41ad8e |
| SHA1 | 0cc76f235b4d927517618d008432aed883d024ff |
| SHA256 | 2c37a816ea8145d0c08a2d1f409deec8f0b3e4f722a1d9b990640b0b4a718b59 |
| SHA512 | 3fb56a2e6e13c7d094f58cba2bcdaa241883de92cd931ce5e78e7f808b098fb15ad809e6ca4b61a9c3d9d7ae3a360f68b2278fae3b8780333e705cc863eb9a43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\83fd3adb-ab12-4ae8-9e95-d154971886e4
| MD5 | 5aa3600b1c759ae9bacfe1bb5f163dab |
| SHA1 | cceaf780318132a75d953d561dac281d3e5dce61 |
| SHA256 | 28442b74451f7889f0d2b8e264a8d8ce2b59a16f1bcd7e32b83f81a3ec21eabc |
| SHA512 | 39f70ed4cc8fb6dd1f3519dd712adf7dd0d57f32e0e23a9d3bfd72cf977defa97f72b52c24db9bb84b131fcaa6feb15445e7258875b175bbbacae56f9fc90797 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dbb71c8f-fa47-4e08-b4fb-771a32aa119f
| MD5 | 15c2f6a6d5beea5e8af1eb9e577fe0d9 |
| SHA1 | 09056e5adecf2c99335b7a1e4760c909174126ff |
| SHA256 | afabec44002cdf5d2ef7aaf012abe5f383c183ad9d0ad78d92cf6b3c0323448a |
| SHA512 | 178d8f6eca4a0a72d182e2d90090c5e3bb847ea4c3f6e68c267946fa79cca1f0eaebdb6fc3806d4de89cdcff294632cd0ea8d04ab68ff82a77001a57954ee084 |
memory/2324-591-0x00000207DEE00000-0x00000207DEF0C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | b1edfa44cb033336e325004791b64645 |
| SHA1 | 96956dea04368881ed40ba199277b214a36a000a |
| SHA256 | c03e4ab028daec79b1debc593e14a55c25e506abd9161e4d801b6f6fe54f26a8 |
| SHA512 | e5ba60b1a899c5fe78fd4c28b1428c3361b3ae30a31674e5655f95ab1f95dd6494c14d6ae30df4f9daa24a645829987f944d4971a42e5264062c491360c47fc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | abe25e948cb85b8206a1d45925c6212e |
| SHA1 | 98dd50956a9bcfea05b981cf324e094f080abd53 |
| SHA256 | 75bdebec8b37134abe50c3ef6e0e58c9e57ee49467d633b48e997ac2661c1821 |
| SHA512 | 6b7366b8c7fad5412fbeddaaed2976ce22734d3d8901149915e9eb37e785a0ab501f37ef0b391970c66f8a85b2e9ae68805442d5c93e9c32b05cc5901acff473 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | efd5f8a46ca5b689dda44838c2eb005e |
| SHA1 | 063bfc7357bd8aead4a053282a2caf883857fff7 |
| SHA256 | 4c6d9cb6224ec89facf3c912e2297c0a322a069384454bee484b807fa270b9d8 |
| SHA512 | b3677b923a84d25a3db34cd199fd5b9c73fcfc506a03fd8dc5151b6d61ef794fbeaa7929a1fa337d6397e4464c65179d6599f9c266d935172a4bc2be37bfc3e3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24693
| MD5 | 214ddd9f51cffc35919d7a96f15576b1 |
| SHA1 | e31ae119f327c8f55d963ff3dfa03a5e8394987c |
| SHA256 | de583f99f73df2a4909d49aefaf93f59a23f4043593c85c4a0403517ebec57cc |
| SHA512 | c919064206f8b36cc2a692e757177d36d601e212be0072aab66659137057e9e22853440dc5e8a48413870c957aa528e0638aeed2ec1ff828a73d02f70fbda454 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF776C5588C253F3EB.TMP
| MD5 | aa9a01705530f3df98cf1f8568b60463 |
| SHA1 | 37af8ae138489fa92489ba6ae8657a06fb24b170 |
| SHA256 | 82ada93f53daf610ac892b786f6eac5f3e6ff592e013075a74cc65d432de86e0 |
| SHA512 | 704cbddb7b0d4133fc47b56a474ee05e6983f9bed9c2d5eb21adeb41269cafa511bf2f5a057ed11b63fe265f67b15a5db82f0a81c878df7296103bac2685e791 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27185
| MD5 | 225acfc8b708b2138c43bf010e82869f |
| SHA1 | d75b392e6b54d9b958d5415c8a9da55118b402ec |
| SHA256 | b171831d3ea70b3498d16a7ab018ecbb8b6d3f18f3a8d0482138c9749f542a9e |
| SHA512 | 6107f4242c40d12973922fcd6015545ade7407b4fcfbcf06026abe444d33e61a188fceb46097c19892d024100e207a4cf739dedba87f8daf78f6927e94352d91 |
memory/2324-1334-0x00000207D5890000-0x00000207D5891000-memory.dmp
memory/2324-1338-0x00000207D3AC0000-0x00000207D3AC1000-memory.dmp
memory/2324-1331-0x00000207D58D0000-0x00000207D58D2000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FA2083489969D30038DCF1A73D2A1DE76CE5D9FC
| MD5 | 2b97054b2c04d4eae6e833a491f3ec76 |
| SHA1 | e23b81f805ab0d8fa5e784532218b23fbedef7ea |
| SHA256 | da986ae6981818e5c54c81b98ce79618866641cce234e3a2f5188a84866e3426 |
| SHA512 | 3366f394c2f4b47c9c1f1e6d1401eafeb1fc90cb0a15f02fd33c0865734b6dc11da0cf9e34b566e83afd68725efe300619404a5c7754db6ce13343105b4cb1c7 |
memory/2324-1389-0x00000207DEE00000-0x00000207DEF0C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a78b329ce66430424361eb8c6439031f |
| SHA1 | ad7548e2d21b4b0cd9436624fb5b5f1bf1cc5914 |
| SHA256 | 00afd32b502f13a53530397e7085e72cbba6e66dfe717339bfbe236add642de4 |
| SHA512 | 3f9e751d0d0f59022c687099d36cf4afd0288e7849edb986f65951ecc4725291a1f3220dbf412ec4762eff44f551a3b8c4096bb35c0b32d4214c5f3278b3a0cf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9B24426B14255724BB970821B06831453F3F2074
| MD5 | 6934248104ee9bda5145f2e33688245d |
| SHA1 | 8f0803d50bc29b35b9225d92b18f2a5eb378eca3 |
| SHA256 | a793adb1816cd9178d7796cc1d2948c1db8dec2f500d8ce482a9d49ee7f80245 |
| SHA512 | d33c3f6e46e4c0027f2b3693a329ec529fc488444245fcf99b5abac49c12543f8c4c65be8867a55cc143fd8d4cb6257515e62a0535788b2bed8f923d1959b092 |
memory/2324-1449-0x00000207DEE00000-0x00000207DEF0C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7069
| MD5 | 812066c7338373ead7eb8ee0e136c087 |
| SHA1 | 9456a403dfb90c12549ae6a11f13dd7b7858730b |
| SHA256 | 317a2505531d6a063b302a5dafb044e8d94d7c9c2c4c9b5b0227238be5bcaf5e |
| SHA512 | b36665b4f113b6df4bfb1ec122b93ccb0cb7a98d764a1ef4d77d3e3d395ccde81c7b99562e2b41d225d3c201ebcb52863eee9bccdc732b74ba58daab6837ffac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | d545f1d2dd9a76f5320d45e15ee5a29b |
| SHA1 | f4c91cb999d64fb0a48a2d2c1c95250293227d26 |
| SHA256 | 7e6324cfd3b5dae0f1d1f0bfc4a6729d2608f6bcee6de55959e679b90094a683 |
| SHA512 | 9312211df126ff28f89606c5abeb97776d936ac98625e133897740227a4fefe86b97ec879ce7b1afa0249233fc3b3c3bce1d0b53d16d3d1b3ea5493e6d4a61eb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 5958e213d4dcb5531c5bca3b9c6dea2d |
