Analysis Overview
Threat Level: Likely malicious
The file http://goole.com was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Downloads MZ/PE file
Disables Task Manager via registry modification
Checks computer location settings
Modifies file permissions
A potential corporate email address has been identified in the URL: currency-file@1
Executes dropped EXE
Modifies boot configuration data using bcdedit
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Modifies registry key
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 15:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 15:56
Reported
2024-11-08 16:01
Platform
win10v2004-20241007-en
Max time kernel
279s
Max time network
281s
Command Line
Signatures
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
A potential corporate email address has been identified in the URL: currency-file@1
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\TrashMBR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\HorrorGui.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\WScript.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\WScript.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\TrashMBR.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\HorrorGui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\TrashMBR.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755550162040556" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\HorrorGui.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://goole.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc13cbcc40,0x7ffc13cbcc4c,0x7ffc13cbcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4516,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4788,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4656,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5424,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4820,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5728,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5868,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6100,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6212,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5456,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5804,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5872,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5900,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5540,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5776,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3340,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5096,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4748,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4672,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6164,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5808,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5364,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,3786688219934932681,16888116291804985542,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:8
C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe
"C:\Users\Admin\Downloads\Win8.Horror.Destructive 1.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\ED60.tmp\ED61.vbs //Nologo
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\Horror8.bat" "
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\bcdedit.exe
bcdedit /delete {current}
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\TrashMBR.exe
TrashMBR.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\system32\taskmgr.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\taskmgr.exe /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\taskmgr.exe /grant "everyone":F
C:\Windows\system32\taskkill.exe
