Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file was found to be: Known bad.
Malicious Activity Summary
Vidar
Stealc
Detect Vidar Stealer
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Executes dropped EXE
Loads dropped DLL
Reads data files stored by FTP clients
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Program Files directory
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
NTFS ADS
Suspicious behavior: MapViewOfSection
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-28 09:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-28 09:00
Reported
2024-06-28 09:10
Platform
win11-20240508-en
Max time kernel
596s
Max time network
596s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | mediafire.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2352 set thread context of 7492 | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640389959297963" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Applications\7z.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "5" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000dc5888481000372d5a6970003c0009000400efbea858e869dc5888482e000000749f0200000008000000000000000000000000000000b797410037002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file_premium/p4v98trqm042ju1/Ianch3r_win_64-86_v.3.1.%252BP0rtbI3Extens.rar/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffdb43fab58,0x7ffdb43fab68,0x7ffdb43fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4780 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5012 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5148 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5388 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5588 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5776 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5768 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6468 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6476 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6684 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7016 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7192 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7364 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7512 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7540 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7716 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7816 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8092 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8292 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5412 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=9012 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9032 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9180 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9460 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9604 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9748 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9884 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9608 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10180 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10308 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10320 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10640 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10848 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10856 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=11200 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=11400 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=11556 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=11692 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10492 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11732 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=12360 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7368 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=12536 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12656 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=12812 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12836 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=12308 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=12360 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9296 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9876 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11416 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10564 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7112 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11708 