| SHA1 | e21bbba2d941185a17d4108a6d86a7b6524154e6 |
| SHA256 | 140a1fb67ba93ae7201e9cfa3bcc001214395ca547080c4a24fac681db6bd1cc |
| SHA512 | 90293643a37e573fbefac514296a12188bbe205508c88831c84d68a12dbd8f67da9d779f2b643984ce37a76407871252f2ca1ffc3355c4453f84dd30dd7c3905 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | e7720ca1c5ba2e9c5f554c54e5554819 |
| SHA1 | db6f84747c7c938c919d75c8eda3d556216e61e8 |
| SHA256 | 059ba88541207e63bb22a0b7d8a4b006c8ebb6712cabd234eabe1c9a3f8e9337 |
| SHA512 | 6281c6888235a8fb3e9fe42cadb5d73c7538f15ffb7d4a74eb6c77dcaf2ff9c31677836e98362a620359aeb0e4ecc8840fe407c1136bca29c573fe4dfe012cb9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 06661def7a639e3225abdd9921238733 |
| SHA1 | 02073404c055cb5470a329590bd7c5efa357f868 |
| SHA256 | 54b9a88b923c243bc703919330f0bad3fe798010dfc159d4d319c5730d08a5c8 |
| SHA512 | 18180732017d25c1fa0fc2d8a32d01a676b8d73bff8138e7fdfc5134528133d274ae99aa06a77b32766fb4334c1c235d6e82b5709113c3ed4b38a27d02d0e33a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C4B4B42BCB4DA663C4602824D78C87C313F5FD6E
| MD5 | e87e91e7d89ececfa2872cc659dec2e9 |
| SHA1 | 64386ce0b39ec853553266ad1ebfb4c58f5ed023 |
| SHA256 | d7f9c81e2b1d3bfc29fecfe5a781dd283aa03878c692106054ae38b2fdf24d6e |
| SHA512 | ff989b57c3edaf419bb3a2e048fecc6befeed05196a0bc100eac2ed476d45f8e3d851172bb5d464fc3c5e8b93bfe45eac5033d9fde81a60785737476d5cd889a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e3d900dfc2b243756cd860fe701cc7ec |
| SHA1 | a912c33ce59783b99121e92def02e9143767cdb9 |
| SHA256 | abfbc40024ce1872cccd45458e18f90fa0aa89cc88bf6790fe4c02864cbbc7aa |
| SHA512 | d1a8c0ced3571ed103aa33c81db48a9add172872979ae3e86224a5768b73c8ceb4597a1a656693f123e2b38d8ee9db389c6a91b4e658a48c0aeecbddf0e0fb61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 1da1106e19dd7fef59c779150c43841b |
| SHA1 | 20aab1b1cbcd8ca1171960c8e459c90e2fc0a004 |
| SHA256 | 258ebcbb0b42c4514e30a41a3e9b6ea54b7cc53459f4c916f6cb15da65d48117 |
| SHA512 | bf7c064c8c4b15f5593e8c752760fb0d46e18517b0cb8cae8f08af77f136e295928b2efc1057cd80af50713473b1da6b7a738eb523c9d1620846d0b45a3d6f4b |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\CBuilder\Unit1.ddp
| MD5 | 57f2b3b109407d3960a67d63f233edca |
| SHA1 | a8d2eb898525df24c20faad482700e787252f2cf |
| SHA256 | 8b69bbbd2d66c190368104ae96efce2329d3543372dbd7b89ec393068519526c |
| SHA512 | 68ce597ae8288e45e0d1b4aab2a0897a1cf20dbe74f0525b2bdf42f5aff3741ffa3b95f91c6b47f5d75c638e6f3c259a8d6d7d98327fa8ca18fd9bfcbd42ec65 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\StdAfx.h
| MD5 | d8f70756fa63b48d342c78b5696637c6 |
| SHA1 | e9184c387407eed091a3d69b0cf390e30a88e824 |
| SHA256 | 6d05d8fd8c979597d06351a0757d3e9feb68b746f81cc9237235df68555e0c0b |
| SHA512 | 162a54b745ae13d3c58622e2503d7f331e373db4b805dae5898023df5efb94cc130c2ea05fc1f8c71db9847fcbcd0ef2fee8c0cd7e478a55c56ee030207e2f86 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\StdAfx.cpp
| MD5 | 655e31044e0445feffe7a5431654759d |
| SHA1 | d010fcc7e53f1bb161cd8a8860a6ee11fbc6d2fe |
| SHA256 | e3ba7a5bb80289f2df81dd97ec6deefe6ea7f4deaaeac4f6fa74d9227877b336 |
| SHA512 | 4ec69dfcdb050a706c2ed964a8067c7ef8e676f5fc1d5b8ba37fb6d9e63661ae4b7e1c29407df39d78094dbf3c3716641a290b29f5a0041379a50fcaef7d3d4d |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\small.ico
| MD5 | 400a96dc12b5c76c8aa7d5f214333b07 |
| SHA1 | 7ed821ed1f16b673e1374ca922fd4dd1311208c4 |
| SHA256 | 39b71ad96ff7062d1f97c48475b1933b83b3e2e43a0f2e9d46e007238f8c9a26 |
| SHA512 | 9136cbcb0f6a907aaf4795c3dbf1ea8d450111c2bc23e39d6acd4f50e55030e730222db2a0825ae46aad1f1fbe22cdf8e72d9d9e2cb7983ffb131124b3b6ed0e |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.ico
| MD5 | ce88316e8b1c5dc5991d1b2682b4af93 |
| SHA1 | 756a3c177a7c9ebabe00d76208824dd139707435 |
| SHA256 | f4036cf01997162ee1728dd141957b37b1ba7d1f7c786a9764429803d96c459b |
| SHA512 | 0d425cff8265ed0fb4807872558c0d49a0e704a08b91c5e95e4caec323e0837b29ceb51ba238be789e7401192cee86c588062f0a6dc5d1565d331652248f713b |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.h
| MD5 | 059fd006cd016709382a8fd21a2067f1 |
| SHA1 | f2b7f4f4240f4949af8fcf6fa8ed2af101649fb3 |
| SHA256 | d1ca36fccfbc2850c88ea73ddcc3b1b55ce52ba54fa01658bea0fd8ca2a15df0 |
| SHA512 | 43a1410d24d65659e02a5fb3b9468aad9e339dfa6b1ba7f295a6dcb9f20454252e3350b025840461511e0bfcd0fe8e32550fad8505731d490cd68bfd4354053f |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.res
| MD5 | 19922f225c3014ca446e0325326c0068 |
| SHA1 | 025feba245179f2c147c097f02934cabc2cb4531 |
| SHA256 | 71a2e62811dbe3f22e5ada74408c0dc169a99e0da337d6e5bec510c94afcec88 |
| SHA512 | 1598e250522283ac11014107ca39cda835c84a104ede82f499b7f25114d433d74f679498d6e9ed30b51d643281940f386d9a9b48de2ca872b34efff8bd83f358 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.sln
| MD5 | c4bbcfe5b406731ab962766cce03047a |
| SHA1 | eed97d3b25f17c017c40f45b532ac8acf34cd6d2 |
| SHA256 | 126cfbe2503ebcc23b875b627d38f25f5ff65647bf0ea978c6dab52c5e2a2de0 |
| SHA512 | 5554729a57f8b1a3de5e9a2a3f1b4eb53bff5d8ea18537f04078367283396b7d39fe15e3f15126d34541c4064595d9e2b6f9a7c3cd297dfae1cbd22c0dacc92c |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.dsw
| MD5 | a675bc6625359e27740535f335484f96 |
| SHA1 | 1cd7e7b530f52dc5415e7a79bda580ca97966da8 |
| SHA256 | 75e13695fbcc5c68c9ddc3cec62bb503c57379be5bf4688aba16d8c13ce948a5 |
| SHA512 | 92a76aac68df7c9b29943a33d1eeffa4b3b70fe739c2dd7d8d896a9356f16619aa2416a2acd200c961f9915afa4e67952ddce8e74dfaa303c5b776b20629d947 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\vc_example.dsp
| MD5 | 743840db22036c0e8ba7715d00435daf |
| SHA1 | fa279c02b7650ec3954061cc5b2672aaaa3f90c2 |