taskkill /f /im logonui.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\system32\logonui.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\logonui.exe /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\logonui.exe /grant "everyone":F
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\explorer.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\explorer.exe /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\explorer.exe /grant "everyone":F
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\music.vbs"
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\HorrorGui.exe
HorrorGui.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x498
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im wininit.exe
C:\Windows\SysWOW64\Shutdown.exe
Shutdown /s /t 00
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goole.com | udp |
| DE | 217.160.0.201:80 | goole.com | tcp |
| DE | 217.160.0.201:80 | goole.com | tcp |
| DE | 217.160.0.201:443 | goole.com | tcp |
| DE | 217.160.0.201:443 | goole.com | tcp |
| US | 8.8.8.8:53 | www.goole.com | udp |
| DE | 217.160.0.201:443 | www.goole.com | tcp |
| DE | 217.160.0.201:443 | www.goole.com | tcp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.0.160.217.in-addr.arpa | udp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| DE | 217.160.0.201:80 | www.goole.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | services.vlitag.com | udp |
| US | 8.8.8.8:53 | www.mojeek.com | udp |
| US | 8.8.8.8:53 | udmserve.net | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| GB | 5.102.173.68:443 | www.mojeek.com | tcp |
| US | 104.22.58.199:80 | services.vlitag.com | tcp |
| US | 151.101.65.44:80 | cdn.taboola.com | tcp |
| US | 68.71.249.118:443 | udmserve.net | tcp |
| US | 104.22.58.199:443 | services.vlitag.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 104.22.58.199:443 | services.vlitag.com | udp |
| NL | 178.250.1.11:80 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.173.102.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.58.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.249.71.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | s3.vlitag.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| FR | 52.222.149.52:443 | cmp.inmobi.com | tcp |
| GB | 142.250.200.34:80 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.187.202:80 | imasdk.googleapis.com | tcp |
| FR | 18.245.194.122:80 | c.amazon-adsystem.com | tcp |
| US | 104.22.58.199:80 | s3.vlitag.com | tcp |
| US | 104.22.58.199:80 | s3.vlitag.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | bid.underdog.media | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | edge.quantserve.com | udp |
| FR | 52.222.149.52:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| FR | 3.164.163.16:80 | bid.underdog.media | tcp |
| US | 104.22.58.199:443 | s3.vlitag.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 151.101.1.44:80 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | pixel-us-west.rubiconproject.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 69.173.154.8:443 | pixel-us-west.rubiconproject.com | tcp |
| US | 69.166.1.34:443 | sync.go.sonobi.com | tcp |
| DE | 91.228.74.200:80 | edge.quantserve.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| DE | 91.228.74.159:443 | edge.quantserve.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| FR | 52.84.174.6:443 | config.aps.amazon-adsystem.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| FR | 3.164.163.16:443 | bid.underdog.media | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| US | 151.101.65.44:443 | trc.taboola.com | tcp |
| US | 151.101.65.44:443 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | vidstat.taboola.com | udp |
