Analysis Overview
SHA256
6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91
Threat Level: Known bad
The file Wave.JohnPrlx.cracked.rar was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
Xworm
StormKitty
Detect Xworm Payload
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Checks installed software on the system
Adds Run key to start application
Looks up external IP address via web service
Enumerates connected drives
Sets desktop wallpaper using registry
Detected phishing page
Drops file in Program Files directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Checks processor information in registry
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-29 00:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240508-en
Max time kernel
449s
Max time network
1169s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CefSharp.Core.Runtime.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240611-en
Max time kernel
1486s
Max time network
1500s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\lz4.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240611-en
Max time kernel
1478s
Max time network
1492s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\wolfssl.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240508-en
Max time kernel
1796s
Max time network
1800s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zstd.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240611-en
Max time kernel
1483s
Max time network
1497s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4388 wrote to memory of 3768 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 4388 wrote to memory of 3768 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cracked by JohnPrlx.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\cracked by JohnPrlx.txt
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240508-en
Max time kernel
1800s
Max time network
1801s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\DriverUpdt = "C:\\Users\\Admin\\AppData\\Roaming\\DriverUpdt" | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Enumerates physical storage devices
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{CB074A14-8E49-4370-BD43-9F1BAFC4285C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 215771.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 557287.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Wave.JohnPrlx.cracked.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Wave.JohnPrlx.cracked.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff875f43cb8,0x7ff875f43cc8,0x7ff875f43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4684 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24646:100:7zEvent28821
C:\Users\Admin\Desktop\WaveWindowsCracked.exe
"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3568 -ip 3568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 1120
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "DriverUpdt" /tr "C:\Users\Admin\AppData\Roaming\DriverUpdt"
C:\Users\Admin\Desktop\WaveWindowsCracked.exe
"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3876 -ip 3876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 1060
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\cracked by JohnPrlx.txt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\Desktop\WaveWindowsCracked.exe
"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2308 -ip 2308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 1092
C:\Users\Admin\Desktop\WaveWindowsCracked.exe
"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 112 -ip 112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 1088
C:\Users\Admin\Desktop\WaveUnCracked\WaveWindowsCracked.exe
"C:\Users\Admin\Desktop\WaveUnCracked\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4996 -ip 4996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 1116
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.18:443 | gfs240n108.userstorage.mega.co.nz | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 23da8c216a7633c78c347cc80603cd99 |
| SHA1 | a378873c9d3484e0c57c1cb6c6895f34fee0ea61 |
| SHA256 | 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3 |
| SHA512 | d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17 |
\??\pipe\LOCAL\crashpad_4212_GDDIUZVFXHPEQJHZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e4bf11ed97b6b312e938ca216cf30e |
| SHA1 | ff6b0b475e552dc08a2c81c9eb9230821d3c8290 |
| SHA256 | 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad |
| SHA512 | ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c54dac767082712f7ca7dce32077c943 |
| SHA1 | ad31d59acd83213e86eb8a049cd374cca5bc0038 |
| SHA256 | 76a44132b7613c6d35c13946ba9e96d81f2117434816fd4c337a88931d712c46 |
| SHA512 | 9437570baa88a83b768a33892ad41c2be23358c51ca9d5d69ee5be1d4031afc08603676a05a70fe8710681879935a11491b7ab199e2ce70230fa1ce49f157ee8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3bc1a5d94a09a23942497cea2d841f14 |
| SHA1 | 3cfcbcfedf67c74b62891d54d629ddbcce3032b6 |
| SHA256 | 09c8f326302dd3e32c8d1b23a0b6eee633b7183e3bace5abff8c844ad50ae205 |
| SHA512 | 525041a2b6c65e8a46051dfdfdc1ea038d22b5ac75feb2c36d5c20100f6de7ccc519fe8243ff3edead6e35a8491a678da86c52793aa4d8d30130fb06eef73979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b084da77-8824-4fc1-af4a-1de669982cda.tmp
| MD5 | c9abb50fa4552ab45153b9184eeb5725 |
| SHA1 | 5c6b77f65c380d795e629877fb99346955cd85f6 |
| SHA256 | 5fdd3eba2293edd32feaaf45dba1e90da5912605e75f4474ce869ac40fa323c8 |
| SHA512 | 5d01297eee3f49ae6485138813b0dc543cc4bc629dd90ef78d12d9ab74436591bf86bf141d396124acc7a42146a391941049d30bc3954f02182ce9f75e71ca03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3dd75c12b6b3a5085bbb879edc7c0fbf |
| SHA1 | 01476913c98465c21d5b6366da3518edd3997cea |
| SHA256 | 02db9291f6c58eb0ec22bbf06610560eaa4efafbfae14f1c7957722e2d067ace |
| SHA512 | 0eb011d1b1b84efded4eb150704ca6b8b52fa439130d44cd0833b289eeb32606dd236485bfc22d478ed9241b89a81d91d59e5dc14331c27bd6f2a46e659b4b28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806f0.TMP
| MD5 | e45e669c796047fae42c09c92ebc3e83 |
| SHA1 | c476929fe0235c311e67891af2b54dada89921cd |
| SHA256 | f7bfc3bd94868941a8cd20532aaf7d2bab150b74af5fbb5f797014b395a2d4be |
| SHA512 | 88362dcd7dbfc5c4c61b6f4536d0786762dee9ad5c7e7a9ff10fdbad93aa095ccf202cac045a0a55e2eac492745c35e6672b8bff09e1ac88e0e1df992d1f69ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 643c99adbc935c1b14bb9a84b509a9cc |
| SHA1 | 8f47032649d0f5e080207b3338467759c5a58865 |
| SHA256 | 3b6f86a801720a992619c1dcce4854866d2763c9b8dd6c702b1c607c9e4ff84d |
| SHA512 | c93c0e875109cb328d32413a16292a42c3407ee5cc96f3afa29038d530aa798d5ede3637ac2f898982ea48233665ac1e2ff1fb42f1a42e6980e43e3fc40ab032 |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 3a2f16a044d8f6d2f9443dff6bd1c7d4 |
| SHA1 | 48c6c0450af803b72a0caa7d5e3863c3f0240ef1 |
| SHA256 | 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6 |
| SHA512 | 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6 |
C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier
| MD5 | 2920729da1ffdf0a8af2d7170153f6d2 |
| SHA1 | 2b5269271b4494e24abf9217204b13be59be4660 |
| SHA256 | cd2b4f422661fa94aa10a6cc8ec747573f554ce7c5f94a0767ab9985288d1fe6 |
| SHA512 | 158c3aeb7f35b338eb61864c74d91d0acee3598f5c579606155a33ac320e784f7b54346e4ae5b594477b4eced967410a969af5d07fb32fbb0e5abbc393381d9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 30c62bc200be77aba65cfb9984cd48de |
| SHA1 | d491095c90b65d47e1588d2daa37528ac694e915 |
| SHA256 | 23e3add83bb202f2cba8554cb42dc9d5649b4c92658b6e8383286305ecb8ee35 |
| SHA512 | 0b311ca645c23a0b22258da279ae6d1a03805ffa1780d83dd2c9dc3e1e336e22d91acafc9062fb394615c0975e46b56a0e1fdd029b83b730a0d441ac9cddbb86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 143c75db7c2968f5b0be36ae1a6c42ed |
| SHA1 | 424d6dcb390691050b8437ed49ba88971edbdcfd |
| SHA256 | 05407b3691bcb61642761f984a982b96a9458c40250829d06d3ae6be5594e60a |
| SHA512 | d687627351b49a45ca1d99d7ad1e20802877c7cfc2b80d861538e99fb8655b83d36901fe852c7242b91d538c1ac61c84b30e18bf52f8a97512e79a958e722a58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f18121fe3ecc55338ea5256e0518f86f |
| SHA1 | 2b763a9f19372d45af5b86f1b6a662a6cbcf5110 |
| SHA256 | 4ba547e083319f7003373c6b2a4446414f6000dd952ba46df887b43619ce853b |
| SHA512 | b0d3e6cf632a9441e80614e250ac2d67cd3dac696ad282154a17a2df3e6212bbede678060a9ce73249ad36aca6f7b7994f988fa3ca5089b174157fca29360ebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6ee5e7b53a1a2eba0eda2e766c6623b4 |
| SHA1 | dfc00a1594b2a15ca03adac9e3592cf5d0bbf39b |
| SHA256 | 6140fad2d6a551d5f5059a184c2e5184597819ac10bda54267bcf4c59ab4dc04 |
| SHA512 | fb0c03905d2daab287d1bfb188637ccf8ea0da79f0c816a6868a17ad6d34b29ac2c79bb95b7e3b3743e97c161240ba1ef3ca2cc9382e646c762169921cdd562c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | b15016a51bd29539b8dcbb0ce3c70a1b |
| SHA1 | 4eab6d31dea4a783aae6cabe29babe070bd6f6f0 |
| SHA256 | e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a |
| SHA512 | 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 9e3f75f0eac6a6d237054f7b98301754 |
| SHA1 | 80a6cb454163c3c11449e3988ad04d6ad6d2b432 |
| SHA256 | 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf |
| SHA512 | 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 620dd00003f691e6bda9ff44e1fc313f |
| SHA1 | aaf106bb2767308c1056dee17ab2e92b9374fb00 |
