Malware Analysis Report

2025-01-22 09:17

Sample ID 240707-qpqtkstapl
Target https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNERFZSZTl1TGl4RFpCbE5mWTBJUGRrUUNwZ3xBQ3Jtc0ttNUxBYllqaElZTGZzcjRQZHFXcXlCNTdJMUNTMWgzMzdNTm9jUVF4dk45U3ZFcEh2VjBVQnloQXdiemR0Q1lta3RaeC13Sng0d25hLVF4NVV4c3U1Ymh2aFlmckc2N0RubVZlM2pqNWdmaXpNRG9vZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fm2y78v01hc7nu%2Fex-peng&v=hgeSXZ52Ba8
Tags
redline infostealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNERFZSZTl1TGl4RFpCbE5mWTBJUGRrUUNwZ3xBQ3Jtc0ttNUxBYllqaElZTGZzcjRQZHFXcXlCNTdJMUNTMWgzMzdNTm9jUVF4dk45U3ZFcEh2VjBVQnloQXdiemR0Q1lta3RaeC13Sng0d25hLVF4NVV4c3U1Ymh2aFlmckc2N0RubVZlM2pqNWdmaXpNRG9vZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fm2y78v01hc7nu%2Fex-peng&v=hgeSXZ52Ba8 was found to be: Known bad.

Malicious Activity Summary

redline infostealer spyware

RedLine payload

RedLine

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Modifies registry class

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-07 13:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-07 13:26

Reported

2024-07-07 13:34

Platform

win10v2004-20240704-en

Max time kernel

336s

Max time network

353s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNERFZSZTl1TGl4RFpCbE5mWTBJUGRrUUNwZ3xBQ3Jtc0ttNUxBYllqaElZTGZzcjRQZHFXcXlCNTdJMUNTMWgzMzdNTm9jUVF4dk45U3ZFcEh2VjBVQnloQXdiemR0Q1lta3RaeC13Sng0d25hLVF4NVV4c3U1Ymh2aFlmckc2N0RubVZlM2pqNWdmaXpNRG9vZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fm2y78v01hc7nu%2Fex-peng&v=hgeSXZ52Ba8

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648325195883336" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1608 wrote to memory of 4344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 4344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 3532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1608 wrote to memory of 1696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNERFZSZTl1TGl4RFpCbE5mWTBJUGRrUUNwZ3xBQ3Jtc0ttNUxBYllqaElZTGZzcjRQZHFXcXlCNTdJMUNTMWgzMzdNTm9jUVF4dk45U3ZFcEh2VjBVQnloQXdiemR0Q1lta3RaeC13Sng0d25hLVF4NVV4c3U1Ymh2aFlmckc2N0RubVZlM2pqNWdmaXpNRG9vZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fm2y78v01hc7nu%2Fex-peng&v=hgeSXZ52Ba8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab005ab58,0x7ffab005ab68,0x7ffab005ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4260 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5020 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3184 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4516 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3100 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5164 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5132 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3428 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1996,i,14788217661351276127,12015381412099074595,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RepairConfirm.mhtml

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaaf8446f8,0x7ffaaf844708,0x7ffaaf844718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4711674728249760872,10179531294666466504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4711674728249760872,10179531294666466504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4711674728249760872,10179531294666466504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4711674728249760872,10179531294666466504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4711674728249760872,10179531294666466504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Desktop\jojoenjoy\cucumber.exe

"C:\Users\Admin\Desktop\jojoenjoy\cucumber.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Desktop\jojoenjoy\cucumber2.exe

"C:\Users\Admin\Desktop\jojoenjoy\cucumber2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\jojoenjoy\cucumber.exe

"C:\Users\Admin\Desktop\jojoenjoy\cucumber.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\Desktop\jojoenjoy\cucumber2.exe