| US | 8.8.8.8:53 | 15.taboola.com | udp |
| US | 151.101.1.44:80 | 15.taboola.com | tcp |
| US | 8.8.8.8:53 | images.taboola.com | udp |
| DE | 18.193.40.240:443 | api.cmp.inmobi.com | tcp |
| US | 151.101.65.44:80 | images.taboola.com | tcp |
| US | 8.8.8.8:53 | beacon.taboola.com | udp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | am-wf.taboola.com | udp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 151.101.65.44:80 | beacon.taboola.com | tcp |
| US | 8.8.8.8:53 | sync.taboola.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 141.226.228.48:80 | sync.taboola.com | tcp |
| NL | 141.226.228.48:443 | sync.taboola.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.154.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.40.193.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.temu.com | udp |
| IE | 20.157.217.118:443 | www.temu.com | tcp |
| US | 8.8.8.8:53 | wf.taboola.com | udp |
| US | 8.8.8.8:53 | imprammp.taboola.com | udp |
| US | 151.101.1.44:80 | imprammp.taboola.com | tcp |
| US | 8.8.8.8:53 | am-match.taboola.com | udp |
| US | 8.8.8.8:53 | am-vid-events.taboola.com | udp |
| US | 151.101.65.44:80 | imprammp.taboola.com | tcp |
| US | 151.101.65.44:80 | imprammp.taboola.com | tcp |
| US | 151.101.65.44:80 | imprammp.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-vid-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-vid-events.taboola.com | tcp |
| NL | 141.226.228.48:80 | am-vid-events.taboola.com | tcp |
| NL | 141.226.228.48:80 | am-vid-events.taboola.com | tcp |
| US | 151.101.1.44:80 | imprammp.taboola.com | tcp |
| US | 151.101.1.44:80 | imprammp.taboola.com | tcp |
| US | 151.101.1.44:80 | imprammp.taboola.com | tcp |
| US | 151.101.1.44:80 | imprammp.taboola.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | vidstatb.taboola.com | udp |
| US | 151.101.1.44:80 | vidstatb.taboola.com | tcp |
| US | 151.101.129.44:80 | vidstatb.taboola.com | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 151.101.1.44:443 | vidstatb.taboola.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| FR | 163.5.194.34:443 | prebid.a-mo.net | tcp |
| FR | 163.5.194.34:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| FR | 163.5.194.34:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | am-trc-events.taboola.com | udp |
| NL | 141.226.228.48:80 | am-trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.217.157.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | lax1-ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | qsearch-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | hblg.media.net | udp |
| US | 23.192.20.32:443 | contextual.media.net | tcp |
| US | 23.192.20.32:443 | contextual.media.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| GB | 2.19.117.98:443 | cdn.adnxs-simple.com | tcp |
| US | 104.254.151.60:443 | lax1-ib.adnxs-simple.com | tcp |
| US | 104.254.151.60:443 | lax1-ib.adnxs-simple.com | tcp |
| GB | 2.18.190.79:443 | qsearch-a.akamaihd.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| US | 8.8.8.8:53 | edge.udmserve.net | udp |
| US | 68.71.249.120:80 | edge.udmserve.net | tcp |
| US | 23.192.20.32:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.20.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.151.254.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.249.71.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | related.focusedbuzz.com | udp |
| GB | 2.23.220.28:443 | hblg.media.net | udp |
| US | 34.117.32.153:443 | related.focusedbuzz.com | tcp |
| US | 8.8.8.8:53 | 153.32.117.34.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 163.5.194.34:443 | prebid.a-mo.net | tcp |
| US | 151.101.65.44:80 | vidstatb.taboola.com | tcp |