| SHA256 | eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586 |
| SHA512 | 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92c4839cca316f756a048fe1e4fc2cbe |
| SHA1 | 7b2c0cea8ba2f6c4b1b3c297bae16181fc77a3c2 |
| SHA256 | ba1bb2ced1a9e3fa0b5464b0ab41bffbac908c1b5e1e79dbff3cbb3760d3a8ee |
| SHA512 | a367ad5b3b509d15f03e0ab3172568bdf002376464ce465568a4a079bad5724d89f6036efe3f489107017ea7c57905c1857665e8775161e1f86d54df7cf7a1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b94a5ad00e82e7f6e230d631e914e2c |
| SHA1 | 938c286c199d929a6e8ce039ec40f0c6ba63e2fc |
| SHA256 | 79abc84276194cec02caa829a6906e9d32fe593b6c42a50a09b0f7965f710654 |
| SHA512 | 3dadf31065ee761049056439256007cdb660c867e755dc7545dab255b941bdc06bf7b513796968628797b48fe9eee7003e50b280d643f85d15649a4521d7af16 |
C:\Users\Admin\Downloads\Unconfirmed 557287.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier
| MD5 | c890bea6e954f09438132954810d7427 |
| SHA1 | f615d11deb02acb360649614730f82a909232618 |
| SHA256 | 44a8204cd11c7f1d91c8dda2fe2bbd935a55c8a62e073a220534ec8587f121d5 |
| SHA512 | 4b42cfbda92affdea4b3fb64efc28dedbe598800e6abe17733d0645a8c60d9586b8a28c8bd1ccae3cd6e305f6ff8050bd221d4bd40ba41b79d69609aeaf3a53c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\10d33fdd-f8ce-4726-bc42-217e5faa5034.tmp
| MD5 | 589be2759711e76901b779ddc8fc4535 |
| SHA1 | d6d63b4995fd7fa6fcfe03e918fb0744c650c185 |
| SHA256 | b0b619cde6c21d096045f34e879d23423782f53c9796c3722d8b0d3c9f2acf2f |
| SHA512 | 5fca57092b879aee4efe97366e32045f183f48ad72da19feb9898a08c62368a664ee9b8340d936096f2097d9ed81f3d5cc514e7c40950540435ee66e856e427c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a8a00b7dd3d03e0346cdf14772c397a |
| SHA1 | b2a75a048c87538101baba99810e5ab76be1417b |
| SHA256 | ce1892ba14d00c8bee4eb1bd9cf4d717c45401f7b44cff7e879d018b33eb4c49 |
| SHA512 | da718407d9300cd829ec9d6aeb122ad7a5a06e343f053dd4324cb2e2500f7b512f76ed1db48ca39602392a6875836fa8fb1b27f51377a46f84fa9595fe486ba7 |
C:\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3584f324a62edb578a9c4ae4ba36f589 |
| SHA1 | 3f5a09561b661bb76e19972819e2d3ed8337da6c |
| SHA256 | 2536380e6f1ee6298e86da399dcbc6d125919e5d960ba176d542a92307c93abc |
| SHA512 | 8aafe314b216c6ba88d3c34d9f6525b976fe371b05078d47a1ee22eb7976032101cd4f28fc7e09b1eb4979d616998f799c0a86528435158405b53b4cf13845c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28427b3dac1c15a71fcd4597746faf26 |
| SHA1 | 94ff382036173fea8a18cd1864632cc0b2171e29 |
| SHA256 | fd013731a2ed41ec881df9b7e4207a1b8c6e27b1245078156b7b40f9739872cb |
| SHA512 | 5add82f67e17e1531da47cfaec7c0802ff4f3ea0a6b30984e970c0ab54d5c2f8161a45ccc410d5588609e9e1fed93f2166734dba5b348f42fa59f342def48dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5102955d3ccae38210b5bd7f6a010d38 |
| SHA1 | 1cfc0ae61e227d74f1f54ad2503c30fd7713900e |
| SHA256 | 2113f75f8684695652cbaf8b27880d98117409fce0a91baadb7c10a7f0f15402 |
| SHA512 | 9a10e50e292cb042ab7dbc125fd374e2fafc7be477371a82170b4e92ee3faa7b80231f102ef86cc184c4179f4c322abb6fd0bb165585c37c043cd9ae323436d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 29ed78b30337df3500210c8945403349 |
| SHA1 | 28d9f09a1653e2fb71ebb1c0dcd979da01d1bbde |
| SHA256 | 330d182cf5a694860ef4e5d46b534d452b9c3df00104330951e07ecdb72f9c65 |
| SHA512 | 39e4db48ccc0afb0bb5168462848e3fa38c7accb663c4a0c4672536f5f3d5c355532806c1a5aa4f6db48f6c3c8580ed2b0d5cf751fc56208ee7c242dee9ad03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e05f451ec1677e17ee4761b8568b0afa |
| SHA1 | 894fa5c2affd3d33fa0a692cfa2607a7c53327e7 |
| SHA256 | 5d63e759fdac4edac23515f48883825bfc1985f116e56841a3ac9a8067da56a2 |
| SHA512 | 55df5761eb68777368058c60938c787515359555f7c72385f572bc6bfd6bcdf0ad56bbc691ace3009d68ab2b2b91c0624a6111ebd17399b2db6ad54df68ee1fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bae4182b1a2521ff05af58bba687fa32 |
| SHA1 | f4c4944c2c18a5637c0f4873b3190cbf81ad161d |
| SHA256 | 747081ab9b1e087537bed9085229cde1ff9e596f49a0b0cff6ccd288f400f73f |
| SHA512 | 705f05585637713a919c26bedd7812c0586b643bb67c5a3d051cf347c40dc34cc5c52da3f54c59d0ba0cea08dab21be8378b4ea7e6a20b379e8163cfd1192f89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6d9f6a8aca77e233e2d6f7574e0326e4 |
| SHA1 | 8d169054adc4190422368209919b6d7ed3a5925f |
| SHA256 | 37898c5bef770170ae04c6832474ef0aac65cb863a5fe3234adf055f7933ee1f |
| SHA512 | e602de5cb63bdb116af97bcd1b2a90057709425e57178a1a8bdd837da61de0c3a94b12189063bd84f5594b4ff846a37891c8a8c2b6c8c1af7e975921ef22ee3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d13d9.TMP
| MD5 | 71a6fc11ac4a81daa607cce2b823f640 |
| SHA1 | 366cade533f6db4b5a38cb63e6877139603c1fb8 |
| SHA256 | 753a3ba566f582060ee270bd06e80655c3822c7b6ab4136957e423c08cda2452 |
| SHA512 | 74709dfe6efd9ff0d7b55638c41b1ad2ad78239956fcdaf8ffacee5503cce78c07c65d02c74cc60c9ba0eb74d72d6c0f6c48bf8f07986adb8cb881fe9810f759 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e27e94ca72e1e03a68eada975e97ed12 |
| SHA1 | 42ebb696f8d05440ef9e67ee562f7800c1336a63 |
| SHA256 | f94f56c309bf189ddee141c4e333eb73889a0687a6e6c4167dca8da4f9c7a743 |
| SHA512 | 2f360573f956545af888a1ab6bf9d1ffdb989764070c234848a79403a83415330faf631d97b7bc2e91368adb031281e6f399f073985e9b1b1d61238a84a63358 |
C:\Users\Admin\Downloads\Wave.JohnPrlx.cracked.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f4f6b3bbc54189c0c149905c2756d95 |
| SHA1 | df0ed61da91ae755bd8774c472d08fb84e515dda |
| SHA256 | ce5e36264584ca173b7b69eb851c20086d0603895b186873df91528cc10ac243 |
| SHA512 | d3e4f99ebff4dd95e530825c4351c1215acae11e7a7f399872a0df52d7cc893f2b5d228fe7a6fa0bd770f07ce9d0793430a84ed6481640ade849b17419009eac |
C:\Program Files\7-Zip\7zG.exe
| MD5 | ef0279a7884b9dd13a8a2b6e6f105419 |
| SHA1 | 755af3328261b37426bc495c6c64bba0c18870b2 |
| SHA256 | 0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b |
| SHA512 | 9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
C:\Users\Admin\Desktop\Wave.JohnPrlx.cracked.rar
| MD5 | a502e43649c31bd6007912d68b37cad1 |
| SHA1 | 9076425d466c78f4cf458ab9913fb0880fecf7d0 |
| SHA256 | 6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91 |
| SHA512 | cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0 |
C:\Users\Admin\Desktop\WaveWindowsCracked.exe
| MD5 | 1aec1baab610e71d2dd83ddb08d9c49a |
| SHA1 | 47789c92be6ce830faa926acb1969086d410e4d4 |
| SHA256 | e2bfe1a9a590aab1f7572309b45c0cf88558f9c3463acb550d30e24f47132d1c |
| SHA512 | 2435a57bd91dae06c62ca1d209091f3ce4f3de9012eb80b901e89a62e60b28d45e5c94d018c5af5a831b3ff8d28e4bfc6e0c487125be14926a62b970e459690a |
memory/3476-1151-0x00000000004D0000-0x0000000000C76000-memory.dmp
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
| MD5 | cd34bf9c69f229818a4c9301e51435eb |
| SHA1 | bfb95a5dc5d777e2b5940f354da271fed397adb2 |
| SHA256 | 3b217daf815ced5cf1087d1f408fc3833c9d80a1e3e25b3f9041698b9e34216f |
| SHA512 | 2c68b211a4c8c144713cbe99214e8dc33d3ef6c1f244af4a313ff5ab93d946a4281d404b02c5f66ef5652071279649082877eaa728912a0e769c2c848e0a8e6b |
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
| MD5 | 65485b0475b6c8a3b4f35bba541938a6 |
| SHA1 | 28e6e6cd2ebf8a9fdffeb4aeba13b70ea7ea03a3 |
| SHA256 | c6740ee5c8afdc2c7be42fb03ab5a346925efc6ac785fe7d68dec2d5f05d276b |
| SHA512 | 034303ee48132b80da79e54a6077676cfd436ef869493a11a27c29dc7cb730fd2ce902320d554a0cde81fc0a06f6c56efa5c170a1360906ec9fa7fd101c3706d |
memory/3568-1175-0x00000000009E0000-0x000000000116C000-memory.dmp
memory/244-1176-0x0000000000680000-0x000000000069C000-memory.dmp
memory/3568-1177-0x0000000005E30000-0x0000000005E7A000-memory.dmp
memory/3568-1178-0x0000000005CC0000-0x0000000005CE4000-memory.dmp
memory/3568-1179-0x0000000006340000-0x0000000006426000-memory.dmp
memory/3568-1180-0x0000000006250000-0x00000000062C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fbsalbnm.b3v.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2828-1189-0x000001C2E1750000-0x000001C2E1772000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d0a4a3b9a52b8fe3b019f6cd0ef3dad6 |
| SHA1 | fed70ce7834c3b97edbd078eccda1e5effa527cd |
| SHA256 | 21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31 |
| SHA512 | 1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 050567a067ffea4eb40fe2eefebdc1ee |
| SHA1 | 6e1fb2c7a7976e0724c532449e97722787a00fec |
| SHA256 | 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e |
| SHA512 | 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4914eb0b2ff51bfa48484b5cc8454218 |
| SHA1 | 6a7c3e36ce53b42497884d4c4a3bda438dd4374b |
| SHA256 | 7e510fc9344ef239ab1ab650dc95bb25fd44e2efba8b8246a3ac17880ee8b69e |
| SHA512 | 83ab35f622f4a5040ca5cb615a30f83bb0741449225f1fd1815b6923e225c28241d0c02d34f83f743349a5e57f84ca1c6f44016797a93d5985be41d11be79500 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WaveWindowsCracked.exe.log
| MD5 | 2cbbb74b7da1f720b48ed31085cbd5b8 |
| SHA1 | 79caa9a3ea8abe1b9c4326c3633da64a5f724964 |
| SHA256 | e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3 |
| SHA512 | ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9 |
memory/3876-1240-0x0000000005FF0000-0x0000000006014000-memory.dmp
memory/2308-1253-0x0000000005600000-0x0000000005624000-memory.dmp
memory/244-1296-0x0000000000EB0000-0x0000000000EBC000-memory.dmp
memory/244-1303-0x000000001C8B0000-0x000000001C9CE000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240611-en
Max time kernel