| SHA256 | 567fdc866f0f5f6933933945a827094bea6aa2cdc3b1d1b0635b093b9d237e3e |
| SHA512 | c13d06eee652f47c953fa76d13662fec3c1ce0413bdf9d5760f1d2eda2f4c9a3314ceb98c63774bbd5f897687b048c94971fb09b2e4ffbf601c5e20bc3454cc3 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Functions\Project1_Icon.ico
| MD5 | b2bead7a8f94a1f60602c24134eb0918 |
| SHA1 | 1ce25697fa205e4cdb5f8ac5d64ee23a9bb6e183 |
| SHA256 | 825a023b7c300661918e9ea03cf5d508f27a6a9eb6e3770e9845cc17304c5bae |
| SHA512 | aab4227012349a4ee09b111f1f0fae2cfc5af41b6208d3697b006195ae0a4669f5772f3269ffab2a756798002b66175f39dd532e5faa9599f9fcfdd3443e8e07 |
C:\Users\Admin\AppData\Local\Temp\7zE85C7EFF8\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaSDK\Include\Delphi\CheckVirtualPC_Epilog.inc
| MD5 | 1b6927de492d864c686ee9339a07dc02 |
| SHA1 | 8ad9f7b6423cdc5af012ccd6dedcd5d660a3b80a |
| SHA256 | 3ab3b6919efe515076288307d0f0061e5d6d391bb9749d6427c97c49b728a919 |
| SHA512 | 336a600aa19e84cbc9d600b8e08a41f930bf571f8e5da4550e59212381001fc2bb0925107d34226eeffd557ab15b5b5aeb3b075b037b53b24ad3d362053b00d1 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida64.exe
| MD5 | 1a82ca1cefa8f8149e4863d12bffc208 |
| SHA1 | 0f3afb7c7a2a43a7d491d8470f93387f28726c57 |
| SHA256 | 6241962efc369ae229a335c6a9780c649d9fa9cb822f86cea04cd9ac0f9a6ae8 |
| SHA512 | 185a0e528fbe688c37f1e40e5491e8e1231179c8fc4c24ea443c7d77a90ce0956da7d4cf0104daa352ac2ffb871b0e37a9711492e6565f2b322b2389bf4f5748 |
memory/364-2263-0x0000000000A50000-0x0000000004A9A000-memory.dmp
memory/364-2264-0x0000000000A50000-0x0000000004A9A000-memory.dmp
memory/364-2265-0x0000000000A50000-0x0000000004A9A000-memory.dmp
memory/364-2266-0x0000000000A50000-0x0000000004A9A000-memory.dmp
memory/364-2267-0x0000000000A50000-0x0000000004A9A000-memory.dmp
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\WinlicenseSDK.dll
| MD5 | 89cf33cbe62f8b7c15d0cb47d3ae4ffd |
| SHA1 | 81ca15044476606cf5ef13a1372c6f5e06ba2eb2 |
| SHA256 | 9063dc5b7a3e57fc94b8b753e4aa869efcab683637776335f5723c4140a751e3 |
| SHA512 | b8e39e3d55482c707f54f491a11e7f9fbd9f5aca4439b9cdce164b595f0cccb176134d716bbc3f9e29acc856cf6351319769cf3dcc159eb0947912ddd451b8ce |
\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\libspv.dll
| MD5 | 6c8042af9e749f6406b7bd7dcf98d7eb |
| SHA1 | b7395c27c72eb4b78d8459bb379c613d5f2bb365 |
| SHA256 | 8338de9a14e5bea902708b00d25c16ec5549639167b96ae162dcdd22f65ec955 |
| SHA512 | 098a8292a4e35fd21bd4f35c729581dd59e5640b46c2761790864a4f6195c78c7014f33201d2b63ab990cdcb66bc9bbc1b7d76fd46df745e8586e111b159c3ad |
memory/364-2275-0x0000000010000000-0x000000001206F000-memory.dmp
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\TMLicenseA1.dat
| MD5 | 625a216bd1102dd18e348e94dbc5109f |
| SHA1 | e8980a71bbd533ec6670237874267bbe036b9224 |
| SHA256 | 2c85d7b888eae3d36a51ec96e3c0e44702b1e93334af23f371d4bb8b26023e1f |
| SHA512 | 582dea1c1105730985a85ec3ee9352c620e894f1980fc5e8cb21b86ce4d41da924caf605486eeaddb60da5c5018a11314118c9c386b2fd1fa66ab132eb16958f |
\Users\Admin\AppData\Local\Temp\b26b26d.dll
| MD5 | e1db733e43aa8d065fb7e8669db76524 |
| SHA1 | 3f9c62ee28959959271632fdc7f5387d539a1d23 |
| SHA256 | 9e65d9e8ebb895f3b03c95ce64f044c70251fff444a4bcbee83f558b599a614d |
| SHA512 | 3f6106f32932e72d197865f7b796eba072c8ab20c22b4d205f27de9b9fc6c139be8450ae25541fbdac37a06bc3ec2d1fab3f9b3216201a9231b70fcde6fb8eb3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9ed5b23790e067d727b32b3811035963 |
| SHA1 | 9615867426afd41cbf3355f2fbce742d354b0b85 |
| SHA256 | 0f9407e8dccecaa42c31f1cb5cb4ee6848dc434a045bffb101ab1f7287f04731 |
| SHA512 | ae7c9a1667acbc3d0db2e316352acf5ee95b07ae6aa5fc135ac0215b1f614daa4b70fd8c4b40eaade0ce9aba423405d6e61ba5a4584c40a062eb3c40ba62652e |
\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\vcomp140.dll
| MD5 | 6b2739f7a5238c8fb4442355dcfdbb0d |
| SHA1 | eff490909fbea9a3f6593fbf401f797730cea8eb |
| SHA256 | 41db8ab344bde359137d6a7d5be5dbf79c4bf2b52d8263c4fad3eac525606ab9 |
| SHA512 | f061a61ce4dbc499afbb8f18c2f2af5fd56286399253aa3e2ab86073e22148c56a044167acae81856b48cb03c4cfd060c8e1b74eb958083d182041a7c3e1ea89 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin32_red.vm
| MD5 | 5fb70e4f810d72d77071819b61db071d |
| SHA1 | a3791a36274e18608da1b6e27c07e5d80b6768b4 |
| SHA256 | f0191d6e1cacd7ba63d0af17de2da992f343ce6b54b1072f33218f5050010ccb |
| SHA512 | c8217829adcea509a445f85c3e34d699a57ef222ec46f092b1dad8ca65b133d504865e65dafaac973c1c44aaf2114d0a67056fd9c940ca15910dac4ae6d3175f |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin64_black.vm
| MD5 | 4072229bd12668777ce76c2d2b582ba2 |
| SHA1 | 1369687dff9bd7976c20a639a8031cfe510354c5 |
| SHA256 | 4c5c3e67741b651ee7625768b0c4e8d9b35fc66a738f1db558be07fc48bdd06b |
| SHA512 | dabee5f0f9f5ca70d51a3785a2207d5b0452ce46d33f05ee4b736ee4ec6892ea2bec28ebbe25e2626211325ffbe2a2cde0d6bdfe83d6c32be9af4cb0f9c5de53 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin64_white.vm
| MD5 | e4bae5af38063a3526759ba68498c18e |
| SHA1 | 932b96b2b7007e8d38416df69fbc7142ae796eda |
| SHA256 | 58b08a225b420776420de6df1b3a1ec671133f67d10a81bbdf4e3c4cfacc45b1 |
| SHA512 | 35b6f40dcff7fbfe4c155fc450d19d895d0b82a4a3c85fae1c79a691b2fb98b7d768e51f3f743faae2c5ded4d5211dc91bd39166f460a6b00ce6305025e9f128 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle32_black.vm
| MD5 | cbeb2e84dfb1d2359365c43e673db1fb |
| SHA1 | 0ea5a4fcfcca112c2edced26c148dbd6bd7ea7f7 |
| SHA256 | 5d09dc7512372117292822e841f3c5226d9fe20db014281e0abaac8a9072358f |
| SHA512 | f69cf26211bf02da3ec42454bd48500c03c2064e8d22cf73b41617c573354fb1b92ac46b068aecda2657e6a1100b81460ce4e9c3786f1a10aa12748a90ede610 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin64_red.vm
