Malware Analysis Report

2024-11-16 13:51

Sample ID 240628-kyawtstfpn
Target https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file
Tags
stealc vidar bd7a7ef85507e39998176b88b253bdb9 discovery persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file was found to be: Known bad.

Malicious Activity Summary

stealc vidar bd7a7ef85507e39998176b88b253bdb9 discovery persistence privilege_escalation spyware stealer

Vidar

Stealc

Detect Vidar Stealer

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Program Files directory

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: MapViewOfSection

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 09:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 09:00

Reported

2024-06-28 09:10

Platform

win11-20240508-en

Max time kernel

596s

Max time network

596s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stealc

stealer stealc

Vidar

stealer vidar

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A mediafire.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2352 set thread context of 7492 N/A C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe C:\Windows\SysWOW64\netsh.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\coml.au3 N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640389959297963" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe\shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "5" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000dc5888481000372d5a6970003c0009000400efbea858e869dc5888482e000000749f0200000008000000000000000000000000000000b797410037002d005a0069007000000014000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4880 wrote to memory of 1240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 3496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 3496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4880 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffdb43fab58,0x7ffdb43fab68,0x7ffdb43fab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4780 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5012 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5148 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5388 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5588 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5776 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5768 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6468 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6476 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6684 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7016 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7192 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7364 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7512 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7540 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7716 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7816 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8092 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8292 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5412 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=9012 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9032 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9180 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9460 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9604 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9748 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9884 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9608 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10180 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10308 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10320 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10640 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10848 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10856 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=11200 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=11400 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=11556 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=11692 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10492 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11732 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=12360 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7368 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=12536 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12656 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=12812 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12836 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=12308 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=12360 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9296 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9876 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11416 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10564 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7112 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11708 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7828 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8848 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5356 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6976 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6564 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8864 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6720 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8148 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13216 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7140 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6444 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6432 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6408 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9968 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10464 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6264 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=12240 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10784 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10500 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=5752 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6632 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=7512 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=2244 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4788 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11484 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10420 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=14168 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=14164 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11488 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13980 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=13872 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=2240 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12244 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13748 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13892 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8852 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap18410:134:7zEvent20765 -ad -saa -- "C:\Users\Admin\Downloads\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\" -spe -an -ai#7zMap10134:134:7zEvent30602

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"