1799s
Max time network
1802s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Windows\CurrentVersion\Run\DriverUpdt = "C:\\Users\\Admin\\AppData\\Roaming\\DriverUpdt" | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Enumerates connected drives
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\Microsoft OneDrive\\@rsg666hfguhser0__dgsfghd-rsg666hfguhser0__dgsfghd-profile.jpeg" | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Detected phishing page
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\WaveWindows.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1064" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14393" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "6989" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13008" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1064" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9289" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "15450" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14513" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "15450" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "7141" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4025" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "11293" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{1F702A9E-708B-4E5F-A9E6-CD7B6975097A} | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1097" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1097" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14393" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4874" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1064" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "9289" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "11293" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4172" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{0643546E-7FAE-439E-A1EF-266A3A8759ED} | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14513" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4025" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13008" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "6989" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "11293" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4172" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4172" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "9289" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14393" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4874" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1097" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "6989" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "7141" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4025" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13008" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4874" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14513" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "15450" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7141" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DriverUpdt.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe
"C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe"
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5108 -ip 5108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 1112
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "DriverUpdt" /tr "C:\Users\Admin\AppData\Roaming\DriverUpdt"
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004D8
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://call-me.lol/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa27f3cb8,0x7fffa27f3cc8,0x7fffa27f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3332 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.0.1291100790\1276010429" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1732 -prefsLen 21996 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {046b4a68-2bdc-4d10-a600-ac8546b5983f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 1832 29399d21158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.1.1621006116\1690990997" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 22032 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ab2125-5ae7-486f-b3ec-9a8bbdf6d32a} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 2356 2938cf8a558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.2.1285624422\2070716714" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 2876 -prefsLen 22070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1875f8c-2ce7-4e53-86a4-789473289491} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 2988 2939cb14258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.3.1093053364\1288976023" -childID 2 -isForBrowser -prefsHandle 1304 -prefMapHandle 2492 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a75da79-9a8a-47d2-905f-5e339de403b2} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 3528 2938cf85f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.4.122925433\2071208779" -childID 3 -isForBrowser -prefsHandle 5052 -prefMapHandle 5064 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6329a70a-5f33-4bf0-a1a5-787a5b651f3a} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5044 293a0be0d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.5.2089951560\50173316" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cce37d6-d36e-4847-9221-5930db832316} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5188 293a1194b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.6.1468298854\96881677" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab0fb21-a29e-4012-aa2c-49f9faea51fd} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5380 293a1193658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.7.1053342920\1777311458" -childID 6 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfdf9c73-ae78-45dc-a4b1-e06f25969505} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5856 293a2666158 tab
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4624 /prefetch:2
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.8.694606828\1745854223" -childID 7 -isForBrowser -prefsHandle 5132 -prefMapHandle 5156 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef9aece-f54a-4526-b5fd-107afc51322c} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 4184 293a145d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.9.1632384485\958062158" -childID 8 -isForBrowser -prefsHandle 7420 -prefMapHandle 7888 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f3af915-2e6e-44eb-98b4-2cf3fa48f441} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10280 293a5114a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.10.2108817479\1673027241" -parentBuildID 20230214051806 -prefsHandle 10088 -prefMapHandle 10084 -prefsLen 31070 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81fe33cd-6e45-4a2c-aeb9-f84ef59fd184} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10152 293a5de7958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.11.1090557392\1755301950" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10100 -prefMapHandle 10096 -prefsLen 31070 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ada2bae0-0d03-4bfd-8891-5d743cfcf9d9} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10280 293a5de7c58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.12.1872319128\742132062" -childID 9 -isForBrowser -prefsHandle 9624 -prefMapHandle 9780 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7676aac7-bd75-4289-92e2-09570060eb95} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 9732 293a9183658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.13.829208263\591499407" -childID 10 -isForBrowser -prefsHandle 9092 -prefMapHandle 9412 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b2d768-6c32-40ce-bed2-e15b1c5f1244} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8960 293a506a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.14.541139170\1474848662" -childID 11 -isForBrowser -prefsHandle 8720 -prefMapHandle 8716 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {386ad311-cf24-4318-843f-afcbdf55f8d0} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8728 293aaed4558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.15.773698370\1336297786" -childID 12 -isForBrowser -prefsHandle 8544 -prefMapHandle 8548 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc2b137-779f-4be8-8a78-f8b2df14e9e8} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8636 293aaed5758 tab