| MD5 | b629a5d05108c097038352ce45b4934d |
| SHA1 | 6efd78ba31f285632d43c5ab6b599b8724a58e7f |
| SHA256 | cfe9977238ac61286bb959e58fd77382b01964d4bb28499626028d02f41ef59a |
| SHA512 | 789937b67c98bdbf8244813b9927eafd914a768419b141625e3555e4130d6d55babb2fd61512298bbe1db4b92353106f0f9b10a4647f5278c64b9587fcb214ed |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin32_white.vm
| MD5 | bb174884720a42883533fc12bb78c58f |
| SHA1 | c3f05c1f8175fe7ab45f21d057578e9eb9546e86 |
| SHA256 | 7ca0d9a1e4a971d8da434de12f4429ed404b432c57ce1afacaee5accb4353990 |
| SHA512 | 4cf05892c1463fec4733959898111c646077e1be5e14255cda98e3bea590a21f432e19186d745f0c74daf760b4ccadab33166882501e5a3bb3d11c309e01428f |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle32_red.vm
| MD5 | 0c8954a48d9b7b3e73f67f736f712b9c |
| SHA1 | f3ec98e344a583d6f412a80cfea5ce8ad1a73877 |
| SHA256 | 44824486e1819ff1e96f78a07b692ac14915b821acfeb2f41daad728e4f23593 |
| SHA512 | 8c23cca14671cd325b240378edb772bf605d27316545245ec49a386432782f809e87a8a18db5faaa7dc496f03b9e49862db270e94e42c6c1dece7fcbd809d0d6 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle32_white.vm
| MD5 | 22dcd5403760b82c318afd76ed7e9a97 |
| SHA1 | 2d88f5da25deddfc20c907f4316e9e15c84dde3e |
| SHA256 | 84a89664e6a9751f4d811592df10b9097846df4c54c786c94dfcb8d73800b9cc |
| SHA512 | 7360e769e334a3480347458b5178c449147cbc4b06381bbc07ad85dfc37ece4836f929e912cfddb24f40de35a4f982966d8bd4362c037e3726679c93c545c523 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\dolphin32_black.vm
| MD5 | a6e5aab0dcdfea5f936403b3324789ba |
| SHA1 | 29a03a6c3975d5a41b08c0875be7c8773f0624a4 |
| SHA256 | 6a50fea38830733aa18b284ec00a1d4a87ac8c185baa4ee39745190e8c40e149 |
| SHA512 | 5cf15f4a03b13fe66071238669eb9b05d7f5a41d2e0307553d0e2bc4a05df4c62369f84db288065774b43e9895477c59310a32a6917e174fb5ca0bd58f5a98bb |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle64_black.vm
| MD5 | a3441b9017686b32e3be22e1c189ebaa |
| SHA1 | ba29ccdfe3860e6f11bc53c2346008e570162b34 |
| SHA256 | 81636409b1759ea512a397a7c393d0976e1dfd2b6dd6dc3f769342777252a973 |
| SHA512 | d426570470dbc8049ade16ee3ba77e3e4fd0a0abb5e4822a59a365196c5451cf1a4425f60deb7f2b4a74785c38c7cc4d55bb421ca92a63910cc6220095ce2951 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle64_red.vm
| MD5 | 63d99cf4adac70db2ad866aa261caf9b |
| SHA1 | a20bc75b310b3e04ca66a539fa4f2c2162c0f8a7 |
| SHA256 | b8e4e9b6bbd3bcebdb460d4e250fe4525d8d723c9e9c0de937b9cba58e55d0fc |
| SHA512 | 668fe064de94d77ce9afad583f2853ab6b2f532a007a8fa254ef1e6eb52c6638c34675a18d5a0c77e65a0f961ce8d3131b4f6975a5090f8327bcee3654b319e1 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish32_black.vm
| MD5 | 11327658b4bdc55181f668c1714297bf |
| SHA1 | 8f4c904b66ce3431071b18457253b6a9cb8854c1 |
| SHA256 | dee4ec599fd974992d13a116881bf724e03f735b4a4d6a3e6d95e39c26eadc2c |
| SHA512 | 5eaa8c902f2302a923fcfbd099aea3700e8041dac1fc925bbbc681903123e6dde77b9e94192b532b3b6d5601c803774b6dbfd12c8f734b5e94b8eb50c9f126e1 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\eagle64_white.vm
| MD5 | 6b129631ab40630fdeccb08ed01fe7d3 |
| SHA1 | 0959c12085398697f341a4214a55f1f5d6c2b397 |
| SHA256 | fb9e0c18d7bddb6fc29045f5d3f34d24dd8e70fddfae7bd6d3037444ce5ae700 |
| SHA512 | 05f730968a9289f8480eb31c9ab71211c23b259f19232de24eb5a7e229b7a887e602fb43c59e2bac24409bcdcb7fac71886f735c57b4e453e56d91d8e35c2110 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish32_red.vm
| MD5 | 9a39a8c4fa63eb3cd5792b5babcd79ed |
| SHA1 | a3e0963728b5ef20df5448193bce4c7323803223 |
| SHA256 | c4b33d9e40a57d3059c9f92eac4bec2b5fd7d7c3b2a5c16fa090e69eed49ee81 |
| SHA512 | 9693ab488a5584cc0f718517f43cd01d275b79829bc10ff2705d81e4d19aa6a0db76a53239fa560a30571bc78dd2788a419d7342812c3bbe1f868853908f1c74 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish32_white.vm
| MD5 | 281fad30559432ef99ec9ad410a3ea79 |
| SHA1 | 6d9324fc6a2a285a53f4e78a2d684b62a26a8dab |
| SHA256 | 6232379c0ce94efc1dcb9af56147b999b8c4f1cae352cdac4634823803f7390f |
| SHA512 | 742fc89321d4933ee0b7ea665b24d5c5d2d17e7f55dc7bacd7fbb449140a72ea43c81711249ae0b182ebc2b1ede553711bac70aeade93f6e0c01c7131fe637af |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish64_black.vm
| MD5 | b87ec0d5a64bfc6ad9a2544659aae8b5 |
| SHA1 | 1c941c4a08312b1f6be58926814c808e73f150cb |
| SHA256 | e7c68d401672835fc55cea7b97f6dd4b204b14bb8c5a4c824b5d856c1d06cfca |
| SHA512 | 1a47cf51c402239f9802b3f0603e54857b8139abbb5fc711c873d153e5542a8f257550af7f8321c35b267e2d54c818c70a7e93cb534117b877dbb2ff468fa0af |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish64_red.vm
| MD5 | 2512fd9d393388019d59fa763ef83eae |
| SHA1 | cb029fdab73e93765281c8fe58a7ca61fa24600f |
| SHA256 | a83da4b13344ebd2b52f0bdd99666c3f7ee84b93116f2e27b68bf1a1d666e56a |
| SHA512 | 0ac707c5cd1ca17907b1731360659c304c7b96d8b69849c5d4823d0b2d2b42b31d3375f536878f574efa2ca4ac59fa0a0c06bb45268642e2b7f2e27aaa5eedea |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\fish64_white.vm
| MD5 | 602c33513f508106dd52e71974a46ab4 |
| SHA1 | b3803b2c1f5bf2c25bff489457c44a6e7583f474 |
| SHA256 | d1424f4417e113c08287a1cbff400f4610c2791a4b4c3a1dd0fc9852e731fe7f |
| SHA512 | 048a72f60a3fe33e32610c076f21280baa8afce75c1713bc9b8c94e32719f57151c3a23c187f0deb535dd553bbfda321b71f9e01ed4c2f9857b7d9d2127e2445 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma32_black.vm
| MD5 | 3dedf4fbb2e0a43c94993fead88efa89 |
| SHA1 | 03192dac4da521419e47e3c5d05e85bc8f592c2e |
| SHA256 | 271e987b088a2b168d30df10a82665c38a55572e96010a13c5476892a8ffac73 |
| SHA512 | 090f43b140125a68d8229feffd6a8c9163273c00f8bfdf400355db94351011de1c3b3f4001eb58be2e9ead7aeaa21c82fcd699aca3cccdf5ab4fcc8b9c949220 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma32_red.vm