C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe

"C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

C:\Windows\SysWOW64\netsh.exe

C:\Users\Admin\AppData\Local\Temp\coml.au3

C:\Users\Admin\AppData\Local\Temp\coml.au3

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GHDHDBAECGCA" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:443 static.mediafire.com udp
US 172.67.41.60:443 btloader.com tcp
GB 18.154.84.124:443 cdn.amplitude.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 124.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.42:443 translate.googleapis.com tcp
US 104.21.87.79:443 g.ezodn.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
GB 172.217.16.234:443 translate-pa.googleapis.com tcp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 52.43.12.95:443 api.amplitude.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.21.87.79:443 bshr.ezodn.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.234:443 translate-pa.googleapis.com tcp
GB 172.217.16.234:443 translate-pa.googleapis.com tcp
US 52.43.12.95:443 api.amplitude.com tcp
US 130.211.23.194:443 api.btloader.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 157.167.233.64.in-addr.arpa udp
GB 172.217.16.234:443 translate-pa.googleapis.com udp
US 130.211.23.194:443 api.btloader.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
IE 34.247.240.165:443 id.crwdcntrl.net tcp
IE 52.49.45.15:443 ad.crwdcntrl.net tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
DE 51.89.9.254:443 onetag-sys.com tcp
FR 35.181.89.222:443 g.ezoic.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 18.245.255.11:443 cdn.prod.uidapi.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 34.120.107.143:443 oajs.openx.net tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 34.120.107.143:443 oajs.openx.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
DE 51.89.9.254:443 onetag-sys.com udp
DE 142.132.249.188:443 ghb1.adtelligent.com tcp
US 172.67.75.241:443 script.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 11.255.245.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 172.67.75.241:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
GB 172.217.169.65:443 25ca1d67b0a7aa4ede7ea04857e75629.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.16.53.110:443 otnolatrnup.com udp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
DE 142.132.249.187:443 s.console.adtarget.com.tr tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
GB 18.164.68.117:443 api-2-0.spot.im tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
FR 5.135.209.100:443 ssbsync.smartadserver.com tcp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 64.74.236.223:443 b1sync.zemanta.com tcp
SE 184.31.15.75:443 player.aniview.com tcp
US 52.86.30.122:443 sync.srv.stackadapt.com tcp
CZ 2.23.9.250:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 187.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 117.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 151.101.208.52.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 100.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 190.223.60.23.in-addr.arpa udp
US 8.8.8.8:53 75.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 223.236.74.64.in-addr.arpa udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 89.149.192.245:443 ssbsync-global.smartadserver.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 54.170.125.124:443 ap.lijit.com tcp
DK 37.157.4.28:443 cm.adform.net tcp
US 96.46.186.182:443 sync.aniview.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 34.96.71.22:443 s.company-target.com tcp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
NL 35.214.152.46:443 csync.loopme.me tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 52.86.30.122:443 sync.srv.stackadapt.com tcp
US 52.86.30.122:443 sync.srv.stackadapt.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 54.217.40.10:443 pr-bh.ybp.yahoo.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 52.86.30.122:443 sync.srv.stackadapt.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
SE 213.155.156.181:443 d5p.de17a.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
IE 52.50.65.213:443 jadserve.postrelease.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 124.125.170.54.in-addr.arpa udp
US 8.8.8.8:53 28.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 104.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 46.152.214.35.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 10.40.217.54.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 88.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 35.186.193.173:443 cm.ctnsnet.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
ES 54.192.95.81:443 live.primis.tech tcp
IE 54.194.45.245:443 ce.lijit.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
IE 54.194.45.245:443 ce.lijit.com tcp
US 8.2.110.33:443 us.shb-sync.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk tcp
GB 108.156.39.126:443 s.ad.smaato.net tcp
US 104.18.41.104:443 capi.connatix.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
FR 141.94.242.226:443 green.erne.co tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
US 18.232.227.155:443 cs-server-s2s.yellowblue.io tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
FR 54.38.113.4:443 pixel-eu.onaudience.com tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
NL 89.207.16.140:443 pubmatic-match.dotomi.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
IE 63.33.31.207:443 ice.360yield.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 11.155.215.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 155.227.232.18.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 8.8.8.8:53 4.113.38.54.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 207.31.33.63.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 49.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
DE 18.158.126.136:443 match.sharethrough.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 64.158.223.140:443 casale-match.dotomi.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 69.173.151.100:443 pixel-us-east.rubiconproject.com tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
FR 54.38.113.3:443 pixel-eu.onaudience.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com udp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
IE 54.72.64.29:443 ads.yieldmo.com tcp
DE 142.132.249.188:443 ghb1.adtelligent.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
GB 18.165.227.8:443 woreppercomming.com tcp
US 104.21.79.34:443 www.chancial.com tcp
DE 18.197.80.38:443 www.opera.com tcp
DE 18.197.80.38:443 www.opera.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.16.238:443 www.googleoptimize.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 23.220.112.27:443 hbx.media.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
GB 185.83.71.234:443 sync.adtelligent.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 63.215.202.169:443 triplelift-match.dotomi.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 64.74.236.223:443 b1sync.zemanta.com tcp
US 52.86.30.122:443 sync.srv.stackadapt.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 104.17.43.93:443 gum.aidemsrv.com udp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
FR 5.135.209.100:443 ssbsync.smartadserver.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 34.193.221.2:443 cookies.nextmillmedia.com tcp
NL 193.3.178.2:443 s.e-planning.net tcp
US 104.26.10.209:443 ad4m.at tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 3.93.98.97:443 i.liadm.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 52.7.6.175:443 sync.ipredictive.com tcp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 38.91.45.7:443 match.deepintent.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 64.74.236.63:443 sync.outbrain.com tcp
IE 52.209.21.214:443 cs.minutemedia-prebid.com tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.96.71.22:443 s.company-target.com udp
NL 35.214.152.46:443 csync.loopme.me tcp
US 54.85.51.123:443 rtb.adentifi.com tcp
US 151.101.65.44:443 trc.taboola.com tcp
US 3.144.50.151:443 dmp.v.fwmrm.net tcp
DK 37.157.3.26:443 dmp.adform.net tcp
IE 63.32.235.18:443 dpm.demdex.net tcp
IE 52.49.228.29:443 aa.agkn.com tcp
IE 52.18.50.67:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
US 8.8.8.8:53 123.51.85.54.in-addr.arpa udp
US 8.8.8.8:53 44.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 18.235.32.63.in-addr.arpa udp
US 8.8.8.8:53 29.228.49.52.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
GB 142.250.178.14:443 google.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
PL 34.118.72.152:443 e2c12.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gvt2.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 172.217.3.67:443 beacons2.gvt2.com tcp
US 172.217.3.67:443 beacons2.gvt2.com udp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 199.91.155.22:443 download2281.mediafire.com tcp
US 104.16.113.74:443 turbodownload.mediafire.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 142.250.69.3:443 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
GB 95.101.143.182:443 tcp
US 20.189.173.4:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 149.154.167.99:443 t.me tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp
DE 168.119.115.138:9000 168.119.115.138 tcp