"C:\Users\Admin\Desktop\jojoenjoy\cucumber2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 104.16.113.74:443 static.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
DE 18.154.63.115:443 cdn.amplitude.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 115.63.154.18.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
NL 157.240.247.8:443 connect.facebook.net tcp
US 8.8.8.8:53 8.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.46:443 translate.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.162.6.110:443 api.amplitude.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.6.162.35.in-addr.arpa udp
NL 157.240.247.8:443 connect.facebook.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 74.125.71.154:443 stats.g.doubleclick.net tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 74.125.71.154:443 stats.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 216.58.204.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.169.46:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 172.67.142.121:443 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 34.252.32.189:443 bcp.crwdcntrl.net tcp
DE 18.173.233.119:443 tags.crwdcntrl.net tcp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 189.32.252.34.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 119.233.173.18.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 gum.criteo.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 api.rlcdn.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
FR 13.39.145.251:443 g.ezoic.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 172.64.152.89:443 cdn-ima.33across.com tcp
DE 18.154.64.187:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
DE 142.132.249.188:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 108.157.4.82:443 hb.yellowblue.io tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 8.8.8.8:53 rt.marphezis.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 187.64.154.18.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 186.200.196.18.in-addr.arpa udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 82.4.157.108.in-addr.arpa udp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 download2331.mediafire.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 199.91.155.72:443 download2331.mediafire.com tcp
US 199.91.155.72:443 download2331.mediafire.com tcp
US 8.8.8.8:53 72.155.91.199.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 35399338b0808b68462bdaafedac49f8.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 35399338b0808b68462bdaafedac49f8.safeframe.googlesyndication.com tcp
GB 142.250.180.1:443 35399338b0808b68462bdaafedac49f8.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
DE 51.89.9.253:443 onetag-sys.com udp
US 23.227.151.194:443 ghb1.adtelligent.com tcp
US 23.227.151.194:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 194.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 1x1.a-mo.net udp
DE 18.194.57.210:443 1x1.a-mo.net tcp
US 8.8.8.8:53 210.57.194.18.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 18.196.200.186:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ghb2.adtelligent.com udp
US 107.151.11.18:443 ghb2.adtelligent.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.178.3:443 beacons.gvt2.com tcp
GB 142.250.178.3:443 beacons.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 18.11.151.107.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
DE 142.132.249.188:443 ghb2.adtelligent.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 23.227.151.194:443 ghb2.adtelligent.com tcp
DE 52.28.120.118:443 btlr.sharethrough.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 118.120.28.52.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 52.28.120.118:443 btlr.sharethrough.com tcp
US 107.151.11.18:443 ghb2.adtelligent.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.83.69.58:443 ghb.adtelligent.com tcp
DE 52.58.239.192:443 btlr.sharethrough.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 192.239.58.52.in-addr.arpa udp
US 8.8.8.8:53 58.69.83.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 23.227.151.194:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
DE 18.158.108.240:443 btlr.sharethrough.com tcp
US 178.128.135.204:443 rt.marphezis.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 8.8.8.8:53 240.108.158.18.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 142.250.180.4:443 www.google.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.178.3:443 beacons.gvt2.com udp
CH 185.196.9.26:6302 tcp
US 8.8.8.8:53 26.9.196.185.in-addr.arpa udp
CH 185.196.9.6:43164 tcp
US 8.8.8.8:53 6.9.196.185.in-addr.arpa udp
CH 185.196.9.26:6302 tcp
CH 185.196.9.6:43164 tcp

Files

\??\pipe\crashpad_1608_UPGUZJHRYHJRRONV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a7bca26-35cf-461f-9f73-19fe387a9c94.tmp

MD5 483226824df948d4a719961fc6d17b2a
SHA1 8f4ac19b6b42ccf2493f8bdbc9196821b386764e
SHA256 5816704b519f158bd40514950001bc8f79b6ab2d8da2a5ebb0fbb6ffc5f8b798
SHA512 e621e35d05c0cae79389cd11c751e0811442614286313f55a900e947bf1a7f41f6651c42f54c8e54cf846c2bb5d4be4c8156c72e9f16fb6499baf986766555a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 395e29ba25b66c6f12aadc024f862eaf
SHA1 402f60bc126283032c421abca87b623ee3077d4c
SHA256 5fe2bc3c67cf8319062f6908d00d62cad90ee07f627f872b7b045eb232fa2ab1
SHA512 235d72a7ed4abdcd15cb69182fa687ea0a85862a5676a0dc89068c7b5df0af1ea3f046c1140402d2c6f321622be1ad2bf1b702321815d0f42f7fddbb518227a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 551dadc870dce646b3b8c2d813b26bba
SHA1 9a2c37cca69a2ddc7efe7eb2ab790754cafd7b56
SHA256 2662b1a3cd57ef70c481b52e8b7d093c177767976c0be1eb533cb50d10e2a376
SHA512 bea2aaf013a7b0cc19dd579cae8f56bd3dde3ef520b4dd2eb31a3bd9e567cecbb9ac9551cd6e4c4d842db82b94d935e6c642a4f14db7f036a46697278aeb7906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0cbc6fc12b173c0281b776fbcadaed9d
SHA1 f11ddbcef85ba24b7f2f31f2a7544ac6704e99f1
SHA256 0709a853b7acdc034f195119c875107bb73e10b49b18f450a46ab11b0156f319
SHA512 7a2b22fe611add4215eb7ff267cdd29426f06123d26319f5eb8138eba7667503f75eb534666e01594a0156c61b51435b5cffb92dcc5e10390fe400baeb7b7657