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7828 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8848 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5356 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6976 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6564 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8864 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6720 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8148 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13216 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7140 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6444 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6432 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6408 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9968 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10464 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6264 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=12240 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10784 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10500 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=5752 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6632 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=7512 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=2244 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4788 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11484 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14160 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10420 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=14168 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=14164 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11488 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13980 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=13872 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=2240 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12244 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13748 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13892 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8852 --field-trial-handle=1820,i,2205876398959853848,14748609304812135419,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap18410:134:7zEvent20765 -ad -saa -- "C:\Users\Admin\Downloads\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\" -spe -an -ai#7zMap10134:134:7zEvent30602
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens.rar"
C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe
"C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GHDHDBAECGCA" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 18.154.84.124:443 | cdn.amplitude.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 52.43.12.95:443 | api.amplitude.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | tcp |
| US | 52.43.12.95:443 | api.amplitude.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| IE | 34.247.240.165:443 | id.crwdcntrl.net | tcp |
| IE | 52.49.45.15:443 | ad.crwdcntrl.net | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 23.227.151.242:443 | ghb1.adtelligent.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| DE | 142.132.249.188:443 | ghb1.adtelligent.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| GB | 172.217.169.65:443 | 25ca1d67b0a7aa4ede7ea04857e75629.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| DE | 142.132.249.187:443 | s.console.adtarget.com.tr | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 18.164.68.117:443 | api-2-0.spot.im | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.208.101.151:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| FR | 5.135.209.100:443 | ssbsync.smartadserver.com | tcp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 64.74.236.223:443 | b1sync.zemanta.com | tcp |
| SE | 184.31.15.75:443 | player.aniview.com | tcp |
| US | 52.86.30.122:443 | sync.srv.stackadapt.com | tcp |
| CZ | 2.23.9.250:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.101.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.223.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.236.74.64.in-addr.arpa | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 89.149.192.245:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| IE | 54.170.125.124:443 | ap.lijit.com | tcp |
| DK | 37.157.4.28:443 | cm.adform.net | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| NL | 89.149.193.104:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 52.86.30.122:443 | sync.srv.stackadapt.com | tcp |