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.16.1851127025\1019597268" -childID 13 -isForBrowser -prefsHandle 8232 -prefMapHandle 8236 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcbd727c-c94c-40de-9e03-10a4aeffb75b} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8220 293aa16ed58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.17.1196738510\953451174" -childID 14 -isForBrowser -prefsHandle 7988 -prefMapHandle 8196 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e452e856-1b26-40cf-8154-ee0806ae5186} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7996 293a837c558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.18.2107622122\121893336" -childID 15 -isForBrowser -prefsHandle 8012 -prefMapHandle 8196 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1b7ca1-91c8-409e-b2fc-909783f605ca} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7872 293a556b458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.19.2130247768\1045026588" -childID 16 -isForBrowser -prefsHandle 7588 -prefMapHandle 7592 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08759edb-6d4e-40a3-a735-778f3782a2c1} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7672 293a556d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.20.1590136977\1058596948" -childID 17 -isForBrowser -prefsHandle 7480 -prefMapHandle 7472 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ddfa7d2-477f-487d-9b60-41222cd56c07} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7392 293a556d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.21.97091117\2108993832" -childID 18 -isForBrowser -prefsHandle 6704 -prefMapHandle 6700 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3c88b3-a7d0-4dda-9c2b-945c240352ec} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6652 293aa10c558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.22.1518776746\248227828" -childID 19 -isForBrowser -prefsHandle 6812 -prefMapHandle 6816 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a57e0f-4370-46c1-8662-20fdff246748} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6748 293aa10cb58 tab
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.23.2135710875\1526889261" -childID 20 -isForBrowser -prefsHandle 8388 -prefMapHandle 6812 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d947c196-b2c3-4799-8334-1168a234d1b6} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7080 293aa2f6858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.24.1955934140\871658951" -childID 21 -isForBrowser -prefsHandle 6768 -prefMapHandle 6764 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383c2ab7-4f55-47d5-af08-6ae7ef5f37de} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6912 293a7493858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.25.195973749\544906118" -childID 22 -isForBrowser -prefsHandle 6812 -prefMapHandle 6984 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d28f777-4668-48f2-8df9-8285095ed23d} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6608 293a91c5458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.26.433728932\1938756796" -childID 23 -isForBrowser -prefsHandle 10308 -prefMapHandle 10312 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5264cf04-e6a0-4fa0-aeb2-4a588655cd0f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10300 293aa31bf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.27.376983830\909604547" -childID 24 -isForBrowser -prefsHandle 10480 -prefMapHandle 10484 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {625ada87-a2cd-43f1-a891-bb1048af9cfb} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10560 293abb14b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.28.214993280\816297283" -childID 25 -isForBrowser -prefsHandle 10916 -prefMapHandle 10860 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8df15dd5-f58a-49b9-a740-ec9fe37b8a8f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10904 293a5605658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.29.1188696000\589412970" -childID 26 -isForBrowser -prefsHandle 10732 -prefMapHandle 10740 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4ed900-ec59-4633-91bc-8502d7302990} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10720 293a5857258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.30.399260111\1437815504" -childID 27 -isForBrowser -prefsHandle 11056 -prefMapHandle 11060 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9106e9cb-8f54-4f30-9493-11f41c05a789} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 11044 293a837a458 tab
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.31.1311846057\888490085" -childID 28 -isForBrowser -prefsHandle 7504 -prefMapHandle 7436 -prefsLen 31079 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b404c471-3aa2-4a4f-b205-77d262137f11} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5056 293a678d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.32.1781333783\1672097005" -childID 29 -isForBrowser -prefsHandle 9692 -prefMapHandle 9204 -prefsLen 31079 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c986a3d-0111-4e3d-98d1-a75a1be12faf} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6700 293a0b08d58 tab
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ConvertMove.rtf" /o ""
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"
C:\Users\Admin\AppData\Roaming\DriverUpdt
C:\Users\Admin\AppData\Roaming\DriverUpdt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| DE | 193.161.193.99:37537 | stewiegriffin-37537.portmap.host | tcp |
| US | 185.199.110.153:443 | call-me.lol | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:50711 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.241.14.171:443 | shavar.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50717 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| NL | 74.125.100.199:443 | r2.sn-5hne6nz6.gvt1.com | tcp |
| NL | 74.125.100.199:443 | r2.sn-5hne6nz6.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 18.154.84.50:443 | pitchfork.com | tcp |
| GB | 18.154.84.50:443 | pitchfork.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads-static.conde.digital | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| GB | 108.156.39.49:443 | ads-static.conde.digital | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 151.101.64.239:443 | condenast.map.fastly.net | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 151.101.129.91:443 | polyfill-fastly.io | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 8.8.8.8:53 | apv-launcher.minute.ly | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 199.232.211.52:443 | ioriver.map.fastly.net | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| NL | 185.235.87.241:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.203:443 | gbc7.fr3.eu.criteo.com | tcp |
| GB | 18.244.179.100:443 | d2941xw9rhwgkc.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.179.244.18.in-addr.arpa | udp |
| GB | 13.224.132.12:443 | globalservices.conde.digital | tcp |
| GB | 18.245.162.12:443 | recs-api.conde.digital | tcp |
| US | 3.217.134.0:443 | c.pitchfork.com | tcp |
| US | 3.217.134.0:443 | c.pitchfork.com | tcp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | tcp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 13.224.243.39:443 | cdn.parsely.com | tcp |
| GB | 18.165.242.8:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| GB | 13.224.245.27:443 | static-cdn.hotjar.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | t.skimresources.com | udp |
| US | 8.8.8.8:53 | p.skimresources.com | udp |
| US | 8.8.8.8:53 | 12.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.134.217.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.242.165.18.in-addr.arpa | udp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | tcp |
| US | 8.8.8.8:53 | r.skimresources.com | udp |
| US | 35.190.59.101:443 | r.skimresources.com | tcp |
| US | 34.149.137.56:443 | tagging.conde.digital | tcp |
| US | 35.190.91.160:443 | p.skimresources.com | udp |
| GB | 18.245.253.79:443 | script.hotjar.com | tcp |
| US | 35.190.59.101:443 | r.skimresources.com | udp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| IE | 54.155.18.159:443 | p1.parsely.com | tcp |
| US | 34.149.137.56:443 | tagging.conde.digital | udp |
| GB | 216.58.212.206:443 | ampcid.google.com | udp |
| US | 35.201.67.47:443 | t.skimresources.com | tcp |
| GB | 13.224.245.103:443 | vc-live-cf.hotjar.io | tcp |
| GB | 18.244.179.100:443 | d2941xw9rhwgkc.cloudfront.net | tcp |
| US | 35.201.67.47:443 | t.skimresources.com | udp |
| GB | 99.84.9.46:443 | player-frontend.cnevids.com | tcp |
| GB | 99.84.9.46:443 | player-frontend.cnevids.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| GB | 18.245.162.63:443 | capture.condenastdigital.com | tcp |
| GB | 99.84.9.46:443 | player-frontend.cnevids.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 108.138.225.196:443 | dwgyu36up6iuz.cloudfront.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| GB | 216.137.44.120:443 | dp8hsntg6do36.cloudfront.net | tcp |
| GB | 216.137.44.120:443 | dp8hsntg6do36.cloudfront.net | tcp |
| GB | 216.137.44.120:443 | dp8hsntg6do36.cloudfront.net | tcp |
| IE | 34.241.213.103:443 | pacman-metrics-live.live.eks.hotjar.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 35.241.19.70:443 | sync.graph.fake.bluecava.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| US | 3.163.248.4:443 | sc-static.net | tcp |
| GB | 18.165.201.36:443 | ak.sail-horizon.com | tcp |
| US | 2.19.252.133:443 | snap.licdn.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| GB | 99.86.114.67:443 | cdn-magiclinks.trackonomics.net | tcp |
| NL | 23.62.61.96:443 | analytics.tiktok.com | tcp |
| GB | 2.21.189.145:443 | amplify.outbrain.com | tcp |
| US | 34.120.253.250:443 | tag.wknd.ai | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | udp |
| US | 172.64.155.119:443 | condenast-privacy.my.onetrust.com | tcp |
| GB | 52.84.90.35:443 | static.adsafeprotected.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 2.21.189.220:443 | z.moatads.com | tcp |
| US | 172.64.146.86:443 | cdn.permutive.app | tcp |
| US | 35.241.19.70:443 | sync.graph.fake.bluecava.com | udp |
