Analysis Overview
SHA256
be4b1f18e4ac79c4768f01cac488759bdc3d9267c20419e0d897cfadf2fa8e00
Threat Level: Known bad
The file sample was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in Windows directory
Program crash
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-07 14:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-07 14:07
Reported
2024-07-07 14:13
Platform
win10-20240404-en
Max time kernel
299s
Max time network
301s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV2.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gotham\6atManV2.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4664 set thread context of 1584 | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| PID 400 set thread context of 1268 | N/A | C:\Users\Admin\Downloads\Gotham\6atManV1.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| PID 1536 set thread context of 4044 | N/A | C:\Users\Admin\Downloads\Gotham\6atManV2.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Gotham\6atManV2.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Gotham\6atManV2.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648348952956526" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ebd3231877d0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 86019c1a77d0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{4628937F-4ABE-45D5-8D3C-413511DAA679} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5472 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3344 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5716 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3692 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3624 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3136 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5080 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4412 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4904 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Gotham\" -ad -an -ai#7zMap8449:74:7zEvent2618
C:\Users\Admin\Downloads\Gotham\6atManV1.exe
"C:\Users\Admin\Downloads\Gotham\6atManV1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\Gotham\6atManV2.exe
"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 992
C:\Users\Admin\Downloads\Gotham\6atManV1.exe
"C:\Users\Admin\Downloads\Gotham\6atManV1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\Gotham\6atManV2.exe
"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 964
C:\Users\Admin\Downloads\Gotham\6atManV2.exe
"C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 104.16.113.74:443 | mediafire.com | tcp |
| US | 104.16.113.74:443 | mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| DE | 18.154.63.122:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.167.39.135:443 | api.amplitude.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 18.173.233.10:443 | tags.crwdcntrl.net | tcp |
| IE | 108.128.111.241:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.16.78.59:443 | bcp.crwdcntrl.net | tcp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2363.mediafire.com | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 199.91.155.104:443 | download2363.mediafire.com | tcp |
