Malware Analysis Report

2024-11-30 05:16

Sample ID 240521-pdzfxadc65
Target https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2
Tags
lumma discovery execution stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2 was found to be: Known bad.

Malicious Activity Summary

lumma discovery execution stealer

Lumma Stealer

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Program Files directory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 12:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 12:13

Reported

2024-05-21 12:21

Platform

win10v2004-20240426-en

Max time kernel

433s

Max time network

430s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A mediafire.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-DBVOQ.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-6S68Q.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\Qt6Gui.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtga.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-TF6DO.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-OBM4U.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-GIU29.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-CQ69J.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-1RRAM.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\libwinpthread-1.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\Qt6Widgets.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwebp.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-J3V6U.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-J8P0S.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-8DCPJ.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-4BTOU.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-KS5D4.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\libgcc_s_seh-1.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\tls\qopensslbackend.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qicns.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\platforms\qwindows.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-LO02U.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-KJ3R4.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\platforms\is-4B098.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ENP9S.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-U4TPG.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\D3Dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\generic\qtuiotouchplugin.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qico.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-J2G51.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-3NPQI.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qgif.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\iconengines\is-1PQ0I.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\networkinformation\is-FQCUT.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-G12KC.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-P6JIO.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\styles\qwindowsvistastyle.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-O4HUP.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\tls\qschannelbackend.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-LQAHS.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-7FANA.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-D36C2.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\generic\is-I4JQA.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ARVS7.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-2J7VA.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\iconengines\qsvgicon.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qjpeg.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-MKPQ1.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-6EIBM.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-PC5A7.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-TNKBH.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-A7685.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\networkinformation\qnetworklistmanager.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-FS49E.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-GO91M.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\is-QU1IR.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\imageformats\is-5HQIF.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\libstdc++-6.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File opened for modification C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtiff.dll C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-9PDA7.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
File created C:\Program Files\Bhaggo's Quick Cleaner\translations\is-ART2Q.tmp C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000073c7eb973396fb40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000073c7eb90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900073c7eb9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d073c7eb9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000073c7eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607672280841034" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{46C7E095-09F8-4D7E-B6AC-4F525871C014} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp N/A
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A
N/A N/A C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4448 wrote to memory of 2544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 2544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 3036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4448 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Bhaggo/Bhaggos-Quick-Cleaner/releases/tag/v1.2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5008 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe

"C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1912,i,5554429880424973637,1720343083265752074,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp" /SL5="$E0044,20045463,1187328,C:\Users\Admin\Downloads\BhaggoQuickCleanerSetup.exe"

C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe

"C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /C C:/Users/Admin/AppData/Local/Temp/peformancebooster-GLZxLN/RestorePointButton.bat

C:\Windows\system32\reg.exe

Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableConfig" /f

C:\Windows\system32\reg.exe

Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "SystemRestorePointCreationFrequency" /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "RPSessionInterval" /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Unrestricted -NoProfile Enable-ComputerRestore -Drive 'C:\'

C:\Windows\System32\Wbem\WMIC.exe

wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Bhaggo Restore Point", 100, 7

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Unrestricted -NoProfile Enable-ComputerRestore -Drive 'C:\', 'D:\', 'E:\', 'F:\', 'G:\'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Unrestricted -NoProfile Checkpoint-Computer -Description 'Bhaggo Restore Point'

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78

C:\Windows\System32\SystemPropertiesProtection.exe

C:\Windows\System32\SystemPropertiesProtection.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5080 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3028 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3044 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x49c 0x46c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3200 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3016 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5448 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4996 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5464 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2748 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5772 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5864 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5712 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6524 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7068 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7268 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7420 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6844 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7492 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7488 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6592 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7640 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7812 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7376 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8040 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6540 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6584 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7292 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8528 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8732 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8468 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8408 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7620 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6364 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6592 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5408 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8856 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6368 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5660 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5672 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5792 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7924 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\Software\1227006289.exe

"C:\Users\Admin\Downloads\Software\1227006289.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=876 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=1288 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3176 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2320 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1992,i,11865537311824245621,4821608214065698403,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3636 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x1f4,0x244,0x7ff717d9ae48,0x7ff717d9ae58,0x7ff717d9ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1916,i,7418018117384825651,10736251443387976064,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 rr4---sn-5hneknee.googlevideo.com udp
NL 74.125.8.73:443 rr4---sn-5hneknee.googlevideo.com tcp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 73.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hne6nsy.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-5hnednsz.googlevideo.com udp
NL 74.125.8.233:443 rr4---sn-5hnednsz.googlevideo.com udp
NL 172.217.132.104:443 rr3---sn-5hne6nsy.googlevideo.com udp
US 8.8.8.8:53 233.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 104.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6nz6.googlevideo.com udp
NL 74.125.100.198:443 rr1---sn-5hne6nz6.googlevideo.com udp
US 8.8.8.8:53 198.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-5hnednss.googlevideo.com udp
NL 172.217.132.201:443 rr4---sn-5hnednss.googlevideo.com udp
US 8.8.8.8:53 201.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 hypixelmods.space udp
US 104.21.42.78:443 hypixelmods.space tcp
US 104.21.42.78:443 hypixelmods.space tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 78.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.113.74:443 www.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 18.154.84.84:443 cdn.amplitude.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 g.ezoic.net udp
GB 172.217.169.74:443 translate.googleapis.com tcp
US 52.43.101.88:443 api.amplitude.com tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 84.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 otnolatrnup.com udp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.133.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.media.net udp
US 188.114.97.2:443 go.ezodn.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 34.120.63.153:443 prebid.media.net tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
DE 52.58.176.237:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
BE 74.125.133.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 88.101.43.52.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 237.176.58.52.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
IE 34.255.81.198:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 227.217.48.52.in-addr.arpa udp
US 8.8.8.8:53 198.81.255.34.in-addr.arpa udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 5078864dd438d21e0ffa36b285129155.safeframe.googlesyndication.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 18.245.254.89:443 cdn.prod.uidapi.com tcp
GB 172.217.169.65:443 5078864dd438d21e0ffa36b285129155.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.117:443 id5-sync.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 34.120.135.53:443 oajs.openx.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 89.254.245.18.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
BE 2.21.16.25:443 contextual.media.net tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download2293.mediafire.com udp
US 199.91.155.34:443 download2293.mediafire.com tcp
US 199.91.155.34:443 download2293.mediafire.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 198.92.73.104.in-addr.arpa udp
US 8.8.8.8:53 25.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
GB 172.217.169.74:443 translate-pa.googleapis.com udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 18.165.227.64:443 woreppercomming.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 ib.adnxs.com udp
IE 67.220.228.201:443 aax-eu.amazon-adsystem.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 www.ovardu.com udp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.8.8.8:53 www.opera.com udp
DE 52.57.140.112:443 www.opera.com tcp
US 8.8.8.8:53 idsync.frontend.weborama.fr udp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 8.8.8.8:53 image2.pubmatic.com udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 64.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 201.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 239.131.111.34.in-addr.arpa udp
US 8.8.8.8:53 112.140.57.52.in-addr.arpa udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 35.204.158.49:443 um.simpli.fi tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 c1.adform.net udp
GB 172.217.16.238:443 www.googleoptimize.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 52.209.232.1:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
BE 104.68.66.120:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 120.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 1.232.209.52.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 image4.pubmatic.com udp
GB 185.64.190.81:443 image4.pubmatic.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 simage4.pubmatic.com udp
DE 52.57.140.112:443 www.opera.com tcp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 cms.quantserve.com udp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 54.161.109.156:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
DE 18.153.6.160:443 sonata-notifications.taptapnetworks.com tcp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 156.109.161.54.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 t.adx.opera.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
FR 141.94.171.216:443 pixel.onaudience.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 160.6.153.18.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 216.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.120.214.218:443 ps.eyeota.net tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 218.214.120.3.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
BE 64.233.166.84:443 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 d5p.de17a.com udp
US 8.8.8.8:53 csync.loopme.me udp
IE 34.251.183.115:443 match.prod.bidr.io tcp
SE 213.155.156.168:443 d5p.de17a.com tcp
NL 35.214.132.111:443 csync.loopme.me tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 104.18.25.173:443 a.tribalfusion.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 81.17.55.97:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 115.183.251.34.in-addr.arpa udp
US 8.8.8.8:53 168.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 111.132.214.35.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 bh.contextweb.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 sync.1rx.io udp
IE 54.217.19.5:443 cm.adgrx.com tcp
FR 141.94.161.190:443 green.erne.co tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 matching.truffle.bid udp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.170.64:443 pixel-eu.onaudience.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 5.19.217.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 190.161.94.141.in-addr.arpa udp
US 8.8.8.8:53 64.170.94.141.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 104.16.114.74:443 static.mediafire.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 142.250.178.14:443 google.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 e2c41.gcp.gvt2.com udp
GB 35.214.42.68:443 e2c41.gcp.gvt2.com tcp
US 8.8.8.8:53 68.42.214.35.in-addr.arpa udp
US 104.16.113.74:443 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
BE 64.233.166.84:443 accounts.google.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
BE 74.125.133.155:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 turbodownload.mediafire.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 8.8.8.8:53 mediafire.com udp
DE 3.78.200.244:443 btlr.sharethrough.com tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com udp
US 104.16.52.110:443 otnolatrnup.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 f98f1ad4e1e4876c601554df12a5bd88.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 244.200.78.3.in-addr.arpa udp
US 8.8.8.8:53 7.88.190.35.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.169.74:443 translate-pa.googleapis.com udp
GB 172.217.169.74:443 translate-pa.googleapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 8.8.8.8:53 museumtespaceorsp.shop udp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 8.8.8.8:53 buttockdecarderwiso.shop udp
US 188.114.96.2:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 188.114.96.2:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 107.184.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 femininiespywageg.shop udp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 8.8.8.8:53 employhabragaomlsp.shop udp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 63.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 8.8.8.8:53 roomabolishsnifftwk.shop udp
US 8.8.8.8:53 245.49.21.104.in-addr.arpa udp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 87.55.21.104.in-addr.arpa udp
US 8.8.8.8:53 214.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 188.114.96.2:443 employhabragaomlsp.shop tcp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 188.114.97.2:443 employhabragaomlsp.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp

Files

\??\pipe\crashpad_4448_NRAIKPZZPIHTKGKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3089917ae8101a3a946b2ebfabd000df
SHA1 791b47e4926c8b9eb58c6c8494e19669d3fdb0c1
SHA256 0d151b3cdf44091845596eda28e8fecd04af685c7c1bdf3ed2e26cedd4384703
SHA512 9c35f2f57085b2c794866d8883b38e07b13bd764b45859fb1279de76dedbc64e5816148a15d3df2bb316985a05ceac295147661947ae7c8ea31d93f62b9c044b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34c00e378b26cf54bd0004b5d843a522
SHA1 6b76a416dcafb804021a6dba344bd9e5ac5eef7c
SHA256 cf2db383169b14c5ed6dc278b719434c68f4dad1cd7a54371d237697a5ba52c5
SHA512 37e5e0b7fbe1b613ef63d09c0f51c04056c31ccb54ff446310ec153c5a9b4308c72e66dcf0e214100d8c297b3b3a3b0b352451084db657a3f41169740527e126

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b8117d0d91dbaeb4d76cba49a7b584a
SHA1 92dab295436123e5d312762fab8fe6b0f2e687ee
SHA256 33e543660b272016df2d79b6f20080e0b6f2a54438bb81dea5bdd052ba10e28e
SHA512 f7a45cdff4443496114ae5780fb26fac83a7b171d930ac979480be5f1577358d4dd1f8496e1231172e42833d3fec7835ccbb7fee4caef1bdaad32c7442202d16

C:\Users\Admin\Downloads\Unconfirmed 716032.crdownload

MD5 88370493f8ae3b4373d713fff1737ef4
SHA1 fcb57fb45e2d08e54521dcc622df6b3fa1180a4f
SHA256 adc907859265c570547e9e7ee415c3ce59e4d4c7aad6697f9a6fbd7a58667cae
SHA512 8c6fcc0eb6bae1f8dbf1810d521c0135d11985aabda77dcdff47a063abbbbbf0712c1d25f0dc31a912e6d8eea2f559f732afd28e8f1dbe67762fb4bed8caf10d

memory/2804-169-0x0000000000400000-0x000000000052F000-memory.dmp

memory/2804-172-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-G95DS.tmp\BhaggoQuickCleanerSetup.tmp

MD5 96bf72cc1e5ceacc0b900289df3d72ef
SHA1 270c556a22902e58e94e58d837df3c4ef4d73dc9
SHA256 e1da68f9feb143337473cb4b45910c50f523edfc8809e3988095311fbf4a6555
SHA512 855402a08c24273f4d3b3119bf59589bb37734f8ec9f7ad13ba3069c1ff2ff3e976a656bce1ca2addbb9d7e48604ee1782adda60bd5f8794199b0650e2407034

memory/3904-176-0x0000000000400000-0x000000000076B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 afbe8567bef3a4a5a146e8fe2381cdaa
SHA1 31fc859b49cc8c7087afb0016f309d0aaca338e3
SHA256 72b421a893d8cb0872189b21cd7d4e439b8ceca3697842284fe8aab229e2bb9f
SHA512 ab8ecfc4f3bd756e1b6942f8e944f880f45f4732e520c1b2a0387e9b4837285a795dc00d2e7d6b0b0a829303b9ac5a622a0a14c87c86e00afd21babaae1914c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc83ed19bc6fe066a36b7f06a53f8a2f
SHA1 4674c73d3c8dbf4a125911ce648e9e37a238531a
SHA256 eaf50df025bfcd1931147a971c6b33fe7457637a26d90ea75a709d580e7b5566
SHA512 e3bc8534c60d09543913d799cc0b2a1666d95322a46497bba3f9d9e71c526fdc3375012c059ddd0bdfbce6c401b7d7bef6ae7bf87b41506b027a7995a35a21aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 990e46917cdd150da23da5abee78aaa0
SHA1 eacba29f0d43bfab515b09f92bbb8252264b555a
SHA256 0dc9a101479e2cd49d9d4a3082cf0070c4d88a32cf44425c3a4762edaf75a576
SHA512 41a1d77b1c91a83b1de62f6573e1de99a63b24f658b291a3e05bb22356d54917ba9acb23a2bc32703cba6ddd78e76d3cae2ebd6c12a609682a9269c1654ed6aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 33151f0cf555dbed67d21673bee12631
SHA1 1a7c19c73fb62918989dcfd856755b50205c701b
SHA256 8501b62af4d4d17fe1958e97bf04b61d33035b7ed4ece7f9279b9b6e109b17fc
SHA512 f6d8a5f10047630e1c3345b5f578b345a69569345ae83a3ddce0365dad485da7ca73dcc9b715886fd123e1f3804953ffc26fbfabfe42cd6f49e93c8c33a71104