| US | 34.120.253.250:443 | tag.wknd.ai | udp |
| US | 8.8.8.8:53 | 4d.condenastdigital.com | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.248.163.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.253.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.graph.fake.bluecava.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| GB | 18.165.242.29:443 | d3bw5exom9006l.cloudfront.net | tcp |
| US | 99.83.154.140:443 | api.sail-personalize.com | tcp |
| US | 99.83.154.140:443 | api.sail-personalize.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 34.98.72.95:443 | static.bounceexchange.com | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 50.31.142.255:443 | tr.outbrain.com | tcp |
| US | 50.31.142.255:443 | tr.outbrain.com | tcp |
| GB | 2.21.189.145:443 | wave.outbrain.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 34.98.72.95:443 | static.bounceexchange.com | udp |
| US | 8.8.8.8:53 | 133.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.154.83.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.72.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| GB | 18.245.187.55:443 | d2fashanjl7d9f.cloudfront.net | tcp |
| IE | 54.171.37.95:443 | pixel.adsafeprotected.com | tcp |
| GB | 52.84.90.126:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 54.192.137.23:443 | launchpad-wrapper.privacymanager.io | tcp |
| DE | 91.228.74.159:443 | pixel.quantserve.com | tcp |
| GB | 108.156.46.68:443 | launchpad.privacymanager.io | tcp |
| US | 35.190.43.134:443 | gcp.api.sc-gw.com | tcp |
| US | 35.190.43.134:443 | gcp.api.sc-gw.com | tcp |
| US | 35.190.43.134:443 | gcp.api.sc-gw.com | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| US | 35.190.43.134:443 | gcp.api.sc-gw.com | udp |
| GB | 172.217.169.65:443 | pagead-googlehosted.l.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 18.244.179.43:443 | geo.privacymanager.io | tcp |
| GB | 18.244.179.43:443 | geo.privacymanager.io | tcp |
| BE | 23.55.97.75:443 | e9957.b.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.37.171.54.in-addr.arpa | udp |
| GB | 172.217.169.65:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | 126.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 35.241.9.51:443 | bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 34.111.8.32:443 | api.bounceexchange.com | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 35.241.9.51:443 | bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co | udp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 34.111.8.32:443 | api.bounceexchange.com | tcp |
| US | 34.111.8.32:443 | api.bounceexchange.com | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| GB | 2.21.189.220:443 | px.moatads.com | tcp |
| GB | 2.21.189.110:443 | e9957.d.akamaiedge.net | tcp |
| GB | 2.21.189.110:443 | e9957.d.akamaiedge.net | tcp |
| GB | 18.154.84.15:443 | ats-wrapper.privacymanager.io | tcp |
| US | 34.107.161.9:443 | a.api.permutive.app | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | direct.adsrvr.org | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 35.71.170.66:443 | ie1-bid.adsrvr.org | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| DE | 3.124.64.248:443 | eu-tlx.3lift.com | tcp |
| US | 34.107.161.9:443 | a.api.permutive.app | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.170.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 34.107.161.9:443 | a.api.permutive.app | udp |
| US | 104.17.118.17:443 | cdn.permutive.com | tcp |
| GB | 108.138.217.39:443 | trx-hub.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| BE | 23.14.90.89:443 | cdn.doubleverify.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 35.71.170.66:443 | ie1-bid.adsrvr.org | tcp |
| BE | 104.68.68.28:443 | e4751.b.akamaiedge.net | tcp |
| GB | 108.156.39.12:443 | choices.truste.com | tcp |
| GB | 95.101.129.216:443 | tcp | |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | udp |
| US | 34.107.254.252:443 | googlesync.permutive.com | tcp |
| NL | 23.62.61.136:443 | e248251.b.akamaiedge.net | tcp |
| US | 34.107.254.252:443 | googlesync.permutive.com | udp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| GB | 51.132.193.104:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| BE | 35.210.149.152:443 | tps-dn-ew1.doubleverify.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 13.224.245.124:443 | d1dvhck2p605dz.cloudfront.net | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| GB | 2.21.188.239:443 | e6603.g.akamaiedge.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| BE | 23.55.98.169:443 | e8960.b.akamaiedge.net | tcp |
| FR | 51.178.195.212:443 | ssbsync-euw2.smartadserver.com | tcp |
| US | 76.223.111.18:443 | eu-eb2.3lift.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.208.101.151:443 | match.prod.bidr.io | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.101.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sonata-notifications.taptapnetworks.com | udp |
| DE | 3.75.159.177:443 | sonata-notifications.taptapnetworks.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | tcp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | udp |
| US | 35.244.159.8:443 | eu-u.openx.net | udp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | udp |
| NL | 198.47.127.19:443 | pugm-amsfpairbc.pubmnet.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IE | 52.50.8.163:443 | sync.crwdcntrl.net | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| IE | 54.217.40.10:443 | ds-pr-bh.ybp.gysm.yahoodns.net | tcp |
| IE | 52.17.116.73:443 | ce.lijit.com | tcp |
| NL | 145.40.97.66:443 | am6-prebid.a-mx.net | tcp |
| US | 34.111.8.32:443 | api.bounceexchange.com | udp |
| IE | 54.217.40.10:443 | ds-pr-bh.ybp.gysm.yahoodns.net | tcp |
| IE | 52.17.116.73:443 | ce.lijit.com | tcp |
| NL | 145.40.97.66:443 | am6-prebid.a-mx.net | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | tpsc-ew1.doubleverify.com | udp |
| DE | 3.65.142.90:443 | match.sharethrough.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com.cdn.cloudflare.net | tcp |
| GB | 99.84.9.37:443 | d2wcz8sc48ztgm.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.8.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.40.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.116.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| GB | 18.244.140.22:443 | choices.trustarc.com | tcp |
| GB | 18.244.140.22:443 | choices.trustarc.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com.cdn.cloudflare.net | udp |
| GB | 99.84.9.37:443 | d2wcz8sc48ztgm.cloudfront.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.241:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.203:443 | gbc7.fr3.eu.criteo.com | tcp |
| BE | 23.55.96.51:443 | cdn.flashtalking.com | tcp |
| BE | 23.55.96.51:443 | cdn.flashtalking.com | tcp |
| BE | 23.55.96.51:443 | cdn.flashtalking.com | tcp |
| GB | 3.9.133.23:443 | ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com | tcp |
| GB | 185.64.190.81:443 | spug-lhrc.pubmnet.com | tcp |
| US | 76.223.3.47:443 | enduser.adsrvr.org | tcp |
| FR | 54.38.113.2:443 | pixel.onaudience.com | tcp |
| DK | 77.243.51.122:443 | uip.semasio.net | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| DE | 3.71.149.231:443 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | tcp |
| BE | 35.210.53.219:443 | adizio.geo.iponweb.net | tcp |
| BE | 35.210.53.219:443 | adizio.geo.iponweb.net | udp |
| GB | 2.21.188.27:443 | pb-logs.media.net | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| US | 34.98.64.218:443 | condenastus-d.openx.net | tcp |
| GB | 2.21.188.221:443 | acdn.adnxs.com | tcp |
| US | 34.98.64.218:443 | condenastus-d.openx.net | udp |
| US | 8.8.8.8:53 | condenastus-d.openx.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 8.8.8.8:53 | e6115.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | spug-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| US | 35.244.159.8:443 | condenastus-d.openx.net | udp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.96.55.23.in-addr.arpa | udp |
| NL | 35.214.154.11:443 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| NL | 63.215.202.172:443 | medianet-match.dotomi.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.208.101.151:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | 221.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.33.174.54.in-addr.arpa | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 63.215.202.169:443 | pubmatic-match.dotomi.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 82.145.213.8:443 | outspot2-ams.adx.opera.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | udp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | udp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| FR | 51.178.195.212:443 | ssbsync-euw2.smartadserver.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 54.85.51.123:443 | rtb.adentifi.com | tcp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | udp |
| IE | 52.49.35.255:443 | dpm.demdex.net | tcp |
| NL | 89.149.192.73:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 3.230.255.165:443 | qvdt3feo.com | tcp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 35.244.159.8:443 | condenastus-d.openx.net | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.255.230.3.in-addr.arpa | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 35.214.154.11:443 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| SE | 213.155.156.166:443 | d5p.de17a.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| FR | 141.94.242.204:443 | green.erne.co | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 193.0.160.131:443 | a-emea.rfihub.com.akadns.net | tcp |