| US | 199.91.155.104:443 | download2363.mediafire.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.39.167.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.233.173.18.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 241.111.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.78.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| DE | 18.173.233.49:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | 49.233.173.18.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.195.135.126:443 | www.opera.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.135.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.46:443 | www.googleoptimize.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | 239.132.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| DE | 18.195.135.126:443 | www.opera.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| GB | 95.101.129.43:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 8ffbf8539e55c325666ab094d2aff09a.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 142.250.180.1:443 | 8ffbf8539e55c325666ab094d2aff09a.safeframe.googlesyndication.com | tcp |
| DE | 18.154.64.187:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| DE | 18.194.32.110:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.32.110:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.32.110:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.32.110:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.32.110:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 107.151.11.18:443 | ghb.adtelligent.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 108.157.4.85:443 | hb.yellowblue.io | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 172.67.14.119:443 | prebid.smilewanted.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.64.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.32.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.11.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.14.67.172.in-addr.arpa | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| GB | 185.239.172.170:443 | ghb1.adtelligent.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.187.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.187.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.172.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| CH | 185.196.9.6:43164 | tcp | |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.9.196.185.in-addr.arpa | udp |
| CH | 185.196.9.6:43164 | tcp | |
| CH | 185.196.9.26:6302 | tcp | |
| US | 8.8.8.8:53 | 26.9.196.185.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
Files
memory/4692-16-0x000001B8BAC20000-0x000001B8BAC30000-memory.dmp
memory/4692-0-0x000001B8BAB20000-0x000001B8BAB30000-memory.dmp
memory/4692-35-0x000001B8B80D0000-0x000001B8B80D2000-memory.dmp
\??\pipe\crashpad_3292_IBIYEZUVMQJYAMDL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4692-50-0x000001B8B9C60000-0x000001B8B9C62000-memory.dmp
memory/4692-53-0x000001B8B81B0000-0x000001B8B81B1000-memory.dmp
memory/4692-57-0x000001B8B80C0000-0x000001B8B80C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f409b5adf51ce566304a13b3369aef77 |
| SHA1 | f524b5e36aa169b205b1d02ad34b1f7747e55b0d |
| SHA256 | 170abb7bdbd7311bfe4e392e1a7636871833620d563647a9459168554e4a5088 |
| SHA512 | 7355e94a401a351373a4c6a145d8433893627b0fda59e04eebeb75d79611345b26aab102a461c9a4c3c6c25bf2e232982c5c1ded8b609f3e13fa454a2f678062 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6a6ebde9b97bd9622be4311ea0b0f8e |