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bfbba8692da886c495a9c3d3a284a12
SHA1 7ffbb88e7f7df80fc74e182ad7d386a5194a8211
SHA256 37ec68edad4c890f6fff6d1e1edec77f43e332d74b991d4ddd9b7c463665a159
SHA512 1ac226161a6b97db8ded6ce32a0b137a03ed950f0c048cb1d45602860fbb5a623685bed242ca8d623c6a638b3ac27bf3dff9fea3d45edd3507381548b2c58c2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 88ff635f6677522a262311c02a329ba6
SHA1 d4e9fc33ee3ccfbf6be2ef9e43ad0b0f2645cb41
SHA256 91db9ac6a216874dbef6ae28744cb702fcd1dd0f1b98decb56779ef50818cbe8
SHA512 e9e77040cc5944a177775169097cb4f861afd83087f2291e349835746f755ac1e337b3e7ecdb066c3fe0a62213b5b759ab6ce591ca05edc5f98a58556790c97b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9db699397b73ffbd2ff57e95fee4f38d
SHA1 bcef90549506bb63e498cc2672163d447d44072f
SHA256 f8d492248d8c8d88e71647f38da219ab82994c29f67e267292e7f23ab9c8fac4
SHA512 9544a008528538cd9690927b4e4d4093695f60ed509be79f0a73dc30bcaa4f3556ae323e7dd42a11cb53896544157d94c3508c5962c1751445d17ab0a86a4242

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ce3e35fd10a3385b03394669100420fc
SHA1 f25fab308b36526c8ac5b51ac73178c91129337d
SHA256 12164ec23f6d01efec3b166fda397c8c116ae714f57c0160741c0089e0bee6a2
SHA512 c06e80d2491c44e934cefde10cc9e50633553c49224df4a250d40f7079ac144e7e84a24ce427b8db9332df34fdb11fffc5b356e46556e03fd1beccaaca452848

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c95bda38f396c6e0ab2734fcf9dc1a3
SHA1 1313f39780c9ed757fc710df5ab5fcd437250712
SHA256 93bd54efbc3c819ce79830f58f1d048cfbedef8345f30f0261e5090a5e97c85b
SHA512 a7a5099d52797bbb12621643e0f63e5fb0703c6309084a0b18522ce54a953931b0ac39d71bc6c33c56f61e8ddf9f54b9af6c3d4af11f79b60db5e35ee3bf9fdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 825d987eb3c967a8e498980206fd65d0
SHA1 c5d4f908582d0500f2dff67307b12871f729e1d0
SHA256 67eeaa447692807e6af112c7dc3a496e4f94fd1c1fa6cd58c44355b17077e1d5
SHA512 2c456fb3634d5492d119c610f732c6933719a3731cf18fca63fc47d853fdfb2a057b45220350e4bd020d52c9732f38b70e75f3e126c0c675812ecaa98723f45b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 13d4f13cd34f37afc507ac239d82ddbd
SHA1 6d500935a441d438ed052e90de0443bccc8c6d17
SHA256 76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01
SHA512 152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 01ad880ee50b786f74a5e4fae9ba3d71
SHA1 111387dbe885b7f3af44cdbbeea17eeb04bbf803
SHA256 9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e
SHA512 d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 85a5e4109a73fe264f702c44a402852a
SHA1 a386fcacb57955cd55e603289d63a8d6b9af4031
SHA256 be700a674a2eb4165ace3c4916229bcc6fcb82266806509289c4604926db933e
SHA512 16e222cbca3c21b5da8a75bf726cd38f084c30d58a4a9fa3deacf8d75faeab2240e30de63ca101bae8f34ea9bc41872f505ac66451fa4ae1da6ef3d04ecc28b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 887e943bffd4815ce6f66337abb9fb86
SHA1 51576124433ee79da9e2b2b513727b1ff190a904
SHA256 c85ec0aae0c668649978fc759d342409609c308995d671e9ce1f864d7d462353
SHA512 7eac589f70268a67c45cd787709e25ddcc367ba9a3dac8dca1642cacdc7af1d9fb64d77f3a4d0627facbba3a98e4f2706a870c9e76c0df9f2afd1c5f8c5ffa0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 157373e8a63615ff6b60cd603733830f
SHA1 629593036c310d39d2ba781746737fd038b05163
SHA256 cc39605b8e01b0acc011a30edd9e518f9b22cde7a7bb244ff224917e3dde5752
SHA512 bbf9729f3ff413cdf1e68ac33a63d694c81f4b51ed2ff97a745338d35e8dcef0c728781d081bad679a1ed2eb8cbbc8b403ea6f1b7c5f91eaf2a338c07ea8c65b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cc44.TMP