| US | 8.8.8.8:53 | 11.155.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 54.38.113.3:443 | pixel-eu.onaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 34.111.8.32:443 | nginx-ingress.wunderkind.co | udp |
| US | 20.189.173.13:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | tcp |
| BE | 23.55.96.209:443 | e6449.a.akamaiedge.net | udp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.241:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.203:443 | gbc7.fr3.eu.criteo.com | tcp |
| US | 150.171.70.254:443 | mcr-ring.msedge.net | tcp |
| US | 13.107.237.254:443 | t-ring-fdv2.msedge.net | tcp |
| US | 13.78.175.221:443 | 714ec37a90b4c9cc79c0f69aa7a0c7c3.azr.footprintdns.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| NL | 23.62.61.184:443 | metadata.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
memory/328-0-0x00007FFFB4903000-0x00007FFFB4905000-memory.dmp
memory/328-1-0x0000000000340000-0x0000000000AE6000-memory.dmp
C:\Users\Admin\AppData\Roaming\WaveWindows.exe
| MD5 | cd34bf9c69f229818a4c9301e51435eb |
| SHA1 | bfb95a5dc5d777e2b5940f354da271fed397adb2 |
| SHA256 | 3b217daf815ced5cf1087d1f408fc3833c9d80a1e3e25b3f9041698b9e34216f |
| SHA512 | 2c68b211a4c8c144713cbe99214e8dc33d3ef6c1f244af4a313ff5ab93d946a4281d404b02c5f66ef5652071279649082877eaa728912a0e769c2c848e0a8e6b |
C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
| MD5 | 65485b0475b6c8a3b4f35bba541938a6 |
| SHA1 | 28e6e6cd2ebf8a9fdffeb4aeba13b70ea7ea03a3 |
| SHA256 | c6740ee5c8afdc2c7be42fb03ab5a346925efc6ac785fe7d68dec2d5f05d276b |
| SHA512 | 034303ee48132b80da79e54a6077676cfd436ef869493a11a27c29dc7cb730fd2ce902320d554a0cde81fc0a06f6c56efa5c170a1360906ec9fa7fd101c3706d |
memory/3928-25-0x0000000000CD0000-0x0000000000CEC000-memory.dmp
memory/5108-27-0x00000000743DE000-0x00000000743DF000-memory.dmp
memory/3928-26-0x00007FFFB4900000-0x00007FFFB53C2000-memory.dmp
memory/5108-28-0x00000000006B0000-0x0000000000E3C000-memory.dmp
memory/5108-29-0x00000000743D0000-0x0000000074B81000-memory.dmp
memory/5108-30-0x0000000005740000-0x000000000578A000-memory.dmp
memory/5108-31-0x00000000057B0000-0x00000000057D4000-memory.dmp
memory/5108-32-0x0000000005EE0000-0x0000000005FC6000-memory.dmp
memory/5108-33-0x0000000005DE0000-0x0000000005E56000-memory.dmp
memory/5108-34-0x00000000743D0000-0x0000000074B81000-memory.dmp
memory/3928-35-0x0000000002D80000-0x0000000002D90000-memory.dmp
memory/5040-36-0x0000027E767B0000-0x0000027E767D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rdryaqdy.t34.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e3840d9bcedfe7017e49ee5d05bd1c46 |
| SHA1 | 272620fb2605bd196df471d62db4b2d280a363c6 |
| SHA256 | 3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f |
| SHA512 | 76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 80707036df540b6657f9d443b449e3c3 |
| SHA1 | b3e7d5d97274942164bf93c8c4b8a9b68713f46f |
| SHA256 | 6651e5f976619cef991deef61776cf43d4c4b3d7c551dd2192b647df71586ab0 |
| SHA512 | 65e41e9e730fed4f7a7d3f6f35875a16948b897f87c8c70b371fd0ac7f0951814f6a75e7698665194bbc65a3665a684e7be229e7e24193b50483ae7e55eebf4f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4ae54c3a00d1d664f74bfd4f70c85332 |
| SHA1 | 67f3ed7aaea35153326c1f907c0334feef08484c |
| SHA256 | 1e56a98f74d4a604bef716b47ef730d88f93aec57a98c89aa4423394cbc95b5c |
| SHA512 | b3bbdefeaadbdaac00f23ce3389bbd3b565bd7e0079aeebf3e4afba892382e1cd3896c00bb2e5a98146ac593f9bdc5568d0bd08c5b0139f0814b1a38911c3889 |
memory/3928-81-0x00007FFFB4900000-0x00007FFFB53C2000-memory.dmp
memory/3928-82-0x0000000002D80000-0x0000000002D90000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DriverUpdt.log
| MD5 | 2cbbb74b7da1f720b48ed31085cbd5b8 |
| SHA1 | 79caa9a3ea8abe1b9c4326c3633da64a5f724964 |
| SHA256 | e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3 |
| SHA512 | ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9 |
memory/3928-90-0x0000000002DA0000-0x0000000002DAC000-memory.dmp
memory/3928-92-0x000000001CAF0000-0x000000001CAFC000-memory.dmp
memory/3928-93-0x000000001EBB0000-0x000000001F0D8000-memory.dmp
memory/3928-107-0x000000001CD10000-0x000000001CE2E000-memory.dmp
memory/3928-146-0x000000001BC80000-0x000000001BD30000-memory.dmp
C:\ProgramData\Microsoft OneDrive\raperbean.mp4
| MD5 | 960cd3720b7fa9c003d4137a10db0f60 |
| SHA1 | 6cf4972b5c829f4feb2642065f46826b0a01f89d |
| SHA256 | 485b9ed24abec42430c54adc7b0aa8f89a558f98bcb5ecf90ad000392f51e1b4 |
| SHA512 | 2f0bf1ff78ac53068d10d24ac09e2afcbbc4baed8c6bde0263f569ff7c394e12494d728971299915540743d68fe24002b88ba329cb181da56566bb033f10c475 |
memory/4840-161-0x00007FF78DC90000-0x00007FF78DD88000-memory.dmp
memory/4840-162-0x00007FFFC6970000-0x00007FFFC69A4000-memory.dmp
memory/4840-170-0x00007FFFC68D0000-0x00007FFFC68E1000-memory.dmp
memory/4840-163-0x00007FFFAC230000-0x00007FFFAC4E6000-memory.dmp
memory/4840-169-0x00007FFFC68F0000-0x00007FFFC690D000-memory.dmp
memory/4840-171-0x00007FFFA9940000-0x00007FFFA9B4B000-memory.dmp
memory/4840-168-0x00007FFFC6910000-0x00007FFFC6921000-memory.dmp
memory/4840-167-0x00007FFFCA230000-0x00007FFFCA247000-memory.dmp
memory/4840-166-0x00007FFFCA400000-0x00007FFFCA411000-memory.dmp
memory/4840-165-0x00007FFFCB830000-0x00007FFFCB847000-memory.dmp
memory/4840-164-0x00007FFFCE870000-0x00007FFFCE888000-memory.dmp
memory/4840-186-0x00007FFFC2260000-0x00007FFFC22B7000-memory.dmp
memory/4840-185-0x00007FFFC5C80000-0x00007FFFC5C91000-memory.dmp
memory/4840-172-0x00007FFFA7900000-0x00007FFFA89B0000-memory.dmp
memory/4840-184-0x00007FFFB54B0000-0x00007FFFB552C000-memory.dmp
memory/4840-183-0x00007FFFBBEA0000-0x00007FFFBBF07000-memory.dmp
memory/4840-182-0x00007FFFC5CA0000-0x00007FFFC5CD0000-memory.dmp
memory/4840-181-0x00007FFFC5CD0000-0x00007FFFC5CE8000-memory.dmp
memory/4840-180-0x00007FFFC64A0000-0x00007FFFC64B1000-memory.dmp
memory/4840-179-0x00007FFFC6500000-0x00007FFFC651B000-memory.dmp
memory/4840-178-0x00007FFFC6520000-0x00007FFFC6531000-memory.dmp
memory/4840-177-0x00007FFFC6540000-0x00007FFFC6551000-memory.dmp
memory/4840-176-0x00007FFFC6560000-0x00007FFFC6571000-memory.dmp
memory/4840-175-0x00007FFFC6580000-0x00007FFFC6598000-memory.dmp
memory/4840-174-0x00007FFFC66C0000-0x00007FFFC66E1000-memory.dmp
memory/4840-173-0x00007FFFC65A0000-0x00007FFFC65E1000-memory.dmp
memory/4840-199-0x00007FFFA7900000-0x00007FFFA89B0000-memory.dmp
memory/3928-214-0x0000000020620000-0x00000000206AE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 40d8cceb9c45d1aae467437c7e3fbe60 |
| SHA1 | 2319d76a7e72e23ccb6a1385cbd786e8d8127c5f |
| SHA256 | 6e79fe0a8d3ec265fda5cd9ba326ff99a472e7f1cd638a692d8859be4ff09eaf |
| SHA512 | 679b485199afa8ddd16d808170703c594ecfa7d418030e66299109baf0e22e0f0463d16228762620bec821f6fd928275698d45b8b1c7cd3155e5ee39badffaf0 |
C:\ProgramData\Microsoft OneDrive\@rsg666hfguhser0__dgsfghd-rsg666hfguhser0__dgsfghd-profile.jpeg
| MD5 | a1214c53984db3c4fe0ee97c5d35a59b |
| SHA1 | e2f6296991766b98f9755a1819042c57b742fedb |
| SHA256 | ce3fdb7f689d17cbc88d2b6c1499dd25f3000fd0d8a41695bf77216e6023fc57 |
| SHA512 | b1a564e5584ced8e7e2b832502ba886f5f549d1e0537a160a196f5faf3f49d7b15181d2fd761864e5bda3286e48f6fec126f92a353b029486c42604157d19861 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6486ee9e961a437dadb68ff1544d18a8 |
| SHA1 | 05f4daccca0bc1ce73fe71ad2325ba5dadd3df25 |
| SHA256 | 9a98b4686c9e90672a548c873943b3027fb111f7992263111d912318429f5834 |
| SHA512 | ee3659f68a46f37f340f98b85a7aa289e700c5ced2a4f0104673bb5f18cc82d1e9b838ec0278407213c6ed2073998e7aad78a7a39390b7e460c8e26dfa91d0e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dfecbb576ee9795c5284da8a2a3c7f5 |
| SHA1 | f1f0a6a97850aca2b4ab267a017564af02f24948 |
| SHA256 | dca6901942fa748fc01339192c0738a06847d8497c9c61298f1e5df1f8352fb0 |
| SHA512 | d664cc261113427810dd0b2d32763ddd08611a528fe6b285782d6b8ac03304b72a90fe7f3f7142e825ab8d948d5c9cf52f420546f3796b2ac23f3d00f3c17389 |
\??\pipe\LOCAL\crashpad_4124_PJJTSAAVZUEVAIKZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 692bf03f95c556c6d202dac33d5aa28f |
| SHA1 | ca43aa79b873b97c13f2aa08bc304dd1d9ceddc8 |
| SHA256 | 335a197af1ccdef8740fa85f0b5fd7745ce60c274a9bf0cc875be92a7d6c9383 |
| SHA512 | 5d0674913590c83f8e485c5b727caf9c10dc921a95ce16e6548bec35b27bfef8d2c2fb31f2f535d508373c6c4e4096439c7a6ed53b41289e2351cc966f767a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 7a04784b98f1c72789cf3742a7c9756f |
| SHA1 | beb579e49d1433b30b7f6af9f864633f84b85802 |
| SHA256 | 10968379db9a431c83717c092e34953bc4ce7796e122333c62795606a57f79c8 |
| SHA512 | 9a99bbee64389821b55362ca2467c3f994b68917d940ea60f44cca2fb7a202a0fd0d074ff8d2378175c261e5a9faef51b84617fbf793153d903661e39d76b486 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d0d7a528f1c833a4655a6b3d0dbf9711 |
| SHA1 | fc4d9e88ee867486a4c4fa7bafb17fba8353cda6 |
| SHA256 | cbef33b1492dfd00d335a5cac302bda1fb904bb404566b60f9f2a355a0392a67 |
| SHA512 | 43265e0a3809cb6297a2ab0a08dd66855e29f2cc4e0dbc727077a13082def679b005e99f9e4fe99c119211a71d19c18312ac94b1e5d3a864c91da4ba31da429d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5089036ae0ff3671e7dc3a98409f9cdf |
