Malware Analysis Report

2025-01-02 12:12

Sample ID 240418-z6d1safb68
Target C11Setup.exe
SHA256 93c4bdda249ddc80ed634c8f4656872fe2fe4083fbd7c8341fc094474ac69af8
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93c4bdda249ddc80ed634c8f4656872fe2fe4083fbd7c8341fc094474ac69af8

Threat Level: Known bad

The file C11Setup.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

Async RAT payload

AsyncRat

Asyncrat family

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Enumerates connected drives

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-18 21:19

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 21:19

Reported

2024-04-18 21:30

Platform

win11-20240412-en

Max time kernel

588s

Max time network

598s

Command Line

"C:\Users\Admin\AppData\Local\Temp\C11Setup.exe"

Signatures

AsyncRat

rat asyncrat

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\u: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\r: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\s: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\x: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\h: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\l: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\n: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\m: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\t: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\z: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\j: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\k: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\b: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\e: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\i: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\o: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\p: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\v: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\a: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\g: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\w: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\y: C:\Windows\system32\SearchIndexer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\Taskmgr.exe,-32420 = "Task Manager" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102 = "Windows PowerShell ISE (x86)" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e230f9b0d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%systemroot%\system32\wdc.dll,-10031 = "Monitor the usage and performance of the following resources in real time: CPU, Disk, Network and Memory." C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\regedit.exe,-16 = "Registry Editor" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\MdSched.exe,-4001 = "Windows Memory Diagnostic" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000305800b1d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%systemroot%\system32\Taskmgr.exe,-33551 = "Manage running apps and view system performance" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ca12d1b5d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%systemroot%\system32\RecoveryDrive.exe,-600 = "Create a recovery drive" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101 = "Windows PowerShell ISE" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\System32\psr.exe,-1702 = "Capture steps with screenshots to save or share." C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214F9-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000d25d0eb4d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wdc.dll,-10021 = "Performance Monitor" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000002b0fab1d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\msconfig.exe,-5006 = "System Configuration" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d86cd5b0d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700 = "Print Management" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\miguiresource.dll,-201 = "Task Scheduler" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%windir%\system32\MdSched.exe,-4002 = "Check your computer for memory problems." C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e71746b3d691da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2516240262-2296879883-3965305654-1000\{B231ACE1-CC5F-4B16-95EF-8DBF6080A270} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: 33 N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\C11Setup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 2580 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\SearchProtocolHost.exe
PID 4008 wrote to memory of 2580 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\SearchProtocolHost.exe
PID 4008 wrote to memory of 2096 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\SearchProtocolHost.exe
PID 4008 wrote to memory of 2096 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\SearchProtocolHost.exe
PID 4008 wrote to memory of 1900 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 4008 wrote to memory of 1900 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 4008 wrote to memory of 2028 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 4008 wrote to memory of 2028 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 2284 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2284 wrote to memory of 232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\C11Setup.exe

"C:\Users\Admin\AppData\Local\Temp\C11Setup.exe"

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\SearchProtocolHost.exe

"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\System32\SearchProtocolHost.exe

"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2516240262-2296879883-3965305654-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2516240262-2296879883-3965305654-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

C:\Users\Admin\AppData\Local\Temp\C11Setup.exe

"C:\Users\Admin\AppData\Local\Temp\C11Setup.exe"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 3028 516 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 3060 3036 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Users\Admin\Desktop\C11Setup.exe

"C:\Users\Admin\Desktop\C11Setup.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7fffdf47ab58,0x7fffdf47ab68,0x7fffdf47ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4308 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4868 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4992 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5036 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3336 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5240 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5128 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5688 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5868 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5892 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6204 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6164 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6724 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=6964 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5724 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5772 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6860 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7364 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7516 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7568 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7596 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7864 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8008 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8340 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8520 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8536 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9036 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7516 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8232 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6028 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8260 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9088 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7172 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8272 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6612 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6172 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8264 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6404 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6044 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=1480 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8644 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8696 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4912 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7252 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5360 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8576 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9324 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7780 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8468 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7456 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8624 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6152 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7240 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7520 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6748 --field-trial-handle=1816,i,12372039673267531281,4942875891177848852,131072 /prefetch:8