| MD5 | 74c57c9b71d9fd9ad9d11e5d0024b32e |
| SHA1 | cac26a548d0da85c68bb3198c2a0ed33796a5259 |
| SHA256 | 771dbb95e4d605b3847353efce337e91e3f2357dac27fa9a6c8f53cf3f845c08 |
| SHA512 | 79b56275c39376cae07b13288ceeea1647ee65b0a6004fe3bf0fea80030ab5ee887c0bac4c7172cf397249fbbfeff3a80257759ed4f42b1c0c9c20c90c2c31da |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma32_white.vm
| MD5 | 29b4aaec06fe1e4765b1a23b44915d6d |
| SHA1 | 14f14e5f1438df1325632b495b1f51afd4f61d12 |
| SHA256 | f50810ce6b183b285c11c8ba012610e543879922f8ec241339810f07f07c8b25 |
| SHA512 | ef1c76948e8762be7d54ff3fd3f85afe1bc32301e21130acde02e2c5d52c64882554ac180847d680c674e30c5ff192a0776eebd1bc8c963fce8be0129cfe9b5b |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma64_black.vm
| MD5 | 2776d33d620808e65d5d15caae1ab8d4 |
| SHA1 | dc75e46ff696d92a7747c9048ddec17677866ee3 |
| SHA256 | 86fdfdcaff10978afb93f1108fa85c0f9086e5c3bb3775d231f5c9910ec65937 |
| SHA512 | ee25b4a026bd4dd46e0940a6b8e55a94e1bee28d721b9af3bb6ebd7f920cfdc189c5d77519f0fcf59cac2ab1eae90c2c1624c5689ad227aba3f28be51e904220 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma64_red.vm
| MD5 | 91439f040d2b0cf2d7d293300df7f331 |
| SHA1 | 5c03fc2ed81a65804e5598d4c4db4768352580a6 |
| SHA256 | 49660834559e5698bcfde12ae525ee282bcaa8aafb86504c3da35eaa97d5d9d6 |
| SHA512 | 24a2c2dba220d5bca05b1726753c89f99551053344184fb025d59479a8e509de7c0ebff6696421be962f7464f66b23677265c2db53e7996a87d634db3b7112d1 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\puma64_white.vm
| MD5 | 99dee73f938fd211e913ff9b733c33b3 |
| SHA1 | 579523facfa2f4114c175f5fc2a94ae2cc4fedc0 |
| SHA256 | 6161040a0423f1da576f25ee8e2784425efce686727efe1dd770c6d48e689bee |
| SHA512 | 1e69eebea59e772312ce1231b94327b9f4e6d7ac2bd9d5b1ca6e70c1286dba6789e56b82af596953547751f9bf4a61e99045448adc4d9e658ba65a9cfcc931e7 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark32_black.vm
| MD5 | 4751dbc42566da935d6a950adc1afc50 |
| SHA1 | 0590e83d685b08d7d37e3dd5a135fbd0a980312b |
| SHA256 | 251414d2033e176d2ff393f5ca7d96a8de9ad6084aa6ff8111a4eba7603e4a4a |
| SHA512 | dd9852f90e894ede730582f5a8a4be5e3e78063a83ed020efb7634a6d78edb9eac33325a3523d71548f7d4de7ea6b651f676665fefd75fe3f373b9a9a467408d |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark32_red.vm
| MD5 | 4b265b0965720f6617bc0a8816509787 |
| SHA1 | 2260d29e62334ee75226b54e58e46452622d9f18 |
| SHA256 | 73e068168464155f5587efbe55158a8a4cc27cdb82a16527652ebd075ebc10a4 |
| SHA512 | daa4d2809700cb7302909ef32c080b0b5287f0e82eadd3b0b02315e6725bf4179263a282e0a7e80fd3f5357427a9414a35d9f746e64e517a21f65928894cbddb |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark32_white.vm
| MD5 | 38ffd8b794ade770f157c71f8750ef20 |
| SHA1 | cab20f5c076954b99b7c8d2c94f9e2ae7d417ac2 |
| SHA256 | bba5fad22229f63e6ed7ade24b907f55e97752f366df97e9176dc2b223e77b9a |
| SHA512 | 52d7d643da018fbe1b25d80f3515424e61f5ff37aa78eb843b35769c146a9559ac875d75772323414f9f65ce244aee9d4915b7b473e9f61a22b26c9ee3b1a248 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark64_black.vm
| MD5 | 9415bf1d790b879f14e481b2bf4d3235 |
| SHA1 | dd3c4b45d82a90581109c376181c31fbc673a933 |
| SHA256 | 8a545b8de4c09eda770be8046bc47e048f2981141a1f75fbb98b5f156bb638a3 |
| SHA512 | cdff05d99c8164a45c41b58dacb7edd0aa7d9de821eda4d1442df8cad7eefffaf898fcbbdbcfd508c5163133cda69fca4fabb3ba41d425485ea8f4a43c560ba0 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark64_red.vm
| MD5 | 54bc29577ea9408deb0f01bd0343e0e7 |
| SHA1 | 8e50b6fced59464f8962d13c8f5ba536981edc86 |
| SHA256 | a631c5af0f2c868b8d340239143ef5de8b958481d880444ebffe91863fb119f9 |
| SHA512 | a6d198628a4f8286f53a13f28185f3d22de277d7bcba1151e1e9b3d33aea9fffa4b9ea861336bf5352bc81601446cc4898b428075f677b3d861af07038168eef |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\shark64_white.vm
| MD5 | 0e393f3a0d83d3fddabedd077128ec5f |
| SHA1 | a1628d30d6e24ffdf012c3ac6d48c7eb7daab83c |
| SHA256 | e20119e3a0739bae403d302b933562259efe1b8a1f51659650ec9d81bef6bc14 |
| SHA512 | 7b202e54afdc9f1e4813abd2b15c6c5ebc979808766c758731b91518f9cf43a035c8c1ee9d9fb5733f4aadad7d57eb7c7b8bb6d61e6b93ef7e219cc5048fca2f |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger32_black.vm
| MD5 | 4869f9d01618a693d54726c4f69f2c38 |
| SHA1 | 467505c4d378991cbef72de1b9e85c204c33be9c |
| SHA256 | 449b9160344884f052ba5fb9b013106e98fbf223904fb1f4b86275b330bcfe83 |
| SHA512 | 662630a03b6a7118ae298dbfe942f8883323b8553095fc5a9a9054f5667a98eb4f14dedb15bf0f0fdbd627d44561674f96fadd65cbcad43e417287cf3619692e |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger32_red.vm
| MD5 | 70a4d7e8deef47b69980daa4f6730f4d |
| SHA1 | d0cc1efc4e7216b55c77666d8baa581e1d545c19 |
| SHA256 | e91284e96e8faae4db9cd1df91334e50749ac04bdc1b7bec8e333b149a8e3dd9 |
| SHA512 | 70f09fe7b4b70f1c0ee170fd3f212017954afda9b5fcd27be06352fa89e6567cd3623ada5a2553431d39e2b63713cc65c6856262f5f262b618a93b0500847fda |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger32_white.vm
| MD5 | 3c23f346b210d6ecee2905e98f63d4e4 |
| SHA1 | 6a5eb323d3ff179ff0fc4e4cea07c0037ac6d07c |
| SHA256 | 9e0d061111a3c239552fa8f25d419b005e2994665a39593890eb1ac0bfd17b2c |
| SHA512 | 1a0d4a7dac37bc210be10bd82525e7cee0f3513835484502bcaa8b9fe0c79a343e8bd1f1cb86639277b266d74eedaf8fd1ca7c68e4c7ac92d1dcafc763b7ccfa |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger64_black.vm
| MD5 | 52a5dd937392391fdd874b944ae887de |
| SHA1 | 071b4be35957c5a9e7b4c351d65ca9609244c327 |
| SHA256 | 6353b37d1aa06ef175ef2b2f5fbf41fc52ff056cdff59250fe653744de94b4d3 |