| SHA1 | 231c33226c4e25d7af999b6afb2d5767e545c0f7 |
| SHA256 | 272403e2e1741629f73f5c60ce7a4f6ba23b7d804a05ab499f8795566a1b4eeb |
| SHA512 | 6244594f9755dac6d637a67db62426123de18123cd7becfc25948ec30f9ba073a67a39493c34db9912288a7597526b906d670ca5b99df61a83bde3498f1c0d7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a48bad75dcf4c4fddca361728c0c4903 |
| SHA1 | 2d1b74f4bef9128fbf82d57893e9203ce8101819 |
| SHA256 | b01eaa734519ceab594f1919fecb654f42dcfdbe9e5f447197f75cfe80f3d6d5 |
| SHA512 | 1d52187903f760acc29f17f44217c2aa67fce3dbdc1975da38e2bad2386de116450f701ee567e8e726f751e25f559f9ad4cb7586b94f38c1ed4cae244c046264 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 30ea8197fcc38b64ab1ef04b4f8e9ffa |
| SHA1 | 87729323e4b8046ae6f320219c9009befd62b866 |
| SHA256 | e12782c2ec3dd8b336b017fa8e12a4cec9aea81106dce751a8cf4722b9466cfa |
| SHA512 | b7bbcde34bab8988505589ed0adf48e957d2d2cefb22c59b5fa0689141cbd4391a89c18b4b6043b665550ef9ba1516a0909b045ee2c5786ac83c4eba14a0e7bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5bd0f265cc14af43e7480b38717a434d |
| SHA1 | 61e2cbd13d1a27d98dfb66eaf29f8062228e35b5 |
| SHA256 | c86286e1dea9bf32b887ad851adddd707d121e035c8f4e5a7b6bff6bbe6bba44 |
| SHA512 | 33e199548b906ec22430475d9e674f053ed83bdaf964e82097882bc82cf878408abf88d6e5c34eb6d51669d18536c4c16bdd4d8273c3a9f6e5bc4a254911e349 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b27a62df6638d1826a4ec9ade160ff0 |
| SHA1 | daa230c7d3f8595a9bc3ac6e8ad24529369ece0c |
| SHA256 | 6e6e22916b88f74b9309562a97b87ded5883972fbf4e2525bd3d1cd219b5e414 |
| SHA512 | 6c9bf0f9e25e1986d8b0be2d8571f4e0f9a0c3488f0a709970d0b1aa49cde0b53f4360448af1ba6192a2b76f61ffbbf5990e2434120e4dad872832934f7a1987 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\330b9486-6807-4099-a738-768535fceeb7.tmp
| MD5 | 4345442b4ed6c412597835ec7ea5e7d5 |
| SHA1 | 8b297ebd4cbf36468c61b7800e4d34d27e4786ce |
| SHA256 | 24bbdd79fdc4c546d1e20b034ab9ea8826c278f2e8b718ff266b0a1a41387205 |
| SHA512 | 4daf6702fade085638974ec38ad48ea63ff54e4cb68838c577f351ee8203429b52d0eec333cbdb185884b4190b05d5ba4565e62fec83bb641a5d50a244576bea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | adf81777aa8b82e69c7c628ab36c065b |
| SHA1 | 3413f00aecbdba5202e307b94a4d39d073427708 |
| SHA256 | 3f18c4434ac20027e18e311f3111233e9a29408118c2a27af593d910b6123c94 |
| SHA512 | 8e70ff5382ff09b93a8ac0f603c5f392ceab3544f22773adc79a5429c062fc725fdad2345c7e4a80dc893ef71d5f3d00f5db3771cbb4952b49337176d1f455dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bd88bd624dea2d6108b47bccb123246 |
| SHA1 | 72e5069ca0bdbc207912d3ed62df83999550e44a |
| SHA256 | fc7051cd043ad08389f51bc9b41e2e5c2b4dac54eb569b53694e39d0610fe8c7 |
| SHA512 | f5bf6229d093f9a53637888dbdc963aab6a60454fba2f085588ae903ab24f8a64d9652d97edb4ba296e537d92123561ae288beeee546ebf33c217d10621e0087 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | db7701e338d33851e431f620fb2628e9 |
| SHA1 | a621b190bb713bf0ba96e01ec7831dea5bf4a077 |
| SHA256 | 90a458fe497044ea98ba980a60c427f1d27e350e57dec7eaca89952cf0ae2914 |
| SHA512 | 8491a9e04d4a92c656029a070e32c8845357910b11551d61a049312e3e5c180d15d99ed80139a2b94e4249aefa9490d95c517370e4d38a1440e89b3ea2868a14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c994.TMP
| MD5 | e3cb0a3774bb184de297d1b4e30e097b |