Network

Country Destination Domain Proto
GB 2.18.66.74:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
DE 51.116.253.170:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
GB 143.244.38.136:443 a.omappapi.com tcp
US 172.67.70.40:443 app.fusebox.fm tcp
US 104.18.21.206:443 a.pub.network tcp
GB 18.244.114.32:443 cmp.inmobi.com tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 145.160.16.104.in-addr.arpa udp
US 8.8.8.8:53 206.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 32.114.244.18.in-addr.arpa udp
US 34.111.152.239:443 optimise.net tcp
US 34.160.128.112:443 api.floors.dev tcp
US 34.160.152.31:443 d.pub.network tcp
US 172.66.41.8:443 api.omappapi.com tcp
US 34.111.152.239:443 optimise.net tcp
US 172.67.70.40:443 app.fusebox.fm udp
US 34.111.152.239:443 optimise.net udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
GB 18.244.114.32:443 cmp.inmobi.com tcp
US 34.160.128.112:443 api.floors.dev tcp
US 104.18.21.206:443 a.pub.network udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 216.239.32.181:443 analytics.google.com tcp
GB 108.156.39.114:443 sb.scorecardresearch.com tcp
US 34.160.128.112:443 api.floors.dev udp
GB 18.164.68.30:443 static.libsyn.com tcp
DE 18.158.152.241:443 api.cmp.inmobi.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net udp
US 104.26.9.50:443 freestar-io.videoplayerhub.com tcp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 166.144.64.172.in-addr.arpa udp
US 172.64.144.166:443 cdn.confiant-integrations.net udp
US 104.22.75.216:443 btloader.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.160.46.1:443 fid.agkn.com tcp
US 3.211.134.54:443 idx.liadm.com tcp
US 104.22.5.69:443 p.ad.gt tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 54.184.79.202:443 a.usbrowserspeed.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.22.5.69:443 p.ad.gt tcp
GB 52.84.90.126:443 config.aps.amazon-adsystem.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
US 54.184.79.202:443 a.usbrowserspeed.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
IE 3.248.7.165:443 c2shb.pubgw.yahoo.com tcp
IE 3.248.7.165:443 c2shb.pubgw.yahoo.com tcp
IE 3.248.7.165:443 c2shb.pubgw.yahoo.com tcp
IE 3.248.7.165:443 c2shb.pubgw.yahoo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 130.211.23.194:443 api.btloader.com udp
NL 185.89.210.82:443 ib.adnxs.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 34.230.174.124:443 rp.liadm.com tcp
GB 18.245.187.41:443 rules.quantcount.com tcp
IE 3.248.7.165:443 c2shb.pubgw.yahoo.com tcp
US 8.8.8.8:53 54.134.211.3.in-addr.arpa udp
US 8.8.8.8:53 116.138.244.18.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 126.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 202.79.184.54.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 165.7.248.3.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 237.176.58.52.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 41.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 124.174.230.34.in-addr.arpa udp
US 34.107.140.113:443 s2s.t13.io udp
DE 162.19.138.120:443 id5-sync.com tcp
US 104.22.5.69:443 p.ad.gt tcp
US 104.26.3.122:443 a.remarketstats.com tcp
US 52.205.88.33:443 i.liadm.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.160.152.31:443 d.pub.network tcp
US 34.160.152.31:443 d.pub.network udp
GB 216.137.44.7:443 cdn.springserve.com tcp
IE 54.76.101.125:443 vid-io.springserve.com tcp
IE 18.200.71.13:443 vid.springserve.com tcp
FI 95.217.58.251:443 serving.stat-rock.com tcp
FI 95.217.58.251:443 serving.stat-rock.com tcp
GB 54.192.137.97:443 vpaid.springserve.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 as-sec.casalemedia.com tcp
US 104.18.36.155:443 as-sec.casalemedia.com tcp
US 35.244.159.8:443 u.openx.net udp
US 172.67.23.234:443 p.ad.gt tcp
US 8.8.8.8:53 ad.360yield.com udp
DE 37.252.173.215:443 secure.adnxs.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
IE 108.128.36.135:443 ad.360yield.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 81.17.55.173:443 sync.smartadserver.com tcp
GB 172.217.169.65:443 ca77a5ccb52fc8bedb5c7aae6f28f483.safeframe.googlesyndication.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 23.53.112.216:443 acdn.adnxs.com tcp
NL 72.246.173.47:443 eus.rubiconproject.com tcp
US 104.22.5.69:443 pixels.ad.gt tcp
US 172.67.23.234:443 pixels.ad.gt tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
IE 99.80.112.84:443 ads.yieldmo.com tcp
IE 99.80.112.84:443 ads.yieldmo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 172.67.23.234:443 pixels.ad.gt tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 54.220.206.210:443 pr-bh.ybp.yahoo.com tcp
US 54.209.244.95:443 sync.srv.stackadapt.com tcp
US 54.209.244.95:443 sync.srv.stackadapt.com tcp
US 54.209.244.95:443 sync.srv.stackadapt.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 135.36.128.108.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 47.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.112.80.99.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 210.206.220.54.in-addr.arpa udp
US 8.8.8.8:53 173.55.17.81.in-addr.arpa udp
GB 18.164.68.62:443 cdn.browsiprod.com tcp
US 172.66.42.247:443 router.infolinks.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
US 34.160.152.31:443 d.pub.network udp
US 34.160.152.31:443 d.pub.network udp
US 54.68.245.50:443 events.browsiprod.com tcp
GB 13.224.245.123:443 yield-manager.browsiprod.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
GB 18.164.68.62:443 cdn.browsiprod.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 35.163.177.26:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
GB 18.245.187.33:443 ib.3lift.com tcp
IE 54.171.181.12:443 protected-by.clarium.io tcp
US 8.8.8.8:53 12.181.171.54.in-addr.arpa udp
GB 143.204.68.97:443 ai.browsiprod.com tcp
GB 143.204.68.97:443 ai.browsiprod.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 18.245.187.33:443 ib.3lift.com udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
IE 34.246.85.235:443 match.prod.bidr.io tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
NL 64.158.223.137:443 triplelift-match.dotomi.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 3.216.153.139:443 vid-io-iad.springserve.com tcp
US 35.165.143.128:443 vid-io-cle.springserve.com tcp
US 35.165.143.128:443 vid-io-cle.springserve.com tcp
US 35.165.143.128:443 vid-io-cle.springserve.com tcp