| SHA512 | e9dec32b47c63f75a0070141f4fca3846645e6c152a7f1ecd5c899064b0e5ae47708a352ab5e59c95ae081c2b1817b60115ed923c8c7536d37ae9cc142042c38 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger64_red.vm
| MD5 | 92106dbd1a4285826243a7870f8763f2 |
| SHA1 | 8600836593646a265ca0c023d12b13af902baa8d |
| SHA256 | a7e89b85f101af348a4c8ddbcef33627357c837a330d83d260c98cd774143da0 |
| SHA512 | 0d3015144680c5a0baef9006e6919ea2e4bdbf2d4f5cc163fbac1623c6b3bdff8c93378ab69cb99fd13c3313d8eb44e6e67fa0e316423ea3cee803ca31aaa1b4 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\custom_vms\public\tiger64_white.vm
| MD5 | 0e326afc9c59f553ce1b4d242c23d514 |
| SHA1 | 63d8e07e750e9bc0f2359ebf17453c61e2e4124f |
| SHA256 | abc09860be9415fdfe21835269ed2c9fdcf905bfe634774c05347660cd45b1a4 |
| SHA512 | 15816e5fee25911619a1bcd64649ffa981860e0b762fc68c6685f8dfe11910a5187d6539aed89893b5a20a224ce43651976e9f6ddc010fad4334dd2cfc8b129a |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida.ini
| MD5 | 47148e380097ea4bc6d310af5ae1ba15 |
| SHA1 | 90f3c653885aa78998579f5029e3e93a585726e2 |
| SHA256 | baff9f7e11f9f28c5ef1d484fe4576f186c1560adb089ef8639c396b8a0bf42e |
| SHA512 | 5c762269d89abbddcc5e04818b32f8af82604c8bc373ba0e2eb92a8a5d846a05e32c723221c1911af5535dff3ae0aac9281196e530867bc603b78e400f568de2 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaGuiSettings.ini
| MD5 | 50a6388346da3ceac39bfa55e4c81b03 |
| SHA1 | fb7626e17a4a3433a5d9933d0683d4fc87f3a1fa |
| SHA256 | 3aba5c503b7bbc42fc8710bc889bb59d30c31f02327db44e1f48c09d985e2808 |
| SHA512 | e2c875fdef9b7395b9bfa8ca9c21ca39d40f5538889028181e09937c976ad1b48629ccc604544499de793b397298840a82d2c31ebc029c5099f1c548af2f072b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 883549e3e7f03029de63f9cbd7ec5e89 |
| SHA1 | d9f83f2cced6627172e056606af25f62940636ee |
| SHA256 | f2e2c194c0ea8fdfad87c6f1aa6ae6da85891b1b4c1a982606ed30051ea627f9 |
| SHA512 | 506786b196ef8c6dbc0bb7e2790d2885db5f6fb38bbe07edbb36e4ae690f1adf577c4e52a2db86e40c04ad8fdc7ef079af68968a4480414cf80baf4ccb3e8328 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv.exe
| MD5 | 7f0cbf1fd78977f4057981c4dd21ea4b |
| SHA1 | 42324b5ecca6a69b77e43f57d1fd690b2f6bda5d |
| SHA256 | 7a9db3abe60bd686997bebfe7bf60bad0ac2f84d592f3dc63bfdcf01e3eca6b9 |
| SHA512 | 44092fe9e8c9aa97616cb22ce747dafddff4f846e5bd793203249adff0d8e1cd4ada0968229888ecca73c4ef7cadd2f606985a2bbcd59b674de6ae223f7c2d75 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\xrLClv_protected.exe
| MD5 | b3d423dd9c97ffe8063f30b7d836c422 |
| SHA1 | f40780735b0d8376bdc4709e194814ac69860c96 |
| SHA256 | b468a2397fc856094418611b69284c2a4f757058c49a2aad48e1ccc79f388e0c |
| SHA512 | bd93d3d18942d13e36df64ffba419d79ed108e756a784c35af7e41f6a883d10b444484b52db25d65156a2981d4802dfcb4354ad6f61426f2f8ce8f07c5a15ab2 |
memory/604-2437-0x00007FF7638E0000-0x00007FF76421B000-memory.dmp
memory/604-2456-0x00007FF7638E0000-0x00007FF76421B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_FB36B182AA2C738AF31A8226070FD104
| MD5 | d62e0079963a18ae34636c8f958730b8 |
| SHA1 | 2d51a1b09623819a88b53902d1414b7f5df55f78 |
| SHA256 | de48a8cd20c104fed05cd435c0c4600539c83dd16e63817d9193c079154885b5 |
| SHA512 | 6bdc277d74d3623ccdc1be968c7e99ae72e8c7c12b1532336685f95cb484a8498c81bbba89abdd8d9eac3bc5bc1eac9ed861f52eae4ccc25c6588c6d5b4a534c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_FB36B182AA2C738AF31A8226070FD104
| MD5 | e6e29e36d505ac8461c4efb899d23a61 |
| SHA1 | e1a3ec6e28cf27b6142dee2fd31fa3e2b69cee76 |
| SHA256 | 3f5ec71824159ec36c17ef57d6ee486bf6e3a720875036b854f824744b4f12bf |
| SHA512 | 9ae6171efc77e3f08cf39cc750106b3bd456ce4613d711838596a809b156d6f6f588d5894e67cf2fad6ce35a5ee593b3649dbb50f15f46644529071a1dccf7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 2ad4008008fb00c77eb3e4e2a308665d |
| SHA1 | fa238f6902fb9e2481c08ab664c15b3759475686 |
| SHA256 | 0a6f99da9ae3ac0d2613d9fcf30b416ea7c35c744cfed124dfa803565dcf9ae6 |
| SHA512 | 93d7531dac94bf20d32f2d26850311c255541227fc3720a3fad8ab1a1b4069d6407c78157cd63e6c9d7593018477594c20098ad3eeb5ae61266ccd0538b7323e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | 5bf7ef4ddcccfadcc7cc9d2f023ce223 |
| SHA1 | be760f17ecc13626dbdc4b9393c957cf8d07fd7f |
| SHA256 | 77fb1b6be29640bf9791a8f01b7898e3b1a934249beefafba6e5002daf3d9481 |
| SHA512 | 5129e9c3cb511e51294182f69b14b845627a57e74a8c7997fa9321e35ba3bd3f2a1d05f726e1ff91adb54e67b9bbb882db5bb564c8bea5ae82bf7c3d5c71d74f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 47003ba29b649e2f619b409192a0db1f |
| SHA1 | 325bde1ad1f82fff476e87041531be1a4b5d8dd9 |
| SHA256 | 789d13342cdaa8775df1ba3c40b9f7c83a03159b9d68817b9c518d30381259b0 |
| SHA512 | f5f6ca4c4de69c0820845318b98dff26fc5f6f6738443ab836548acbea114a30531dfe4e1f05129409a93ba534e212c7768d38ce85e427236e5b493d6fae74da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3ffb3a231626727ea4a4507263abc86a |
| SHA1 | 491d00635c2cb7b43c51990655b5cb6197f865da |
| SHA256 | 37b0f76588460c31eae462db1fb7b9e40bc669368dc8f961ca32a81bda61a370 |
| SHA512 | ee44d129de47792997f984dba098448340156e6a4b475c84fbfcf9298db675f0221dd49281a98d3283a4652795da6f90d884ffd3502e4c3048771290d7885e51 |
memory/7220-2595-0x00007FF7638E0000-0x00007FF76421B000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7C3011E186E64FFFA59029CF876BCC19626D5F8B
| MD5 | 5291055b0a39af5c3cccb8f61bc4b6bc |
| SHA1 | c21c365674d485e178cd823ca658c8b7a0c10940 |
| SHA256 | 456aca56385312abd80422536751d6c7962c0abf95c52d8f89137c02013216aa |
| SHA512 | 765b947b5dafe27d2fa6f1aa475b51f78fd4ca3bddcda67718f39ecf111f62ca6803718fd32a0d2379f3531a894784c7a4f982f5cfc11760f1ff758e968beb45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d1fcd94928e6879211b76d1186fcd610 |
| SHA1 | 9cd63a509a25f2fd394fec52723dac3298cdc9aa |