| US | 8.8.8.8:53 | dsp.vlitag.com | udp |
| US | 8.8.8.8:53 | adsystem.pocpoc.io | udp |
| US | 8.8.8.8:53 | px.pocpoc.io | udp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 104.26.14.167:80 | px.pocpoc.io | tcp |
| US | 104.26.14.167:443 | px.pocpoc.io | tcp |
| US | 8.8.8.8:53 | 167.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| NL | 141.226.228.48:80 | am-trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 69.166.1.34:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| IE | 54.170.251.59:443 | ad.360yield.com | tcp |
| IE | 18.202.12.246:443 | dpm.demdex.net | tcp |
| NL | 89.149.193.120:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 151.101.1.44:80 | vidstatb.taboola.com | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | grid-bidder.criteo.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | px.vliplatform.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 178.250.1.4:443 | grid-bidder.criteo.com | tcp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| US | 141.101.120.11:80 | px.vliplatform.com | tcp |
| US | 141.101.120.11:80 | px.vliplatform.com | tcp |
| US | 141.101.120.11:443 | px.vliplatform.com | tcp |
| US | 141.101.120.11:443 | px.vliplatform.com | tcp |
| US | 52.40.26.147:443 | ids.ad.gt | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.251.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.12.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.26.40.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.1.166.69.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 3.210.72.87:443 | sync.srv.stackadapt.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 52.95.125.22:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 69.166.1.34:443 | sync.go.sonobi.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.125.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.72.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | tcp |
| IE | 54.170.33.189:443 | sync.crwdcntrl.net | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 89.149.192.76:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 98.82.156.107:443 | s.amazon-adsystem.com | tcp |
| NL | 178.250.1.57:443 | ssp-sync.criteo.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| IE | 54.229.189.67:443 | ap.lijit.com | tcp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| FR | 163.5.194.35:443 | sync.a-mo.net | tcp |
| FR | 163.5.194.35:443 | sync.a-mo.net | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| IE | 52.50.157.4:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | pb-am.a-mo.net | udp |
| FR | 163.5.194.32:443 | pb-am.a-mo.net | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.33.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.156.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.189.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.157.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 104.254.151.60:443 | lax1-ib.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| BR | 142.251.135.67:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 67.135.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 233.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4728_IPYWWFNRJTQDWSNV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | aac5f1315a5dff0df6a02dc9dfd69d33 |
| SHA1 | 4d9af745f1ba8b2498d7136a65b900712051be84 |
| SHA256 | fd02ffa39686130ec9f55ad5693674a95fbbb2f664c95079e9f30f986742660f |
| SHA512 | 4d9795c12f1844b6b91cf3b9ad9a3b9538f7af06b91406f827f48579e1030a12b5298f35c1eeaa9d2b8e27b6ee775d2332b9028be773b9f61c6627855b4e194f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | def41a182930b455473dfd42aea265cb |
| SHA1 | 1f9e0d034881ac8dfd1d3b066d671323e52f3029 |