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bb8b507b52bf23fe5ebfa35953d0e91
SHA1 1ced51cc213ac7fa1b6b67f6a4ff053dd2b96911
SHA256 7d75b7c5b122eacde4eef8e9dd7ea779d4a262615c9c84b69e8bd75ddae6ccb5
SHA512 cc806bef0d365b87ad0e4b0d15d382ddd84bfe7b8cad1a27c76cd6e62425ce4c924fee56ee157e50afa370beb00a4f258eecaa4c5e5a4111f575f06a3c869001

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2804-415-0x0000000000400000-0x000000000052F000-memory.dmp

memory/3904-416-0x0000000000400000-0x000000000076B000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\peformancebooster.exe

MD5 ce6c403d00e8527f427ae6ed41f53f6e
SHA1 c3f7f0521cfc80e0ca25036267676ad672b642fb
SHA256 ce8e8c7b1eab4aa1b2595c30428d0dadd56856e58ad238e9b8aef9761b1525a6
SHA512 dcd25d878b606ec81808de5905a612fbcbbc1f5a5e697e49c96f58cab28771e0011895d07f281421f525fb2d3dcf516d77b7181aba1669cb5225b7410f43dd8a

C:\Program Files\Bhaggo's Quick Cleaner\libwinpthread-1.dll

MD5 11e800f423c7fcc83afcf43ba30b3784
SHA1 1b0c43e49f0e8a0adcf47ebafab0161c2a05c1ee
SHA256 48a1d7fb4f81671babb514a801946f49b7c4efc54aafe7caa81f9a582ac30690
SHA512 f71bb3c83a91fb9afba8eea186c74f9838ec157c6ceeb29c5892f3ae15adf29a03177775bf0b3aef75b2b30686ef79459b00902ff544c622d2fa44709ced7ff9

C:\Program Files\Bhaggo's Quick Cleaner\Qt6Widgets.dll

MD5 6e31c9c15abb8ee9a267494c85ae4260
SHA1 04445c6a459537dfb0defd0f37bda9b4f95d3182
SHA256 4a2353808555a1b4cfefeb1c2cd81dd9e1cb0a44931e386a2049abf8081581ad
SHA512 4e4fb327c6a1ed8baa9e43cf7ccac4fcaea59a5f98995d4a14479f2027ab6a92ec38b383502df1bc3bef45ab177db15559c70bd54637d86d1329f6cca340935e

C:\Program Files\Bhaggo's Quick Cleaner\Qt6Core.dll

MD5 ea87b9f7c2d7a298e7ec3a75c365e3cd
SHA1 e874107427b7f57c8004e15021108e4423d393bb
SHA256 ad7e2aefbc09fae1fc27c02810c7bbb2bca818a2ec53d049900b95bf2ed450eb
SHA512 26978d90a5b5327efb37077c1c74ffe3893373526c6e067d2f47767e55fc60d1dfca72aa284aee19b8f0aad9c9acde8138e128112e42bbf1bbab9d3365978219

C:\Program Files\Bhaggo's Quick Cleaner\libstdc++-6.dll

MD5 44f0f8c88e813509aa1eecd3acdbe261
SHA1 508fde8f55ef54e2a728c562f4e662a0e8b4cb92
SHA256 715612765ea5b513c497958111e2fb4101a69198568b1226e7a4b5f9c6b3df35
SHA512 a9a15079207364118e37f591c82f3408eb738e2dc7faaa552531655dac2f07798e3fdf8b7311c2c0297aec8e7cd6e8e73db21dce00a06bb6aa32d1f05a381cf2

C:\Program Files\Bhaggo's Quick Cleaner\libgcc_s_seh-1.dll

MD5 a839c13c8fcd337a056d62a005a6aee7
SHA1 c9f8f6ca8becd7fad39017fd45c0b7835bedf173
SHA256 8660371ef7b69772138ef71f9077ae5c742b4a9b768ccca59263d20e8dec1815
SHA512 90751af770300c136245d0d5113a305876ab00ceb8968b14693082239ccacb091991e6b5d07599d9e3d9044a9ebfb92c3adfbf23f8754cc3024fde7cf17d81a1

C:\Program Files\Bhaggo's Quick Cleaner\Qt6Gui.dll

MD5 873a4f02b3dfedc2bcd8e50468a183e8
SHA1 0290df5c47f38d75f74e5d4c9431578f875b0f21
SHA256 e110467d488601c9e8394d9fc85583426afe24bfac2e83d53ef8c29dc9078135
SHA512 dd7f2b5b7727c9aac9107880ab374eef69d64e70096e333249c288f3c40aedc68bdd26f2de976b2ef8ab6455a42a3f2319c6219a6ba3ea8b9df18af8eb87b2ef

C:\Program Files\Bhaggo's Quick Cleaner\platforms\qwindows.dll

MD5 569c5edfc1d2a8607edc5ebc67625b0d
SHA1 3853fb6624b2e41d91fece9e84c9ab8aff60e3eb
SHA256 dd4530c1bed736e4e71e2d12133f27a413df29d7c26d4e0047f10d221b552bd2
SHA512 f8d012ce7e3127bb64916e084f5c200e32d1cb2a10d086c41970adb8cb71dbd37ceb16d824f448eb549d16bd348dc03f9f1b5f40ccabddb153a4950bdbaccc28

C:\Program Files\Bhaggo's Quick Cleaner\styles\qwindowsvistastyle.dll

MD5 5a297eae45c1985d9d187fbb91830c66
SHA1 512ef254a348be4a22a12c0d2d6de133bf52c4d3
SHA256 b7a13dc946032b25325fc4c74a545b1f954d26f8f0646ea93dc8e0caa309a62d
SHA512 d6e50b92987e550028ef7d9ac565dbcc95b636e424bc5d0da91d68d8579e8f9d86c16aa8d88c2eb89da9af6f59096cbda36dfe5f575e5450d0b8c54b8abba7a7

memory/3904-441-0x0000000000400000-0x000000000076B000-memory.dmp

memory/3924-455-0x00007FFE1C830000-0x00007FFE1C846000-memory.dmp

memory/3924-459-0x00007FFE1BC90000-0x00007FFE1BCA5000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwebp.dll

MD5 bf3e8ffe00af65cf1b6a76fa06b4bfa0
SHA1 e00df1f75ebb750c3089caf20b2a046e336d9608
SHA256 e15de2419dc8ba3dcd026b8b88d13fe26b1822435783c70cd530cb6d0b11a9e6
SHA512 3db2f100913728d677eec77c75bee1db0be97cbc16d8d176717d325ada0f8c7de411fa4676eca374fbd874e4aeff942a4d86b9ee140b5122d5bd6f24ab30317c

memory/3924-470-0x00007FFE0CC60000-0x00007FFE0CC73000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qwbmp.dll

MD5 d8a3f571f2cdc42c312c85ee86e0f641
SHA1 b40cf28de5cdc6f0398a3221b77cbe67facaa6d5
SHA256 02f56960807722401b52132d6fddf2d02108e45d36c8a3d45bb242e2afe75ea2
SHA512 9c0e3003419988e2e711970338366fa33c8efab845e19e9e61cb079d3451a5f17b7ae7654d8056efc9e674a6d052a198cd2454d2756f2b0a6a6a4449dec50e75

memory/2804-468-0x0000000000400000-0x000000000052F000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtiff.dll