| SHA256 | 0b8f1f20bf30246da46fea0d5e307b2b8c7b833ea44f28e63a9a94e47d66889e |
| SHA512 | 49f2e8bca0f845b9af5062411b7fba84b25c2bba257164f1cb27d87b9a4b5480082c491147bfeddb8b882566e0035050250d67ee0fd3a1ee27811a76c6973b80 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 2276c207285f9165e74d277e0ef9dfd7 |
| SHA1 | 0485dbbd2327ac8bb72681b83c11ed4d8db8bb9b |
| SHA256 | 68cdf18563afc6d5f1a7a25549901cd5184ab13fc256cab5dd6759c236931678 |
| SHA512 | dd2aeedfed9d08dbcbc81139d8deab68fa5ded05968b3a61b031450cc16453bc04027b2c9fd162614e22f7f8973d26d3dbb784285de86aa92a1c038353dacbfd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 32113d2c8f96bae02902b508d91380a9 |
| SHA1 | b9f2a4b5f3a18c315d0f33cf78f04f4fecba310f |
| SHA256 | 08924efd38a97718c6a4313a19909545b72248a03a89931ecc3f50ea781e6334 |
| SHA512 | f043fde8e82461a336130c7df25d67717286e464965d07b6b692a48e734d2e5bebea227d42674257c7d709b14eece462d964b484d8fb0d6e8af2843f99ea2af6 |
\??\pipe\crashpad_7032_ENJEAJSJFCSTBQQI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 06afed09f1cdf013a5bd712f288d24fa |
| SHA1 | f0bd6d047b8df6574bd5729e7dbbb635468616b0 |
| SHA256 | 54424f9057a40219ff37befcca143d239b7b611b3771c987fcbe8a24b1df1cef |
| SHA512 | 2f2759091d176ced7337ec0f251732935ec0d0aa2dfc72cad9fdf078ff55bf87fc48db8b3d379619c8df055aa733c5740726c6b8a2c97574c3674f0100ea408e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d760060-4217-4915-ad6e-f772f72e5e98.tmp
| MD5 | 2a43da1e6aeb982e4137a2e43dedd9b4 |
| SHA1 | 3b7c183d355b0ff23f23ad300ccef7cbabf241c4 |
| SHA256 | f6d9f8e618cc8189b6a47ce70f4b3baca3d4453bacef9b9d73be2d6afea19cb2 |
| SHA512 | 8b48ec977f5344bb43f84955e40ab5114234ab6f202940297142a735bc762f9d41d8f2ba244d63c609fce5629b098afd0b340efd33aff43ba558cce97654883e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e9ce36c887ee5df29cabcca206513c7 |
| SHA1 | 1b37ebc197ee47f74d890db76b6944676ad21124 |
| SHA256 | 77c8c7f8f83242c9dbe2c10260d60262b57c00037a24fc89be8860ec38cc9d95 |
| SHA512 | ff55ce87fe0de913304f27ce10b65083fda6f122037546e8c38de3aba963ce83459fa91785f30dbff0160cb5e1d6e1809ba5a68d60203ecd31143df5ef7cfa3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 633c21611d5a92c8082144e5d6a188f9 |
| SHA1 | 3ea0065bd621b53b0c19f36ca91aed9e3a5a35e6 |
| SHA256 | ffe2028cc1485bfbb0da90c5b5dc4737d8122708d2fa7ee699b69283b7739096 |
| SHA512 | 4172fed9d5e262204648d8a4ccc836cacffd849426ae39103f304b3a80a6318ef8598dec42928dfc55de63aa0f411fc29dabc8124779ac91dc70aeb2f1a80ea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\040c3ee7-ed6c-474c-a06e-52b21b052397.tmp
| MD5 | 62f1f7d4bbae0bb4aef7733b2e625022 |
| SHA1 | a13a4956977a1c31ed4788782fd4cb95664202b1 |
| SHA256 | 1b41122d1b82bef3a30463750162d0a216ddaf119a404c830f04adacc7374c55 |
| SHA512 | 73b2d5c19ec0b377cfd7e432abaee54be576c8a8725d9ef301832e63362b7197ec56a0da8bd84ef0b2a4c4ba06bcb0db262c424860e0c99c04a097211feb688d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ce92495da4c97032be8051383a268e8 |
| SHA1 | b6d62bc570689d8ac5f98ff3e3608b43c9b85b37 |
| SHA256 | 3e57005d371711de8160bb6a3c1af58afb401181c55ccbe0933eeedecac3033d |
| SHA512 | b6bb80046f95e0d4554f6a9afd30895d3515bfbff440af2ee55efaa2b7a1ecdb54ee155d690e99dece4e10dc42689dd36182bd3cb3cdd74cc2dde3610cb477f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2005b068065ce686f0b556fdb7dbbae |
| SHA1 | 8afeadad1f828f80fa5495b7957746ffb2040b41 |
| SHA256 | 80411e2261c76b3c5bb240d29a7e28fb6e3a3db0b225dbae2ba08997473a1640 |
| SHA512 | 4b39c8d4f2e410ab3579fac636d3de8deb65b694e0961ecdffd685e0eb5b2af8042576054182cf4cf1a41ea2402277ba2fb74ae2cf9c75b058ec40947d5ba101 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4114aef6dcd8831d5fb77ed5e810739f |
| SHA1 | 6cbfb811468bb3b3760ce3e209d2008b45a2c857 |
| SHA256 | 99b2bebcc6d7eaca2d53dcc0ae16d770ed406bf677ec340845a303cc4c13b9f5 |
| SHA512 | 49c182ff8be20033902bdf72059f1d0f1824720a996c4cf57fc84732f2557b0024d9da98a2a2af63ea75ebdeddc892c079dba64b195de804c81c8455b86b5f11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab121.TMP
| MD5 | cce1df28a2104de2f24ab3d3d7378f20 |
| SHA1 | 88a25a9868098aa127496e90e25a7650af77495d |
| SHA256 | 528ea5d85614c4413a234fbdbb4cef47b344da8c9d65f7d5cb0bbb72f3fbe7a2 |
| SHA512 | 2e1cc0505564d190bff45bff81795b5fb8cd73e06461b11c365a42aa52d57d41c8b0831f99530b543de29d6e31ede5638fcf721a8aba09ae0396af390c3002ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d3d90cb1b9aa2bedbde845cf8164f307 |
| SHA1 | 1dfdd499824eed958bafb70e3a98a40b99e47d66 |
| SHA256 | 9d9944998d7459d8abe2671002203fa27135b037218bf55757b82b1fa405983b |
| SHA512 | a996be8e1aa348d588d9b126596b396d69bf054e46ceaa57d789ee885d142880d464568254aa50fc885bc46f27085421986881ac762f6f829e909e4783f4bb75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ac824.TMP
| MD5 | e8233457342edd09daf3209ba9e8db7b |
| SHA1 | 1c574e2c29d8118c97cb3261e8a6f204afd74b56 |
| SHA256 | 596ae63a48a2f6ad2b530b1e421a2aaad0bc747c7990a05abad14804914f490f |
| SHA512 | f87dc89310264b1e33a22b063de3f3a244ee079da4dc36b262b32c62163b291b8029ef8b573baa49c9c3ffcd991ab11da22464fd49ed4bf9fa3a131331664795 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 44160c7fb66ec16746b3079d2bda1092 |
| SHA1 | 2d0fb2fc4787e1b462c06b10bb7869590e3a073a |
| SHA256 | 1613878e1513fec25d3673643108b62e2c80fd41974592c68e811e9d8c23c79c |
| SHA512 | dfcb9e8a23ce99e07caee7adf941b677d39ae83669f0086f47b1507239631605e2e98399b2fefc9078f781325e964251d5d1c9d79d5184b1609a3649f7047a93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\55dd229f45b2580be81f90228cc8cb5a4c3003c3\0a7ade8a-a99d-423c-adfd-1db2e9a5b41d\index-dir\the-real-index~RFe5ad41a.TMP
| MD5 | 079b9e5484ab747dfb28f29a1f03f207 |
| SHA1 | 0a72d7a0d16cdf004ab14ddbc0f28f66e8978825 |