| US | 52.86.30.122:443 | sync.srv.stackadapt.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| IE | 54.217.40.10:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 52.86.30.122:443 | sync.srv.stackadapt.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| SE | 213.155.156.181:443 | d5p.de17a.com | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| NL | 147.75.84.158:443 | pb-am.a-mo.net | tcp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| IE | 52.208.101.151:443 | match.prod.bidr.io | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.125.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.152.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.40.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 35.186.193.173:443 | cm.ctnsnet.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| ES | 54.192.95.81:443 | live.primis.tech | tcp |
| IE | 54.194.45.245:443 | ce.lijit.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| IE | 54.194.45.245:443 | ce.lijit.com | tcp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | tcp |
| GB | 108.156.39.126:443 | s.ad.smaato.net | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| FR | 141.94.242.226:443 | green.erne.co | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| US | 18.232.227.155:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | udp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| FR | 54.38.113.4:443 | pixel-eu.onaudience.com | tcp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 89.207.16.140:443 | pubmatic-match.dotomi.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| IE | 63.33.31.207:443 | ice.360yield.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.155.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.227.232.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.31.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| DE | 18.158.126.136:443 | match.sharethrough.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 64.158.223.140:443 | casale-match.dotomi.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| FR | 54.38.113.3:443 | pixel-eu.onaudience.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 23.227.151.242:443 | ghb1.adtelligent.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| IE | 54.72.64.29:443 | ads.yieldmo.com | tcp |
| DE | 142.132.249.188:443 | ghb1.adtelligent.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| GB | 18.165.227.8:443 | woreppercomming.com | tcp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| DE | 18.197.80.38:443 | www.opera.com | tcp |
| DE | 18.197.80.38:443 | www.opera.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.16.238:443 | www.googleoptimize.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 23.220.112.27:443 | hbx.media.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 185.83.71.234:443 | sync.adtelligent.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 52.208.101.151:443 | match.prod.bidr.io | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 63.215.202.169:443 | triplelift-match.dotomi.com | tcp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 64.74.236.223:443 | b1sync.zemanta.com | tcp |
| US | 52.86.30.122:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| FR | 5.135.209.100:443 | ssbsync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 34.193.221.2:443 | cookies.nextmillmedia.com | tcp |
| NL | 193.3.178.2:443 | s.e-planning.net | tcp |
| US | 104.26.10.209:443 | ad4m.at | tcp |
| NL | 193.3.178.4:443 | u-ams03.e-planning.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| US | 3.93.98.97:443 | i.liadm.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 52.7.6.175:443 | sync.ipredictive.com | tcp |
| NL | 89.149.193.104:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.88:443 | rtb-csync.smartadserver.com | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 64.74.236.63:443 | sync.outbrain.com | tcp |
| IE | 52.209.21.214:443 | cs.minutemedia-prebid.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.96.71.22:443 | s.company-target.com | udp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| US | 54.85.51.123:443 | rtb.adentifi.com | tcp |
| US | 151.101.65.44:443 | trc.taboola.com | tcp |
| US | 3.144.50.151:443 | dmp.v.fwmrm.net | tcp |
| DK | 37.157.3.26:443 | dmp.adform.net | tcp |
| IE | 63.32.235.18:443 | dpm.demdex.net | tcp |
| IE | 52.49.228.29:443 | aa.agkn.com | tcp |
| IE | 52.18.50.67:443 | obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | 123.51.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.235.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.228.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| TW | 35.206.197.180:443 | e2c31.gcp.gvt2.com | tcp |