Files

\??\pipe\crashpad_4880_VVAVFVBFXABDASNT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a7af6ec9e20ed42c7cb13f94ecdaea3c
SHA1 008cf53a12c354d6c966d5b76226d8db4174b2d4
SHA256 80b23e47770c4e4d3b80c54b259d36e4c478a825d3756169e2983d4f8077201a
SHA512 da808cb9e3460215ed2f2ecdcbcdce207af6742f5d1c57c03dfdfd82abe83152d58c9c7dd1da1b52afdd2b3321f624e2a99853133aa55e20371c907eb8da4def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22e4873fded04b54ebb64082d13347a6
SHA1 a8532a0bbb5b0323f8c9d6a7cff4bcb077165900
SHA256 e1cbab22bdb5458e2e70a774c0f77119b514f99128e6b5f54c8f3ce42f706742
SHA512 9c9de75af52b3ba873f0fb41c357b7962c87160c8bb2378179f2cfeca623b316c88bdaf3260d8fde2304df2b32856b6efb18ad29f8712e0626fac1082dd33115

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 28218d0dbd6955863ae306dd3af6123a
SHA1 3625cef58a442c0afa5ce9b6adc3005894680c0f
SHA256 4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c
SHA512 cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e1bfcaaf381978a0a0d7f30d2fc3434
SHA1 4f29f293775858f9257966a39feaa59787e9a129
SHA256 9dd8f99d91ef5aaeb37b8d97208c550a836a9ae976df311cbe427dc456ccf2e5
SHA512 7142231147ab381148219e68061ab94d413213859603b6225c9a16f74ea644ca10e0ef68c63dae03f452bf7fe29cb345abd3111095db3f26bfd868b219df9e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5cb3a9bf999d84b60a3d509d9d70a01
SHA1 f578d244d596e58f11a3a984c48fd770768b10f5
SHA256 6340f2cad33a1dc544388945129ddcfdb73e25e4cef448a140d6feb1af90c04a
SHA512 1ad15a0f06910b2d55224ff3844156aa03be5a5b8735ae55da584c64d5ee68406d02995bead862fa46dae534de041405d2a78085a477d7efdad20767c0100f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2fb49efd8fb937a1935433c2d1f85094
SHA1 a6edb6ca6227396fce0ced0b0ca17eb6944cc959
SHA256 95b026cc83878a5968ac3d337d46681f40160bfeb230a322ff8f4b5e26bab8fa
SHA512 2cd4729aec217d85d8f7c4eb77dac1da1040a4be4b1a9ddc542beef852bea86594d735135806e7695c615ef0aa0ebc7907de26fd2a6e4a9991264d726171189a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 feb93e3e75a8f8535c38c43cec85fe8f
SHA1 0182b725635b4078fc2d57084eacaf1929abb2e3
SHA256 fcdeda63a0cd701f2f965e63a966eebbdd867b2c6a56c1426fc899eb7128d7e6
SHA512 6cd637a2cc35cadf38e17f3dc47d45a4eb2d0c01f3538ecc3bf689ff7f3be100c5c2f4cb23128d6050722ce96495b82e2a71210a6f9f82edd3acd9f5bf433d6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 edf5f0fbba13433f4c5674cf9a190807
SHA1 63a9320c5c5491aa927ffe7e683324a9d4009c3c
SHA256 0362361c0ccda6e61f790568843a6804954d1db4d80288e0b43055704c9611ae
SHA512 27f23b8d1a6d2588c1c314a0569847d19a14f2f632576252fc105f125f23b1e8e9fa8b5396d6b0173d4d19fba4aa92cc3d45ba0e6d8c9e29c8e10c543f0ff505