| SHA256 | d1a38d39ebc525bd9c54ea41039edec1d403e2fde98fcdf2009ef1ff7d963d61 |
| SHA512 | af29aba257edfac890be7b46fd17049fe32802986ad9ae96e3ae15e37663cf454b8406a8ab94b3a7d6b237022b3bcaf290dd49059424a6caf7d92fc610ec8f3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e4ef151f753d10fa475be00467d224e |
| SHA1 | b032ba2b89545a8f94bd0eb77379babc732fe825 |
| SHA256 | eb08cd20deb51fbcd40a2b3d5bf7328ec8752d5047dc6b871b7cc6bc2c853e86 |
| SHA512 | 33e85bf7194ab5f328564dd5a9a9bd27704e3e2306d6d6cd35f664a104cc7fc96023589b5ae249a417d2a20a081537a0bdfe3e7335626a9f34b4dddb504237ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 24f38c69943da8faae1ab228755c4b9c |
| SHA1 | db5884d027e3faba4c7f6d2a2db52beb4fce9f83 |
| SHA256 | 1b50635181f031e418562b8e8bcd8a725bda47efdd404ea2db5f95e03e8801e5 |
| SHA512 | 4bab5eead53add620bf63fc0292fe1fed27e0d3964dcb6da3df135eb4b04c427accccf6340a51d846b6895dd9c3ea4cdbd2fc6aac4a467a2908056190a9f8f28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07956dae19cf29c3c1ca0b00b7fe8c0d |
| SHA1 | 03016a39b71f3fa863d74a644a7bf8b93107a263 |
| SHA256 | 5693f99061a4345cba193719dce45ee0773ffe227d5c6f0ea02ae7f5c8bbc266 |
| SHA512 | 29f813f876553d2c637312ca18056be807331cbcdf6e36f0efb1897fb3eaf25357d729ab123384974d9e75a1f131fce3821358abc2b84c28615fe34e8cec0bf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 38c075f7d5e51c326fb53669c797eb04 |
| SHA1 | c7220c16265c6f248e4a31bd65b4bf6bc90fb5c8 |
| SHA256 | 049a3cd89be54c93436b1e600cc3cb52b6d105b566ccf6a06cd32f437b9ba191 |
| SHA512 | 6c5d2aa91aa49ad03a4eb34909f611c7a569fb5039b161c591fae1ab844ba32e16cdd8f981f4144e0f52c8cbe280579a4500d179b761bf63e47c68ca91838977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f42181691d139139f41d6b94c329b93 |
| SHA1 | 60c927dba42f0b8be81bb3f8b1c2f53b92465b59 |
| SHA256 | 673bd276510871e117317dbf4ed3332e4283500a9b6b9dd85a0862cdddf8aabe |
| SHA512 | a48e69b840789e192f9af7938af6a44aa068af7369e2764ddb263e1b4ebf901feb3c015733a4d142873e7c99ec057bcd55d4154eebd845835ff7749f798d1142 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 76a218a2bd4371bfb084e31657ad72fa |
| SHA1 | 01902c2b65c834940001c80b29d959dad0e017e5 |
| SHA256 | a1b9ed928651b48a8e0f5eb6f1bc4e17c618722a899a42b5ecf29ec27d3b41ed |
| SHA512 | 78799f8c03ea17fceee53bfb0fa0caefdac134faa9c75af801db7a6429af94a4c91dac97ad166eaa00a53b7d8564bd190953a8284494bccf9b31e7a76c1f13eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f5cacc113d4b023cbd357eab7006ad8 |
| SHA1 | 790d72fd36c52810200db834685b80b2c418a070 |
| SHA256 | 00b93d90ff3a5c93d9ba98e9d022d1b262e67903b98ef08efa0bdb120b6ae956 |
| SHA512 | 73b389c283f4d2c6bb5460c498af3f373af33a46478a2c8f934429296be134619b30049107f845da05d80f8ad333e5f61c580c3f33fc35ab5b1f40460c0e8509 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1627fcd0a4ab529773dd8d0754b7128e |
| SHA1 | 4b8dd152bec3e51dc7d3b692b7e61cc3ece52b80 |
| SHA256 | 062644c3c21d3055e908fdb3c8e4e62bd40ec101b8e40352cc1407a60e131baa |
| SHA512 | 19c455e57bb110ca4b9e39bfb79e2085fd604b37a81c55fde46d24eb6e27874ba818061f34c2fe936ec62020a4c233a575f1a467e4505ea2325eca998cd23008 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b355aa56797f07aa400e2fdc10d97a76 |
| SHA1 | b34687ae5a0f46ffbbc35e9b144ea4ad627c0779 |
| SHA256 | 2a8f4e6fe138fa5b15f0a25c2b823ec3ffb5f43903a7d401f260a9164f739ea8 |
| SHA512 | 39ee76e77dca82d0a01c67e2e13a023f2c3ce21fba3be4f8a198b2b9f539724db1ce666a97bdfdd631afade91b2308a2929e1e11a979a7ddee900d201abdaf8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54dbc2e4ad3a17fe6a1d9c5967013d07 |
| SHA1 | 2c15bc1600296840b87b1328083f9b29a79c85cc |
| SHA256 | 0aab5e3dccc76968652619ea6e6893bbe60f8c48b7339cb8fcf9639271fe7286 |