| TW | 35.206.197.180:443 | e2c31.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| PL | 34.118.72.152:443 | e2c12.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gvt2.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 172.217.3.67:443 | beacons2.gvt2.com | tcp |
| US | 172.217.3.67:443 | beacons2.gvt2.com | udp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 199.91.155.22:443 | download2281.mediafire.com | tcp |
| US | 104.16.113.74:443 | turbodownload.mediafire.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 142.250.69.3:443 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| GB | 95.101.143.182:443 | tcp | |
| US | 20.189.173.4:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
| DE | 168.119.115.138:9000 | 168.119.115.138 | tcp |
Files
\??\pipe\crashpad_4880_VVAVFVBFXABDASNT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a7af6ec9e20ed42c7cb13f94ecdaea3c |
| SHA1 | 008cf53a12c354d6c966d5b76226d8db4174b2d4 |
| SHA256 | 80b23e47770c4e4d3b80c54b259d36e4c478a825d3756169e2983d4f8077201a |
| SHA512 | da808cb9e3460215ed2f2ecdcbcdce207af6742f5d1c57c03dfdfd82abe83152d58c9c7dd1da1b52afdd2b3321f624e2a99853133aa55e20371c907eb8da4def |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22e4873fded04b54ebb64082d13347a6 |
| SHA1 | a8532a0bbb5b0323f8c9d6a7cff4bcb077165900 |
| SHA256 | e1cbab22bdb5458e2e70a774c0f77119b514f99128e6b5f54c8f3ce42f706742 |
| SHA512 | 9c9de75af52b3ba873f0fb41c357b7962c87160c8bb2378179f2cfeca623b316c88bdaf3260d8fde2304df2b32856b6efb18ad29f8712e0626fac1082dd33115 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 28218d0dbd6955863ae306dd3af6123a |
| SHA1 | 3625cef58a442c0afa5ce9b6adc3005894680c0f |
| SHA256 | 4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c |
| SHA512 | cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e1bfcaaf381978a0a0d7f30d2fc3434 |
| SHA1 | 4f29f293775858f9257966a39feaa59787e9a129 |
| SHA256 | 9dd8f99d91ef5aaeb37b8d97208c550a836a9ae976df311cbe427dc456ccf2e5 |
| SHA512 | 7142231147ab381148219e68061ab94d413213859603b6225c9a16f74ea644ca10e0ef68c63dae03f452bf7fe29cb345abd3111095db3f26bfd868b219df9e0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5cb3a9bf999d84b60a3d509d9d70a01 |
| SHA1 | f578d244d596e58f11a3a984c48fd770768b10f5 |
| SHA256 | 6340f2cad33a1dc544388945129ddcfdb73e25e4cef448a140d6feb1af90c04a |
| SHA512 | 1ad15a0f06910b2d55224ff3844156aa03be5a5b8735ae55da584c64d5ee68406d02995bead862fa46dae534de041405d2a78085a477d7efdad20767c0100f33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2fb49efd8fb937a1935433c2d1f85094 |
| SHA1 | a6edb6ca6227396fce0ced0b0ca17eb6944cc959 |
| SHA256 | 95b026cc83878a5968ac3d337d46681f40160bfeb230a322ff8f4b5e26bab8fa |
| SHA512 | 2cd4729aec217d85d8f7c4eb77dac1da1040a4be4b1a9ddc542beef852bea86594d735135806e7695c615ef0aa0ebc7907de26fd2a6e4a9991264d726171189a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | feb93e3e75a8f8535c38c43cec85fe8f |
| SHA1 | 0182b725635b4078fc2d57084eacaf1929abb2e3 |
| SHA256 | fcdeda63a0cd701f2f965e63a966eebbdd867b2c6a56c1426fc899eb7128d7e6 |
| SHA512 | 6cd637a2cc35cadf38e17f3dc47d45a4eb2d0c01f3538ecc3bf689ff7f3be100c5c2f4cb23128d6050722ce96495b82e2a71210a6f9f82edd3acd9f5bf433d6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | edf5f0fbba13433f4c5674cf9a190807 |
| SHA1 | 63a9320c5c5491aa927ffe7e683324a9d4009c3c |
| SHA256 | 0362361c0ccda6e61f790568843a6804954d1db4d80288e0b43055704c9611ae |
| SHA512 | 27f23b8d1a6d2588c1c314a0569847d19a14f2f632576252fc105f125f23b1e8e9fa8b5396d6b0173d4d19fba4aa92cc3d45ba0e6d8c9e29c8e10c543f0ff505 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 81475aa1546becafa1e9031333fdfef8 |
| SHA1 | fd630b63fc0806649910676c22ca20f543987ebd |
| SHA256 | f428f6489782557ecefab8e9bfc53186360960c0d1f25aaf7e747ae7b9b8fc9f |
| SHA512 | 2b2a873f80a919c31467df239a5f86da9e46d6fb98715d622855c47cb8677d0a80a107862a68ebe0b8da3e9af05fe2232f4ba084e592926891aa15d89d114b89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 49d5355f5d9c9a234461f487dd59df3a |
| SHA1 | 0e829bb3954e8f8e4bdb3aaf42dd09bfabc5afbc |
| SHA256 | 7c2da75e1f448458b91874ae6a7ecc8e960119aa8b3a63ff5b0f2cc8297ad6c6 |
| SHA512 | 1cee33f7b20023fbea36dd6ca765525f8fd2457550e1c30550f8d36247984a6c27d3128f3ea70309840250509149ce7c5f9f768ded53b37e8d1254f451211e4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c6c063630cd2b53356b82ba535cb7601 |
| SHA1 | 0994fd0d5872ab96dba9a630a8b31961f8348120 |
| SHA256 | f376376c45e53a0f673c539a3ae6ef3479a8a53cfd38afb314d2ff9b41553e9c |