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 81475aa1546becafa1e9031333fdfef8
SHA1 fd630b63fc0806649910676c22ca20f543987ebd
SHA256 f428f6489782557ecefab8e9bfc53186360960c0d1f25aaf7e747ae7b9b8fc9f
SHA512 2b2a873f80a919c31467df239a5f86da9e46d6fb98715d622855c47cb8677d0a80a107862a68ebe0b8da3e9af05fe2232f4ba084e592926891aa15d89d114b89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 49d5355f5d9c9a234461f487dd59df3a
SHA1 0e829bb3954e8f8e4bdb3aaf42dd09bfabc5afbc
SHA256 7c2da75e1f448458b91874ae6a7ecc8e960119aa8b3a63ff5b0f2cc8297ad6c6
SHA512 1cee33f7b20023fbea36dd6ca765525f8fd2457550e1c30550f8d36247984a6c27d3128f3ea70309840250509149ce7c5f9f768ded53b37e8d1254f451211e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c6c063630cd2b53356b82ba535cb7601
SHA1 0994fd0d5872ab96dba9a630a8b31961f8348120
SHA256 f376376c45e53a0f673c539a3ae6ef3479a8a53cfd38afb314d2ff9b41553e9c
SHA512 e61dc8cf3295933b4b64a8f0c9d175b51baa31e6b87a2c1799bf3ab0fe3d7fd99cb906e8bfe73c0dcb86690b564227209c31a810fe79167c4c290fd0836b5025

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\.usage

MD5 4ebf6b84bbfac6bd08b4195d7a3d3d49
SHA1 adb85afc9aea2ee47e12d56b39cbe1b7a1a1db09
SHA256 09ee203ad6aeb3b919a95410f27657f81c685f412e6249b7fe84f575337d699e
SHA512 dd391c7aca3b8b2184f19f50f1ce50f5cea1bacceb067548dad76d00943accbe82e2161283486fb7196b5ad0630b00a99fadaf140ec9d53208cccfb461f09bfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36ce9f498ca6151c569be86d31514def
SHA1 33e37407892c6aec0fb6478ea92e465959899c89
SHA256 48871e398d474234098110cd399c1ef6d780540b2e92491a700d0ddc7e11e0d0
SHA512 db930851f7b617c7fa6fd53b9f5fb4ea840ced66907476de0a448d0cf3e68801d0319e7b2d7a88c5c0992ce42badfd7f79a1ece4ee21325948a1888cb2055d8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c7daba661d4ee5ce2613a9be836ebeb
SHA1 973099881b7c4f9a2787aab700478c98b4e8f2a4
SHA256 f786280d15509f237c96539a812dfd6bad80cb45d5f2b5745710f4dfdddc185c
SHA512 d75c63020bcf1762f51061207a03382e55918ec3d4024bccd4c810ce980eaab55ada08a1e49b584c6b040f11a60203280937dd997983078ab7f24cf748435945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 371b57d56e880fa0341f8ff384320c5b
SHA1 d7571e2d2317c7c2aab81a7cea4c1a63c0456d03
SHA256 6b74c4f7eee0808af2ac3c8f995f9518c085505fef28a4c1bc516f171ed0dc67
SHA512 80aeaad71b745cb4a8bfdab37e8fb740f0e32b7c244cdab42c0ed52b978ecee193839744d27fd1ae6a23ebe8def9781bbc5a151662269017caea6b89c83fe493

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23fae17e-2b58-4c53-8457-d2d369ee2a14.tmp

MD5 4f8df928d7450f8007a0651d9331a137
SHA1 17562b9b08f9135d40cff6974131bd76e40e3ced
SHA256 2ac5fe9c31a2f9496b93f415fa8fa2c85ca023395a288eada555f0e5ac22973c
SHA512 84861b6f5185909c6cdb09e6950b1ad67b2bde8a8bce2d68146d13c1abc53adb55656e6a90b30cb507f3ddff2576f006c9e2fef9b65270969fe9649de63cd370

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a9cd701544880b34599293efac0914a
SHA1 7225a9e5379168654d9ba57a600e3e358a36e47d
SHA256 338d9dec3e1f7a10f25595ccce4d3570613a15273ff042a256f150f6b0299e21
SHA512 b1699068766e15732e2628bc6790cff6b40861eb95ce632f205b687c6ad018e89dba2ec9139daa9a73cb836e51ad0ff738745fe9f7977d53317e1d872e62c719