| SHA512 | b8d3c73110e30ec57c4b13cd10332309509595134024adfe455a356b945b867e024d0bbb881b3447d3280d9f7eb83988d837b792d6079fa947b0043db197c2c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0eea6d152b04add5da3209ab9d2c68be |
| SHA1 | 7ab387cc91c3984a6b09ec132695f84455734f0c |
| SHA256 | e829f1d9d617d9868122a9a445156014c6e49ed8cd9a17f47806d127508a797b |
| SHA512 | 8ad4205853ab171a172b3aa21eb271bb3fa8dde4ac256ad358f4cdccf8112d4809a148a3843380cf761693b20f5b44773b6fcafff2aab0c38f5307eec425e5b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5c5c05718d17c16541b8736cecdd9e1b |
| SHA1 | aa7f8607f8b5fcfaf2020167ab1c4802cdb2fa86 |
| SHA256 | fa9468474889451207f325debd6bcf040d9853de95c8a7f28488c8dd8f19fe66 |
| SHA512 | 5a3d2ce44d3e3f365ac895b82f2b7636ec3f0df6ad2e55e1e74c15fa38da25c60b9c15b8be777b11a1fd96b0eb1dbdb32ff60485b2d762d65de741bec8e5f4b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c625631fcaafa48965b094f4b48458e7 |
| SHA1 | 4c7ff6c0c6ef21ee5e97013eb3a25dd5ee9ae910 |
| SHA256 | 942d19461ed6c53cb7e5deffb7e0cd0ecc2af50815a64820227f7dcde1874fb1 |
| SHA512 | 79c9631d4f8078d8dbc043150b6b2bd2d2cce7ea58fe06c29f3be07f30f41107e9fe54326409bf78bef74c48c18e43649fdcd2f293d103ea70f50026fc8e3fde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cee883c52eaa2c11c60f46b8775f5863 |
| SHA1 | d398165a5e7d13ae84f264e4379a06ddba538e81 |
| SHA256 | 0a10eb44e4044c018c39a43ea66ffb26ce404cd7e61466d2ed35c10a811fff53 |
| SHA512 | 1c3e0ae33865feca47f38748715ec55099e42d5c1b885e1969df69b854a3fbdd02d6e363127c855488bac4f398facfdb668dcff2272f27e8a242061d25a75566 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ad3c5a015f6adf1671ac73533042f85 |
| SHA1 | ee479288a912e967ff4f9c701e561fbbbb2e117a |
| SHA256 | 5505f00608a2ae260e4927f7a4e120d86796b5e19da9b85a6698511e67223a4d |
| SHA512 | 996985086dd5390d88f55d3c60a58b2d48b704232a69827c7a05085032615ff3b0eabded3460c55bb1e4f3aeae73d4ec89dd463013620de7446ed1940dceae61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cd6576209129c975e8be21ba02c7d68 |
| SHA1 | b3d58e166688f7c7da2a2b89e5517b3f5adf612f |
| SHA256 | 3e7e5429e7af2de6ea4c0134b6695b36ed2f3c41014ce458f1fb49b7f6598fa9 |
| SHA512 | 5831f3e2e33ff32440f8721255d82a767abf289424ad9b45105102b26f5a06448cbc21b1070470a106b98c7d3b3905d96053cac6981d96880c7c6616e8b253b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5b6379b33565bb845ceee05d012e2a2 |
| SHA1 | f17c883b4eb59df01018681b7d9b3d0b002f5cbe |
| SHA256 | 178aaa0fb14ad3834e9af032ec22399ce92639715339af7aaee4e0f072843559 |
| SHA512 | 206b15a2ac8acf545d896675cc4691ae139208252046fdd5ffd16f8ea97d0a95cb5b40be4cc091e0be9e973c8d10ef325671b0e486a86cf8f29226d6a2cddbc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90cb2f5ccfd7d2da5c73f22064ee9663 |
| SHA1 | f3dda9968cac7ce8f6d122fafbac63f164faf17a |
| SHA256 | e97b4bcc54a6b27c3a62dac7a7446a04e6f18de257f1b1f3dd6e288d6d75c52b |
| SHA512 | 29cc7182b05acc2bc1ed49affa1cf5c96dac6be5d40e8333b1ad03f22b0d6d792adb0b173425fb66ce1d10f90de1a574e60928f75543d75edeee790d9d877126 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71008aba0df527f0d6a5e9e9caa32575 |
| SHA1 | ff62a42d311ddd352375cf8af46be7cf657dc291 |
| SHA256 | 0b73ca1e4f6d67ae3944cd33953c1d766679b97e2684407a34893386e7cec52d |
| SHA512 | 555a08e863e34ab85bbf759eead09ca4720429aa9c6425eb110d21c5d11bf611f78d9cb3da672a826b9895f68c25b10ae75133fcbc01ceb2584512671504a24a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c98af95f8a50f39df0d0b437078a6175 |
| SHA1 | 6d77bb4f08b0e05c2c3fff7793b43c1d39c958f8 |
| SHA256 | d4a4ea763d1c45cca31275cddf04dffe91a7ebd38e560b00d3016e98ecc393ab |
| SHA512 | a0026644c5e1e303339fd7f3b60c94f5f18f2a25e8aabf7953a06c3701b501232fc3a474465a7a37ef0758e4ea3810f08ada3b4008cf67a07cda604b83e567a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aedaff5f1006cadbcd0195879bae3c97 |
| SHA1 | 10716b6f811aec104b98a4c34bbcaa574320603f |