| SHA512 | e61dc8cf3295933b4b64a8f0c9d175b51baa31e6b87a2c1799bf3ab0fe3d7fd99cb906e8bfe73c0dcb86690b564227209c31a810fe79167c4c290fd0836b5025 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\.usage
| MD5 | 4ebf6b84bbfac6bd08b4195d7a3d3d49 |
| SHA1 | adb85afc9aea2ee47e12d56b39cbe1b7a1a1db09 |
| SHA256 | 09ee203ad6aeb3b919a95410f27657f81c685f412e6249b7fe84f575337d699e |
| SHA512 | dd391c7aca3b8b2184f19f50f1ce50f5cea1bacceb067548dad76d00943accbe82e2161283486fb7196b5ad0630b00a99fadaf140ec9d53208cccfb461f09bfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36ce9f498ca6151c569be86d31514def |
| SHA1 | 33e37407892c6aec0fb6478ea92e465959899c89 |
| SHA256 | 48871e398d474234098110cd399c1ef6d780540b2e92491a700d0ddc7e11e0d0 |
| SHA512 | db930851f7b617c7fa6fd53b9f5fb4ea840ced66907476de0a448d0cf3e68801d0319e7b2d7a88c5c0992ce42badfd7f79a1ece4ee21325948a1888cb2055d8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c7daba661d4ee5ce2613a9be836ebeb |
| SHA1 | 973099881b7c4f9a2787aab700478c98b4e8f2a4 |
| SHA256 | f786280d15509f237c96539a812dfd6bad80cb45d5f2b5745710f4dfdddc185c |
| SHA512 | d75c63020bcf1762f51061207a03382e55918ec3d4024bccd4c810ce980eaab55ada08a1e49b584c6b040f11a60203280937dd997983078ab7f24cf748435945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 371b57d56e880fa0341f8ff384320c5b |
| SHA1 | d7571e2d2317c7c2aab81a7cea4c1a63c0456d03 |
| SHA256 | 6b74c4f7eee0808af2ac3c8f995f9518c085505fef28a4c1bc516f171ed0dc67 |
| SHA512 | 80aeaad71b745cb4a8bfdab37e8fb740f0e32b7c244cdab42c0ed52b978ecee193839744d27fd1ae6a23ebe8def9781bbc5a151662269017caea6b89c83fe493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23fae17e-2b58-4c53-8457-d2d369ee2a14.tmp
| MD5 | 4f8df928d7450f8007a0651d9331a137 |
| SHA1 | 17562b9b08f9135d40cff6974131bd76e40e3ced |
| SHA256 | 2ac5fe9c31a2f9496b93f415fa8fa2c85ca023395a288eada555f0e5ac22973c |
| SHA512 | 84861b6f5185909c6cdb09e6950b1ad67b2bde8a8bce2d68146d13c1abc53adb55656e6a90b30cb507f3ddff2576f006c9e2fef9b65270969fe9649de63cd370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a9cd701544880b34599293efac0914a |
| SHA1 | 7225a9e5379168654d9ba57a600e3e358a36e47d |
| SHA256 | 338d9dec3e1f7a10f25595ccce4d3570613a15273ff042a256f150f6b0299e21 |
| SHA512 | b1699068766e15732e2628bc6790cff6b40861eb95ce632f205b687c6ad018e89dba2ec9139daa9a73cb836e51ad0ff738745fe9f7977d53317e1d872e62c719 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e7aab3806ee4fc806cb85bb7d20135b |
| SHA1 | dcdeeab44cdb69be224f853a01f12216ac48c4a0 |
| SHA256 | 52995e3ce7193fb745a7d22106608f3c94a77b4407082dbe6e8d7b48287ae765 |
| SHA512 | 57281a51780a31a8fe4261c0cbc5da3a0d2ad99383df4e8e7671848e89519e00ae8ed525b5bde6367415b8d7f8b9bc94ead72e0b99586b01fef206b1b433507b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4ad6ad4ec9ed6423bd342662ddd1d66 |
| SHA1 | e36a810eefbbacc344c48e79cfadcf20fc7adb3d |
| SHA256 | 9651e7fc4e0451d5a10d8f6e0e685c3a1b1b4d8c412ce552d666a5ba77d55212 |
| SHA512 | 0679f681999f5e11f882a08a15191f8bbf0b3bdc10f237b6d74e5b3f0b5c2770f2320fe72e0e7522f1a0f80f085015e107b206757e62a9a525e4dd0e8115ab87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 95d0555d54f6b367c0dcd964b4f39405 |
| SHA1 | 4a6ef0518c66fd2c6bc71b21213c3fd0063c0a06 |
| SHA256 | c1aeb5afae2232a4935dc7e59c747a288f5c89b44f1024e0707c48aa258354c0 |
| SHA512 | 8f1734811291258f3f7b8925e0d7669ba71695d0710eb57cafb7f8541db46dd9c1dd4739c150b97a89e5f0a9f2d2bd76daed84e2b7385aba589e71a9bc5f65f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b0694.TMP
| MD5 | 27dcb102b17d7c1935085cc362ba98e2 |
| SHA1 | a75235d30e3087cd692531faa9ebe88dd3f82d33 |
| SHA256 | bac10181647f1ca3dbb09748a68ec08cb5e3ca3fb5d1989107e5f9b9e7bdb32b |
| SHA512 | b477ed01356d2034b1a4c0652de0474f4ccd7ae433ad902962c95d7aec262dedc714a181518b37a212297307215d28b5576d281def4679c379d5c44031f75835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1965cf998372aaa43b0cee5de8c47c2c |
| SHA1 | 5ccfed1cc6fe0224820a609362472bd82abf0de3 |
| SHA256 | fe809ee1899bb15a8d5ec14595d19bc73259b8d76c318cf40e70e16965272bd7 |
| SHA512 | 077040bfcfdf24315a00dc8ba1ab060c81aa695ffa538bf9125d139e468e4073ee33361ed74ad018594c7d8ec7cde6ad444ea89897961fd926c7028e320d9339 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 024ab71c727fb6877ba06268961fd217 |
| SHA1 | 19c660ac1713268a07569fd47b632db43acee2f6 |
| SHA256 | 38f03daf35a988839dad3c73f06728de8a38bef1e16ed9ac40e502ba6123b769 |
| SHA512 | 5f15d233816d017726ae872de5e0c09ad0a4c03f7e252133baf9d1cdd03e96867f78d0be6a180543db4124874d38f03ddf268f1224a2d3d6aec1bbb53aa38d8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c5753c290f409aa78e28471b4dbc819b |
| SHA1 | 293e6739e56e0de7109d4d0ac9771c1549cf6bb2 |