MD5 2d3770e00b5f29b4efcfb2536c246a06
SHA1 c1dad21c2ee368091106e254be46c51384c85913
SHA256 3511cb474ddb5d76ea4bfbe6e219245758181d8994890177e55f6ea63874ca93
SHA512 703a75f85e78948d391621e39e49f6a96aacd18c4eb342fd9d6f1e1c5747c05fb7cd3d22ec4665e541eee263d638b623180b8fbbf2e335935ca95cf99b9dd57a

memory/3924-466-0x00007FFE14700000-0x00007FFE14713000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qtga.dll

MD5 9cffa9391352463ce7f8c676a67bcfb9
SHA1 8fd9dd1f07bf8d30f78b7911e2c7b54087d51863
SHA256 97e6728be3fde72b01cb42bc9594275f32f95cda55840ee166c853280d61cdbb
SHA512 6d7fef5d380502c4f71d77330a4b1d65178dc0732306538fbb5d3881a013f215134bc5a9888c01e1e8bc2aafca0c97422ae58514589eb0e1f0afff4defb6bea4

memory/3924-464-0x00007FFE19690000-0x00007FFE196A3000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\Qt6Svg.dll

MD5 c1e3a26bec19280c763530a0aa774c84
SHA1 97727b7b5e59b35f4eb4612473c2eebb2ad51b71
SHA256 36002505bd1128771ab0b52881bad77b129c2534eae272edf20555ab576a16ce
SHA512 4b48989b274a8f17c84837fd378d04451fb1b0d8307b76c7e53bb97dfb353501217c403ca18ae73b6a61323213b621097f46ae320efb84c5a4b2892d5eba3f09

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qsvg.dll

MD5 72dca45741f78a3ce0bb65138793f3a7
SHA1 108928beec264c80a9d1cf6bd7aa5d432bb85680
SHA256 fcd81ee65b2c912e0b8695c3b9409263715085838878b3ecdafdc78f81b5c07d
SHA512 330977bf3ccf0db392d0100830eff623817bc936386b3dc6d2d75041293cb6ca78b1238b8c5ff50035d32fd7caa0484ef7ae90db951bbcf1c8c82dc997fb8eb9

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qjpeg.dll

MD5 a2598dc0afecc9179d4aa176ea306c0f
SHA1 8a9d382f884aa356c68c546ecc34096990017bac
SHA256 40e99d0fac21dda2c5196d7db56ce8a0fc578e66a6b27f98a4185fc143b815d0
SHA512 08d2806fc4800d557e48e1841b410f12240bcba29583f781533a656980b2ddf48aa4a094280360656a16da5ae2467b2c289efcbffc180bf7f06d3d2f620f3ef1

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qico.dll

MD5 685d2195c27877f9a4404b98cd1fc0e7
SHA1 ccfb5b1137eff3f288c9770301ee17593b4287a5
SHA256 15549719d617179b57d9408288bfb5fd42679471a3cd0ee1c783ce5ef695cf8c
SHA512 9a22974b8bccb56b4d34db3d9fd564befbb13852a090b7e21224ccfbfba9bc3dbc6d6a4c89ee8b70f76cc25db62c37630613e3faa235a71677c24abc6b11ffd8

memory/3924-457-0x00007FFE1BD50000-0x00007FFE1BD68000-memory.dmp

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qicns.dll

MD5 77bb0186a4f0a21774944f02669fc4f7
SHA1 ebaf323d84cae3d8b636baaa57871331ec59901e
SHA256 1f52feddce926e7061532daabb01bd6dcff42ed2b9c9ea5cdb24bf5bc1c37d31
SHA512 c8d237d4d1e619c1d9e8ab84f36c723f76ec1680d7bf941c61a2b8bb377e4d233d46ff3f871708829a21eadddfc6df10e517c9b2b58a8ecc3274137d94075b1d

C:\Program Files\Bhaggo's Quick Cleaner\imageformats\qgif.dll

MD5 e334303ce65aa711ad8816e7e93497c4
SHA1 894b8a6c21894eaff771a172a9cc2da9ef8e7cd4
SHA256 f909dd35b2a0ab905501e79658e492bb888b71ab99599eacaec0851e98b853a9
SHA512 07b467eee52e5e34d25f2ba2c0da29f24315c101bacfd198fb201457838e22dbf7cfbc5d61dd49c20cef7def25814da7d69d61868e45d4e40a0ec187723c5c9b

C:\Program Files\Bhaggo's Quick Cleaner\iconengines\qsvgicon.dll

MD5 0e3214f0ba7ef00b469491a897e98287
SHA1 0130872d8ce974a0a6cc1850af5e1b42d14cb3a0
SHA256 1e66b6b555befbeca80fb80732b8c9c7a7b0fb01fd1527d94a437dc3b3963843
SHA512 ee759fa89812e53998ec671666c73d43848c52412f2a4162547a1ad412ede4525b0c20d21e6fb73b853f8873778c4c416ac075adf6e805db900c0487ec04114b

C:\Users\Admin\AppData\Local\Temp\peformancebooster-GLZxLN\RestorePointButton.bat

MD5 accc17da2a942fde62ac18511cfd2d78
SHA1 6498cf49193f1cb41c4864815f7123cb16560e7d
SHA256 1d3d0448fd91b5c04ea67b20c5652e626a34bde163c36dccd8ba4d664dabd74c
SHA512 b689e6d0744bd797c9841ec082f772ad858c41e5268709fa4a8d032c243eb73f07ce17c1743917f2bc0e7cdd7665a68fccaef4c02a70ccf2f7ad3b8530af593e

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_czezapyj.kuc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/756-490-0x00000206C7A90000-0x00000206C7AB2000-memory.dmp

memory/3924-494-0x00007FF62B030000-0x00007FF62B353000-memory.dmp

memory/3924-497-0x0000000064940000-0x0000000064956000-memory.dmp

memory/3924-496-0x00007FFE0E5F0000-0x00007FFE0E7D4000-memory.dmp

memory/3924-498-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

memory/3924-499-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

memory/3924-509-0x00007FFE14700000-0x00007FFE14713000-memory.dmp

memory/3924-508-0x00007FFE0CD10000-0x00007FFE0CD70000-memory.dmp

memory/3924-500-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

memory/3924-511-0x00007FFE0CC60000-0x00007FFE0CC73000-memory.dmp

memory/3924-510-0x00007FFE0CC80000-0x00007FFE0CD01000-memory.dmp

memory/3924-506-0x00007FFE0CD70000-0x00007FFE0CDEC000-memory.dmp

memory/3924-505-0x00007FFE1BC90000-0x00007FFE1BCA5000-memory.dmp

memory/3924-504-0x00007FFE1BD50000-0x00007FFE1BD68000-memory.dmp

memory/3924-503-0x00007FFE1C830000-0x00007FFE1C846000-memory.dmp

memory/3924-502-0x00007FFE0CDF0000-0x00007FFE0CE20000-memory.dmp

memory/3924-507-0x00007FFE19690000-0x00007FFE196A3000-memory.dmp

memory/3924-501-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

memory/3924-495-0x00007FFE21820000-0x00007FFE2183A000-memory.dmp

memory/3924-518-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

memory/3924-519-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

memory/3924-517-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

memory/3924-516-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 6cf293cb4d80be23433eecf74ddb5503
SHA1 24fe4752df102c2ef492954d6b046cb5512ad408
SHA256 b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA512 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8b9a260789a22d72263ef3bb119108c
SHA1 376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256 d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512 550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e5ea61f668ad9fe64ff27dec34fe6d2f
SHA1 5d42aa122b1fa920028b9e9514bd3aeac8f7ff4b
SHA256 8f161e4c74eb4ca15c0601ce7a291f3ee1dc0aa46b788181bfe1d33f2b099466
SHA512 cb308188323699eaa2903424527bcb40585792f5152aa7ab02e32f94a0fcfe73cfca2c7b3cae73a9df3e307812dbd18d2d50acbbfeb75d87edf1eb83dd109f34