SG 52.74.183.107:443 vid-io-sin.springserve.com tcp
US 172.66.42.247:443 rt3043.infolinks.com tcp
SG 52.74.183.107:443 vid-io-sin.springserve.com tcp
US 35.165.143.128:443 vid-io-cle.springserve.com tcp
US 35.165.143.128:443 vid-io-cle.springserve.com tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
GB 216.137.44.117:443 js.ad-score.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.204.70:443 s0.2mdn.net udp
GB 104.77.118.114:443 code.createjs.com tcp
NL 193.0.160.130:443 20849579p.rfihub.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
US 216.239.32.3:443 csi.gstatic.com udp
US 216.239.32.181:443 analytics.google.com udp
US 34.160.19.107:443 dmp.brand-display.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 34.95.81.168:443 euexchangesync.digitaleast.mobi tcp
DK 37.157.3.26:443 c1.adform.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IE 52.211.13.38:443 sync.crwdcntrl.net tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
US 54.145.3.16:443 sync.ipredictive.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
GB 104.77.118.121:443 hb.yahoo.net tcp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
IE 34.248.77.228:443 ce.lijit.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
IE 34.253.109.24:443 ms-cookie-sync.presage.io tcp
FR 149.202.238.100:443 ssbsync-global.smartadserver.com tcp
US 20.253.0.30:443 sync.inmobi.com tcp
NL 89.207.16.201:443 amazon-tam-match.dotomi.com tcp
DE 3.69.112.131:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 23.220.112.27:443 cs.media.net tcp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
IE 54.78.135.35:443 sync-amz.ads.yieldmo.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 35.135.78.54.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 35.214.251.130:443 csync.loopme.me tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
DE 18.157.199.120:443 rtb.mfadsrvr.com tcp
IE 176.34.126.206:443 ap.lijit.com tcp
IE 52.18.116.194:443 cs.yellowblue.io tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 206.126.34.176.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DK 37.157.4.28:443 cm.adform.net tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
IE 63.33.13.151:443 a.audrte.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 35.214.251.130:443 csync.loopme.me tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
NL 72.246.172.22:443 contextual.media.net tcp
FR 154.54.250.150:443 ads.stickyadstv.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 74.121.140.211:443 sync.mathtag.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 22.172.246.72.in-addr.arpa udp
US 8.8.8.8:53 150.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
GB 172.217.169.66:443 ade.googlesyndication.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
CA 51.222.80.231:443 pixel.onaudience.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
DE 3.78.237.230:443 sonata-notifications.taptapnetworks.com tcp
NL 63.215.202.137:443 pubmatic-match.dotomi.com tcp
US 104.17.111.223:443 img.onesignal.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
US 35.186.194.101:443 sync.sxp.smartclip.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
DE 18.197.240.248:443 cs.emxdgt.com tcp
US 52.72.131.222:443 sync.bfmio.com tcp
DE 52.58.8.90:443 ih.adscale.de tcp
US 3.225.117.71:443 pbs.publishers.tremorhub.com tcp
NL 72.246.173.80:443 sync.teads.tv tcp
IE 54.171.46.223:443 rtb.gumgum.com tcp
IE 54.155.145.20:443 vid-io-dub.springserve.com tcp
IE 54.155.145.20:443 vid-io-dub.springserve.com tcp
IE 34.246.85.235:443 match.prod.bidr.io tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
IE 108.128.182.29:443 pm.w55c.net tcp
US 35.186.194.101:443 sync.sxp.smartclip.net udp
US 8.2.110.17:443 sync.admanmedia.com tcp
DE 18.184.216.10:443 ps.eyeota.net tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 8.8.8.8:53 71.117.225.3.in-addr.arpa udp
US 8.8.8.8:53 20.145.155.54.in-addr.arpa udp
US 8.8.8.8:53 29.182.128.108.in-addr.arpa udp
US 8.8.8.8:53 17.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 10.216.184.18.in-addr.arpa udp
US 54.68.245.50:443 events.browsiprod.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
GB 172.217.169.66:443 ade.googlesyndication.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 216.239.38.21:443 no-u.co.in tcp
US 216.239.38.21:443 no-u.co.in tcp
GB 216.58.201.115:443 www.ecosploit.net tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com udp
GB 172.217.169.46:443 www.youtube.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.201.115:443 www.ecosploit.net tcp
GB 216.58.201.115:443 www.ecosploit.net tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 104.21.2.84:443 file-link.net tcp
US 104.21.2.84:443 file-link.net tcp
US 104.26.14.247:443 publisher.linkvertise.com tcp
US 104.26.14.247:443 publisher.linkvertise.com udp
US 8.8.8.8:53 js.chargebee.com udp
US 8.8.8.8:53 p.typekit.net udp
IT 95.110.206.108:443 cdn.exmarketplace.com tcp
GB 104.91.71.77:443 use.typekit.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 104.91.71.95:443 p.typekit.net tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
GB 195.181.164.15:443 maxst.icons8.com tcp
GB 18.244.179.5:443 js.chargebee.com tcp
NL 72.246.172.22:443 contextual.media.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 104.26.15.247:443 publisher.linkvertise.com tcp
US 104.26.15.247:443 publisher.linkvertise.com tcp
GB 18.245.253.88:443 euob.bizseasky.com tcp
US 104.26.15.247:443 publisher.linkvertise.com udp
US 13.107.5.80:443 api.bing.com tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
US 104.26.12.205:443 api.ipify.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 linkvertise.chargebeestaticv2.com udp
GB 18.245.143.95:443 linkvertise.chargebeestaticv2.com tcp
US 104.18.124.91:443 newassets.hcaptcha.com tcp
US 104.18.125.91:443 newassets.hcaptcha.com udp
IE 34.251.101.162:443 obseu.bizseasky.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 151.101.1.44:443 api.taboola.com tcp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 204.79.197.237:443 c.bing.com tcp
US 35.206.35.210:443 e2c48.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gvt2.com tcp
CL 34.176.211.24:443 e2c55.gcp.gvt2.com tcp
US 172.217.12.131:443 beacons2.gvt2.com tcp
CA 34.0.38.213:443 e2c69.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp

Files

memory/3440-0-0x0000000000600000-0x0000000000644000-memory.dmp

memory/3440-1-0x00007FFFD1940000-0x00007FFFD2402000-memory.dmp

memory/3440-3-0x000000001B370000-0x000000001B380000-memory.dmp

memory/3440-4-0x00007FFFD1940000-0x00007FFFD2402000-memory.dmp

memory/4008-5-0x000001CA96260000-0x000001CA96270000-memory.dmp

memory/4008-21-0x000001CA96490000-0x000001CA964A0000-memory.dmp

memory/4008-37-0x000001CA9A850000-0x000001CA9A858000-memory.dmp

memory/4008-41-0x000001CA9B790000-0x000001CA9B798000-memory.dmp

C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf

MD5 cf759e4c5f14fe3eec41b87ed756cea8
SHA1 c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256 c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512 c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

memory/3276-44-0x00007FFFD0C90000-0x00007FFFD1752000-memory.dmp

memory/3276-45-0x000000001B020000-0x000000001B030000-memory.dmp

memory/3276-46-0x00007FFFD0C90000-0x00007FFFD1752000-memory.dmp

memory/1900-48-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-49-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-53-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-52-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-57-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-63-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-62-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-61-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-60-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-59-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-58-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-56-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-55-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-54-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-51-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-50-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-64-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-65-0x0000025D8D910000-0x0000025D8DA10000-memory.dmp

memory/1900-66-0x0000025D8DA20000-0x0000025D8DA21000-memory.dmp

memory/1900-67-0x0000025D8DA40000-0x0000025D8DC40000-memory.dmp

memory/1900-68-0x0000025D8DA40000-0x0000025D8DC40000-memory.dmp

memory/1900-74-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-73-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-82-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-81-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-80-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-79-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-78-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-77-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-76-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-75-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-72-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-71-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-70-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-69-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-85-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-107-0x0000025D8D900000-0x0000025D8D910000-memory.dmp

memory/1900-111-0x0000025D8D910000-0x0000025D8DA10000-memory.dmp

memory/1900-112-0x0000025D8DA40000-0x0000025D8DC40000-memory.dmp

memory/1900-113-0x0000025D8DA40000-0x0000025D8DC40000-memory.dmp

memory/5028-114-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/5028-115-0x000000001BBB0000-0x000000001BBC0000-memory.dmp

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

MD5 3a782784de1fbf61585937c3df3f4a7a
SHA1 1f48f258e6ee5ee017a583738c62c002f29b10fc
SHA256 f4ea6a50dff8ddd5508e5311968e81a3a50772d9d0bc3e68f1192a745ada9381
SHA512 7ddbd3a9e28ca4e932c43daa81a2df3f8912996f30aab003e93e61d577a227866fba8e91e9a1c7ded0502c67aa2889c29f546c449b95ff01aa687d11421fdd61

memory/5028-123-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/2160-124-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/2160-125-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/2648-126-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4600-127-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/3292-128-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4208-129-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4208-130-0x000000001BFE0000-0x000000001BFF0000-memory.dmp

memory/4292-131-0x0000000002520000-0x0000000002530000-memory.dmp

memory/3368-132-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4820-133-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/1656-134-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4820-135-0x000000001B540000-0x000000001B550000-memory.dmp

memory/1656-136-0x000000001B480000-0x000000001B490000-memory.dmp

memory/576-137-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4756-138-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/4600-139-0x000000001AED0000-0x000000001AEE0000-memory.dmp

memory/3292-140-0x00000000007A0000-0x00000000007B0000-memory.dmp

memory/4292-141-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4068-142-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/576-143-0x000000001BAD0000-0x000000001BAE0000-memory.dmp

memory/4756-144-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/2648-146-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4292-145-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4600-147-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/1656-148-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4208-149-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4068-150-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/576-151-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/3292-152-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/3368-153-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4756-154-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