| SHA1 | c9fc23c2e47ec89c7471ac63eef223475b087f9b |
| SHA256 | 7517af59ebc17f23a1c368553780c8448372d2e6a66eaa1e716d155cd9af520b |
| SHA512 | 1cf16c9e7ba9a7b84bd9fdc0b1c79c97d106eb316996300d0ca3b501e28fbc1ac5900e50c9d8c7eeab7c862c0831009593ef56fd575bc51d0912b8112698ad37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7154c3e126b2b2429f860869ceb712fc |
| SHA1 | a71a6fa5162060cd6767b563b3e937140c00a058 |
| SHA256 | 4a8bb16d5f68f1b4f71eeb6550306a3eadd48b02adbc8340f53d81bc0ea2bd1e |
| SHA512 | e0fb0e8fc9faaab30e1efea330b0c11ffd224476707ea408c650f3e07b2bea17a4f67eecc0067671e193bc81bf0475b44ba4a1f681ea687be947e150a6f24bd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce5a99b7101febb29a9b50b8fa19e4ac |
| SHA1 | 28ab2a2cb013b4c2ca8011c220d8146c4295d6b0 |
| SHA256 | 9a3ef5746f35752779ae8db3d5eca629744bbf433a210d708f7087deeef1d918 |
| SHA512 | df2c8ed7260e4b2778037f8387826ccb74fa8aa288dd140739f9b3bebe2f94d7625f6ba166a469d328925b2134083476857a6827d54db4cd33f42820817b9fb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c36753c675fd0ab88ecfb9cca335520 |
| SHA1 | 3ed7f26940f39c846afd3a353cb84233960a30d1 |
| SHA256 | cad3c8721307505bd8ce3b8093338e66c6bc662c08154f85cb0d9ed7e7e418a1 |
| SHA512 | 26c4875b3a1a840759f636698204a744e37cff50bb6fa2ceb8ffd8b93a80ece6afcd8744691058159defb5f88e148b0942b47142b718285e76560cc8e071b5b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | c64929d71f8769929406b672778db163 |
| SHA1 | 9dcbf05f8029ec6263ec43b6958a54626adb62d1 |
| SHA256 | b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a |
| SHA512 | 9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a90c73b206dbceed288b620db5c368fc |
| SHA1 | 84d1b49431cee59b4922618fc575f207b997af30 |
| SHA256 | 3da3780f8b5651042a7ac8e27c75f45436a03fb8f3a77355f46dd7dd9176aeab |
| SHA512 | 8830d235624bfd975466f0999ae5dfe4f310f5eced0d3eef892268ebb5c8faa5840f5ecd53989288204895cebed0706a3954fe81eb96cf6674f5656b1c78f4c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | abf4c530a3a047b138c04b2bf40811de |
| SHA1 | 1019e465fcc1d0e7250d02fd270114c9d01cf315 |
| SHA256 | 943bc6c6b7c26907d5b60c93d9b87faccbc1f1854cf0a207e818c011bd412a24 |
| SHA512 | a93bcdc18a5e544ef0bec22784c9b695b2fa4d5094dd34f34f9daf1d85b453513ddf25f646e94a6ca724a9a618329e10a62286cf260f3fedbff98b01d18265dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b975a143211c939025c9fb232791682f |
| SHA1 | ff8ba34f1cf493ddc7f3555f05df67266baa1bae |
| SHA256 | 02f5ad1c90dc424aa61da1dca9911f34f587ec947883382944590af93da6a178 |
| SHA512 | f781649b5f56cbc7024c64ee89cb76a05ca12c1ccc9818a29b82fc2b6898fd20900f0472900b493c36ba7f5dfe263392ad31d625655efa71146b3ab61d75089c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0548a63cd7c58a32e97be292d7802079 |
| SHA1 | 03de6178304821188306cfcff767a6d5055cc60e |
| SHA256 | 0e0833d52afa8cef769a220fff0919a12a2383246f086ed2e9f4bea0e27b01d9 |
| SHA512 | 3fcd8b6dd634cdeda839aab3ebc9ef266b7463ff2fe989dbb32880831a1bf920ab4c07887af6a15184cdceb3e20851e008a95b2391dad69cbf4a7f4c1feb2e1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a33fa1ed260249eb0721f12c3bbf4bcf |
| SHA1 | 52daaaef80a4747d5f619b87e9bcec53b166a342 |
| SHA256 | 24d5e3c0b9a50fae173b3ed44ec92e4f9104adb91145f838c9b025b9b1ce6c3c |