memory/3924-562-0x00007FFE0DFB0000-0x00007FFE0E5EF000-memory.dmp

memory/3924-564-0x00007FFE0CFF0000-0x00007FFE0D950000-memory.dmp

memory/3924-565-0x00007FFE1D790000-0x00007FFE1D897000-memory.dmp

memory/3924-563-0x00007FFE0D950000-0x00007FFE0DFAC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d0df793c4e281659228b2837846ace2d
SHA1 ece0a5b1581f86b175ccbc7822483448ec728077
SHA256 4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9
SHA512 400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5635bf9afa5d3b98f8ff9ecc0df7def7
SHA1 c88539f5fc6a34482b70fb5ce1fd41e89d186f11
SHA256 7413f8d0c7c74fd58badb036f6e04d407e156dac0c5bc3f2e36c4816e8fafc70
SHA512 52d0d95245c9cbc5906b00fe204f09d62b2cda0226a381cdb3385066863b535d7fc581c336fa5f296717d303c6e1f626120be7ff924a7dafc51d48fd67c9cc16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69bd62133cb178fd31a1a0cb4509cc15
SHA1 92404c9f012b18551faa779902925cc783a84e5f
SHA256 551f52b800d8bacdbea0171b37a5c25f18ab60c5ed96945d632458c9ecd33c6a
SHA512 51ea4529e7c106c9934858e2b883066bd19ee5eba56a326ec858cc6cee14ed15f9702c64745cb0c6e5a19dce8f79166e32bc13c4ca5f720b46342a680cbfbc2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 70dc26c4ea2104a842a5338f1ad1a2f2
SHA1 b4950bcd292c117ee65b5a4263ab312a717c749c
SHA256 dc869c27e570a5d7332e7618bcf3601b749d55003b063496c2215db70284e06d
SHA512 9b9b39aaa58006ac6c056a2add669317992f91437bb98607063578f21f8f21117dd54307d159f2d2cd626acf559896851b003e87f52512a14167d984407e1c62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bacad99f22cd4424bdae7e82bead285c
SHA1 31f505d3c8377e31a1fc8029a057fc132ab1fa80
SHA256 eef1d0605c988b32792765558449acf7ebfd7625c6bacd91ab0ee1508c78a8f6
SHA512 9df0c11343a7433b0e936a3db98e6d78b85bd9c1d7dd333f6fc090da05c7c076ffd0b82005e091007d1524a2fd7177c4f247a9787018255297ba5bc020249564

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 482e82decfe800d9f55373a030411e09
SHA1 2fe5fc157b23f7a57dee76ce1d892244019d5a65
SHA256 4a9d0603c3ae9b597bca251c97acd2341b3a02da54cb8082ccf8c66bf5988eae
SHA512 c111bf36f7a7ab1574b6e88a2d481c0cd11dba52749d0a19225685b2795384be71725376007081f837cbacd93028d0693f449b826d1d083557be6bc1285027f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b06f.TMP

MD5 a082c0812634d602eb6e8ad0780f97e3
SHA1 7b2944569dbbc96f1c0c068bf906696a6508fe45
SHA256 b46917a28af7bd1ecfa604bd92df43d82c14bb8018213a22262cc4d1d61062ef
SHA512 65ff37cf63268e7d19a1b3da95965b8c21879cfa288bb0d5ad3f35a05a3469db141d68c9f3bd4f27ccbd34ff3408705e20fd5f3b56d53ccd7174ab06cf6bbaeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 567262e6f36c512845d663155abc4a5f
SHA1 7d66491fd9b720deec0164af872166f2d746ac25
SHA256 b7ec7fff962223081df219103fef87279ecaad42ae24a9756e25474bb605d63e
SHA512 f9dc1964d6819df2ec28b781887fb9b87e2143a24e5731984abbf990c914dfb5ad56612bebef408f878685263c4d79940a55d70ebfd7b143673be4124550a1e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_2090855945\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_1654385838\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4088_1654385838\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f141e99cc479fd268f6c3d918c94203b
SHA1 a38bb5ea55442f170945dae4ec9b29ef931ab7ee
SHA256 d9d3f860f16ce31085409a651817cee3baaba0d5e95334dba5ca3c42ba5c5a29
SHA512 32c0a4e3e07b3539fffdb4428c6eaa4c5280a72a4528d0ba46386c7fc3cd3aaf445dc47eb879ae5be9a5a07c6fb73f35bb4d6968f7d9c427013a871d6b7742d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c1ac9963cd36dcd619975dc756db6635
SHA1 831cf314ba0dca0cc48b822139f2f95651345382
SHA256 6d7e103a208285cf5c35d0c4f462811443c4a39e97e28da2b4cf6cc8fb12f3f3
SHA512 03782945abdc5ac418991cff4cfd2bafe6e425679c44cf99b8e37e27451ffbaa6c68074282b571f9f774b7374406e062856190e6cafee8643c9bc3745f548bf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a038dddb5757f8c8d12ceaba76a22eb
SHA1 430f303c234fc229bce2625c473a00bc963f6138
SHA256 b78bddf6c8dfb54aa1367fcceee5e53cdf8a1fd36323f14fefd4f011fbc56035
SHA512 3e8fedcc6668e9d7c3877a1dc89030c96a53d28d7dd4d8a745bb7fe1952c64087a3dc6cabf4cf42d40c940d8bb02aa768e0bdd3826a8fe49e47df996f02ac16a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index

MD5 bd16468dbff7f159a9db92462459bb31
SHA1 baba8bd3c5c5b44d73d026f8d836372c0c45f1c0
SHA256 38c00eb6b3efc33b8f8222f8c356b8fb7cd9bd798b67ae2f71bc4f6654958910
SHA512 64887c37b824318b5769a727e9f3dc61250eebfb80a1f96b102425c352eb06e5787875be544a2097209836c0c6ef092e025b3ef9543b52b7e7caab66983ade18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index~RFe58c00f.TMP