memory/4820-155-0x00007FFFCC210000-0x00007FFFCCCD2000-memory.dmp

C:\Windows\appcompat

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b2075707b229a1496de37b27ebf4fc68
SHA1 0ab4f63ca5eaf5ba17dbbf3117e09ed5959cf004
SHA256 b75f322e3c0e6255ad450aa0e12a13ea4151daf4ea020fe2b5d7c398910a28fc
SHA512 9a46dd30353a811c915fe266d8ac7e277659e8a41b3a3b68a4de76970831fa9fd61ed514502e28cd8d15510a24214e0098d992a1837b4562175fb48ffa3e5583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da652a74c9c0a8c065a5326cc9b9d6ee
SHA1 9f4516c0ab9ff04d2505f16acb726fe57b8fffe3
SHA256 90a484037d81efd1bb35baaa0418ad7232b72ca132652389d2f611d66de9d418
SHA512 013e18ef9e2489b1b17b3730431dc87958c6d0956eabe418f9b1c9177a4a0bfbd72c3b7dd237681a0722a086d487d9e6725c34182723e7bec9b97ac42d5068c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3e5ad16ab26eff61351773723ed7d8de
SHA1 5027d4ae4c457a5d974053d31373caf16ee251cc
SHA256 9afe7667fefbca61246a956ec1061d3b839ee3ffa49f1cfed9e2083c884146c6
SHA512 5b83dfd4ec5b1d5152396b824be8babfaad7041ac587680287247d132df70a6877195ba0bc6077a7718f4d59e09bfed76d7ff91f66d742ea563cd65fa23c0f31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a2f0919cedc30a628d643b689d8c203b
SHA1 aef409f3f8a2cbe75a155fd4eacd138decb5ee88
SHA256 a37ee2ef18b41f81bdeacd3ba262ed2e5819c509e7eb9f90084a06a88f4fb63d
SHA512 324a54fd838adc6b918847a3286dfd3049656b935d7120742558e041eb883e9a0f1cb4bc2d8b151cae72c16eab609f4b5634d5de25dba9e88465a2ae4d68fa78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e873305f207d6ce4b3a816bb021dbdf
SHA1 56064376876d99fe23235463e8f9095b75977f8d
SHA256 61b8efcfbe8cc3accbaba8fd9cedfc6de5be47ad259a1495a067dfc0f53b54a5
SHA512 0692cef9ce2419b86ad63be971e5014b7b22bad129016cf44e54d06e99bcc32014a60bebcb6e6fa11fc268868c3141a807ad68b431c512b59094f2cf0ce7db8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 058c5b5147f454b2c415f59775e5528c
SHA1 463d03e9f60d46acb66f7293fbb583ec82d46825
SHA256 dec19453c4363557b1b3c270f45ef01f9a866ccd45daee0fa1189cac88824db4
SHA512 7b81abe7c71751cf8eaa668045cad50b557ffb3bbfb987104eed98e13ac7766735f9aa0bb5de8a33f7cc8182bc2c73753e2796b6a2e7656da84afdfe57edf3e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 3ca8d16518783a628020b3a5d10d95f8
SHA1 d214b570cc6e435ccf1cd2d6268cd76a59305698
SHA256 df30a3d02525fcb6fa0171fe7874880a4100c06978fce9ec5e44991870c8a2d5
SHA512 ef80ff090748d2e47d40191ba1c4bd99ec68973b89b55e4677407fbdac07dac15f9439b5db6210e8978410f93f4a90e9a7f53a43e7f987ef0bda587d47bb68bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9084c66fda2f470ff2717f367aa2323
SHA1 3309e5db02f3db6a567673c7ccd2fade5bf3d2dd
SHA256 37d9c071007ca2177199af0668d96bba060ffb317edd56aa29d48454170b2b7a
SHA512 c61c3c90d494a42edf175c3d76e5050c986eb0eca1695ca8f425b3a5dc1695f13633fb0181abe7786c542485af822fe4e928627a5611b38955f48390e316dd2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d7c66.TMP

MD5 e65b9765077571ae1be4d7d4b81ab250
SHA1 3770d00e06d0ee9fa3401cd0dd9c51ad6fc9cbd6
SHA256 a56d49b9f3dc505c15ef028bdb7ebed4f503cc72a40a4a8ce9aae1caa9463a22
SHA512 f4eae3f6de05346eb38fc848468b68af2f016adb86107dc0167b3189e066ac345f9ab50f6a6b12ea5e214328681a8cb7bc69dbecd842431211013669cdecdf76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2b56ed493fc37fe7727fb14c67b4052e
SHA1 d19a55a794ed6362feaabacb7877234d0c4616fa
SHA256 ca5792700242c0bb676bee027500fd2e856dfa534b26915ed4be76ed362e9748
SHA512 8933f2164630b995efa4f1b265d754efde9569e9a4a66167f5b82c344385be55c49d2321ccc47967a7b46392e5aba44ec363e330f5390aed396be714dc60255f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58bd3391f9cc5a15bb56cf2c3e4f212a
SHA1 5b22ff7fc843a603a7878a92ecf653fd3fb9431d
SHA256 5762dcf7d82873995e2af34a3232639ed80562a10a12eb2034c387a5015aa4f1
SHA512 d43bd491be8bc8c93414beb66c3d1a2a6d1d384c2ab2d503278b2d4f38d39f88f3ab76248b863d23a3ab6aa19511746ddd5d3dbd839dbdf7910df695dab43ca7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_whatismyipaddress.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 19131988b51262d29a0b84c1ac4438f2
SHA1 919ddb16e8dee08a5313b46c97259a814116beda
SHA256 80adc3b65835dd31f4af2a862dfa005bce46c10ba7e8e8d353b7a0326b5babfc
SHA512 4e845501352e6e3f6bcfc8e3a82669c8e349e839b1673d68dcb806a2bffe7fdaf1381f9e983436022713d48d07fdc682d078fcdacef79e0a51b2b6e694a5b9e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5daae9.TMP

MD5 73543f6d5e295b9473f56e05b163ce29
SHA1 73b95c41119b04846c06a065d3135b15c792675c
SHA256 2e0f3a21baffdc98d2e7a3052d885b1e4d9e52ecc35d7efe28881621d4bdf069
SHA512 f1a364ef1319c8b16d01c3f6deacca8dc5ba0a9b4ce70394ad01886a29ded7b9f26429c41a391635cf99f5cb843da66509be6fe427fb313200380a4bf1292092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d6b7fbc7a02660fbf5eec7b33f47ed2
SHA1 99c6446ea04318d3c68ad5bd4e2e6e7f61e743cc
SHA256 7e29cc2bf11daa651280257107dc5b57bc51dc64e6a8bd77bc74b74a21ede7da
SHA512 62f4c6c921b489f28811e997cee28f4a6d72e6f6f718c5f3ef51c2da43b28ac605ea761548c72fecaa50ce2ec4bf49df961eb292077b96c9da3506c63289500b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e53f46b34cc85e51f390c8effd8c97c0
SHA1 55acdbe60bc1d39e391d9a4df21452141ce1e5a9
SHA256 c08d524dcf2cbf0037576ef08e3feb60c0b814a206fe3620ccb221eb6f811d02
SHA512 1a14f9f538a16b0498b2aecd16b5eb3db827a56cb86b7fd400e80cff2c3c91958bc4b15bac4f3d51d104917e17881245a7809b1249c022c8cf18291a4a73962c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b21c323ace7643c4524d66b156fa16a4
SHA1 cfa6078a92afd50b00f7e7786f2b3c5ec1cac477
SHA256 784a9915af7ed7c40f87140bcd0c531376e57a5d0b0f78bb700274780856462c
SHA512 9e0205360c5a5df9c8a982e4f52392f6df2a8a2bb77e46006d7169e123a8de43a0566c3c7d98ff042cdf3c3a054100d38414d8b4cbad37d683f26a1e1cc3ff89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 93dd85bc483f4e20e52e7111fd464b2a
SHA1 b387efe08425d6f721d85481af0cc0a876af02c0
SHA256 1669d8e0cefc67b7f20defb0c560f26c33ee0f3076def328a42373d9dda2d433
SHA512 192bb61631e8e03f851340126e28f3677d643980c896cc252cf125f857a8d0e8836f6361dddff015f90b84eee02e32ccd61ad53c0bff5475163582d1d17a24fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b6f48def1ad0dc727f479ce8ffec8a6b
SHA1 488a3d7c23f20d7c90d9cd3010d31836d67b4028
SHA256 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec
SHA512 ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5e0b48.TMP

MD5 f50938a432e19368abcb8a38bffdb1be
SHA1 770530b192508b2af154e102660af4241bcf3e84
SHA256 7cce017cae9010f1d8b2646f563175f5f57a17ad70cc75e1c0310bfd56133473
SHA512 2949fb58231341aec5950a7619c94ccb34feebe45063edf054cdb92b37c58a61c49b059aa4d8a5b86081c787a11520cee21c0422fd35ef1b97c5a2679e5700ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd29f03097a31259dd604dfa5fd3fc86
SHA1 9a10eaca80d6dee9057bc5ef9c5e6d732f5800d0
SHA256 bf9975155a4bd095eb1bf402543a4694a1649e10ea3871073e7fc224827f07f5
SHA512 08de4f9b7864141a935e8b42a3294f02f844dbe8be3138544b3deb56cb7de9b534f93267c014f33177194d8d709a031a4d7c16d2d5ee1c1d08933913a3e70154

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 9b603992d96c764cbd57766940845236
SHA1 4f081f843a1ae0bbd5df265e00826af6c580cfe7
SHA256 520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b
SHA512 abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e9f0964e717c4f7a4e1a6d5a0e2b0936
SHA1 b6722dd065ad7e291585459513a4cd357257c093
SHA256 c0cb6fbd0ae096dd29ce163ae381eef920ea64586510e091a2d2ac07d5dbd4ad
SHA512 968abca15082f1db1c4fa1e80dc2db2ed51bd97abe307c00b8b8ad0f18402470219720d9bfb221528ffeeef8c1020ac6ca07fe656eec10d99be8bd658485c929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8754be7b4f6944ea0eadee869a56e9ec
SHA1 a7d8cf6089c2c97f5fcdbd7d007cb70f569734d0
SHA256 d40601f9b6742ef9366013a294a6dd3caf03fc77bbc1b622f718f9464451df2e
SHA512 bb5514f00784fcf345c0b0d20a08e7fa82412703f7ae809caf9afe079cc7cd8e65bb4446933e6dd4fd1a099ab760a6c334c13fb237f88b71ab0588381fd7ce50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9e778cd0b0ca5608de5a0fe0b3587a76
SHA1 eaf23d61314512d0a8e1c5038208e0bd69b1fb9e
SHA256 7b674a128528cac4afd3a3bb6ef50e8230adba949438f2dc0223a529a078f91d
SHA512 877e198c6873c6c033fefa9b2828d41193d88165bb46adecc1af0d03af244ff6d0ee08629d7c338da057d3c908032523a17159691bf3621bb8b8c0cf67aee8e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6980eda9ed2a7317_0

MD5 f87520a2c4c37729ef86ca71083bac0f
SHA1 f956be09be97d64216f85a3763664d2d78a5de0a
SHA256 5037a0040b26757bc733008ff2d4a6e644c2f67d24833d112712bfeab7daf3bc
SHA512 ada31d6d51180ccdf0a1df47d73837a92cd5fd9f543d395710f021493bc905d80fe18874932e7a45a1ece9ca227dc360c4e76770c629d84359a982cb3404e45b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 9102662c8b80875d3440c7fdf06545ae
SHA1 25f943375cfe8201dfd7f635e69583d6acd093ac
SHA256 a8f7eb599e8710533e62024f337ddd13246ebfb861d66266f80da637e4d38eff
SHA512 aad03ac2237a9a4e5d7247be7461116213f59d4c13aff62f00f81518e6091c344b618ee5a3d67cecee5f04e45f45167327cb612f1c092445250a51aeb40c58e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 44f21268fe6f617f15ed2e8e4ad580bb
SHA1 6a6209106ef4005473eb81ea83652348b781e8da
SHA256 db0476b06ec4dec498c0ebf85ffccdf3326ddb3769418f697f3f41cc0b82b492
SHA512 8b2fa69f81c68319bb5583f5bcf527c5ad7ed25cbbab15c187f9b5d2410a21e9071d9a68104bbd5866061cfde4736029542ebb2277ff9a1a2e2ab8bfda0b63fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

MD5 29fd127a703ea13ee1d9a4492e447c1d
SHA1 4550738e0405bae4e39b412dd09f0adcd1a9582e
SHA256 e33d4e1b7409ce8d8ba757c8805103527f12536818ff07264b5a65411d62df1c
SHA512 42268407a36ee94f9750a1c9bf8195ac7a856972d1a9dc4e7394221d732b1fd397c49b08b90414c053b771223efafb68702fd47e17cd069c175090028cfb9b18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

MD5 bf09e313987344f3fb77e02c9b7ffeab
SHA1 41028f66f3ab4e73459e88e35d3de68851349008
SHA256 02435eecf5d349a45c63f3f74f6fb5d209ed06b171e86919aef4b94cf9738abd
SHA512 3998523363b4d01d23014a34ea1fba19ea68bd3bfc668b74cfb4c394502e072556237ea8bddcfcbfd1f53e2532d3e555e60fa4e42185e3eeddba32f1af32f380

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7bc4489db791782c_0

MD5 7883519429919bb4969c480780be66cf
SHA1 8a76b8ac75819128d827db14d932e91a43ffb967
SHA256 12792720dd1b841af2c89d9057979787270a77e3dd1ca7106d6bdc3ace29810a
SHA512 860120ffb934bc3456980ab20ab4b26839ab7a7a70193ef2885fa5bcca41d6ad0309a7e537e4634f6eb6f4b8d78bed7851413d29054ed4aa3198cc0e467b4680

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 245193d87ca9cc53f4703492d50e49ab
SHA1 3dd842e556a3e8c015114ab6b156489348b49503
SHA256 f5cee0492f0a02227d916acfcab855f00b55ec9583ebc2759798252e3160ada2
SHA512 aa0806607da8eaa639212de25ce18f62d61a394744fdde9143e656321aab0f9b0cff374062a12c9a974cb9017b5a24899c12555a0a802392c32a4d668e51f6f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5a4cbeda3f42093_0

MD5 07ef7f14f7e1d8cb63a7eb91300ff5ba
SHA1 7e8563bcef60480071498fe7e8503a481281bf4f
SHA256 0f3d697e9b21739268ef056401add0a957a4c897091a0d210ed25d3597ff9d4f
SHA512 e64c42b39f25e74b9ef1225ed026b66a4cc369515cc3bde0d9e85daac807f51ad14cd485a195ee4a325b40842b87c39a0003a228951198e48109424e6806f5f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b189094e2be4232a240118f66d3c517
SHA1 00fbc65d45283127f3700e3e7a7ae78784acc7e8
SHA256 8944b9b6e9a617bc9fef0118b8fd1e7a963c277c4e272b983884c296c9f3753d
SHA512 324b4bbb533679f799aeffea9aaa07aac0cf633dabf839de6121b899f3dbd62e2084b5f07cf46f408c039651932f1baf17bb2fcf8853bc1bbffc97e023b9be15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4635b07b89414ad6cda1772a706d1e8e
SHA1 2c228d27e8c10f95998d5295d08670248da11562
SHA256 267d06dd6eeb17e8bad47e80fd8a9b0b80eea97e676380eda576529a76957173
SHA512 6f14f627bbc6e0ae9bc173ef483d35e61f991a76e212051ea02f1d3a5a10a2becacb1db63666ce1e9be750eb4e93b1b07fbf0d8bf1891b24121e2c8846c8a5fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

MD5 983df1c64dc59163eef55ffac8cb0060
SHA1 6bed42a4d33829ebd27ac49db1eaf53bc132d9fc
SHA256 79c0714fcaabf6a6cdebd9deae2594b9fb59ff2d166ade9bde683333adf47f29
SHA512 02aec3034af50369aa9559e677dc883b3c916810dbea6f3354ae6da49522ba6f93d86f4015044c833c6a6f3f38ad4f1129fe4733a173b53deaa550edcee1e49a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