| SHA1 | 28d29c626d7098c78efab398aa6408f975523537 |
| SHA256 | c3bc89966046636d2be1e2f98e0ae934421ae8e48ec31e9118af8589119246f7 |
| SHA512 | 5a036d88de5e57de12305112dfdb0fffa727ca8ee5e223a5d38d73c6685ccc217456c71bfa255c7df52d53890aa77aee614737eef923215f1416b3227794469a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26ef10d1afa7c9a412236d59b767e00c |
| SHA1 | cfdabe8d7e5114914ba983a2ce2db4b77eb4c35c |
| SHA256 | c7e88a7262a0543c3da63f57943082e7aadcf2b02c903e22f26a36ca6100b701 |
| SHA512 | d90b6f78ba27c8af3642c4bfd187e4ced74f9d4e3be65b0f8c29a6cacb3a25ea238b150e40ec902cad4f44ea9b488f289e718f3e248c5cfe74896e6844800973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eab9b5be5de9f4257dbf8335097b10be |
| SHA1 | 60585b8a973710ec1b493137ee2fa7835a05ee32 |
| SHA256 | 0635ca4cdbd4f671d43ca07152a59699421fb82cf3746181a842b8ffa31f56f0 |
| SHA512 | f98888cb3d45d095273affc27978885ce3ee8c3cfd2cd43f24ff4d2adbf3bbcfa3bb8f809b59c6dba88424dc3c73a7ec7b6a5a82d70f31376ed292c1ea5b7e8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2937afc7e59b520dbc940085207e89c |
| SHA1 | 6817114819c7c627244fd52ff334cc87767fdabe |
| SHA256 | e44894379bb598339996d5f2a6473cc18ad24a8454b9219c97b190354921a646 |
| SHA512 | 11e9aee7fa1156422493eefd0c34e4aa88dba8d00e80f3888289760080471efc4016d50c3a13836bed0794d994df29c2432c1ba1185653d4a0979cc279f39482 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js
| MD5 | ea2b59a4fffb88e2ee83068ea16fbc58 |
| SHA1 | 5fe696b86ffa1a1d954d56832a0a86af6d97ec06 |
| SHA256 | 9190dfdd0cdd745e9671646280ab241f6f1b41733e6eb3fff2cbafde3dfcf27e |
| SHA512 | 27d9b05441b65642a22d5c12c9f427011a135b7d39ec3ebf37f9ed7be95c81a334727fc6d5a1ed04e0960c43b600f95d5a576774faf752c1341bc3e20ee438bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 80d23b3dedacc33a203571ef260d1235 |
| SHA1 | a4b83a2f888215422d2b9ea81b2b676805876f2b |
| SHA256 | 4d2b6bb6c5ae056d69bc48309f232a5f3ce64f76107b17e4b79813b8f779ef4a |
| SHA512 | 3b2250d663df85adbe1e339f434702430a45159780b160e195a56f952e0a7da6d604b5b3a211781a398cacd5f95d8100a39130dce10fd2085e3cd0044ab04732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e8f385d683b96dd794ad3e9e76e5f0d |
| SHA1 | fdf9ada28fea99e30e5d7c537206f21ad232221a |
| SHA256 | e1570877c3fabf999baa150e78431b6c80e2bfc88791725766646a376b1997b3 |
| SHA512 | 344c8298b3c7f0b27024e0fdbc59c4bed7296da7dff2a060dcbf3f775174e1ebcab746321a7eba90e4a4a836e88bc5a0ffaecbeb5179f180ec62540dbac4af90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1b2e04dc444e9da878c1dd9313741d61 |
| SHA1 | ebd2cb50e64b9b5f344fcd0610c4805c92a0e2fd |
| SHA256 | ec03135d36a7bbe12930e4b39e03c77797f1715bd77e3811c2d6b965a81774c6 |
| SHA512 | d985a4686ebcfdfd9b64431a3376b8bda91fda2c54f656ccf5d06c6054a1edd9e2f3eb06e759b2a5626684ec3c96dd0635724e39d5399600b221fcb7082e575e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs.js
| MD5 | 77406f4e1a4c207c64339ab897b06122 |
| SHA1 | 28cb47558468bf749c855de7d6d3278a0cfc97ce |
| SHA256 | 63ae009009363de306bc06b70dd5d501fb6e003685c609d545176473e468e713 |
| SHA512 | 503ad4dff71fe4c8b2c3494957c17d840ede6947b648eeab42355183b272c82ded294bd3df8009279e228134af25c43e4ca1a34ebc6b29468ce6c60035b4b99b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js
| MD5 | a23426b1615678e1220cf6f2959e2b97 |
| SHA1 | f0c7f7f0c827b6977614fdc1151dece333bdaace |
| SHA256 | 8fa65e538668d1a5f22a7ac6e76e42c03069af88f23c3c49514c2bce431db17d |
| SHA512 | cb8ed6e8362c0801372228bf143d3fd71e1016f3abbdfb3ca66b7a01e6c7dc6d9e489889fee028f692bfcad632d58465d47798bfc6802fac0110ba8766934ea3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 52e38eb63ced7b13fce88fefb4c533ab |
| SHA1 | 9aad0d4f75b4cb205c08afd52521c1562271fced |
| SHA256 | 84d0baf7a376c3f5499327a6c90f5416b20bca59154e1b99e0f746368efdb5f8 |
| SHA512 | ccaaf043c15854bd221f675e93e64616ad896280ed9b9d676ed517fe06fb9c8cdfcfa2efe80ff82bdefbf6be356f6270bcb2993f6802b1087b6091412146d7f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\22641
| MD5 | dba4db478334b14ea8b4b99cefec56af |
| SHA1 | 8d5a959564b9480edddf3317ffbe868188ad441d |
| SHA256 | a5c861cfa9ad31076d767ff961c6ff4c2b57efa75f72f33fe228ab93ded86570 |
| SHA512 | b722d9449eb6e1115c5a4c4bd3af3903f8c461bc85ba6773b41d1c23974aac7fd37b2c0eb2b2de587b988633b7371e1f8552a211c75c5329231aefd40231c5ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fca1dc47d06ab2469ac73f1557be5cf6 |
| SHA1 | 159ecd187e2a45d105f44d25fc21ede6175581d8 |
| SHA256 | 13f44f65f10ea4a16cf28c0de9ce387a4370692a22d73f4be07ccadd417757d9 |
| SHA512 | 7de7c70971901a6557796fc98bf6eac84991d8a15f4f2a8c16a9e7bb283bafb9fc4ff134965717b0599d87e91467ab969766e95cc0b7cfbfc8369414d679ee3b |
C:\Users\Admin\AppData\Local\Temp\Log.tmp
| MD5 | 37061ba8d1d73bb3148d2015d6e61c77 |
| SHA1 | ac5f784fa9b7dd66bc4ecbec5a7166d98f2e29d4 |
| SHA256 | ffc23ca04769b4c81e5061eb67aaadc281dfb74c0b0d8c002a4952010b6324fc |
| SHA512 | 3a587ce83bd940b71ea8abd25900b9125bd11fce129a71802fc3300874e53f696c631921c003f05cb932c355c32c84532e7119fbe76c7b0f86af84b85cd0a816 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1567234fe218601bc5b717c5bb549ff7 |
| SHA1 | 193f461335aeb3a8851c26865935e11712469b25 |
| SHA256 | 40cb46535cc6fa572457ea331bbef51338cb5366ac532abf49b2be69befcc8ec |
| SHA512 | 3ae678f37cc556144d5815c38311fdf3292c350104433db8d22da8126ee540e95b59c5537fb257a361b5d7d14b7a7e100537e6fbfd8d75ce617ea0fd0c8e8056 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 02e7611fd083ba6ef23fefce69c21277 |
| SHA1 | 881234f1cfe7939ca6bd8e66f7ba38cf7424d971 |
| SHA256 | c04259fd9317a5bbee0fb77c5f251fbf07177a1e48eb2ef5b85d7c8711d8dd91 |
| SHA512 | 923bd4580414f39bf4028a221fe917f67fe09cc5c44ed5b9ce03315c52e0876818c795aadbeb80493752e0dd93f7144436244a13344b1cd7282c424a945ff42d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 625c24c4a038b70473f86cdc7f5059fe |
| SHA1 | 7bf556f43114a7c069cc652c0bb5d473bbbfb366 |
| SHA256 | 332386bbb0c06020b49bbfb0e4c2fc429e3f595f447b14658182472559f63cd4 |
| SHA512 | 18050eef7b001fffd5a578168a1faaa3e4fa732d27e48512c433ab5792ce7ba9792cc46fbc21060e4dfca39b7e6ccce26b415b3da6e485aab14f75647fdd1dda |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 45b41c5aa94a0bea29021d7bddced4e4 |
| SHA1 | 885f1de1a3dff23a4b6e278cc9c6861b3614b1a0 |
| SHA256 | 8717119801665c9faf24db2091cef6fa87011f26afafd7e99c562dbaad3ffd38 |
| SHA512 | 8ba22d1ecc49c62301fca94866c1e7b65998e0380f9d82aa9972834f3ecff136364a96da34910614dacedfea4db8e57faed02d052e0f4cea4d13316d60df2d9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js
| MD5 | c60edac48868754b9598e8d51473dbda |
| SHA1 | c83d2346c2d5cc7aadfc8c7c44f5d87179ec2ae0 |
| SHA256 | 862eac57a9ad828fec1ecff0e69a1801d0ed0a08ce5f5cb10498c3759ddbcd4f |
| SHA512 | 29bca0ca3960feee0219550ff81d98e7ffa6d079665231b36cc773f3458a136d556fd304588086c91de496cac8ea0627eb0b74c9a299288226050e2d6a4ddd54 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d1a4d498b8eac3628431014c5749e1d5 |
| SHA1 | c76f2266d1676d16844e52ebda1bfe5adf805065 |
| SHA256 | 6ebe42b58d7cdbc2860a748c6859e6a3537fc2ab32f272d5fb5a346e3f40368e |
| SHA512 | ab5ac340f0901b33faf7481a24e92489ed7552688d7051f73b8c9d0ed136097e2f3d0eb434c51c645cc32797901281cb25e7dd8494c901337da4c681e9d46ff7 |
C:\Users\Admin\AppData\Local\Temp\Log.tmp
| MD5 | 8e9c850e39120933c4a39108f99c3ef6 |
| SHA1 | 6345b147ed101f101b849abcc432147edc46345f |
| SHA256 | 0e672585ede27ce2c1992f6bb67b9e16f8d862bfa2614708bb8aa4d763bc32e6 |
| SHA512 | c45ad736e2144a0f1a2f0eedfc65b14aee2f28e40a99af3ed3bcb9ffabf40a6f19bbd8886472cafe8b62b75f0b95f8f6976513ea769247791a508bfadbbed3d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7b55db9dcf1a57abf9cdba2352176be5 |
| SHA1 | 1363ed84254ed02afd34fa1791a9e332203e0c99 |
| SHA256 | 573f29258abe18777d74a43e76e69a4313b851dcbd153740f53f1194858198a9 |
| SHA512 | 78f2bc7a609b825ca93690ccb2dcaed91a13d45b1c35d34616c919efc5a277f88963b1ef2d7bbdc89bacd5c33b8d4957f1d5b6ab5eeb87ac3ad2ca04e8f6025f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 2aba0069a2caa684cab702e117cb8461 |
| SHA1 | 24f1f61a296c643177a18e03e359e692c0e36f8b |
| SHA256 | de0b7e6352ef5dd19620aed04e25a682d23fd62164fd9b65cf2d64fe3ccb3d83 |
| SHA512 | 2e3230493f63fa8fa7944b774ea8351391615c6da751b1c012e3990f4533791616d4e93be0dd7c1f517520321e8106477b5a15e269e01adfaddc2987454cbbbb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 8060264703743567a3ea2aeb17ee11e3 |
| SHA1 | cc1987defde9b3ffc55342f85dcae10e54f9cd42 |
| SHA256 | 910102468edc96972517f81bbf8bcfce8a9632fa67543fd95763a6ea4348d0ec |
| SHA512 | 1da04f045e8ee3fdee707f8ece605f10fa834d627cc138c97daeb13f30342f97ce3948e80fe3023d7fe6aadecd7c21c45977a4f17f848a098f096f5f30349973 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\27281
| MD5 | 118664acb7ae704e869deade1564513d |
| SHA1 | df74b2c0d3de69dae607adefd6d4d2ee3622bcd8 |
| SHA256 | 0c86d25846d2e80388b82e76f67a6b3558a1d20db3a5dad3e1f98f7e56787cb3 |
| SHA512 | 1cd42bc776d2f4aba7b9e49d50e8b52487e76150a3abeabc906b74787b6c1e2e330c6df53dadfbbea5059fc7f364679758b814686490abff0f4fef8926a0a277 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\storage\default\https+++pitchfork.com\idb\1230268062weo1rak9e1r4_7b5d815c.sqlite
| MD5 | ce4548c6d0f7e3b6dca7be7e58fc38c6 |
| SHA1 | fd16ed78207ddddde211c9e19d1010317780a11b |
| SHA256 | efdba10445477dde7ffd3c964b11003076cde4ced7a986785588304bffbd9246 |