MD5 6e1da1260f211833494d705b62c5884f
SHA1 18c3354d445ed9b7a9cec448e1053eb6861dbacf
SHA256 c4c5b965110f5ca2a6a406fb553ea719203611213b8edc1ad29edff9ef990372
SHA512 1fea34a1ed2b49932f2b7acbd2d5e148b61726e6686f93439c4b3b176101d6832785b9e266e81b8a19a6837c46474554cab1959d70b426b10c4f3661fc5f17d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c602302d54c8a2c309c0cc9165a6007
SHA1 50a5b3b07b05ade5c239a58b1370c1bd98a11f71
SHA256 dd0f0f74d652d619553b29f93ad12e99a304a6bc8304ed7d92be4279e459270c
SHA512 9f41609c5508edd05517d7b678ab4dd09845e421113b239c1593138dd8f409b7257f1a2682969c4ec1877aa6eb0da942c5239bdc19465c247c5b855d981bf516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c8d3547631967d046b3920b33b15790
SHA1 08f873ae6ee88f278eeb5f9fbb1004266a8e4b5e
SHA256 8355ab747c88d034684ddab1f33a9f46a44027d7460168bd7da8b703764d9ce6
SHA512 bdf6a4f4ca23184760c858b8599b3c688c171c700d2cf85ab06a2590376bdd80f2446f8cc011662aa57a313ea9e6abf2d0d716cebc4a4250a245e4ff28af0a1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b7a932a0f51eb91bf8deb61deda1b1b
SHA1 85a8288ced7c10fc482ba0c50b87ef6c7bcec77e
SHA256 87b85a43092f26df7c711bd4ea32a12a21127c3e7b1ac72f281585dc03e7f686
SHA512 0a7d01a2575b051e95703b5a0adee1201d4b8c8e8a9240b15450154e3c4929803ecc6897251c82e743c9f45c71ad809aafae45bc4a707284f218c33d80f694d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 023fb6a0235eac47e119bebe588fa04b
SHA1 9700010fc1f613665924efabc0d007e2669b784c
SHA256 7a14da9b45c5f0f607dce70117f1804b1f897385bb81a119529fabe010765079
SHA512 a122520cd9fa9110fc9212c40698f4c1a1142a52007426c95a2ae7916d08b74778ad1d48bbc0c40af0462e6facd9ca7eea1eb19675f41f1b8402686ced0ff488

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5907a40bf674d484833d9155c33c9177
SHA1 8c511d33828762580280a45380f1052811b55629
SHA256 00a403fcac2b60a0538a3a93a46a2cf4623b651185abbae8fd5d918105f2e39d
SHA512 9958e46b02c9c805ec7da828dff81260df15730ecee128d5e86150e23e0f6f1cf917bf977fa57e5e90ae5ae30ab8c4c03a0827d353ef426e08d8cfdd3dda5e9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 123b78c8d1762d469af133ec9f24ab61
SHA1 0a770bfaf07a646dd47d2cd9c05716c323e1a381
SHA256 12500d80e90d46911583af3a4c0002a15faf4ebeebf9dcb5dba89dbf44a6c164
SHA512 b8e15b9e3f4cdac5160bc5d92ba6f1b727f1440c1fbfa34c2fd9d2bf393ce3c82799eec0392a68397287769f6287bcaef43db8d95afba15872dd3d31708394d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9495d515ee4b43a3c37e9ddc35b99840
SHA1 dbb9a52399680fa8cf630911b5433efa43ae475d
SHA256 12f0c00fb8be175d5772a96664e1cbd572f5c61c09a537794203dfd2cc3e8020
SHA512 9bf1394163105dc59697989c980da671c7252515c0a564ae7c222ba0cbcc56ace908dfb9e38b88a01e1be08c2e30f710a79e61b8682ff49c4a8ba6e3b247a732