MD5 d7fdca7d1b1cd40fefc87705ce0fd2f8
SHA1 f15ba86db186e767329ebba5b189cb852b515589
SHA256 49f8b0e7d7e5bdc21295ef69243aaa96b4d4eb62282d5b05f76a115b2936668c
SHA512 a5d79d73073b4b02e5cf241f8e2e9d823bc84a840f33aa278ab8ff14298b9a8719b80a44071e25ec8d68a173d32f311cb271c0598b680113b202d9af878cc2b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c3243b5bc42bb49288c661ecf4d27e63
SHA1 23efdc878a1270bbe59ba7bd62aa7d28d898e7ed
SHA256 f080482a77e9f1ce177e1a236d93969c52dd9da25e17252db2911d60fc89a668
SHA512 984e761a71e55ef8b374843f566796eb2493c22013354d99d27a635edc46a464e2ba1f666cfd2b0e16fb162411d421fc212b52a7563041e652fc1c5bed92145e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1b09f925ca114665b959a07a92f991a6
SHA1 ea3555d5e758a5ae3e2e31e1ad86a40f6a58a35a
SHA256 2203cb4c7bd6424299edd6e86709f0b7e8c2021cf22e5515a8a35af4d9c85bbc
SHA512 3decb1a8b463b859b27df7682c32953dc488088f868d378dc56de5ee8c297108730c7945b118fcf87c0065c202fd6b1fb8a46a976276672ba29c3aa0ebf95f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 004621b0bffd5235979eba6a617d3f58
SHA1 58ff5627fce4f803c83c513641a4d73d995b1d1a
SHA256 44a5e085e950a8ef63aad83840f4260c3944e351d269419e97bf25cf0c9c3e08
SHA512 601165b39c4dfe29ff2a1ee13c48e0477f1ff9cf95bfc3ef00914033cb6a5f5a24d8fe9be4366a84e98cc98cfaa57f8d1ecee5128b21db019c8e371f8111f91a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 d1b2842af90b94c55b27b30c6948702d
SHA1 86cd83c8edc70c4f402ab0ec747ddc194279ae05
SHA256 652e9d06014b3d489ea1ccae091334529666c6ebd113b1cb552cd40ec7a22224
SHA512 9ca5f02318b2d90d5feb90e85b2fd602aed1771d13d2245c74db467d90550825b851f245851778d3f764988c9ed3988c95e671c085d76e03bd4fb473d0590c5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 0cfb67892105b9bf320af38afe0a7289
SHA1 121ab021c0387005944acf7853071a714d578b72
SHA256 8af04f334fcf75e8cb9fd7d152151e6b18e02d25903d6ee3092b2a3faa6d6f6e
SHA512 db236b32d23618864a6ee49991f594908177b55d88a03593fc208971327115d5532b697c90ee561826a147e64cfa1137f295da410e79056badbc8bf642a13e7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 01b7644a0c89401f39c0cd3d58196f3d
SHA1 7b58356b54014cd00373fd17f83c66adbe719c28
SHA256 98ddfc4446c9e5e87a8a9aea39dc23d3180ca33a66072fb72b3e84fc4c9a809c
SHA512 0dd1122c2cdf6544635b8bd98d1487f4749b97140fc7879a1f052ff5ec5feaedefe773d785e4f794b90ee009e4ab79e9550ea38b8259475373b5bbff40c86c63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 f218c31d967d7d050e360b26b39df4c3
SHA1 3a03e2ae75080ef0755bf1a1131640e3ed773d1d
SHA256 791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa
SHA512 f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 f0d81b309d4441d6dc22bdcb9e9e7d01
SHA1 77e7510fd01735991f8eb242a8a20acf5c7326d6
SHA256 90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c
SHA512 79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 2d59be438acc0826f9b6f0ed8c5475fc
SHA1 c248569b512be765b38baba61d60df21b55628cc
SHA256 8969d1c9a3cf687d3cfef6268f61a41443b244530b63f4fb2582a87959caa044
SHA512 75cb97e0b78d379fe8f8e96c90f898b26a72308507aa2c15caba0675609c03738e912c47145e8d6abb71f651b64f3d791046bfc1bcff56be5af35253b44d587c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98471b235fd5e197586a4cf1106df8e6
SHA1 8324bffc19ff251544b0e315de80d77bbd81abb2
SHA256 506f630c7d11dd7bcb47da4ba8b66e7f58a613733f17ba90ccd704afd37c97e9
SHA512 8881e55cda726aabf25967ac335c71aff51db8844459af2ae248509e648add42e8dab344064439f1d3d77dd7f56c5c4bc7ddc926cd7bc3c8841d3638aef746de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90c09cbff6464d961a088a79f871d63e
SHA1 41439fbf86d7e7ca404ae2b30ff7aff4e9d3de4b
SHA256 31b5f2db352220d1bb9cdf2712cf1199d133722f011334e6a58165609c05c404
SHA512 54b7dce389a21e62e9793d43fba24e0ef62870c17b363fd528b6eb85eb3269907975721d90c59308d1329d52fd2ba7be9966757d877a9665f97697ffac368fdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e0a82606fa57eead25d64b2456adbfde
SHA1 cb6fac888ae67ac6ed162517865af9c9516f4f1f
SHA256 71e84737b38e5816971491467378ffab67932f6e678d309debb7ec0a71a874f7
SHA512 ee870b71f57bb554a4e3ee5636ef5166e0f67847968ea88ece1131960f8c0596ec90407d19c019f0022e69e6463cd27a92284938be6dfb6493d6eb97c5d2d6e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 55fc36a34db5b9f3f4bf11975a24653f
SHA1 2ea8c62c7e0a13a9c2ce10b65a47fcad39646a85
SHA256 46ef72b23aede68bd6fd1512a070214367b1ff3233f1b234c7021fb15c2a6803
SHA512 27b992a25cdfddd39581e09ba239b64b79af45c866afbd7af7467d4d8d79fc88db6ba8dcf203b22192c036e7f62ecb62e0b0daebc0cc02c3059e055a300798bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index-dir\the-real-index~RFe591bbc.TMP

MD5 f386ebff8587832509b51a6e43fb8bdf
SHA1 6d18ab3cfdd82cedd92784ec0b621ca7c3c9c2cd
SHA256 eb376915d21c97d3fdf3923a95da2912491b9ba0b640c5886715bce35d52653a
SHA512 45295ed7f6fb913defde66c2ac3e83d30c9c3a4e07939dd845bd4c0be1e92b084a499e106f5f557aeb47b0ea4f14d3eb4eb9ca56f9d4b079029c5ef6f7bbc500

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\index-dir\the-real-index

MD5 d2191d0e38dad966995eac7b58df001c
SHA1 2bc3384d926da3b05ba5e3ddd60e617fc87baaf7
SHA256 55b9658929dcbd0a8d5b58f3bda960198c2b7ef44064b02b8a6825ae3672ad05
SHA512 46e8e9debbb8ba46cc3931ddef0006ce3e7cfcd83382a4bddc54bbb214f17c0205053fdbdd47034968454dead5d677ba28fcf6702321860ffa518b928dde8a3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d3ef72d4-3665-4508-aab1-e814ba5dfe6f\3d0fef3b9a86d718_0

MD5 24d8e96d23538cc16141ef32077e2257
SHA1 6ba098b2166e3ff8387aaea0fc22ac8938fc7dc9
SHA256 85197408fc35810bcfc0486de65bc733d3fc8cf56dc144602bb54231f9830aa3
SHA512 141c28a19fb7012ef1fe1aaf5382b8b57ee3f70aa5d5beb3f41b32a8ad97b58be49169ebd41cd59af670eac6ea45199843c8c38d2438581f696eaa03e7103426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89d42ebc28640ca0eb9e99db4dc6a2ad
SHA1 7cffb3db92dc2b64c55baef2398ac963f8d2431b
SHA256 dfcba4248b300966ef960c4e763bd2731c3ab7604c63495585062cf225aa608e
SHA512 e2c8e6104fe94a79560b214dea661c7ca39b212a23c33cab2d1289d9a05b5a1946b8a7796caa6f6165b1ba3db9fb725eb18e64ffcae6ec0efe2166885448db02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49e1a3d57bbba3a0aff7e96af468356d
SHA1 48b3c31495c40151bda3d0081c37ee9153fa21a5
SHA256 a56c01544691ef97290fde49e4f6e057c13afa508c35ed522fe42491f53782a0
SHA512 169ecdde2cd8b77d2378371c594a9d6e1db31ce7a35301df37391e13001d5d1201c83e3330a016edd15a7fd0cd155e29dfdaf65c7d905629d7f173e23ea01ee4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e9b5be0c7b83be571833b2b0fe1148a3
SHA1 a255b5842b0e6ae917a8e63bd0b297aa24a5fd1e
SHA256 8708af9a15e484a90ca1af30a0d641afc830c8c28c8552b4f1c3957f5bce254c
SHA512 4b8cea477a5ca06e82b81a76911056fd1e2cc83110f4b9c639c0c87a874dc83c4cb633976e82d9095e782ebe84c40321542f370bb9e9b1bec3e376b4d12f764e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4d9b203e20f5c80593eb9b84a3879cab
SHA1 1f76bae97b33dbebcd890e90e4a1f6529b3a896b
SHA256 acfaad8fae2e7ce71190290c7be962afecd39ad3317c8e30a2ec68bc43e76f6a
SHA512 e262f71f717bcd4ad19c0450be7da5ca9f50262152c15242831c52bf7f0859bd119fb445ec4445177276ec10811a7b788660961e56113346ff5ae03446573af3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eec1d80-76e2-4d39-9bd4-2d7504bcb949\index-dir\the-real-index

MD5 e14569ab9dc1f807e8fb3e62229ceb11
SHA1 3bc853d465186d23087c475d880e6c2f4764f533
SHA256 ac3b96493ad49fd178f0914ba29fe2544891f85a900346dc5115f3a450ed0dd4
SHA512 d85d1d0623bf245fa3e6c85fb657adabdded1fb28297ffe2441e536201bced31ff3d126df8932cd67254458a0ef33a2e0fb802f3735ecdce1e8aa1f0f22b81b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 78f9d8ede23c4324d94eb4028a8de3b6
SHA1 671ab103a39427e00d2c3d0c907e95e47d0b2d73
SHA256 1842e185a9d3c5adf410e3cca21b965a6273329c1bff55ffc3c57f706585206d
SHA512 1c45405471b79ae6455ce51b78514ee3225f6e048c2dfcaf0a083e9bd206c1a4b6e1cff19f2fbeff51a9c09af007e1f91c670da3c26ea548f92b7d1e684788d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d08fc28b704051d24dfb2d41cbd2a0e
SHA1 c23960cb3a7fac37a550ad9368a642d06b90284d
SHA256 d74fb494de4e10de72244a5505fd9d569e7863c361cdf0ec016264e528463381
SHA512 bdf5938ef3db05de75c3449b007000d10aab2ef18738e8cae64cbda0894c901a82f27103fde7110db2b631c8b1d0e48f45826d26fe347dda2cbb56e32866d5bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5983fb.TMP

MD5 293a76984a3ba03109035bfd3d1ef63c
SHA1 795a5070991bad5ee99ebd1c2d8bbe05fe67ad1e
SHA256 c0bf5c7fa7d21c526c1f59e5462efef48fb25dfc6f7668c9657472e76f1f8913
SHA512 327c9b3da4c47cb5bf4cce12c877edf71bd794ac02f8b56eb29df1fc315ca51f19c315067fede57fa79dde468e7a89614bf15a6de5f647a958cd14bdb4ef7ad9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ec1fd75-2149-4eab-88d3-81db9c535518.tmp

MD5 97a4d41ac1b7f29b92420e893b0300c8
SHA1 7fc653389493ef3c21483030cf0b73ab46ffa0fd
SHA256 d350c83a9f7c1a2c45dff228be0dbacbc2d6cf558fb7328672eea9550c995c51
SHA512 33a72bc35e256d5e60cfb25cd3498e55197d0e105d72ef013acfaaf7e8527f6e159e93aea7137faddd4cdcdaf0eb30847cc7488440f35b2bed18cce6e9099776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2bc8c5aa67eb02a36d166a59c642d61f
SHA1 3fb93dba019270809f65dae907378b81de37fb4c
SHA256 fd5110f106b465292f2f387b45660237237896d9b9abd34985140b8f4403c3f9
SHA512 421ccf0f317868ca8726d15432dfbdc838535c016106ce537b861b34db340265088a4eb25593b653f1fe5735206c78862f5629e083b426beb3a23a5fea3469c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5bc1549e22e065f893310ce974991a1d
SHA1 fb3c3e2fce5219e80c670b4376d36f6a9cd9572d
SHA256 12dd72ec4a5e6b3b2eb5764bacbe51a3d670806c316776ad007d27c48170d3ed
SHA512 6ee4804e29f37e367dad78912a8446770d302d4596f190e4ec1c1c0534a19d48cc254fbde62839ea749dc078f181702def6386ad68e32f60fae0e6928c64f151

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03b796924f9d40d44ec7acfed6bbe6b4
SHA1 e7e13ed7b5946c8cdd0a84d7cae28276c758bf68
SHA256 fed611433926c2c292beeb45bad33dd2bd0919683401bbe0bbe3f535e9ee6dd7
SHA512 6e36e85ab232117ea8078f84a4b497bc4f6dce8e79a4e405d73d6a825b04029676cd21612590d3a35f3aed6611bfeb9ae9b109fece5cafa42780cbdd630658ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1366e0472bf081a9709286fe96307364
SHA1 e304f59f9c37aef0658693f8874541ec70b406aa
SHA256 d8647f2bfb27b48f18d7b5251c735cacb8fd090a6c1b09077bc2e4a1b245e9fa
SHA512 d09057a9e9c9b817e0873dd6843ef21c6a2b628d7be1b4781737abc4cdacb2e959baba6d7c8bf9e927ea4757424777e830f628542d44150269800af57fa3c881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8edd987b4823b7762cf40816064417db
SHA1 c7d959b3628edc074bcc15a99f327b1461e03a91
SHA256 6b3add87830aeb33e67de33396ce92b1872ca81e4841e1a62346be6d4c9139a7
SHA512 598d42f660ef67cf3d5eec48e5dcbbe3b4116729c469cca33c5105c367a3bf67a08d92c3bf5c5bd3bbc65563c82375ce0a6d8bb3ff2bf3e8bef14aa3bde31f06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d68d961786b56ddeaf2af8b939eeb8d6
SHA1 d0bf61c94358ba074069f54ed51a21e07b1070ab
SHA256 0d3bba1bdfdf33d602df95c94f5d75bd31a9b49b7e66f32dbbd21901adddfd10
SHA512 f673260da2adda463a422cc71eb5993346f1ce4d682b29fca4c32a5a4b814184f2bc291ec926b353abf062c06ffdcb16e58225619348c327bdf0e26ae265c189

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c1e0f9c794c24e2c5ebe3b12c4084fd
SHA1 2f781328b285c4f4897045130a318ad0769cfdff
SHA256 967cd5a81d47c9c48893707d3cbda473fcb2219193947d20ff7b1f3e3f4e6a99
SHA512 e8fd6b59f96e66b29a2108f9c93095edb7df48498272e87832e78c505e221c5d37e94767c6f10a7a0b14b262c2bba6a643bd18d5d99b04611b3af630de668843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9bfc9f36f54b656a293f19dd7ae6c687
SHA1 3a424d418f0f0051400ee02e7eaa478a0fdc1058
SHA256 e0c6f89aa1907c6561c64ab80bd13ef946289fb4f39261fc75b30e9ae155d775
SHA512 d278cc871a62dc4ce2ac202980b479644205ad6d02ba9bea6f44905e1ac5ef94f96f493c7eb0e709920a56b3563d96a31c35a115e659feeb364d84c55ac9ba37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2fe53d05a7923961db782d8f80630b2e
SHA1 f4dc87c721e0242b8492241c49e7e02a75bd62b0
SHA256 e69389abc2cada537ed30c2113d3a6021ba86751ae419320b878b21bb5c786a3
SHA512 f2358b6610c014035802eeb5d362ab24abeb9d1926377b91afdf937a98ca13ba22fefe5470272df46d1e56679d87e2c09687a8c0d939d3a58287ba02cc851f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37357c1f21b97bab453dc6f79fa7ead5
SHA1 2f11ef3f3124ede3e19fe1c197bc4cb2f8477a92
SHA256 ca513176e8d7eb05739f369c10de6b64d0ac10d8125649d7ea3cb371a1d48f38
SHA512 1e2bf725a14282b641728ff6ac6c060b3b110a27d4465b6f112fa41d95feef6e5b318dc8a0a5ca7145a02a69f2658b8ebd339c6c906831e7c9b109d346d417cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 738e8beb32fb03b8a3e1f592e00b1182
SHA1 3e8fe4cf19a9e603be4767573da18797ee20d174
SHA256 fda5e69cfc0e203912fe1d32603da25cd4ada854ac32d6531567d82a7489c04a
SHA512 d574f87c5b3161a66969a007d9c6ead8312e142eb54bfefa02ed52f2f882f9af90ea10c86cb7849bbed949d11405a84a1a54e3973d24b0344b66692e7ad98236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1b5b336828b6894c8349e94000943afb
SHA1 bfceddaf618b30deaa510a4e9c03462f2d9a2cfd
SHA256 bd510d6872245a1ee5c8009174bbbd23286e47b92a501dbb39c67b513f334c98
SHA512 b56180958e2537fbe27c6fb31f9e06a45e115e4228f0232d1f568f0ed361d565836d000de6a8db01c9f1fc5e16a53bc178a1635f68f51c7a816840c695be8a4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 64eb84931c9bf693c644fa7cdb407071
SHA1 0121c0d6adb57606af162da48faeaccc6ce849ab
SHA256 73c35e3ee7520404a9c863b89bbc1567666e67294ec15f0d78d4743221ffa6ac
SHA512 330c8b915ecc58bbed98a2e1916d9bd42ff2e78a8fabd0aefc4ae52f01e9fcd29b6ef7868b03eac95b814eeec0bc65b2260a2bf68e1a0dbb6fdd850c114ecd7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c26b60aeff58813d9364c48eaa945531
SHA1 5a308bef0e66a733738f448225cd5e2b4db6ad65
SHA256 dcda560b5d350da19a02ef7099e21ce12787d3b896060865420e917061aebe4e
SHA512 8548916bec7b15f76ace37c44ecfa33caa824e40c834c28c06e9e856ea4a900d56b62815826aaf7c10f2c67de91202c08e7e293ff2d79c1919ec2a128e0d7f6b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 c5b96cc088a9d26aa216b1d380bb7dcf
SHA1 e3fed96b9d23cd2008577a3cae218dfa541e9580
SHA256 8c4a125aa62e24eb6f196655d806e42fc55da68ddb1452760726deb64caf1b10
SHA512 0f6abe98394a713e24f1e6b467baad1ea5fecff788568f312e078e46f79753ef9c2c92d788d3fd6290e2ddba6bf192b6b20821b738995a9eb90c2f859aeb60a7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 d92ab14c12c0a2b0499343e1513f5001
SHA1 61f1ce520c1e58869984088424235659cf2b7833
SHA256 b2a11daa9865f97af1768c440896f7d87f917911c3a4ce8d5706a610773f9abc
SHA512 465b88bc1b6e1fb86c083fcacd6e32e34cdaede49519ab204be8bb1f198ad33908295fc97bf44c126040687f87ef8f634421d42dcae27c711ec5f602a9935c9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07f157428bff524e1ec23179f30fa384
SHA1 7faff4b83f93f38a8184c74464f6cb3ebf3750b5
SHA256 2fede7abe4cfcfcf898115d69daa4c6dfab1f13d9e62c2533ee51b769856869b
SHA512 048b9748a4735aca3742edfb1e807999af0499567b24e6b01037fd895809045108425c5e4d74f8f59234c1a1539844822e3fec84a622182b215c553e24fef729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 735552c8630d07e8fd1089b76d6b3c96
SHA1 e753847a9528901fe1e3ed96d4769faf10d70588
SHA256 1cf7cfbd308a83f7586b64bae31d2576746daef7557b8df9f292dcc7974df774
SHA512 42d9667825194105aa388d72fe6d09e9767301826522e3b80231f12a17d93a53f86c611c1b5fc5bcf5e42fb626c7912e4539af40e00c3e6bed80bf2534383437

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f643e99bfe5e3a4ed64ea14c13dbb527
SHA1 37b45f66a2f60958d4b1f9ce660813ea4bd38eab
SHA256 1474f68cce29884eb3e6f1977ad08f40d60629cc5da8486282cb58d039b003a8
SHA512 2d3c630eb17036e34f9e956ae9a6bf67ebee5153790b10426ba33146ce76234bafdabb2bb564fd6bf613618d43e6418c4fc9ec79821e55120802b61a45662fe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7db2dfb87fbc8742d5de49a9191ad236
SHA1 a868e47fbb344a317de03f59140c1cb1656b0b7c
SHA256 364e6fabebe5c8490a01c2752391795746d08f84ea696ba7c9c2841210428f65
SHA512 cc678f1ea13403454fe84af75fb98811d4e6481405ff2ae6fbff889791d295bba6278c02f781950eef1d41f2beab9785ff78cfa3cfbf5b0c1670d642b690e36b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55f4dca1080430bb050c3c23fd88bea9
SHA1 2b74b15948c0598b667db86862b44d92223149f3
SHA256 9e52f44b0b3a1623aa417e657ed0c44dfa9368589d5147d1a1dbec12a7113db1
SHA512 80a3ac0a9bfe1d000eb547b6d2aaf2122b9f23cbe405899c557af60ba0aab35b72228ad6dfd63d443f09395b1cf3174e6e869e7fa15fa055bbc4d3281f536fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\08621d9c-5c88-41aa-b0ae-9d45e7d53db0.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c25c1bc6ef2eec0e829c2783f2258a62
SHA1 c3da3ef44bac0b9f0a3d3dc8b5e10b2e8d05898e
SHA256 2941a4cd80aa1597448e63ecaeb9e47fa01a50b3f311fc92505b83e138983290
SHA512 62b27e640e2d09eeae17fb2794b796d2caaeac35e4d9f98ed28ecbed13899725867a3e75149064cdc9e22c5b20dc5c0b6e0121419d0202e211f303c9d049f878

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d141eaa94be8f5295dc946385546ad4
SHA1 2f9d52a02f393705f4542bbbd83847b2df5e2804
SHA256 9966031403de826fdd844ae492de8e06ea3d2c61572d84a8a499a483306cd7a4
SHA512 edd9cac14bac4c586bc8e082835c2c2f0d3666f64c3c15ce3c738303f1e31efdb9a833229b369d4f83601fc0bc9091bc6b0b7a85124e564752c5334637a2a9a2