| SHA512 | abaddaf47fcd76c02c898d0a096e3b5de15749c525250030d0756d7c3eaa664b83c37ff1e4ba12876ae62d1bd8ba2df2a128bb37f00562c4cdbf9ff04d899569 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\297A2F10A099300981879F233BEC9C89D2A8EEAC
| MD5 | 9637eaefcf984931fe924cb75121096f |
| SHA1 | 4d0a66bc8ac42e4a0770ba43ad4ffc3a88e5b8f8 |
| SHA256 | fc5553393541eca97dbaf5a9c7305778b83caa15d92ef59dfe2fb226199886ac |
| SHA512 | 26c70b1f0b4897fcfbca9890121592bf4d2bee22e63cc8cee9441c2a2a14f599adae7956ed233d9b9a874ae1abfd76edd98bdb79848042d4f0d9e11f34764f19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dea49efa6855ee1bb4402501282accc0 |
| SHA1 | 18e6d77d9fde950e3fb43527c467b24c361f32ae |
| SHA256 | bd3c64261c57dbbd1d230bcdedee7eb20116c3a5053b2c86a5a2ec0ec06f366b |
| SHA512 | 24d5d04d0bf517ba09e4d13f94ea22b9b7a5babe135f8a418873709cf3191337cc624f777df85c82aa988c597ade8c5d3854c4cb882f860add254ae9f07a2349 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8075aaf7b5175282b9b3ed5cae564b94 |
| SHA1 | de572959f483572f17a77ea065f1348cd491aec3 |
| SHA256 | bc8790ad33279251ed641a12f225c076b7b6f5657e6a20694ff9958196ca59e7 |
| SHA512 | 72612e5e667efee1a5c67e411e58233b594fb45d8fd534388d16548f228143787e06ee02804999f733a8d9b8c33f1ad547de0eed7b769a81becccdc02aaf913b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 531b0a1dee8a8e60b027cc489ac4f50d |
| SHA1 | 8b22fa8120893e00b94fd74103e023382ea1fefd |
| SHA256 | 888bae3445bb523cc531d87e6a93e85323b38a551ae62f2342fe6c2b228105da |
| SHA512 | a73d2899ea5ccaa00baffa74bccd95c31532335d3ff9db0b92df2c398f2bac84c1ab8bc2dfb7c1d540392f1aa9c5ad555d840c3f8e3fb8305df0ebaa185e45ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\2FAF583B0DAE8C3C7B14947A2FCE4DE42E892813
| MD5 | ef2325b4544351093ad16328dad61712 |
| SHA1 | d0d9eb3f91f8b8eeda4e9fe14ba9bbffae40e44c |
| SHA256 | 119d745d62340ed8cdf53767a8691c08dae37da404bb5587fac9de7a1e258e2e |
| SHA512 | e30c23d96c9aa04712a10f75f45b89ce8be78d3bafa20aca895488c7f7e4809b0bd30039cc5a873e15f5c6f474878688c7ff9667a03a53fc66a154929ad52d7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b36fc69d97fe9e24e996ae6c93bffe6 |
| SHA1 | 69ffdb2b138c2aa3ec60ac728fa038dd86289ecb |
| SHA256 | 08391a68401a2d10ec8932b041f1348d0f148927fb1f1dc58997504a23db3ead |
| SHA512 | bab68be61045bc7f723eeb5329243571c61d6f470b9c3ffc3ba829f828d2014b5b806748f4fe2b60efdb6ff78b1ae288ca4a82077d42b20e9d828b2619e0b536 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml
| MD5 | 0083207da18e4fa802f7a9d1d36ede44 |
| SHA1 | a25f860a6c752e011d9b4c8c99617bdd5c19d2c7 |
| SHA256 | 9a11efd3bed5bd12e935284f161e6a7a47806b04266cbab2965e2337fdd24ece |
| SHA512 | 9a2be036388c3baab5f56e9cb28ab9812c94f4f941ab954724066bcacea480fb89c22b6bc9860cd03d6412f0131079bf34d2a69ec9090562a9283af8fa7e96a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9a940570751cec481c8205dad05bc700 |
| SHA1 | 55e21e03e15c6aa76ff28183e0bc32c4a56cc693 |
| SHA256 | 49dc70c58bef8dd9a01c51badd54850600ab5f4a36f41a93a77ec9793cf32c85 |
| SHA512 | 76ed60a7b8b213a2a38ee15702d161544c4822f45da03a24a277f7d4628ffc2cbeca69ccf0804618184a2fd8e18fac333a2e6e20466608b61eb8538a69075d1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c0450fe2bf6803fd5d43798aa04f6667 |
| SHA1 | d8e96c8d846204601fa44f9c341060924e8755f3 |
| SHA256 | cd3ba4302888e6d87754e1be3c113f5c81c0cbb9d2cf947c4f0b042ee894c8a9 |
| SHA512 | fa60e9afd43743d1a30f7b1e83c9132d7cf70278eac955cad7a2ebb0d2d9add8de4c03a41cbcd180c56883991c3160dda81727bf8d10d342f17744d3c7d2e815 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml
| MD5 | 893fbfbca22608de8eecdc8d0f0fdba7 |
| SHA1 | 335398f0ea93811a06fbf26b6fdb545ed3c4b1b4 |
| SHA256 | 15306f49b02c551dc35153bc5d691d4ed819102fff5303bbffbf74b99576f184 |
| SHA512 | 7ac91937546212cc1d97de58d417b8d0459e6a750c310f44395b3ab62d0f62f71384eaffbca12d8620dd4b85e6f670057447f63c22f6c6cb3c2920070d51254b |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml
| MD5 | 67b22bcf66bf08bfd118b14b58142372 |
| SHA1 | 33e9926ea1ddd662279915889fd229da27075e33 |
| SHA256 | 036b3cb3f8924e244b19d32942117160cdf0ae4b6b35ffad6fe01d2f44d7fd85 |
| SHA512 | 640a9664b04bf5b4fff66863ac9bd68281800ed032db9e3c86f54ece63c49788fb4bc3cdd4070720cbd3c37a828ea01777aa02477d6cc1a9f0508af7c7020119 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | afc6bbc10070adf70b5877e1891cb683 |
| SHA1 | 2acc322c1c83fbe22e7d675b2c7fc8f1b58d3e8a |
| SHA256 | 630d5baa994d82dfc7a4853f21d6f1fa7290dc198779bf2b97c6028a78125664 |
| SHA512 | 636b37a2d1f643e786bf21bdc4c60099b9a717c8c13454d99ff7caa4733426c9a5400ab7f4e2cc5b888fe5e1acce82023ac896d140cb8e4d1bbf85462479774e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ea255c7352be247347475f667ad65bbe |
| SHA1 | 25ce4b80a28b8958d915cc64c69ced2590fc2500 |
| SHA256 | 6ad1900889063a92b3d16bc6cbb3df2d77c2dac45167d079a9b53fbb7ab26edc |
| SHA512 | 9f345cce35af1a2e56462eef20f8cda9b74d9468edaea538c7b43574ec6c76d0b13beb37101e5521540871890af0eb60213d9d03992c7991f05c612e08ce8c0e |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 49c4deb90160c2fc09ece7710d313177 |
| SHA1 | 5de3db0bcf1bf54419a9fa86111f4611f11e409e |
| SHA256 | 24a58f34a5b3b3a172d75b85ad5ce1594de192137454e9f47273e0fc67fa2cea |
| SHA512 | 190745df3d9ad828980a91289a36ea554910366ac4a17fc90d292de6cea6070910a76f8ccbba8b2709b288cf5ac9851f6b782b4720237d728a89aafb02bc3735 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 566c0c9070b3a257e35cc739147a03f5 |
| SHA1 | 6c1432f0b28b64857fec5a47fb63709812a5e6d9 |
| SHA256 | 25c15ac4d2a7a415bcf5ca61472042f57e4c6be2f067ae8f8691b064b5b043ec |
| SHA512 | d8a7005c5016378de660055bd2037b1e75758792767c07e78b2df2f1324225cfcead5deb0568c79bfda58ef9a997fd7b05b362f51cfc3007255ffa83f90442b0 |
C:\Users\Admin\AppData\Local\Temp\TCDACBB.tmp\gb.xsl
| MD5 | 51d32ee5bc7ab811041f799652d26e04 |
| SHA1 | 412193006aa3ef19e0a57e16acf86b830993024a |
| SHA256 | 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97 |
| SHA512 | 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5bd69aa67f7f9c961c32b6a64e685fc8 |
| SHA1 | 0d3acdbd73418a8011e6c8be4f98a5cca02a551f |
| SHA256 | aff4c9c49333cebda70e5a3ad722e1478b6d9aff7fd9fe296cf9dbce03037a10 |
| SHA512 | 01617eb58c5e61a5f961b89a8b596c4ce63a46b2f76ce24e33d5c0020a41972f2af4e47a6f40c035da4dea5b973ed74ff6462da9ec94f7e9d6f763b568045145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e57951540dd8f49e7e41259d51b1b5d7 |
| SHA1 | 9116eaaae3c4aa40d0b96ec5dba1f382ba0fc431 |
| SHA256 | 26b09be79f8450c16646e8cc3fc82d554e41bd3eb4edf540b06ec29b51b0dafe |
| SHA512 | 4f23df629e085d64f75aa9f80566ff4bdbcff60c20524208b684af314bbc8262450836934f128b712b46e5854cd9e16c440c2033922cb10faf90bee7955411dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs.js
| MD5 | e91440af8a4691622b8e2574b8616178 |
| SHA1 | 69e4d6671a74b6286a831e52eb3e0617d23fd22d |
| SHA256 | 4f45d288786c8a357c9ebebecd15c440ce67905fa5ba3f2470357a74666822ac |
| SHA512 | f3d815a670cc0a6d574547c2697904a9af607191ff870076ed539d01c65e824ae8fdd95ad8c70be8c59d232e13decc8ecbf692ec279567bfc3c3565b274c5280 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js
| MD5 | 6ac5a6cd0f393fcc1d7c217c055aaf4c |
| SHA1 | ef85a854b80171a0d78a85a89a043f9d445fea01 |
| SHA256 | 63c3893a7e87b5c67fde65e11c2377556d2b449c0d19fa21e93dc349e7e52f34 |
| SHA512 | a91d97eba9964bfb3a578d7598502f04b8a3d6ce3b87e4f7e1112180b99d06e70c513b3b02a6431ada148676919e3fc4f90c7ec2f1cc00413946e4aac3c27eab |
C:\Users\Admin\AppData\Roaming\vlc\vlcrc
| MD5 | 7b37c4f352a44c8246bf685258f75045 |
| SHA1 | 817dacb245334f10de0297e69c98b4c9470f083e |
| SHA256 | ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e |
| SHA512 | 1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 60a332fa2a816e4eac86fbe8ef0822f9 |
| SHA1 | 4a4bbb7fd5b4f09a5b41d05db4b49c7b42aa43a4 |
| SHA256 | 958d8f20aa738e2c7743ceda3c5411b2ed11d00d2b5783a08b8de3b700d87fb9 |
| SHA512 | de479942e57a1add2eade47965ff54a8f26fe7893f53bdb7aa29f6ab62f980caae1e70d86be38fc9d776b445877d1ec7df93563b1577bfde53f4d26764f6a329 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240508-en
Max time kernel
455s
Max time network
1177s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\unregmp2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
Network
Files
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 8d68f1287176c23655d1b47cca643c82 |
| SHA1 | 0c99c4f89eb2204ceb83b1b0994256389dac30e7 |
| SHA256 | 4dad03e199e3ea631edbc8d3f6d8e19262b4d8203819b767dcbef844b5c9831d |
| SHA512 | 1c892ad257370285a3f8cd0d0a788bde66690da474c27878b737129ff48b27d6e20a77be0e944e0f0c0fff0f0f71844eab7bcc4b42e1f994803d79a0bfe65dd2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | c22827ce26657a6f0e81f951a24015c7 |
| SHA1 | 7599ded671a93ad7dce359598be6e79d5cc0aaf6 |
| SHA256 | 19434a11eb38a783a992de731c9034d09b02df7caf4fdc18a76ffe8f76c160af |
| SHA512 | f5cf767bdfdb23a9c4ac130894bf2448a0b19e61d3459ba34c63be6bcea485099fa203e2186acbc1e267694fab892e3ac8bd7ad63f284959a74fc61485276e3a |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240508-en
Max time kernel
450s
Max time network
1171s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\xxhash.dll,#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240611-en
Max time kernel
1485s
Max time network
1499s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zlib1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-29 00:10
Reported
2024-06-29 00:41
Platform
win11-20240419-en
Max time kernel
454s
Max time network
1177s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |