Analysis Overview
SHA256
8b4747aa987fa7da30a7108189508b38b9c1728a2712ab3604e77b4787634943
Threat Level: Likely malicious
The file target.ps1 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
UPX packed file
Executes dropped EXE
Checks whether UAC is enabled
Drops file in System32 directory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-19 20:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-19 20:32
Reported
2024-07-19 21:08
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
630s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658951412707194" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002eb059e18986da0198e01ad89586da0198e01ad89586da0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\rufus-4.5p.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\target.ps1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4924 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2952 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1608 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5040 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5124 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3164 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6056 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2188 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5920 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Users\Admin\Downloads\rufus-4.5p.exe
"C:\Users\Admin\Downloads\rufus-4.5p.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1612 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6612 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3988 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5484 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=972 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3876 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4592 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4572 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.214.68:443 | www.google.com | tcp |
| FR | 216.58.214.68:443 | www.google.com | tcp |
| FR | 216.58.214.68:443 | www.google.com | tcp |
| FR | 216.58.214.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 68.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 172.217.20.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.18.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rufus.ie | udp |
| US | 185.199.109.153:443 | rufus.ie | tcp |
| US | 185.199.109.153:443 | rufus.ie | tcp |
| US | 8.8.8.8:53 | 153.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 136.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.32.3:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 142.250.178.142:443 | fundingchoicesmessages.google.com | tcp |
| FR | 142.250.178.142:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.178.142:443 | fundingchoicesmessages.google.com | udp |
| FR | 216.58.214.161:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com | udp |
| FR | 172.217.20.163:443 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com | tcp |
| FR | 172.217.20.163:443 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com | tcp |
| FR | 172.217.20.163:443 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com | udp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | valid-fixed.gexperiments6.com | udp |
| US | 8.8.8.8:53 | dnssec-nd.gexperiments1.com | udp |
| US | 216.239.32.55:443 | dnssec-nd.gexperiments1.com | tcp |
| US | 216.239.32.55:443 | dnssec-nd.gexperiments1.com | tcp |
| US | 8.8.8.8:53 | 55.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| FR | 216.58.214.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ubuntu.com | udp |
| GB | 185.125.190.20:443 | ubuntu.com | tcp |
| GB | 185.125.190.20:443 | ubuntu.com | tcp |
| US | 8.8.8.8:53 | assets.ubuntu.com | udp |
| US | 8.8.8.8:53 | res.cloudinary.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | 20.190.125.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| FR | 172.217.20.194:443 | ade.googlesyndication.com | tcp |
| FR | 172.217.20.194:443 | ade.googlesyndication.com | udp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| GB | 2.18.108.33:443 | res.cloudinary.com | tcp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| US | 8.8.8.8:53 | 33.108.18.2.in-addr.arpa | udp |
| GB | 185.125.190.20:443 | assets.ubuntu.com | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 8.8.8.8:53 | 10451423.fls.doubleclick.net | udp |
| GB | 2.22.139.144:443 | munchkin.marketo.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| FR | 172.217.20.166:443 | 10451423.fls.doubleclick.net | tcp |
| FR | 216.58.215.34:443 | pubads.g.doubleclick.net | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 144.139.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 066-eov-335.mktoresp.com | udp |
| FR | 172.217.20.166:443 | 10451423.fls.doubleclick.net | udp |
| US | 192.28.147.68:443 | 066-eov-335.mktoresp.com | tcp |
| FR | 172.217.20.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 68.147.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| FR | 216.58.215.34:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | scout-cdn.salesloft.com | udp |