| SHA256 | a49e3421adfcd4cfc325123d53b1d57cdb6e5d4648c2b0bb13638d864db9b706 |
| SHA512 | 4485ee713227d9127de9158a5ff104c272dabe01d8f2fc87ca9b532cf30803ec42f7eedf86301d2ad5a991b1f0ccb852c3f07fe0d91c0fab4df416305252e58e |
C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\x64\Setup.exe
| MD5 | 8a179892518a2c4e8a63afa91de7bdce |
| SHA1 | e9b095c966ccc4c4900b4cf741c067d2a0f43cd4 |
| SHA256 | 72ece91f65a461c5023695bf5f31b5b6b5bd629dba8407524e8144f6d1e160e8 |
| SHA512 | 91abb220c222a89a2df27818b8385b4015128a35b7d4c43d0f497717a4e5a55dfb9dc1da3f47a49a2400ea8300d41d52277331a6c7c3437ac5cb867a4027b220 |
C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Lib\level4.resS
| MD5 | 64d183ad524dfcd10a7c816fbca3333d |
| SHA1 | 5a180d5c1f42a0deaf475b7390755b3c0ecc951c |
| SHA256 | 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a |
| SHA512 | 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e |
C:\Users\Admin\Desktop\Ianch3r_win_64-86_v.3.1.+P0rtbI3Extens\Lib\sharedassets3.assets.resS
| MD5 | 72fae5518ea21bdc76c16024cee3b570 |
| SHA1 | 3f4aabfbd32aeffd356a077804433b1593bc0754 |
| SHA256 | f33c795a1d2ffc812d3c2f87e8666b16d135ea674f64bfcf6385bcaecb8cf291 |
| SHA512 | 5053c8f8cede72f22223c4d1f992f8eeb584e54a7205268bb31109781a58cd4de91532a6b1c3bbf3e5dc833897ba0b40927d096aefc5c25fa183427094b9220b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24ad301448987a34442326c1d146d27b |
| SHA1 | de3015f5b14f13791922e8faefca1a3fd0d67c66 |
| SHA256 | 948a6e431efeb065e9066f11a2d1ad34736ed03653d8f4c3e88a522a06e46c3a |
| SHA512 | d1075021d83ba247651c8c434142b9e9a57299688c6266267b864b4c6059b0e59bb735768d2a36554453da41e638997ecd19f93fca472a0e7f62fb5b58561e7e |
memory/2352-1868-0x00007FF6CB8B0000-0x00007FF6CC08B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2cc64603
| MD5 | 957edcb00ce0b522499f6c799ea11053 |
| SHA1 | b1c91d93701d206820e45118e0df50d34790d27d |
| SHA256 | e4456eea3e2fca53bc2a06fd247eba74bf668c39069d5c821d082ef7dfa03f5d |
| SHA512 | 167cb1c01f28bc40f85d0d8f895346d147a286811550142ebdf659cc4ba92f015d4def386d58adf4c48b1946ee31ddd8dcbef50ba09533889e9ad161c9867eb6 |
memory/2352-1874-0x00007FFD9FE90000-0x00007FFDA000A000-memory.dmp
memory/2352-1875-0x00007FFD9FE90000-0x00007FFDA000A000-memory.dmp
memory/7492-1877-0x00007FFDC33C0000-0x00007FFDC35C9000-memory.dmp
memory/7672-1882-0x0000000001400000-0x0000000001B4B000-memory.dmp
memory/7672-1884-0x00007FFDC33C0000-0x00007FFDC35C9000-memory.dmp
memory/7672-1894-0x0000000001400000-0x0000000001B4B000-memory.dmp
memory/7672-1895-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/7672-1972-0x0000000001400000-0x0000000001B4B000-memory.dmp
C:\ProgramData\GHDHDBAECGCA\KECBKK
| MD5 | f367bdfbbe591616b357ee5962a8e145 |
| SHA1 | aadd7501f805ae429a11bec8959ae6ec9bda7e43 |
| SHA256 | a8ddc12322f21fc76db93246d5338c9e199d6741503b43c73ea06f795bd13654 |
| SHA512 | ddd6a64f41d25b2a30bf0588632abe8bf6fddb083b9476251d47b73d390a2788e274d4b640186bd2ec0bd0fd370465482777e8ce302d3e055173263664343b42 |
memory/7672-1976-0x0000000001400000-0x0000000001B4B000-memory.dmp
C:\ProgramData\GHDHDBAECGCA\AKKKEC
| MD5 | bcd44e1dc4b8c98bfe46334c05c50851 |
| SHA1 | 2312cd4e3279d57c64fbfbfffbc98cc9e0e6b720 |
| SHA256 | 116d7fc2ff0d14b5a94007416a5d78c97d8a8779c6b02b2067a4fce3534f3406 |
| SHA512 | 21ed99c0787e05cb16d5a46db01351aca43abe5a6c6cf82b8a6148f157f454377e7cafcf7336c6c275abd2caab63feb40a312bf416d75c2eca1d7dba3ef34549 |
C:\ProgramData\GHDHDBAECGCA\GIJDAF
| MD5 | 573d07f298e4981b3afcab4e436fe68d |
| SHA1 | fbe2febe1372d0472124709b20140e94c176d7e0 |
| SHA256 | aaeb229fc98f2ed346038f859c80676e3f272bdd4f10ca9ce7d27004da957962 |
| SHA512 | 2a08a21fd23a856d3690beab49f25556a4389bcb5743d791fc255fe0a54997b6ad053e98fa33152cf5fd8cf0113332c459df1fa031b82bb82ff767027f2bbdd8 |
C:\ProgramData\GHDHDBAECGCA\HDGCAA
| MD5 | 035866c22217dd925476f6067a2d360c |
| SHA1 | 156734cfbd19c4d0de3f216d65761169f4920870 |
| SHA256 | d5740148d10b53d6e62a4f949f2c70a2efae574b1c9ccc430bc6b718cb69478a |
| SHA512 | 026ff07be45c7d087dbccb0cda59e2f870c53c8bc18f2163de671a211ef7f5aac48d797c6da90549fb69661aa4623001f75f84aae587247f9e257a0baf919d52 |
C:\ProgramData\GHDHDBAECGCA\BKFCAF
| MD5 | 2b30906161b46020ea304c301bc4bd33 |
| SHA1 | 4674469a29042411dd1902d3e2c066eafc2634f4 |
| SHA256 | e8ddd50a838a4a4b62a96ef1a56ad162d9afbc19e70aebb8c39ab86f3aacfb78 |
| SHA512 | 854403a3f924300a6647e0b731f9ffcd78dfe6a59b24f5123427846f997e76a0fea592deb881168de5fd825adb95da483518b9ddb93cfe9a117ae9f0636300b0 |
C:\ProgramData\GHDHDBAECGCA\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/7672-1998-0x0000000001400000-0x0000000001B4B000-memory.dmp