| SHA256 | fde44aa06e5cc23a22d02638c0a512b33d65b8bf597dafc99249f565ddb12ea5 |
| SHA512 | edf71eb4eed7a0a78235777306de8749eb2ce065178e64dfe5ce9fe825050a93315ff02745e44762d1c5c60e5f62cd5309e98da7ab4f5d32549438b49dcd1fdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c4ccceb2c315f6d254c16f399aa3566 |
| SHA1 | f9df35e17cc520f29bf2cf862da46eeb340aae6a |
| SHA256 | bc5cc122a8467c818f95d309ff7618c0d305f55c8f7ea8771ef7d7097b6cf611 |
| SHA512 | 879a1c0962ce7bdd486623ba94f0fefb715f11e652e8f01aa9386fc2ffbbcd67094335c65e53d5ea3c1f0d4b1e45afb7249f18ed65fb8a1dd5cfbec765dc97d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 342663946e7920a5ed80399392a3c0e2 |
| SHA1 | 7af85f9c24d64986d73c9420d0f096bfea252b9a |
| SHA256 | 743601677b36e17924ccc13e0a235d7ed443fc2d94db035ddfb76b7b94ac0098 |
| SHA512 | 94db3559701da384a7b4a17d44dc45d421028f640467d6042419e1dffdeaa707f3a2d5fe96f5a47692433099a27e20133a8be0ecae121d00ed5bab3c739ab195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60689ce03a9bd9eccafa5cea4c4624ac |
| SHA1 | 8370b6a5290c085b13e01d4cc1b353f976f5f87d |
| SHA256 | 8a4f2b9814e1ef378520756cf57dcfd5e78bdf2773093545745d382fa24b30b9 |
| SHA512 | 100439f6c0faf6a9f187f9c800110a83107e115df2fe6a37f577fc1b36a108d38666c15f9d2d06564a5bf5b079d7a53e0ba4cd96190d6c63018ac6a5ddbde36f |
C:\Users\Admin\Downloads\Unconfirmed 984095.crdownload
| MD5 | 846d847d9b1247c57824d5d2601a7faf |
| SHA1 | 2119dccee1e98af31fd193cf38bbfd8614f183bb |
| SHA256 | ba8fa2c240edfc35c3078fcf31b87c0e1af4404dfc1f52e0d5640edb061355fc |
| SHA512 | 8cbad0562c13f997fd2e90e6f3a998cdbd2c207592c1d85e6bcf5c794a65bbf2322355a33c9d1af4f03519447c397e7b34dfea179c30d1a054d32d6031c723ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57222f5cd7c47b8f1142cb629dcbd7db |
| SHA1 | 3798f25d3abd52b1a1502ad87ed2efd6da5ae36b |
| SHA256 | f2cad746e115910d1784747ae225ef1ad4f1b41fd1d63dbf57fbb6e3dfca7dfc |
| SHA512 | 9ee17e4190d1da078b89929a71c7bfbbb9f79a1564b9e7d5584cf56cec8ecda3fd8db6c080455f069118119a15e0731588511493e05777c61aa745dd9d305dba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d8469fee3b297559556d069ea7f146f |
| SHA1 | 7d8fa50d4a17d7ddf6c5994c7f0cfe5a69669920 |
| SHA256 | da08f9848959291f541dcfbad55a412ed7fab677a4ae746d1a383b37eaf80fd1 |
| SHA512 | 5dbfb9116d4f6dad0667ce106dcb5e3ec8c17f7d3eb85bd3fc05bb015f5d654c8dc095c170d9c3a3a893e9aa772dc318e42684650c34df4d1cf119ba5d6ec344 |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\ED60.tmp\ED61.vbs
| MD5 | 3bafc447cf86b66198f84690cb592adb |
| SHA1 | 5d16e560003b0ca1efa914aa0960fa84dbe1a0a6 |
| SHA256 | b96a442adc718e9e0981b1c3bea2c8172f6c5b2c8c1fecda5c311c95728bafff |
| SHA512 | f0aaef88ff735c8823cf83bf513a95084ccc617aa97bfed8ee86dc1366ae8cef679a7b5bf48116370493e0074fd7f56ce7e5e9f22bfbd8dd6f2f7c8489419700 |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\Horror8.bat
| MD5 | 36fcf85ec52716f5fd8ea625a11c13c6 |
| SHA1 | 60a720249c6bb3617e904445c247487dba96af9c |
| SHA256 | 3aba2d676284209730ff20b28a8415a3c41c88f402301b14437040bf2baebe0c |
| SHA512 | 1ba72a3ea4cf1014f0072184067611448276fff273f803c829d1f6bbeb6dd24c7dca41eada5b78f2ddc7dabadf5c5a66e11cd4f8a5aea31d261a69ef186d09f6 |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\TrashMBR.exe
| MD5 | 87f09f4a202bf9c0adcf6fed942aa703 |
| SHA1 | 96bf11ff017e31ec2242c0024c372628c40cbd4f |
| SHA256 | acf8abe9bd2f61840a247b4796ebedad20f69a85dbdf8a4100f5d7d306b064b1 |
| SHA512 | 85202719aa875b2697ae3082a79a3ca7c1e1be377d6b19f9f159488a5f9d6ec6e9ec35352b067a1bc15546165764acb108c11203bf482ea43684e433717eee58 |
memory/2320-721-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b173ff7b5d91acecceed934a340f777c |
| SHA1 | 6b275af14dd8d0c0a7c63459ca30fe18a4aaa489 |