| US | 8.8.8.8:53 | serve.nrich.ai | udp |
| US | 8.8.8.8:53 | snippet.maze.co | udp |
| GB | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-145793-s1-v6exp3-v4.metric.gstatic.com | udp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| GB | 173.222.211.56:443 | snap.licdn.com | tcp |
| US | 104.19.148.8:443 | script.crazyegg.com | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| FR | 51.178.78.162:443 | serve.nrich.ai | tcp |
| US | 104.16.72.105:443 | scout-cdn.salesloft.com | tcp |
| DE | 185.60.217.28:443 | connect.facebook.net | tcp |
| GB | 143.204.68.56:443 | snippet.maze.co | tcp |
| FR | 216.58.215.35:443 | p4-cytndg2epoa5e-eezps3j4xqhdcuty-145793-s1-v6exp3-v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 54.78.34.191:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| GB | 143.204.68.56:443 | snippet.maze.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | scout.salesloft.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| DE | 185.60.217.28:443 | connect.facebook.net | udp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 151.101.129.140:443 | alb.reddit.com | tcp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 54.158.232.70:443 | scout.salesloft.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.19.148.8:443 | script.crazyegg.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.148.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.72.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.78.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.217.60.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.34.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.232.158.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | pagestates-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | assets-tracking.crazyegg.com | udp |
| IE | 52.215.76.52:443 | tracking.crazyegg.com | tcp |
| GB | 18.164.68.53:443 | pagestates-tracking.crazyegg.com | tcp |
| GB | 18.154.84.75:443 | assets-tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | prompts.maze.co | udp |
| US | 18.235.216.163:443 | prompts.maze.co | tcp |
| US | 8.8.8.8:53 | js.zi-scripts.com | udp |
| US | 18.235.216.163:443 | prompts.maze.co | tcp |
| US | 104.18.37.212:443 | js.zi-scripts.com | tcp |
| US | 8.8.8.8:53 | 75.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.76.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.216.235.18.in-addr.arpa | udp |
| US | 104.18.37.212:443 | js.zi-scripts.com | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 104.16.118.43:443 | ws.zoominfo.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 104.16.118.43:443 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | 212.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 104.18.37.212:443 | js.zi-scripts.com | udp |
| US | 8.8.8.8:53 | divergentnetworks.mm.fcix.net | udp |
| GB | 213.5.132.18:443 | divergentnetworks.mm.fcix.net | tcp |
| GB | 213.5.132.18:443 | divergentnetworks.mm.fcix.net | tcp |
| US | 8.8.8.8:53 | 18.132.5.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.20.163:443 | www.google.co.uk | udp |
| FR | 172.217.20.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.20.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| CA | 172.217.13.99:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 99.13.217.172.in-addr.arpa | udp |
| US | 104.16.118.43:443 | ws.zoominfo.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.215.35:443 | udp | |
| FR | 216.58.215.35:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 185.125.190.20:443 | tcp | |
| GB | 185.125.190.20:443 | tcp | |
| GB | 2.18.108.33:443 | tcp | |
| N/A | 185.125.190.21:443 | tcp | |
| N/A | 185.125.190.21:443 | tcp | |
| N/A | 185.125.190.21:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.214.68:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.214.68:443 | tcp | |
| FR | 216.58.214.68:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 172.217.20.206:443 | udp | |
| FR | 216.58.214.68:443 | udp | |
| FR | 216.58.214.68:443 | tcp | |
| FR | 172.217.20.206:443 | udp | |
| FR | 172.217.20.206:443 | tcp | |
| FR | 216.58.214.68:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.215.35:443 | udp | |
| FR | 216.58.215.35:443 | udp |
Files
memory/2768-3-0x00007FFD0B763000-0x00007FFD0B764000-memory.dmp
memory/2768-5-0x000002A3A7670000-0x000002A3A7692000-memory.dmp
memory/2768-8-0x000002A3A7840000-0x000002A3A78B6000-memory.dmp
memory/2768-9-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp
memory/2768-10-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ipdqcmx4.e5k.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2768-31-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp
memory/2768-35-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp
\??\pipe\crashpad_1412_SAGOWVMDZOCUKQMY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d5737671e3eab919c8f69e0e8b28fb6d |
| SHA1 | ffa89a78e404934c90bf9378d310d1c267920ef0 |
| SHA256 | 314f1caf8ec2bfc5739c732a2a80f60cf02f2a823c7ef23990c9e03672431c56 |