| SHA512 | 5eb4fba00dddcf6599fe5467f0432847f8d6737e175635ab2f1323afcac010ec8cb219b7a1cc64b8755babba2b5b1ab0e2140e7e5a27ee5bbebf995b50208db2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4e795ef3ec7a6897f83b8ef1f8274b1 |
| SHA1 | 56e60743433fe8d4129e5977b5933a5e23a8446c |
| SHA256 | a3b3bfcd0bbf90ad9fb329f389c2c02db229a00be7a8fa3c52b3f7717bb44468 |
| SHA512 | a1a00b1b4e0ae3e48131ee0274ae5c103999981721d8d476d66c0993e054bbd5f7d979cdd7988395f91363d786da786c167c598be882634a736e028959d94882 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 394bed75b62fde45100a5a16505d826b |
| SHA1 | aa049644a98f80b0d442898c8f5faec08d07af4b |
| SHA256 | ff7b8eb93db78f1527938208ac562ed9a08418a0dfbc16e791d30c8a8ddd2967 |
| SHA512 | c53ef8b00c915edbf6425958da63a896b00af7d951cfaa6fd042ac33414ba11900985b4e253082f8f74e8dfad2fa96f1279d0e712e6252dc61a52e2bd6d1161a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a14536881d1589b88030abf50275ab2c |
| SHA1 | d991e321c895484da5ec360f38f60295fefda0f1 |
| SHA256 | e190a53053671e9a05d80a868714cc74a3f17ba7f0ea2cfa4c708a2d6c115c7f |
| SHA512 | c62f78eed030ad0cbf0e3ea046f78452e0fbb134c762e01c52c4e8e3e551c4d929b540c114d780d2c5206889b9a44d211d7a35390b53600e01ddc5d8c655d55c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c41e1485224d350428e88f49a51fdf4 |
| SHA1 | 81c73eee9b0bc4064ee904ace7c3961615d2942f |
| SHA256 | 121e9a8d09d4894f5ddd67d5652f6f0ec18988592fb23fd819c153aac400fcef |
| SHA512 | 00559e0ce8bd902171e599a52020fb1e2dc5884bca0cd1847699b20a5e2da13e2681e62761ab9317b5bc349371ec96413d35ccfc4f7d131914cbe6c092c1e5c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | a15e58f9f2a8cf46f18a42abcfa7455b |
| SHA1 | 79e2788a326ec6b5bfe08fcb6dedb90f209a1407 |
| SHA256 | a4e95024689eb9bc42c055a09e9c8f95f8973e9983841c0a8f768891d4e51f84 |
| SHA512 | 108bd845fd6b48670723f8ad72b057e9a387ad9c80472ddffafe7b1daa5fb0305768c7da3ca20ac7116eedfc7547fa74135396c85491d079a045483e7b42e2bb |
C:\Users\Admin\Downloads\Gotham.zip
| MD5 | b194d508d1ed553f7dbe01c16504e591 |
| SHA1 | 7b8f9865e84ce2fae5f94b905f6f5ac70a9cb8cf |
| SHA256 | 776bd2ff315fc076de7a39a08b3e214887ad7aacdfaeff717bf7a70b46698b81 |
| SHA512 | 59fb5b839b8ef210e2f7b76b01a271d022d86a316b1774bb4257d1c97d2eac7fb2479d3db715830b3f125f1322f10281eddb1b33c61b6d52f0e13a16c3b40099 |
C:\Users\Admin\Downloads\Gotham\6atManV1.exe
| MD5 | ecfe3ce61735a65165a9d4cbfa1e3836 |
| SHA1 | 7e39cb0f45e0f5e59f70f63375c2f67ebf64ba98 |
| SHA256 | 8d939f5956930a6b0d4700a4cb1f47c8255588964dd09ad9c640c50634d187c5 |
| SHA512 | d878c55fd9108b62f24841cd587a70fa5efe9e640d88d227025132c5e75fb86dd73de490d924015c5c52f6fbc7d174a506df97668e314ed9f9a7c06b067a7131 |
memory/4664-1056-0x00000000008F0000-0x000000000099E000-memory.dmp
memory/4664-1057-0x0000000002C90000-0x0000000002C96000-memory.dmp
\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 02e781dec432bc79ed9ea859f88fc55f |
| SHA1 | 29092d756b3900b3084b74692aedc89c28661a66 |
| SHA256 | 5b127cbc52c1f449ab4a861a653e199f77af5aaa337bf4c660d7cceaffdf0894 |
| SHA512 | 863dcb40e16bd90c2288a661e760c25569ed8f79bef472a45ec98a3a1a1398195c20a62d7dba1830e8e2ffb09eed717676eb731ecea09f8fad43bd97970ea82f |
memory/1584-1064-0x0000000000400000-0x0000000000474000-memory.dmp
memory/1584-1066-0x0000000005B10000-0x000000000600E000-memory.dmp
memory/1584-1067-0x0000000005510000-0x00000000055A2000-memory.dmp
memory/1584-1068-0x00000000055D0000-0x00000000055DA000-memory.dmp