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e7aab3806ee4fc806cb85bb7d20135b
SHA1 dcdeeab44cdb69be224f853a01f12216ac48c4a0
SHA256 52995e3ce7193fb745a7d22106608f3c94a77b4407082dbe6e8d7b48287ae765
SHA512 57281a51780a31a8fe4261c0cbc5da3a0d2ad99383df4e8e7671848e89519e00ae8ed525b5bde6367415b8d7f8b9bc94ead72e0b99586b01fef206b1b433507b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4ad6ad4ec9ed6423bd342662ddd1d66
SHA1 e36a810eefbbacc344c48e79cfadcf20fc7adb3d
SHA256 9651e7fc4e0451d5a10d8f6e0e685c3a1b1b4d8c412ce552d666a5ba77d55212
SHA512 0679f681999f5e11f882a08a15191f8bbf0b3bdc10f237b6d74e5b3f0b5c2770f2320fe72e0e7522f1a0f80f085015e107b206757e62a9a525e4dd0e8115ab87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 95d0555d54f6b367c0dcd964b4f39405
SHA1 4a6ef0518c66fd2c6bc71b21213c3fd0063c0a06
SHA256 c1aeb5afae2232a4935dc7e59c747a288f5c89b44f1024e0707c48aa258354c0
SHA512 8f1734811291258f3f7b8925e0d7669ba71695d0710eb57cafb7f8541db46dd9c1dd4739c150b97a89e5f0a9f2d2bd76daed84e2b7385aba589e71a9bc5f65f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b0694.TMP

MD5 27dcb102b17d7c1935085cc362ba98e2
SHA1 a75235d30e3087cd692531faa9ebe88dd3f82d33
SHA256 bac10181647f1ca3dbb09748a68ec08cb5e3ca3fb5d1989107e5f9b9e7bdb32b
SHA512 b477ed01356d2034b1a4c0652de0474f4ccd7ae433ad902962c95d7aec262dedc714a181518b37a212297307215d28b5576d281def4679c379d5c44031f75835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1965cf998372aaa43b0cee5de8c47c2c
SHA1 5ccfed1cc6fe0224820a609362472bd82abf0de3
SHA256 fe809ee1899bb15a8d5ec14595d19bc73259b8d76c318cf40e70e16965272bd7
SHA512 077040bfcfdf24315a00dc8ba1ab060c81aa695ffa538bf9125d139e468e4073ee33361ed74ad018594c7d8ec7cde6ad444ea89897961fd926c7028e320d9339

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 024ab71c727fb6877ba06268961fd217
SHA1 19c660ac1713268a07569fd47b632db43acee2f6
SHA256 38f03daf35a988839dad3c73f06728de8a38bef1e16ed9ac40e502ba6123b769
SHA512 5f15d233816d017726ae872de5e0c09ad0a4c03f7e252133baf9d1cdd03e96867f78d0be6a180543db4124874d38f03ddf268f1224a2d3d6aec1bbb53aa38d8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c5753c290f409aa78e28471b4dbc819b
SHA1 293e6739e56e0de7109d4d0ac9771c1549cf6bb2
SHA256 a49e3421adfcd4cfc325123d53b1d57cdb6e5d4648c2b0bb13638d864db9b706
SHA512 4485ee713227d9127de9158a5ff104c272dabe01d8f2fc87ca9b532cf30803ec42f7eedf86301d2ad5a991b1f0ccb852c3f07fe0d91c0fab4df416305252e58e

C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\x64\Setup.exe

MD5 8a179892518a2c4e8a63afa91de7bdce
SHA1 e9b095c966ccc4c4900b4cf741c067d2a0f43cd4
SHA256 72ece91f65a461c5023695bf5f31b5b6b5bd629dba8407524e8144f6d1e160e8
SHA512 91abb220c222a89a2df27818b8385b4015128a35b7d4c43d0f497717a4e5a55dfb9dc1da3f47a49a2400ea8300d41d52277331a6c7c3437ac5cb867a4027b220

C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Lib\level4.resS

MD5 64d183ad524dfcd10a7c816fbca3333d
SHA1 5a180d5c1f42a0deaf475b7390755b3c0ecc951c
SHA256 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a
SHA512 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Lib\sharedassets3.assets.resS

MD5 72fae5518ea21bdc76c16024cee3b570
SHA1 3f4aabfbd32aeffd356a077804433b1593bc0754
SHA256 f33c795a1d2ffc812d3c2f87e8666b16d135ea674f64bfcf6385bcaecb8cf291
SHA512 5053c8f8cede72f22223c4d1f992f8eeb584e54a7205268bb31109781a58cd4de91532a6b1c3bbf3e5dc833897ba0b40927d096aefc5c25fa183427094b9220b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 24ad301448987a34442326c1d146d27b
SHA1 de3015f5b14f13791922e8faefca1a3fd0d67c66
SHA256 948a6e431efeb065e9066f11a2d1ad34736ed03653d8f4c3e88a522a06e46c3a
SHA512 d1075021d83ba247651c8c434142b9e9a57299688c6266267b864b4c6059b0e59bb735768d2a36554453da41e638997ecd19f93fca472a0e7f62fb5b58561e7e

memory/2352-1868-0x00007FF6CB8B0000-0x00007FF6CC08B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2cc64603