| SHA512 | 978b5e5d6a7184db069fabbdb92dccea20a2a1d9771309ea4787c8b4f5a19bfa262f5791fb08660946a8db7ca5816814ea95619712974a71f1a27dd711c5351e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b013377918240bcf1d52b938c5bc256 |
| SHA1 | 3751a6e3d4e9454ebaad7bf313374a89ab7d44c2 |
| SHA256 | 273606246d3b24ec6f4f5ce1d2581ac00d7757d5f803f3ff78918fcc18bddc8e |
| SHA512 | 26ff027686444baae74faf4f6646944a2f6607f802104ce08d3734b2006159134795eeeaca6763ba6f0ade5e0f5f94a589aee39da06386a44e00b6096504bfe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d4e9dcf5919919cb56d8e5a900f34343 |
| SHA1 | 711de1d618551361c94ebf510f191628d7f90b8d |
| SHA256 | 67a7e259928ffb6f6bbf8107ba448ef9c9336ed4cf307b12e9542c919d3c28e6 |
| SHA512 | 4f1cd01b34b818f512110f56d2d87d2852365d2b00dedc82e9fa9a32e41cca96d5bfd6a5f4933d647f0fe060469a2b6e8dc7c934c6dd0063112a7532f8fb7a13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | be848f8ee93e3687eb8de77183d4acf3 |
| SHA1 | 108faf0aed520ce0709ea3154c59fa949841f5b3 |
| SHA256 | b4ded9c7f59011cae185012cd2807ffd5b0ac720f842575ca7e83b1643f82266 |
| SHA512 | 4881d264c7e8d04fcd70fa7a758dc72a57675ac16a654017e9294d3be12c1097e08690a90522943d0a1fc3064af7fdd557a53aae84bb26b272afccf8a311a548 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 1286548eb1b6388d4b00f7b9f59a769c |
| SHA1 | f041e255f1e7ec12bd500e92fcd5b6d94d7f638d |
| SHA256 | 581789a566f7b5fba64e1d8324b3d4e5c234e140cd26d928ad6e5e15e5a321ec |
| SHA512 | 79844b81f31a55f338c9bfc2f78d114089176164a03298f143880fcfe56d74b12112f563d1608ce0666ff15b00435f800fa04ddf143fb7656f3a9016b0421b2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 29b5bae3fe3ec02972812bf044f3b8e6 |
| SHA1 | ddc9016db62d6cbab646702d0a0621d3cc60b5af |
| SHA256 | 48ae40e36190fafda7b193763b8bcb896eb42a378ec37d233582d42cd76c3e87 |
| SHA512 | 193cd2366dfbccb32d1d53d123a374e3cb8955d2964ddcac8c04cb7560dc667d6d792f109c96636fbd412f94d89af343525e340eac0db3a18a131f43756db2fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a311472780a5fa4b2e1960fe8d15e793 |
| SHA1 | 3353d314912113f8eff15493092cd79400b68b72 |
| SHA256 | 354d4173ab272ff1d3bb2ef3113b83cc4452b2a43e7f38a81cf3f991d0509a3e |
| SHA512 | 775bc0ec409b26c0ecc4ea271300c07c7fa8206ace0b447c2674ae8e2bb1c51cb64dd07f24419b785dea9b4d335893da6293768a380c28f9ea20469ccd23e97f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56d73a440328db8f7c6d4ac3ca60df69 |
| SHA1 | ec31717a30315acd64252a389fb5ad18fc5ac772 |
| SHA256 | 1727bcdf4213dd5a97092782e021af9e1ed4ce485c9a8eb18ffc99d513cd94b7 |
| SHA512 | 926e46bac52f7071e55996e26119789342191f0b0a717c99db36411af941a4d0b75b1435fb97ff8d7fb1d8c8d8517da2fe002bbd201cb8192f2fa875cb307409 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c28f05abf2e00a0ea49c7215eb731109 |
| SHA1 | 653e99ec559bc92eb497eadb344d39b0ff5ab5a9 |
| SHA256 | 7f746438a5d4a1354bcf4d4153f02adf4b6ff4933285df4afe8f26862d788560 |
| SHA512 | 41782119e9a4daa4e5e3f994c0ef0594cf452a5c8422598d989f428dd8e8a3f8d551d70f35096b496494afa3ca0650d502ee3b91a3c1b4602d1aedfb03a143da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 227fe034b8395a605ed89fe9fe9b15d7 |
| SHA1 | 1a32bf7bc1811248026376201f358ab69d44bdbc |
| SHA256 | d6814241a0d8b06413ecf2f7ab081e2966e78ffa8f7cac38c9af2ba35b153d12 |
| SHA512 | 540c856b0b9dece8608fc7a6c2f1e4c9c39d8bf4da3db3f4b197174d30fb20ed33cc0b23a7dfe18777b94e5233d3b1dd5d48fa2e7fd7df6d0d8c7be351fe43b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2be59c723084e77ab55bdc95a1209b4f |
| SHA1 | 5e14287fbd3a63068826b619761850916d9436eb |
| SHA256 | b7747d5ad410bed3b6501b9cb4520f739dda834a3b895dd01520d0d806e59ae9 |
| SHA512 | 6a2e7966a4a22465b842fc24358e9dfe8a77d0ab9483a35c59d893d8dc1e29137f2a03c4df800dd25aaa835a114d6f233eb75940fab9893de30a53a72459d418 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4431f723546c69cd94e89c6c09bd4ba5 |
| SHA1 | 89072faff462dc3033f4aedca1aa4fa7f60823c3 |
| SHA256 | fffab7db3cb25f33461397a7a7b1db62d22b1bf79dba2ea4b09234794f363e1a |
| SHA512 | 78c649177d529ee1ddd45158f10ed33cd043c6f03bf63af767ec1d5a163879c8b7b740003591ce6b7e0fb311442833dc8243b4aef8f568d9d0c35e2782ccb7b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b876890a65123d372e290a6f3c917dc8 |
| SHA1 | c57cefa6267633ea6ba015694896f12a0a9a138d |
| SHA256 | 5583cc5089be2e498547e2180d231da38843b69e6a1c9bec42c3a0b071789291 |
| SHA512 | 0d22c39921a31470995f6c0281b65d1380dc99e88823648cb7947f14a4721fee3e44a614639e6d456a7a794aab6391073c5236518f86563a91303884780d1fa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d899dd52d1d5357b1c3974900f1fc88 |
| SHA1 | f96c9ea2bd8efdf669dc70012a1fd895f3f7fb34 |
| SHA256 | e5edd08f22d84e358f1bbe8eb6b986dadb2d090cdfec5a7127f4aca0e2a6cc43 |
| SHA512 | 94fbda27f56bc6e7cd7e5125a8e3aaa93001e47b4294fff196ba2b58707d12d40cf6d77d70ca4a609f6b69ef57b316379f0af7791f8ae010aac59eadb36b45f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7030bf7e410254e072359a413a01c26e |
| SHA1 | aeae40a762a7fc538e7bfe5a54758ea78fcf143b |
| SHA256 | 1ace3a55c529787a645df3ddbf33056d90df75d5264b5d9899d99223e101142e |
| SHA512 | 8f3835055c8826e6915a1b8b719904d47ed6941811894f3d1ee089a172819b5159082865fc151b3bcb5d9b71a53c522f067a591c75d91e8fa39c08beb5f132e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5913bd.TMP
| MD5 | c780355e1d4c9b0c94ee1defc024bbdd |
| SHA1 | f0b059be50a33b22be1bfecaf625c7677af3856d |
| SHA256 | c3f0081d0b1f0872c3e4b9764c7a3ec6c42be32a2c4a959c456749fd6a7f60d9 |
| SHA512 | c69bfe978b9f99348f5c6b0f897f6af5ef930142698a81c11587da7bf38a00933f4ec0c8134d1af919eeab14492db966f3202168753c85b5e8be2d62eb35c1b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 4a2961dddc7ca6732df1c0646aad5129 |
| SHA1 | ff0b7265d2bef3824709ee3000621aca2d2c8724 |
| SHA256 | 58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597 |
| SHA512 | 82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d54f191c313c97495a1cbcfb8fe30aa8 |
| SHA1 | 0c576f9f98c3a72e8a2338c145c3d8706ae9cc32 |
| SHA256 | 6a6f43e34a7ebe0471f1118d78dc084c7a0b5933f1257c6752ab29863b8e9df1 |
| SHA512 | 5bc6cce6a30ed92d898d10a8317fae728bfb184930d81ea398f546f2d4381e7103538be51cda31c7d4fe957c23d6d3f1e88da22345c2900b8d4a68b3d14db95c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 25252be4e3ca22b92cd200904b2dad1d |
| SHA1 | fc9213d3fda3460410226c698bbafb205e54de2a |
| SHA256 | b3c17e793a2fed88b3275e47e16551f3c78d27c900bb094418631c5954c0f71f |
| SHA512 | 4ab64594f251953e0725cfa62ea2d7b6e537cd4431de58c54b49267c33b85a501d992866f8c63799e1627545cc4da5c137539be7c16d67d661d278c0719ed366 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2270181a96341f3234d9acdddc713f6d |
| SHA1 | 9f72197229be96dab3c84b3cb4ab2503ea6834fc |
| SHA256 | 506f6a7e76353a645c8b4452bd334988482c5e918fe2e767de2bf1cc0aaf273f |
| SHA512 | dcf0a8da26921c45dbb2e067a1f2f2bb5065cf5d85ec438131b52d866b803a8ac338cc043422efafd82a6ed3ca4cddf158acfdac1fd6d88cba50b6fbe4eb3701 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f0a2895c7b4b2cd398c401effdc98e6c |
| SHA1 | c8793afc4733ab4726060d94fa3044597bd153ab |
| SHA256 | 02416640534b723431ebc8a7b9fd308f83e779453f807d260db713db7462e93e |
| SHA512 | 1cf9862642e2cd74dcd4fd45a360c9e694777ced06cfc5276c8fee2bb4c30df9f9828eba76941271588cca9bde0c9a86ee2cfaa58cba2b50db09d311ad7183ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b2e803de4cf37188d99638d26fd07022 |
| SHA1 | a0e9f4bea675bc47e0067dde80424e10931e0552 |
| SHA256 | d8a25a0d56ccaa34e4175447cf984824f21ae9207e067c6211f4e4556f4848cc |
| SHA512 | 8318b18f22f19c086b16537a8b080f51c92acee9ab934baa762226c3ef69b26c33740528224aa0b443d47e7bd7de00dbc526d2b9d35706b55cc8b7fea3e14f85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10177b82ccf30bb659169fa9904baa0c |
| SHA1 | d73d5322f5a5fc4f2c9741f1d6a54413b7b634da |
| SHA256 | 9c19946d86dc34dfc595a421360a2d51170ba76bbe28e830251fd3f05d85bcbf |
| SHA512 | f8b6a5acc54853a109d5cfc69fc0d80b6db4300853cfdb0bc826c9a839049729c831901fa946cb3547a2007a710cab901651a6be4c7c6c1548cae1504469b7c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e764a97e728054e1669f9a35f53e90d1 |
| SHA1 | eac13e0400986e72b1d4d8e72e36108f0058906d |
| SHA256 | ecbd6c5ec95ecf240b4fb6c1621baccb053e518823916fce9811794b1502b7ec |
| SHA512 | 6fa9372eea78ba993e58065bb84616f21c534fea10faa491d4e4bf501d18aebb8156df44b9ceeba7c34d309026b7817ea109acb2e07d12bcc6a12e264b0f8b30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6665ee6cf54116923f195d992f97c23c |
| SHA1 | 17decd56886c76cbfdff9fd7ac5f67070fe0d52a |
| SHA256 | 9f146cf4e77122475e566f4e847ecced8f75dbe0f37c88f6610e376fd863875c |
| SHA512 | 26ffe36593d6e7e174a9074593f41d9ad63713a5578359c7598914957a04d1124a01cbd285274d79ac9d070e25e4865a3dbe4340a6d939236b5e09e3bf216f51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 684fd8d2ab9feb40eb0856b4fec69bf2 |
| SHA1 | 41ca1ad358ded7f0a51b2d046644e105246b9841 |
| SHA256 | 3614cb398eb09db1b553113a2c497161c1c71f5edbb152545418c9bd517f6a82 |
| SHA512 | 0f67648871bf009bda33f0c4d5be89f47a27d1aef2af4e8ee15e26c3ffde72ec56bd3dd7313d2ddae330ba7f925e917ffd069d301fe1795b217f2e97d03c5426 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0601cd7992a8b064a63903de0c8b378b |
| SHA1 | 306654fe6bb4eea846bca5c558131bb2b0e5f521 |
| SHA256 | eba2118cdd36436213b8ada2560b7732115730dde818b756b1726083f2ff9b71 |
| SHA512 | 700ea3d499e9efa5547dfb1bfa6a3550c3537d30dc2423b624afc0a951040d1f7b38b7731db494592d621dc9bdf89f4438c5675e0eae270e382ed4f91f2ce309 |
C:\Users\Admin\Downloads\Unconfirmed 568495.crdownload
| MD5 | 129e5bbf63d8299d027186eafe92754a |
| SHA1 | c50bd94af6af186edc536ec6ff83bdd233586618 |
| SHA256 | c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b |
| SHA512 | a87a4b44ec3ce37a0da546a805f688bd3a68b52d662a294b8193717f383938f99fa68e50dddf9f012aad7b51e98fd017f6b757ca15332d79a2bb6b882c379a05 |
memory/1652-527-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | f9a49a3e2415016fa85ddff0b8b38419 |
| SHA1 | f8c987119269e58d22a6b17ae2e8eca7744fb385 |
| SHA256 | 14694dbee3897b6bd5aa596ebfd893e727179b67811920c174dc70e6eee8e579 |
| SHA512 | 91ea129a51d2c3b342287c1250f5b0da6ba2a61eff11791d1cfae1f5c6dd2654c935be1452f4a681e794fd723a3c295e9bc9e59b9005aa4d8bd55ed36c9ad91c |
C:\Users\Admin\Downloads\rufus.ini
| MD5 | 1765d4b9c67091d365344e51ce3e9fc3 |
| SHA1 | c703d37761aa46a29b6dc81433e606ae2057178f |
| SHA256 | ef2d018e1aae6c2e548da2128d6cf04c77dba92528c875243cc6f3510fafbd99 |
| SHA512 | d7eab3c0332f2b128eb7b8029fda4a2be453c885d773bfb2a03f162f4192c7ef835ed3362cde6a234ed85038c035db5e4afc6b9a3309c30af03705e92308eaf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 70aca268571399a5fac5bc4717b63433 |
| SHA1 | 518975a08190926522938d28417cfa5d1434b420 |
| SHA256 | 4c52229c931803bfe833dfe939e0d568cd2e1556e23a51c02fb6bdb05cf31022 |
| SHA512 | ba1725cbec1acc31f7292ac7bf31a6992923ae7311aa9accf8230cb7fb9eedf4f7db46b011cba85cf45991de240ed802042dde08d9a09fcdad1c57494041faea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 967210e9bccf27fbac2965f840e9edca |
| SHA1 | edadbc3a6889b4336c2ea600e29dd6b1fad32fec |
| SHA256 | 05e0ead3a0ee1d914c7086e2c8a7891d45545e65bf35012706914d8f4c23c7ec |
| SHA512 | 4108fea3e330799eea06ddc397a61d54baf235b0c1608e3d14ec6b04242b39bc625538440a29898ad5c63757b3c10e4772c74c9fd3ff72e32746d2507751738e |
memory/1652-688-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
| MD5 | 7da3516a70be51b749edcaae58335dc6 |
| SHA1 | 0c7b8dc06876d078bc2d98c8070166a2ff18e6a3 |
| SHA256 | 40477e9a77b25cb7bc53ddc2e8d389072a7f47460f708efa21f3de75c008b147 |
| SHA512 | 4e8daa93b96eed640b07daffc47d345f7423dcd32056a500a45da0a7e32b3eb718589508ddd156aadee77582972fdecdd4929eef460ea8ec647e11574b16dee5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 5581a54a66ff276c3793d92f793e8e28 |
| SHA1 | a38d7e21a9181a8c6ebf26d4cf50ade760b25eb6 |
| SHA256 | d0da2042f4d42646402554bd84e946b93d256f96352d5acb14c04d3bf47fa450 |
| SHA512 | a23c20e4411749749ecd5fa3a1e57aa2c23215694b05b7c9e2d5867bfec0681bd0c302d43b55e146ac251fd04b9e22077e52f4fef98286ac3a8b94a830b21957 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | fdc0e3459d36ba0f37156be6a9e63c8a |
| SHA1 | 6113b69a7b0823c0cb1cf4b7ad7bd4347f18810d |
| SHA256 | 83b9a8f94c61ba9bf0ec1a8c68922331f4dc1f6f3c00734f41cf15cd9a39af29 |
| SHA512 | cb83b12a43837f038e7fa426c73a915262c9afa2e3d087d4f8216f8575976078771b6b38d1c7fe177a7c0139f52a9584b2a212d0e3575158824ece5788bb3928 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 316413ca020e77b1886e7aafaffeea97 |
| SHA1 | 3baab91bf670ca1cb477ecc9bb81ef6fe364a8fa |
| SHA256 | a3a186bf7b73ec7c80975ef6fea25da449b04b5e63fc16541faa4d317e6e42d3 |
| SHA512 | 4cffca892a3fb9293e4cc4c944a04dc300c6fd52dd360bc6dd5df52e83aab212083442b7219297d5d03d10d2299c6cd23f7b00472ea74a411d11dc6387147bce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | 001999001bbdb9f6d95731e667ef9ad2 |
| SHA1 | 46ed6870685a3e3a10c2436689fec46f4392fd04 |
| SHA256 | 4b037618503a130f7ce67544b722e610ee4bca5eb9935b3223eb48db10b56b81 |
| SHA512 | 24ee2443ede04ccb4b4f08ed06d693b5b65b02588f65ba9414fae27ed71c478cd99b336aa7fa704ecfb31ea69d1324205f7f3c1aabf2bf5d1f7874135b286a60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a12e51ff484c43bd17aa5594fcc20166 |
| SHA1 | 3cd1cea036042856fb26afa04cde2285eccb93a0 |
| SHA256 | 318b0b73c219c51b7424e28c81fd6dd9309374cbee0de7ac8e8abc4fa73e2efc |
| SHA512 | 813098122873a9744d5c782bfab39e55ce42886942acc8b1d8bf399f56cfc8085256d77ddbb485f3d0f536d8d3232cf5d55bfcf57cf6b738923cbb9b1bf5f45a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 7e5afba21f00b2b5efa309dc0635dcf3 |
| SHA1 | 1c0e9a12aa6bcb6e22a48e30334aa8f5ad473cd3 |
| SHA256 | 29f508b365bd4cd203c9dd31cb879e452ca37c17478b82f8d6c4f175bf5fa1e5 |
| SHA512 | a3f71eedbaca43f9ddd00509ec8bcaacc920fe4f0584d9772639789ceea947fe2fcc967c75a49ffd93d95c22cc8a5158cf1bf51c853af9ca55f1b6050bef0c2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | cdd6fda1ae9ffb4b444e54c12aec495f |
| SHA1 | 73f2fa9d1c052fbab61ce8d1e2411eeab588e082 |
| SHA256 | ff2a566a48c3efb0f4cd85b800e65e60fa89cc3fa1e599eab5782ee761779d6a |
| SHA512 | ca357133a9a74bee3062fafe49c844e8b2c877bf6d667b2ee3878d7ca486f916068ced6a8c00dba919dd8e7c7756feeb62dc43a520861cec61d1781bb391317c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 2ce36f40ae85275b8092c2840f51992f |
| SHA1 | 2cfbe1ac1b116b328d07b086a7ded7ca747b12a5 |
| SHA256 | f55c1c6d000ad31704fd9496b963d37bfcaebc5d3724ced6954765446aa1adc8 |
| SHA512 | 902f1468a6161d982d96600fdf1872d787e75b3e3ec41356391157429bc11e671a162c8fb5cf177e424b45b3f3feb9d5075d9317d9fd6e82f016ec5cdca9c9d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | b3b180e9f2e00c210a7b9ead791ef152 |
| SHA1 | dd022e01dea40af9a985c5e2e0484574b78888d6 |
| SHA256 | 41c91b45babd2d0eb0060e80bd1b38a07a8d3b874872d734f9d9dc06b4aea804 |
| SHA512 | 498cd1d163b7892289b5c5a131773d35ca6e20e966e3131d29374da66958fc43307cb7f5c5f5cb2b89c2fcfcde77e3464e4aaa5b0d27c44bfa829d80850ab000 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | a7228a1cbe8e2e06ee05d894567d4bca |
| SHA1 | 387915a365f4868ef0b19812612510312ea18e9a |
| SHA256 | f3e72336b3cecbbe81201037916b1a4940c4204d80df53fac21f57333675ba0c |
| SHA512 | 3c5777218243a32338c4a8af7a7e4829e5184c95b911e207a0dfdd407067772df50af30b30f7a9aa03604c3f627ae70e963f2be461c1212b9bef4ee0326f8d99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 15fd4fc9890b37b1bab009ec109b244b |
| SHA1 | a4208cce8ce1037aeaa07938528485f0f911d145 |
| SHA256 | 9df9ed7e8f8eea21c349e69ededbac3ba02135ae73c12478189377a0f3e97449 |
| SHA512 | 5a7f2c092b8db11163c39244809aacfcb51bb4c22b29ad73e4ab9e3a6e1922fe24b999f3c056894c72f804cfa4315b6209f92ff5a478e6d9dfc4ece0951fd621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6e9462ee5d602d0193afe2bc46628006 |
| SHA1 | ce4d4990e44b171b06b570fdbcba45070e26be35 |
| SHA256 | 0fa80128f8f161ca2e003be6daffc65329ff3a28bb591356480fa893b878f1c2 |
| SHA512 | 62fe4104b124292c03ef6c67589897b720d683f319ceddb0c646effa18ee29c5469fb5f7a5918a8c3bffcfb99d4479d363b3352d2d07a946aa29ec5c87bbc0ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a68ecdda99998a478bf287a8c92d8003 |
| SHA1 | ab1040bf661efec2ed128d2e0e06e8f8051880d9 |
| SHA256 | 2f6f584fcc9a1994aa53cd3ada30f4bc6c2a1e7bc4dba9103b6399505e0fb083 |
| SHA512 | cbbd243750b66183f28fde39d82f136fb62942b78b11c04bd6466ed680085e7173433318460a1672859e2f326b71a857b9d12a9b1b61fe5222a8d7907b315e7f |
C:\Users\Admin\Downloads\rufus.ini
| MD5 | 08f24f4f4939f125245222bb4cbce9f8 |
| SHA1 | a89716cb4e182bf9db89ccd9cd0111721b177e03 |
| SHA256 | 38d8f56bce1a79976e66cfbe60457c5a94c88687078b8bb2f99ff4e4419a7292 |
| SHA512 | 9e42c129133c8a8ca7241c2340b5d033d5a24189b094dd73c4f6e60b93b673cf497aeb9442f544546af42132bb6ea381bbf35346927d54a7e3227549b8050d95 |
memory/1652-854-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2f60c0264018f8ecfecdc9b741482fd |
| SHA1 | 4951381fb87b816a550dd1a48b9f6cbf36917095 |
| SHA256 | a867b6d8edc4d2a84bfa5343daf1d8f4b2736d5313822bc2ebff626f9df0ad65 |
| SHA512 | f70b273938cb73daa4a1c37dc8816d5bdf877960cd36138da3ab77518a171b5abaa1ad16e6528f5a46534acff7be206b248b6b78d0de6b2d2d6dcdb0fc3667d1 |
memory/1652-867-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 242869e8143cdf5b04d0330774b9d69e |
| SHA1 | 2948b0a67a1d240bfa16e920dd2a2713e473276d |
| SHA256 | f3d938026849ff51c90edf74d361d7e751ca6aca91875350e88ee7dda0a46851 |
| SHA512 | 0d2132d1c3de3b8381a2a63050ca7e1ae02c56a62857bd6b25a2b24898c49acfed0684f7962a90975ec9f249dd7b2e653111a0ef6f175804387c58343cd9cb0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 471948153e2be0bf3e725d82cd0d41f2 |
| SHA1 | 025491dcfabe076ec5ae0124ecd263f7f3067816 |
| SHA256 | 8ea85fd6d9ae954b49a89471a34400ea99d240bd025597114ad89950386cb0d4 |
| SHA512 | 72524fb0cdf084f923138cb365acafd6b38a217774d91f82a4d67ea34ddad5c1737fd87e8862a546721c1c1fa07c326e29a4221095202fe26f5d1bb0f8677951 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 097e16539a6f175dd47316072a008caa |
| SHA1 | 5e354936e9397fb1a6fbf949a94c818cd1921b1c |
| SHA256 | dc91ded270463310fc7f9bbfff2322b16b25e73655e69a9f9d513084f40c6d4c |
| SHA512 | c574b60f0c01203b2b9476917e1ba3349d27583c93eed021d55189b51fff7d560a27f15c06f21a6067b474a80e04c22781014e4b06219c6730b9ce09c93d9bf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ebd693207466a125318a6d0ea8eda60 |
| SHA1 | ad4953953c3e776a7383f153e95f30a92005ad12 |
| SHA256 | 889e5f94e86ba985ef1d15746df4a8566165f46fab0b452832b93ea79ffd7474 |
| SHA512 | 2ac0a29a065509c21730082730cf36b4c04e8b09d1c7d96f64a5b985b333204bc319f008681e4eaeba9822935d0b96ee7471be2b5b6f318e3a0e0f84077dcf59 |
memory/1652-1068-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | a03d8ed88c99c770f51c9f6f545c46d5 |
| SHA1 | e3ede24d58497dff81db26e39a564fd9171bf3ad |
| SHA256 | d2936f76c2f6823f3f206b351387199ef2135d1bebb032441d0a82b26fcfb508 |
| SHA512 | 7866d552cb33bc1bcb02ede33ab259bd5f32b5bd93b8fb729d674b27e2c6af116374a1f48b613e9ff2d39d73f3beb1a27a31eaf913fb0fe2c4f30a94ede96923 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | def103ceabe1f02701a2b33e7c513d81 |
| SHA1 | 2c967ee797f9facb54d085e99523cc88c0c4ed67 |
| SHA256 | 45e121283845792ff2ee5bc626a106b0e2ed280576de98d0ba3d7a73937fb42f |
| SHA512 | 4e7cc10f1028f7deb9b1416f70b1c7071dc3c1dd2d41c23d4f26032f7d78fc41a6c688d7fbad0e0187dd103ab2714b6dfe3b1cbdd278e07a53c2934b975603b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd46fe3573ee248c7c1f3c4b9f15da43 |
| SHA1 | 1e0ed4ac06fba5334f204c1677cd1e44ba7cf033 |
| SHA256 | 928945196aed16eb7a5536655f270ef42d73f6f062e42868b9f1f6f762aff333 |
| SHA512 | 283fc5543e174468d1a3c3ca04cbf8e7dbb19d639326ddddba7ba3bbef2eb2d610380485b0b887b751c016f1c45e5dc4215817b7d3dbb67205ce3153a15a01d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b7eafb05a70bb1e53839a499db609b51 |
| SHA1 | b13cfae2d4f7af58e091c8c232af137f518d9e2b |
| SHA256 | b909fdd89d693961aa395800bac2c64e25473fd40a349d6046c9876f33a232a3 |
| SHA512 | 66d8bed431ab2223672582eadc6cec90c13eb5f51086aa71d22f276233349fb11366e864af8d37fb7a9fe9403ec1eee41f0e97c18ef0ce2644a2b7c821f5c2c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b711c830d6cee19c56242df9773ea260 |
| SHA1 | c61569d910ae7a8b14d8a26b833c55152f525f45 |
| SHA256 | eff0513c26e7bce07400d6198d5dc05f780a76bc30fc52f09624252ee843a5da |
| SHA512 | 708aa7d763ba49af65b9863edd0d5ce8bdad19d815a580d26e568c0cdf452ab8054723d2bd4edecd335386c3ac8132207479cb607427d16b46a497178ba8cbc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 8f3843a9da63a7c396a894b5865b2f67 |
| SHA1 | 2e7f9776d1ba8b15aea00d84eff977929ed70022 |
| SHA256 | 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a |
| SHA512 | 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 43d585d9c688f66a5a9c27cada92df17 |
| SHA1 | d0feea65e2bf43ae58034b124c54735aa428945b |
| SHA256 | 6d170c9ad9f64b096cad8e99c004476875d42a491610197f84e82a44af2d9cd9 |
| SHA512 | e35e159e2ba38c72541952579e986801275e96d2ee8f4fb67b97064331f48689aa36e0c493acbfe90b261c6a57729300cf6aa26e5eed9a0d9e612658663898d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\094aef1c-b3e4-4a7b-aeaf-e8e3fedca480.dmp
| MD5 | 975204fbd52de9c5e51fd0ad3443eac7 |
| SHA1 | 561a5464ac73de7efa208e455fb43fac04a0e02e |
| SHA256 | 75f08a1b6257235a08a32c588b229b9a131d204847e1a48a305523776596e9c5 |
| SHA512 | af61f7fca8e8a8ac99abe68f395665bed04f66b22e2338751d97090e07743113a24761ae83fe7baea517d03aa2d628734e96d7686731d76ff327947a6e99086b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
| MD5 | cabe4baaa138c1bc9a5e9cc0d41f0529 |
| SHA1 | 5b0ffe9dc48e8abc812f3305f807b60dd7602285 |
| SHA256 | 3c0ae82290c155a09d0bcc4ac5482d16d83e32d7b8097570b3120700997c6018 |
| SHA512 | f435c6f982606bdbac720e11db0a711e71fe78f6dfb993718b08e5029a0739eb7f89a51bf477d2d06762926e2139ac4a6f21bcd0efd494e90c797eda17759e10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 6cffbfe2b300352db6318e626a0268ab |
| SHA1 | b59042451b429ce4cb28b658beff5d017270656e |
| SHA256 | 16f941b4eca05ba95139d8ada191892207ffc2fdfd97b180873c4aaa411bb10f |
| SHA512 | 0b8edff1c67e41871592343c152d7ff363623ae6c1439964134dd830361ec37c419778dc81010c5bb8db2f96b3accdf373d6d30d29f077f458a2e4b5658a1cfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13365895140601268
| MD5 | bd813cdddfe4cccac4736ce00732762f |
| SHA1 | b91ae4349309f58e5fc646cece60bf7f468ef56e |
| SHA256 | 76b19bdea7a331986de5feeceba5ebea472ad8417cd1a3e4f231c06724104d55 |
| SHA512 | 5cf687e7a4132ae16fb338b4d4cda9f8a5a2610abb8ea4fed9090424e8c8df86a112e079e8e5d5313d1725e547a2c1ad98e79ca8f68afde12ff2ae2f6deab4de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13365895157384268
| MD5 | 1bae923a1b22ed051f2260021841064b |
| SHA1 | ff30fd3da64794bcb387742a0147b71abcf90370 |
| SHA256 | 9b874c789ece05cdb8bfb36c20ec412bea37b234a2ceef49e7521289ac674d75 |
| SHA512 | bd96a17a94387a0a00efc1d788f5f466fff48e06f3645c73714590451ae96f9d656c1da8b48124f988cf0d843a17c9e70dde3850f0597a6f7b9ecfeffd84817d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 14d55aec15afd3ddaed8def480618921 |
| SHA1 | b2227f98544e47cc9d2ef3e9bdc14e1811274e39 |
| SHA256 | 6ea3ce634cf81f355823162ef083a980cfd608cdfd666cbc537ef3663d3ab956 |
| SHA512 | 3accbf553c31a321ef5728e03f4258dab483da267d342bc2604961209d8e00c63bb1e2448a56cd209e6757af4a633410c2a654aced9f1f4740196c48e124be77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | ac262e8139ec808763e696a86e88f8b4 |
| SHA1 | a805d357873fda583b1ee4ffa974b6fa84b6ce98 |
| SHA256 | 1fd76fbeaee5c5c3ed5ce673ace91c6b62ef5e9b6ff99c0870d7a892067eb9ec |
| SHA512 | 7cb645729c0e96505a76635fcef95fd1c5de37de002bbe7b8fb0fb43282ca67223c613047a73cbf573919509d35a8a7e6b54182ec63cb825004a8703e93b1c6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 9a65d688a9c047e6cac29ef625f0ad96 |
| SHA1 | 824024fcf0447edec9c971b5cdc4dc8dd43e26c0 |
| SHA256 | 6c79dfe18026a7094efae31e99932161762eb95c07edbd2db432ac98c4974e06 |
| SHA512 | 92cda8639597c8b03c5dcd17428583276efbfa3b49600150092ee4750bc8af13f3007428d2bc4e1c81e5d251232d7d85809b0c1f46f3fb3728f086dd90495741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | c169dd60d11f9d25c380f653212023a7 |
| SHA1 | a77a928c55e646d1d6be7fbc6ff038997acc70b1 |
| SHA256 | be146ccb0e873a5a49c739d91e8436e01f2a388dd4ba1314a97d08ad026bd8e9 |
| SHA512 | ee2fc990bff9e1ab0ad0be157730f22e49669084232e2de3a50e870f6e0e1a1f0cfa7b537cd67e6652058a93204dac08e16c55e6471710a9fd7d4929a3b6edf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
| MD5 | ef3a676dbb510a5314f4632d255deaae |
| SHA1 | 25af3bf29b7a4b42215a422157e8f6a36a82e4a4 |
| SHA256 | 100aa63acc59a6c3dc49c2287c6a4a8f16d2334a0ebe1ee288c840a04ad4bbc9 |
| SHA512 | 91bf6b95a307ec43bf8ce3db37fa360956b359d0356763bcec2e8bf9c019cb7ac2d0e29826f6fac943923259f90e9b7070a2e6287b7139a5dec3ff78516b9423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 85847246e1f6d4095ab9954dddae1bbf |
| SHA1 | 93ec771956ab002a56592128af17f867e6597e4b |
| SHA256 | 0f26600ed114f7e2a04a413a13bc05ffb218e8f2aed0f6607bd6fbd626a79895 |
| SHA512 | 3691ff85134db3c1c232936b1b82f832f8c23bb83a13dea88daafdff32d0533e826b783642978e12bdea30aeb4d8fbf19293a8cec5107da02f73021489eab5d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 1e4cf212873239e3538537fcdf3e4ed1 |
| SHA1 | 1fedf635f1928b4b8238b01a84e1b03d6fed558d |
| SHA256 | bfb831b8db8e9737365ff002a72a2bf41acb6205d69ed77825105ca4fad80ae9 |
| SHA512 | 72f0b015e62c1d3a8eb8713637d3cce35b874d77573a95c18a006240afdd31c663f1a17de6bb7e6116ddb8747becebda14772c964397ff474c1e2ed43218b0f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 286978fbc9e06965f90f0a215e552c20 |
| SHA1 | e93351c88840e0ec4576a4eb6abf8233dda30374 |
| SHA256 | b7cb5c4c7fc307068817c157359bf3c3f71c36c0099ca5eba52fdca74e0287fa |
| SHA512 | af87d5aca2a4e9e525d8cc0885eaaf9e453fc6262515e7524a76d0bcc6f19a54c5c6f68943a87bb17e4a58a80bbf62bddc9102da4430a94fca0f007c664111fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b573cfe0-3caa-493d-a8bf-c19ef1ee7a81.tmp
| MD5 | fd572a71edda84336a1268dcc39f24b2 |
| SHA1 | 379feae4a5866e104c84e6a60fd4ce2aae5ae6f6 |
| SHA256 | a30c2e5c68cdc4b6fc3190680ee021d235e920eaee5b27d4346fe38cb5b4c217 |
| SHA512 | f860255daebddc45d192c6e9928e92fb771cdc4c99dd04c06d629e0d4298c89c0d0309cd64fb26acfcb42492a7c2b28aaba501f629219b560ae47c165370cfe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f68d03bf53ebb78c3bc8999055c10f6 |
| SHA1 | bb0298d65bd3adc5b6941a4e9761afcdc6a4c1cf |
| SHA256 | 790eb4a6cb93642e3895552a6294146f27a7f6ef72acd3443fe79067a7b7bfc5 |
| SHA512 | e30773275bdb1f024b92ead584c744ccb95a8f39a43babde96e47f8249a3d69d981dc801cb15f6988d47b9660bd29f24ba689f6ffcf673b90229fd6487311a7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | be83ff7e038bd034381a45b4bdc0e87a |
| SHA1 | 23c2c7e6db074a7531c0ebfc9752997b2ff1e4bc |
| SHA256 | 0c9c49b2337e999152183f6aad263e6d41451f22cfc4942baecaca1c4da02141 |
| SHA512 | e3f5abf1051630b86b563422c34cbaf3e5512afff82fb6ab4234b28bb2fa488caa1b20a142808ceef7cf20fee6775d18040ca7b507163bc469f20355d6990d71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d22afd1e96909f01c49331d8e8928d84 |
| SHA1 | 90d0b68e1a5a25432d7f4738be27768cc2db4341 |
| SHA256 | 69214548f15ed8e1f81e2e96e423878c50d32236054234ef8fb467bdf747cbaa |
| SHA512 | a362871284283e412610eb5859064e0bf0a58b7161347c1cdfae21d2b745043d12efce61ed1d7d293e1f0074f163d46362759b633fa2f7bdb97734fbdb6bc189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b7a45a194ef3c03eef32583455d121ce |
| SHA1 | 7c66757e43b4f0592eebdfc593240bdfd97c89cd |
| SHA256 | 015fca7fb1cbd93499603001bd0c61ad4d82c77ce4c0fd084e738ed1d11e4120 |
| SHA512 | db29f85afdabbdcb24b6e62729c51d129752913f641e8045855e0373d1eb72c8efbc3bfc19e9d6e7aed8a28c3fe283db3ba220f2412c04c6d8f45cdd90ca8ea8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 784719e82691cf94235f463ac59fab70 |
| SHA1 | 18b51701afe7a15134c76ed9204926a774614406 |
| SHA256 | de952c074e96bd5434776d3286afb09ed9efaace755e305fde73be0e776a24e3 |
| SHA512 | a88d319487e776c34edbc5ae38e1f117dc2aa8dab50bb590569e6dd8a7412c8792a2d19460b21332bc01551cf6bd6275f889eb98ae637f78d7c50ec0e1c0aeef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\488b5932-3a3c-4655-8114-2e1831b31768.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2980f3586933c1cd20a25e00d47740fa |
| SHA1 | f152ea2b259a7caa304091c8882a29a93ea7c12b |
| SHA256 | c27381100576b0411f220d97f27fe2b3660ac0878dde653e808bb64cb7548c82 |
| SHA512 | 17eb357114e28c9941040a901f2f41a58f920a86af4770bad4f72077ce067c15c04b322b260a1a8b49f9ee87f9572e6d4c2699820648bac90ce41304fee984df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8020a2cd07e157d02738358b6953b77 |
| SHA1 | fcc90f279202c421f32248f109068a475d2b7b05 |
| SHA256 | 3c0506bc9bf5a280c6eb44c7349911c9af6ec934de10dd5b6a7b3d5201c9f5be |
| SHA512 | 9b93ae1c44a3a54a79016ee3f5d8d2b1ad65c8a9162d78253b697933e0d12c3f35432c45a3853a8c67cbe983ec2e18b657b41cbb3e44a526a1cc5ba095070ff0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4a135fe0a078e8e7eb7a3e89521aca56 |
| SHA1 | 6672b03fe7ea812661c2de971fcacd04b9522040 |
| SHA256 | 31d952de8220d6f6936bafa6bae843033e328421f451a8f4eb03bfee7277dbef |
| SHA512 | 15189c2cbd78d189cf1ed1fe35dd7dd5cb064c286058f3b6ecc8305b529fe030a1f9d9859a72d9d57b22ce0388fa61238170891accae60861f8840973c5b52c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2e79665722ede2dcb5232389ed2f9b9b |
| SHA1 | 420523240bb9930e209649cfdb1a647d79c60382 |
| SHA256 | 1b4e9b9bc4e2d88e33254fb3eef47f825b462e0004d48a3e6901c1f9cc2366b2 |
| SHA512 | 2632fb92afc74fca32038dce8c2b76e538c3875073b0d798d98317bd6f7c4ff10b33ef62f17aa16707c3edfa67752e0946687a49205b3d3e900b186d91a08ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b90f5798b257c403856a23c4696d8282 |
| SHA1 | 30699f0e9ad40906ab8ac6faf2cc9a2b4d310d7d |
| SHA256 | 03491f77688d8a6e44713afa04137c9f0959b9aef94a196e6402f546de1c4d1c |
| SHA512 | 5fafc42fb0b220f7e404b62ac0402327abd2eff9bd7cc5f594c2ca48e961bed5b891415192ee07a608dcf9e34fc09f8ce54ddfba1c2ebb0959bb86c02aade94b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b4809036737e9ef6a412c6ba49dd65d |
| SHA1 | 7bb6699cd78bd834bc8d6ffd66aaf174b26c4cdc |
| SHA256 | 76560329eea2249e14f192d748c1a58cecd3296d12275de242181da6c7d01fe3 |
| SHA512 | 43221081750d538d17eecdfc06e97134d2c5ed9e7e09bfb441df57c81ebbf8d051dbf742220ad03749a0bcd2e3745fd519fc8a50aa2659b1c00fe6771a23516f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8b0287e7f5d4f411d71bb3e15555e545 |
| SHA1 | decad3968ad61e6e636aadc07f4c92cba922d339 |
| SHA256 | de0f438b95b773ae1dc25a69ec54c11b3e028ac91cdc91970cdd7ef32c4df53b |
| SHA512 | 42bf7d0fccc7aff5b499e103ef9e484b4f73a19b3028a0108ff143031a27aa3c1856b8f8066c7793f277fd3155341fa4ed9f2afd2cc72cfe9d2fa1fe7036e9c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e1d4962b16f2693a48b1138fabc7326f |
| SHA1 | 423d9d40aac52972a8c198bd36e58792f5f8b799 |
| SHA256 | bfd021a043cb5f13ffca050d57774a459ae68bb935745046bf3f0f51fbbee89b |
| SHA512 | 0902f14d235108a5d0696e9134e8ced6c0208daa61cb9460bfff405b6905ac4f0584659dcceabbacd87d2c9be263188d81f41de0a4bda0485ca02b4bc9c7b77e |