C:\Users\Admin\Downloads\Gotham\6atManV2.exe
| MD5 | a4c55c4d409ebe8ae7cf21d5ac49bc6f |
| SHA1 | 1ea88c261838f65c52b600ce5a1dd745f3646d3f |
| SHA256 | df670585dba3923567610e24a5cf9b2d047f568adb24d3217e5993d69b949ec1 |
| SHA512 | 0865ad047b4e974d43f714b965736d817ad350d58366aade0f66a24612db0ee167389dd6bcec8b3fe742208dbad0274a1c3c8914d573120d68773217cf2abf8d |
memory/4732-1071-0x00000000000F0000-0x0000000000188000-memory.dmp
memory/4732-1072-0x0000000000AA0000-0x0000000000AA6000-memory.dmp
memory/1584-1074-0x0000000008700000-0x0000000008D06000-memory.dmp
memory/1584-1075-0x0000000008240000-0x000000000834A000-memory.dmp
memory/1584-1076-0x0000000008160000-0x0000000008172000-memory.dmp
memory/1584-1077-0x00000000081C0000-0x00000000081FE000-memory.dmp
memory/1584-1078-0x0000000008350000-0x000000000839B000-memory.dmp
memory/1584-1079-0x0000000008650000-0x00000000086B6000-memory.dmp
memory/1584-1080-0x00000000091A0000-0x0000000009216000-memory.dmp
memory/1584-1081-0x0000000009220000-0x000000000923E000-memory.dmp
memory/1584-1083-0x0000000009DA0000-0x0000000009F62000-memory.dmp
memory/1584-1084-0x000000000A4A0000-0x000000000A9CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 04a323b4cd8c8ef50c5f3f30cea415b5 |
| SHA1 | e469bda23a4098002a1e3a11c38d87bacb883465 |
| SHA256 | 1680f09fe8e64d1409a954c334783aeb0fa3b419b8f9303d48abe0a05e28458a |
| SHA512 | 5ffc5890eaab05d1d42a7a1fd10d8b8ef308e6996e6c80a8be4091da53a297f34fc7e574d48fe4794ab7a08bb898f22f12892ae7fce1ceca3ceb1b3f2393cc6a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6atManV1.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | b5db471287b28710acea74838ad7eb5e |
| SHA1 | 9daf5a065aa0bf9679807157486f8ffd689b28bc |
| SHA256 | 52e35ab2960c262e2cd70e6d94a02bda86223d08699d268ad872067e9eea0c67 |
| SHA512 | 6b0f2cee9a15c2c2e9d02f638173c45b18a1bb74bc0ca5660d3874c0ed305810af51527ba1b41d06b4823904d2bb897c104606041cff9dfc6afb9f4af8b3aca8 |
memory/4044-1103-0x0000000000520000-0x0000000000570000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
| MD5 | 7f38048a5b4bb647a43e93df970417c3 |
| SHA1 | f7022125ba74f50d0d4515ca0b47ccc88c2f47e1 |
| SHA256 | 81d8c4d06be3654f64a49a2effb3606bb48a37556f4db38a524033d9949915bc |
| SHA512 | 06adc7711a98548c94954546a4a547b2547d63d1f26351a58e17d38b73c02e54823daf99d9aae8311225c02bf9e2f40bbb903ff6707c3ddaa64b1caafbbe342f |
memory/4044-1106-0x0000000006540000-0x0000000006590000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 3df4e2a913df8e1a21f20bc7e2a1b0e2 |
| SHA1 | c6e5a8930122f463bdd54b9ecdf2e5168359bc9a |
| SHA256 | 59591893110458595be6a9d8802fafb5ce09c502f140c378538fe7386673b190 |
| SHA512 | 3c1b01bd1c2a9ce8891c98211b67bdadd5028639ab6fe9c6bb6adb75870bf0914227113149a845864224e5c9bc17e7ac3bf7b4993926860977928612abc37b19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 18895874cd1cdfb91dd6d776c1ab33da |
| SHA1 | 10703e36fe51fafc4c617a74d8463dbf5af86b91 |
| SHA256 | 1ab235ef75059a429f226db64ebc46af96496415635b792dae47036a850dac04 |
| SHA512 | 81a9235af64807215ce68d2db7c0a21f6f3a9ede5142c2780bf3cb7c52131f73e5435f0a95ce23c24a979a16be2b6c461a6b1fb897cdacaadd3eab8739de766f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | d71395806a2ce6466686ccec852139e8 |
| SHA1 | ecad84a2d56c902d63cf57b9a75b8d941738c78e |