| SHA256 | 175e2220b36199b4799e1b41e7a249d6b94d297ba829eeb07ce5a3453fddbb4d |
| SHA512 | 8801bb4f5e9ae4b9b3046e5de0bc29b5b22140068c67836062a8ce525a29483acf0f7ce9da371af3c0915050dd78451c3ef585785c2c752fd45d8eb59bc93954 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c65551e20d0aa1958104eca2f2965ea |
| SHA1 | decbf839c199cf0976f1125a080454dd910eee95 |
| SHA256 | 7814b95f446a61104c849fd03985f7af46c9f0fa08cc6c81387e8f1f23b4603d |
| SHA512 | 19d13d15878327fb183dd29676eae136e37cc062e8728d95c36745bdb1944b43ada8aea129886aac2b62ff315985694ac1752cb7ac057f8ca00bfcf44a716481 |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\music.vbs
| MD5 | 8b703f9c48eb3724348af746e7610061 |
| SHA1 | 599aa1820096e92546ea8d863d46cc49404e19e6 |
| SHA256 | e8cd555c43973e3b2e6fa0e80d602abc3d7c43a17bc51a6d0ba08e20ea3feadd |
| SHA512 | d38e39e3f9ff71f68d3d851b635bcc27939656ec085369652a324d8b0c95042e722a07b0b06a0a25f0f2b51d5ad1addc3174c472bda3f86cbf28376ba4870208 |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\HorrorGui.exe
| MD5 | b2653aa06a2253e8155eb81535b20e6a |
| SHA1 | 0cf61fc537d8d73c71724febd0f1f34a6fddc838 |
| SHA256 | b4e106e22c4d3e51c87d3d5853298210572ab2834f5e2a0beaf1df7d96c57d29 |
| SHA512 | 143694740660ac46f0c6c78903e8378fd402b5338dfb68c3e4a148f6f83036eaea3be6bda160d59ed1c5b52ba235823e284a0564ab9dbedcc3d3a6e40584fd98 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Temp\ED5F.tmp\clingclang.wav
| MD5 | 1c723b3b9420e04cb8845af8b62a37fa |
| SHA1 | 3331a0f04c851194405eb9a9ff49c76bfa3d4db0 |
| SHA256 | 6831f471ee3363e981e6a1eb0d722f092b33c9b73c91f9f2a9aafa5cb4c56b29 |
| SHA512 | 41f4005ec2a7e0ee8e0e5f52b9d97f25a64a25bb0f00c85c07c643e4e63ea361b4d86733a0cf719b30ea6af225c4fcaca494f22e8e2f73cda9db906c5a0f12ae |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 987a07b978cfe12e4ce45e513ef86619 |
| SHA1 | 22eec9a9b2e83ad33bedc59e3205f86590b7d40c |
| SHA256 | f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8 |
| SHA512 | 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ce33f6c7ce3e2cfec067a06b1f40162 |
| SHA1 | 7260f65ca4457bc13b37e0b167c5537d30baf5e1 |
| SHA256 | 46e81faefa085645c3a887a59c5a1dc2ca83694f3c014124d6e73528c4028a9a |
| SHA512 | 5037f4235922f7ec910aff89f96cc01cd977a86a712b5bd02d2748428bbe94bff8324930f4452b3b7353354405ea0d10568a6f2832a53628500d01eef19327fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ec1e6b2d0dcf609c6b10512178afe22 |
| SHA1 | b5ccbe975aba939195823f01e79585461c389c62 |
| SHA256 | 624a5b2aad80db2930920c50b110791ca2ae10f93e98f20430bf2df91cf1d8bf |
| SHA512 | 5de574f5525031c30a578af78b7867ac8127110c61437336aef6f2a8883848efca20be8037f1b91905ba90591dd56d8425545ef0b2c35b6d30b2afa76e2cd9b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84353a032b1972b16af3f87b2f140318 |
| SHA1 | c22743eb03c819256a147e8f80966d285051c081 |
| SHA256 | f6a7295102cca922988985f1306d28df2d5ea27e0729712d9b6b0d2fa0663b9a |
| SHA512 | 0919025f46ab538985ba6bd96e4e614b87c2cde256a7b257a6efcf8e07c7dfc94c4926f93f78e5bd4284c62b18bfbca3d8b92eb90b4f7998ef38bb248c1dacca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 73567f3948f7e05b113999096a96653d |
| SHA1 | 8da5fc879bb249aa09dd48ecb7f52cb886f5d587 |
| SHA256 | 3ce6645c00210eee7c04f221b1eb8c10b0705a9d98750cbb8333449538448708 |
| SHA512 | 66de2d58cba1ea45e720f4da0befe7647cf236b3d244de427f83e3fa1355bddb3a8cac09d950f5815cf7c0ae6aac2219c515089ad89040b1d319b61a421c1f39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5dbd89d534fa2f55e5579e69412ed30c |
| SHA1 | 4c407565e1e712a5ac2130c3a56edb0771f82d46 |
| SHA256 | 7328eb93c74720433f97c097119fce03fceecd03fb922c74dd79c00b6583a9d2 |
| SHA512 | f8bb771ccf1afa75bd6cfbe541571a4b778eaf61a628090b194040edddf24ef5b1246a94cd4981df4ba0adda29092185d3fcfaa88a607a19f95d7627379c259a |