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70d8f6b4e2a9cde55f05fe225ccd1542
SHA1 7a2fa8a82f30702ebe3a263c6115cc86e61fd31f
SHA256 f37d60012142fb3233593aa26eaa739e3c7ddc3f4bf8fdc09d1a4c275054726c
SHA512 81adfb65e974e6243a918d0a0354bbb0dc9c3340510772e458c63b9387e9b30cb86b505505695045468e985f49684be0c6e7823617fdae9c2e4d891611e2ca7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1cc30a2078d5dcab21c2a7ab36be9432
SHA1 14695d271885efb9eebd0f0319e305cc281625e2
SHA256 55d84f83daf3c03bc61784f6c4a359b108b9b6ade8b74ae34abf17b86ead010b
SHA512 15715b355c0f6cf26e634e5cde888bf2d7c235592e7d91cca07418f09c5ddbe3c4c096ffafd500ce167d948e78d940943756bba3c0d2a5adc2188608559e50ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6fa5f9872b6936fb3ee10274c42d41d
SHA1 42134bbc88e7a8c93c79b92710093e3da0bdcf22
SHA256 484141147bbc0cf520b7d6586b0ee8401ec3cffa5f9f0a132d4decd8a0f1d6a3
SHA512 f55f97e2b773e448f626e59e63c6229be63c19a232dce9d3e33624f7667bb8f2b2640150b599e8b230d9a2721dbf31b6a194f0b02b5649913af548e27ab45fb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 09c7ae658385f6de986103443217840b
SHA1 298d880503edce4413337c09d3525f27a2edcd28
SHA256 91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7
SHA512 4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3c78617ec8f88da19254f9ff03312175
SHA1 344e9fed9434d924d1c9f05351259cbc21e434d3
SHA256 3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed
SHA512 5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3906f114b623f2752f52d5bede1c2785
SHA1 c9171a6673e6d504cb82812dc08638e23ede5c12
SHA256 3a7eea183a0cbfeac1e32a21631bcadbfd8ea34cef97fb2887dfe7860139596d
SHA512 3ee018967e10cd97c57c5a4600fa58b047cdd1a72318912406f51523494110ccedfc4f6865532160b69b91b863789778e8e097a308811e05455b759d72ee04ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2de33c1dee3fb24e867c33b37e8602ce
SHA1 43414db4ff3b3ca78f7269906b541739fb124871
SHA256 a8dbc9bd20393f93a41ab8efebd9a20adc07b0f82fdd24b04ddeee42cb73e25b
SHA512 7a5386b5705264bb831156d5812c60a78ba4d8d177757718d1ef034fca9ff990ac3d67e0a564bfef33e43140156dff88b0ef0eb5051ec7746531858ead8d7c72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c7c9101ecc73e60c92cbcb9475702bd
SHA1 538afd74350adc57e6a71de29098e63271931809
SHA256 7d953cc4fd952d8ec6fe9ae191946313560608a3ba610f4e2d937f3a01e76941
SHA512 eb0fb76093ce697b52b35fb42e0522254bf74fc489b40fcc3f648530ca2e1d6777cddba3e6fba40f26832cb46331610bc6e7dd549c76a7f49a6f2f26487e9cd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 358478b4be7709d25588cf4e1d686dc2
SHA1 e33442525ec7c02c709e02c014e073d64eb2b210
SHA256 e574448f3ffd2e3274c54b0f0fe9ebf5cd7341ee0e780a1a7bbbd803ddd3624e
SHA512 ce0f84a708ffff33c4fa9e09ef771833c23646f8472717e3cf9496fcb17790078ef469389a7a28e8196135abfbea933509a4778dd001699c6c0175dab178f2f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2412-632-0x000000007446E000-0x000000007446F000-memory.dmp

memory/2412-633-0x0000000000120000-0x00000000001B8000-memory.dmp

memory/2412-634-0x0000000004AE0000-0x0000000004AE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\d3d9.dll