| SHA256 | 15750386611fe8f0448b6e00858597e92fce726554099151727db99dd7ed677b |
| SHA512 | 770030658685dab3d5e09b99546ee22787ba5b9dfe68e32a127b45769961f0c5f144dbaf027c04fd7f6fe0b2b871f88ef9d7e0607968184f815585c67ca794c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364834971005262
| MD5 | 8f80d912d0fb70ff702d79eac11613fb |
| SHA1 | 6bb488f8fbab3c3652c48d1198e4a50ad69bbaaf |
| SHA256 | 5f8d4ce8a1bf7a798c17f6fcd46c94b146c04aaa432480c68208814fefd21bc6 |
| SHA512 | d464e952a0dd159ed7157348e2c1b04cb6608e1725bfd358791c6a360506500f1e43665e9f272eb2b5705fd4f5768173c8d4aa32fc6c51a4f9de4c8882c7d3e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 9079226d2b1b999d16a7e7ea4b7136e9 |
| SHA1 | 5d85b3c13516105cafc722d320c6ecd30a414a61 |
| SHA256 | b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b |
| SHA512 | e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | eb1222e4c7a5825f438dc6bc7d3cf598 |
| SHA1 | 8de0bae107450a3d72eeaec1ee5b11ab0d0cda5d |
| SHA256 | aef7c2bcc6ade175c0454a4dbd0c73dbe32a0c3688807aba89156f8a6316d383 |
| SHA512 | ab23fa7649b33ae5c8c59362a4f813d6806057b86a098aa2326bdd7b72954c6039047ed344bf4232350fda6b31ebc5160cb2507c8b99286eb735ebb164b16409 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 12f30db6ad721162063d1f0d923dff79 |
| SHA1 | 9cfe9db2aa990a6e03b43d05adb522db2732ba10 |
| SHA256 | 41ce85887c17784d5a17c187aea408dfc60289e8fc7a8261a4ecb44decedb6ef |
| SHA512 | 2db7ff81608e520ad10423f563d1e74a5d7bc5509cf3c1ae841b92bcc4cb5a7a48953a366f8b2e71021eb9dbe48e7b4660b695228b66f0990238f82ab43b1772 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | e4fd7d882019d4d17469b6dec52c1e16 |
| SHA1 | 634d4af6b0812f79f085fd6599336c598bcbcad0 |
| SHA256 | 574062cd506542944ddabd8362a55ae33286551d8489addbfda34d62d84b6222 |
| SHA512 | 2b50e1c9dd287e2e21c8cf74f5eab4a4a784f2211c0eba95f69d51227e201d8097191faa6836eb79e1926b396ac0a6db52edef052af5c9d3c09cca0b84a7475a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | d8f4a4dc797a23c5c19ceafd1af19c85 |
| SHA1 | 35141cd76addefa372573c726b6b3db402e42b41 |
| SHA256 | d05e40565911fc8218798ea2a8cc7fec054801eaf10e6e4572e1e926b84f8419 |
| SHA512 | 407b2cc3f97cd8e076f4c20b6b14ca3059f65bb2e09277b2ed63292f02e9c0c22930ea17bb04ff558baa69c19a713fb1c044b02188e57693d711bca13ad9c02b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aa70919ae225ac755096061d84bd4585 |
| SHA1 | 139fb1ea6878d3b449c01704554497fc8739dc88 |
| SHA256 | e8fbb46c1e0e487eec6c2db551aab3f1aedb982e508255bcb23d5ab30207e883 |
| SHA512 | 553a3d77873c2b81f3aef4a80b4a8daee3dadf0506805c92983ba02c19757e0e50808da987bd61b6eb8c07a77811e67eb3ba794c2ba5c3b59310095447408d09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 225da863db240e47c8fb21bb3e20360c |
| SHA1 | 45eca2392a1779aedf4425f13f677ffbd252627a |
| SHA256 | f6a94032e86175292035fcc87b7ab2931fc4b7b6115b0a2caff197330d567999 |
| SHA512 | 6c69a15fc90ed71834097a81c47c961b74c1b02e16e8ddf686f5b6ecc8fec6ced954823cdfc0141a7fa3f13c8c192a1bfc97544fbf80439da34e056d7d87d1c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4ca888f75a6a9f37a6bd1127591823e |
| SHA1 | b992e9f4ccfec70193f71d081efcd5f213f3d552 |
| SHA256 | 7c80c9d2aa963e8436f0281b921a9506d0b2626fbc056da9c5089735804b030f |
| SHA512 | 0128e7ce16154f886c4894baac338432a52cf8044089004f0e649ccd2ea1007803f20ab86928b93fff49b705beb71349df00b311aebba11d17e16f484795ccf6 |