MD5 957edcb00ce0b522499f6c799ea11053
SHA1 b1c91d93701d206820e45118e0df50d34790d27d
SHA256 e4456eea3e2fca53bc2a06fd247eba74bf668c39069d5c821d082ef7dfa03f5d
SHA512 167cb1c01f28bc40f85d0d8f895346d147a286811550142ebdf659cc4ba92f015d4def386d58adf4c48b1946ee31ddd8dcbef50ba09533889e9ad161c9867eb6

memory/2352-1874-0x00007FFD9FE90000-0x00007FFDA000A000-memory.dmp

memory/2352-1875-0x00007FFD9FE90000-0x00007FFDA000A000-memory.dmp

memory/7492-1877-0x00007FFDC33C0000-0x00007FFDC35C9000-memory.dmp

memory/7672-1882-0x0000000001400000-0x0000000001B4B000-memory.dmp

memory/7672-1884-0x00007FFDC33C0000-0x00007FFDC35C9000-memory.dmp

memory/7672-1894-0x0000000001400000-0x0000000001B4B000-memory.dmp

memory/7672-1895-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/7672-1972-0x0000000001400000-0x0000000001B4B000-memory.dmp

C:\ProgramData\GHDHDBAECGCA\KECBKK

MD5 f367bdfbbe591616b357ee5962a8e145
SHA1 aadd7501f805ae429a11bec8959ae6ec9bda7e43
SHA256 a8ddc12322f21fc76db93246d5338c9e199d6741503b43c73ea06f795bd13654
SHA512 ddd6a64f41d25b2a30bf0588632abe8bf6fddb083b9476251d47b73d390a2788e274d4b640186bd2ec0bd0fd370465482777e8ce302d3e055173263664343b42

memory/7672-1976-0x0000000001400000-0x0000000001B4B000-memory.dmp

C:\ProgramData\GHDHDBAECGCA\AKKKEC

MD5 bcd44e1dc4b8c98bfe46334c05c50851
SHA1 2312cd4e3279d57c64fbfbfffbc98cc9e0e6b720
SHA256 116d7fc2ff0d14b5a94007416a5d78c97d8a8779c6b02b2067a4fce3534f3406
SHA512 21ed99c0787e05cb16d5a46db01351aca43abe5a6c6cf82b8a6148f157f454377e7cafcf7336c6c275abd2caab63feb40a312bf416d75c2eca1d7dba3ef34549

C:\ProgramData\GHDHDBAECGCA\GIJDAF

MD5 573d07f298e4981b3afcab4e436fe68d
SHA1 fbe2febe1372d0472124709b20140e94c176d7e0
SHA256 aaeb229fc98f2ed346038f859c80676e3f272bdd4f10ca9ce7d27004da957962
SHA512 2a08a21fd23a856d3690beab49f25556a4389bcb5743d791fc255fe0a54997b6ad053e98fa33152cf5fd8cf0113332c459df1fa031b82bb82ff767027f2bbdd8

C:\ProgramData\GHDHDBAECGCA\HDGCAA

MD5 035866c22217dd925476f6067a2d360c
SHA1 156734cfbd19c4d0de3f216d65761169f4920870
SHA256 d5740148d10b53d6e62a4f949f2c70a2efae574b1c9ccc430bc6b718cb69478a
SHA512 026ff07be45c7d087dbccb0cda59e2f870c53c8bc18f2163de671a211ef7f5aac48d797c6da90549fb69661aa4623001f75f84aae587247f9e257a0baf919d52

C:\ProgramData\GHDHDBAECGCA\BKFCAF

MD5 2b30906161b46020ea304c301bc4bd33
SHA1 4674469a29042411dd1902d3e2c066eafc2634f4
SHA256 e8ddd50a838a4a4b62a96ef1a56ad162d9afbc19e70aebb8c39ab86f3aacfb78
SHA512 854403a3f924300a6647e0b731f9ffcd78dfe6a59b24f5123427846f997e76a0fea592deb881168de5fd825adb95da483518b9ddb93cfe9a117ae9f0636300b0

C:\ProgramData\GHDHDBAECGCA\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/7672-1998-0x0000000001400000-0x0000000001B4B000-memory.dmp