MD5 93fb24169dbb666e0ec82ea6fb5bcdbe
SHA1 5cb3f8999cec2798ebdfacf071ba392ddd1be329
SHA256 f3212cae2eb5d17ed413ef65d2037e4419546652f12d47f43cb64cb8002ebe68
SHA512 593da82eb6a58d34b89bc7b36685f691dbfe85ff6d025d8891a5c28272d07883b22dc75c7dc032bc990ffe66a18daca5250f78f90c85b84f7373fbe011abd5bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27bd54e76d578db572c55d9af110696e
SHA1 b67fc3db5b6d8f41ac2ebcae518b3229b143c7cd
SHA256 ea24cfe0fa8c86916ec6a98329daff5259bf8347533d1fc4618394ed7982e71c
SHA512 a8362f44f5f92f876c3d4fd622c9646544819b2d2287fb2001b63f12db98fc618fbb338200999ebf37d2c3c9c0da7684df70f404854b44168a14c38e7e2adb3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a577d7f8d372b482ea868904b1f82803
SHA1 cf845630efd3c2315824b467b78879b2e2f0dbd1
SHA256 16700bcd19801777ca3aeb5a88e501af61a6d2905a73740528a647dfc20f398e
SHA512 e58dc1b8fe27f9e1d403f5245936482f61c4862531878a80340a13b96a75edc555a9c6cf604cdb96f4c36efcb0a6f0e113cc8cb14b5621953d84a9efe7a1a451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 c32068cc5af65c3041ba5d1169c21877
SHA1 4916b1ecb06fc8dae881723edce23c15f992c425
SHA256 d2236b94ac1e28588be6609b6320fd429146a70e97f37e2a4d70410cb15990ff
SHA512 f6ee1f788ea0ab74538c9661df557b9f1f81465f098a9021d73703a7fb5fa81e849b89ce6a4af8377972b3a39179860483eed32cf7277c414aa96b48344ce3e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 83bb1a7452cf23c4c144b8b044435009
SHA1 4d04fb732fa441b78e1e647e4abbe962fc368894
SHA256 9a7b024f82837797d0032c26b287cc65ef01b626c1f52eae12e5782f45e9558d
SHA512 b8eb97bbdafb01ce1d7b7512f00fbcb5000898bca752b6532a9da3ab376ab2ec77713b602600ba30a53e8889fbb706d30780ebcb4d6b4d8498d023290e64a597

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60daa13c417eea6f6b8e8f2ab12ae529
SHA1 4c6d079402e01f7cef037e414ae886a5811f7ef6
SHA256 c5cc3519df8b378d7936ed92e6d21e7d1413f76b8dcdffacb9c603945dacdc83
SHA512 2624b166ae6a2556f78901a47cffdf8e04de75066122a769b6cda54778b5e4ba0de207efad41928dca624d9604734cb5de42e2251440feda7747a4d3dfbf2961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07d5b088a9745528edba1284ed919348
SHA1 1b0d7d4b271312e1cb670357604c06e682e34a42
SHA256 66c482db2b87707401279df3b6df57fc65622789df7ede2940c908820d09c5d4
SHA512 9cffd94e6486dd2437208a526a32b161acdd724ca43b3bc2f0f0b1a79a442abedccf9dab54c78225c13d8339146b75dcfeb88dae3b05239f2e5f83452e3f86da

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 6a479895e5317b40dea893a7da7451c1
SHA1 50b2d4e61b420b69792b9d58bab6ebf93b8975d8
SHA256 a61550daa6edaddf5ceb1c1ddb719e55ea502136a21fb5a17ad185a081c97b6c
SHA512 f6bb2c0938596888aada4927b5cbae0547b60c00228283ebf32c081e1aebad9e98402d900ea4a4bdfa1d9de1888a0cc3fb2bf227f718720821625fb32aa6843f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 1af5610f4f9e8a03ad59d7a70e773017
SHA1 2a6d0f0b74d12769ad9eb939885fc3b46d6ead5f
SHA256 239fed9b2f36b8ec8dd92b4508c43c1f0bfa13cc571c69548c349a30c4af16f3
SHA512 feae0f5f6531750cb732cf79f8d14ed03fa7376eee2974d713fe5c64afe78451b2ae7e4c0bfca9b0e330165f54a77b70484cbdc11a824fd50456c609bb7cc352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b049cbebecd333fafad9482f6955aa49
SHA1 f7f1b4ccd398cd4e6be4cdfbc59c29797aa5821f
SHA256 9f058ca6d0ed359d423f459d4bb7962607dba747cfe2c62c04a3daf0ec923268
SHA512 c21e84c1844cff72be694ea8bd58cb16ee4c3751e93daed53ed9c041fc4b25200d19be9c561fdb23a97f773705c21f6c09a7d8d2d09785b5ce01105a4a08b938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8c4e8fefe107dc719dbaa2de1b714264
SHA1 a5cf8eab160806a01a5c0ecb35395224385bf8db
SHA256 bedc9deaad170e11775272728ec1bf97052f5f34ab672463d086577f97ec22c2
SHA512 10c7852316663b8b4d1403bf8080302cfc106ed4a75c0d54d3df9da0956ec8c55e1401dafe969e204539df5f60d033ae250f5f02cf074e7da5bafa3944e3ab5e