MD5 83641a01d6033a5b956a8a4f2ad17dd7
SHA1 3d13b7b645239bb2c6e29abc2bcad286fe343101
SHA256 c403c0568f067e4d05930080b6c82d80373730e150a5c11d1b993a2e008952de
SHA512 0d01f098efc05697c517b4dbb0e0c2105e5bad61e07b45a3cb4e406d3dc0a48d4fb0d21998e7f3ba5264aea1e93f0e968583d28eafaa1481865f91c79ba5d958

memory/2412-650-0x0000000074460000-0x0000000074C10000-memory.dmp

memory/3916-651-0x0000000000400000-0x0000000000450000-memory.dmp

memory/2412-653-0x0000000074460000-0x0000000074C10000-memory.dmp

memory/3916-654-0x0000000005AE0000-0x0000000006084000-memory.dmp

memory/3916-655-0x00000000055D0000-0x0000000005662000-memory.dmp

memory/3916-656-0x00000000055C0000-0x00000000055CA000-memory.dmp

memory/3916-657-0x00000000066B0000-0x0000000006CC8000-memory.dmp

memory/3916-658-0x0000000005900000-0x0000000005A0A000-memory.dmp

memory/3916-659-0x0000000005830000-0x0000000005842000-memory.dmp

memory/3916-660-0x0000000005890000-0x00000000058CC000-memory.dmp

memory/3916-661-0x0000000005A10000-0x0000000005A5C000-memory.dmp

memory/1840-662-0x0000000000390000-0x000000000043E000-memory.dmp

memory/1840-663-0x00000000025A0000-0x00000000025A6000-memory.dmp

C:\Users\Admin\AppData\Roaming\d3d9.dll

MD5 1e3ca1fc6a18452c1b55a0277d72daed
SHA1 ce6b2dfb16b8c7aa67ff5bbc5288dd851403a80b
SHA256 2a4771c5907802e96531a9b823db6db7ea1e64872a6a99ae2b283f2038d8488e
SHA512 71e7f6cce9d4173c4d776fb05610b2901d05a302b544b0869e490162481e97a934153970c3f689bddd6e29384dda2d7a8a3288994af0dda126352ecea444b68c

memory/412-671-0x0000000000400000-0x0000000000478000-memory.dmp

memory/3916-673-0x0000000006140000-0x00000000061A6000-memory.dmp

memory/1772-676-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-675-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-674-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-682-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-686-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-685-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-684-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-683-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-681-0x000002001E500000-0x000002001E501000-memory.dmp

memory/1772-680-0x000002001E500000-0x000002001E501000-memory.dmp

memory/3916-687-0x0000000007180000-0x00000000071D0000-memory.dmp

memory/412-688-0x0000000009760000-0x00000000097D6000-memory.dmp

memory/412-690-0x0000000009740000-0x000000000975E000-memory.dmp

memory/3916-691-0x00000000075A0000-0x0000000007762000-memory.dmp

memory/3916-692-0x0000000007CA0000-0x00000000081CC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 e4ee4d1eff0dd63635fc1cc391edab89
SHA1 55bb21e83c14b960d7577b78f5de0007b642123f
SHA256 31f6d637126f10fac371bef03aa311ac9d09008067f36aed0b1ce704906b854f
SHA512 4c1b2e116777e07ee8e6da837074dae56cb8f072402670de8541612e7071d2e159a176cf9518e2a56dccc7aeae840915bfdf4e9938a332f749cb579a876039a2

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

MD5 f57bf6e78035d7f9150292a466c1a82d
SHA1 58cce014a5e6a6c6d08f77b1de4ce48e31bc4331
SHA256 25a36c129865722052d07b37daa985a3e4b64def94120b6343fb5a96d9026415
SHA512 fa240d2d26370589457780269bae17a883538f535e6e462cc1f969306522526faacd314d29e78f71902b799046e4395c86c34007d2cfee5090e01cd72150675f

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cucumber.exe.log

MD5 84cfdb4b995b1dbf543b26b86c863adc
SHA1 d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256 d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

memory/4524-705-0x0000000004DD0000-0x0000000004E1C000-memory.dmp