| SHA256 | 179b393c1a224d1d3b64e18b265acd353ea2a156c5e310c5932ddaccfd101469 |
| SHA512 | 61d605742adf30a9d7f7364d71431e3115a4d8ebf235bb2af93551ba61f7603b3b6f37b38caeec079da64a9b6f519a21c96083c8d9c705f1805a5532661425d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\55dd229f45b2580be81f90228cc8cb5a4c3003c3\0a7ade8a-a99d-423c-adfd-1db2e9a5b41d\index-dir\the-real-index
| MD5 | 6bfba9e1dbfd232a2383c32158c91509 |
| SHA1 | 02fd1e8449a48c4b6f33af7a811f44b1c328d858 |
| SHA256 | 2dea4ea2fb1ec9c085796834f6c169c2355e9d92c645afcfd5f75d512689720b |
| SHA512 | f06418f47cc4b188ae9b7a4c234aebc8d58070b71716b8558961e9e8c3490a7ac92bac1a99e192963ef95813888f0a0db698d3c006e192f6d7cb822749baaea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\55dd229f45b2580be81f90228cc8cb5a4c3003c3\index.txt~RFe5ad449.TMP
| MD5 | 0c2a03e4e888648a879efa0fba8a94fa |
| SHA1 | 1e3d5e1b36bafc70744813ed6bc13a8f38cdc05d |
| SHA256 | d362972f0a9494e9c8b2c10234e75018144e2e8071c6613eae508a3f14a07b85 |
| SHA512 | 5c3468a667bc220f3aa8336acade446920ae6ff48e64118bcc0b5e5c9ad26beb4beb769ed148041f1865533d381db68a86773dd589fd621f618cb352cf3432c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\55dd229f45b2580be81f90228cc8cb5a4c3003c3\index.txt
| MD5 | 62231870f64a006136692d0bb53ae20c |
| SHA1 | 20962e73150ea8948a18865f482d9a900725d447 |
| SHA256 | 27d541cfa18eea26e4d50aee0227c7bc698d647eaf04fb62ee4aafe53d044b88 |
| SHA512 | 5be1453e34ebd85a09b817bb620abf1c595e9a0413a9bd9f7cbc664eb9e33850194e92fce06df1233a137e6fb082f65a864b5016c55f5a36d3fec14301948ea7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 6b7a12ca95dcc09deda6531b4d4a9e47 |
| SHA1 | 6145c8c14d42b19e8471b9e2fa2ab9a6c36862ef |
| SHA256 | c39e57cea5a81f5e34f0222fb6d6d3e55bf788fc6a436483244171737fd98350 |
| SHA512 | 1bdd64d036bfd6875d9bcbf62aa4bcdb39c125831cd96f0da7fa5af9a244e471f79b5647acefa952f43d7add3df77479912c012f32ed7a1a943d5a8bd6ebc22f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3b5d1bbea1e6b9703fc26142e206225 |
| SHA1 | d5b61b14bab3b07461c1b4eb28264030bd8a3596 |
| SHA256 | a9247ec81f257151477f17334c91b0e3ffa06c3e8c35f0723ff5ab7c6b398867 |
| SHA512 | db2d22cff851eafe9f897e761d46fdd4ccfbb45ca17858b90ea06325a6373fcc6a2322222a83f54c4c97fab7cccb06b43a571f770b33a1987673f73b987509c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d65d7492a85ceba6b930a398498eb7e |
| SHA1 | bd03b2f39f6e2cc40a1ffabaa5c9a2828156112a |
| SHA256 | 83f125550a60167ee727f3dcf55adb7cf04133ac72962445d17f063230b75325 |
| SHA512 | a8ecc7b263a84ee0377faf71c84998a04dbbd637d950e4d2baf682e3bc463cb651023c870076a3a75f1ad05706359e899a49dce76d0b9ad0a5b110295873d837 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b61e15f8721e6824fd90e04544352200 |
| SHA1 | 190616aec56dce3ba8e6df294003899f10c0015c |
| SHA256 | a1e3dd1fc7507b7798a1ba60e58e3105042cd3a447401b4bf28010491915cdbf |
| SHA512 | d4a82950dd0498e4fb2589372161406c1d1973f6b0c3ef1f0eef10cd3df8ce1e3cb993e981e8936534238a3df7a45955281f2e0e5e9eacbfcc89f7223fb7d90f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b790d38d41dab663954d7a5da72bd020 |
| SHA1 | 1eeec4ba7fda4e77859a0194aafcc7dbb6976aa7 |
| SHA256 | 82fbf556d50ed5d39c583880e25b2c90b882bc5955f6615592bea174268a8a2c |
| SHA512 | 931819de2bc93a7ab3459c0c27815185dad69796600c7ca9b302dc50071d02db2dfa7185b257c50234819b86151c39066fbb4fb7825ed68270b0f492943e4dfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d15a7dda195d6e8d04d7550e78064560 |
| SHA1 | a89b3cd4beb1f3c343238e281ddd45a63de6e2dc |
| SHA256 | 5bec2c98183257aad0c05b904a77d672c67137a94dbc640dc87b69a89cdaf03d |
| SHA512 | c1ee464c35776dee877327e921eac5525f0e79ea9c13c3296dcc00352df217e363aa7fadf61b000205c43104dc89ecec90de213046b5bc17c2df263847f2ffc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | c50465364dffb91528f37a0070427e7e |
| SHA1 | 1def332aa1c09f2e6ba2c472a76cdb4f5b55189a |
| SHA256 | a57b21d37c100616b972e4c1fe4db7c5888ea99fd5bbbdeb520b2fb2af1d802f |
| SHA512 | c1e10599d9c0a4add8470ba2afaf8680e923a9a2d9e8c50046d7f868e5f642a53e4d23db9e38b1bddda66ed4a656ad9e40db58fa74163e4118ea51d9aadc3ad3 |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\ThemidaGuiSettings.ini
| MD5 | 7c48ecd56634cebc6d9d9647aad1f0ed |
| SHA1 | 7937d106aba23d694bd9142cd796412fc43cbd35 |
| SHA256 | ae1686f16c4e9f90e195056c3f2d8078189180399b445a70a657b2abed493a04 |
| SHA512 | 4567df86e8eede7aeb7a46133b5a2035b35ca2a85b9696ef82389b14e97d6d580b8562d24cdc238e858f0103dea57a04b7ebbf995663e780c40a1f5260fe60be |
C:\Users\Admin\Desktop\Themida_x32_x64_v3.0.4.0_Repacked\Themida.ini
| MD5 | 10db5602e7038abfaeb0296061ae759f |
| SHA1 | 3cb95a54a5bc49f68c197c541a032cf6285b37c7 |
| SHA256 | 3c72e303337890296046bdca62224644046d6e8a19becfaa783121ef9f2e5ea8 |
| SHA512 | 9a57f8d01bd8c77adf39ea16ba16ca51481629a179028a9526b91d5617de44489860267a2e033746adeb65ec2660dcb3da7ccb13438ee27b2155e998de765e95 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TBE3XFIK\version[1].txt
| MD5 | 0b0ec9f1cc28b3c19dc6c36dcd5af7cc |
| SHA1 | 2afe7d50c10921ac0f9f899939231a737e7dc2b2 |
| SHA256 | 9c193c604ad7de942961af97b39ff541f2e611fdf0b93a3044e16dfbd808f41b |
| SHA512 | 2540f7fbc4d88c94deb5e0b92813bc9a1a637096dfc36b617f5e3cce355d7af7e4ce0469bc5be63483ef99b0ac9484258fa2bc798afa11fd313dd33aea566677 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TXNHX8GN\hash[1].txt
| MD5 | ee8fa4e6025fbdbfb2af2ddafe5388b8 |
| SHA1 | eebbbbf604b7a29a53ac6b084d255c4003c5e59b |
| SHA256 | 065f0552d062d2238645858e4065523abfcbb1f89d247937869a2993c5c2bd09 |
| SHA512 | 6c597bc6133d3be5be44190ac86ae1725c28183a28d444c37cc57dfa070e33768197bce17a16433633bdab36f611ae9f86e2ba4acce79bbdd5e5458bbd2383d5 |
memory/7036-3364-0x00007FF7638E0000-0x00007FF76421B000-memory.dmp