Malware Analysis Report

2024-10-10 07:16

Sample ID 240719-zbnlqssbqf
Target target.ps1
SHA256 8b4747aa987fa7da30a7108189508b38b9c1728a2712ab3604e77b4787634943
Tags
evasion execution trojan upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8b4747aa987fa7da30a7108189508b38b9c1728a2712ab3604e77b4787634943

Threat Level: Likely malicious

The file target.ps1 was found to be: Likely malicious.

Malicious Activity Summary

evasion execution trojan upx

Downloads MZ/PE file

UPX packed file

Executes dropped EXE

Checks whether UAC is enabled

Drops file in System32 directory

Command and Scripting Interpreter: PowerShell

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 20:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 20:32

Reported

2024-07-19 21:08

Platform

win10-20240404-en

Max time kernel

1799s

Max time network

630s

Command Line

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\target.ps1

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658951412707194" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002eb059e18986da0198e01ad89586da0198e01ad89586da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\rufus-4.5p.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\rufus-4.5p.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1412 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 60 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1412 wrote to memory of 2972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\target.ps1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4924 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2952 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1608 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5040 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5124 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3164 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6056 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2188 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5920 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Users\Admin\Downloads\rufus-4.5p.exe

"C:\Users\Admin\Downloads\rufus-4.5p.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1612 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6612 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3988 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5484 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=972 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1844,i,13792311925833159372,5291134783748076580,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3876 --field-trial-handle=1804,i,15724967360191769521,5214726828733096583,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4592 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4572 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=1880,i,2063732430472180582,15966817994463326749,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
FR 216.58.214.68:443 www.google.com tcp
FR 216.58.214.68:443 www.google.com tcp
FR 216.58.214.68:443 www.google.com tcp
FR 216.58.214.68:443 www.google.com udp
US 8.8.8.8:53 68.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 172.217.20.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.18.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 rufus.ie udp
US 185.199.109.153:443 rufus.ie tcp
US 185.199.109.153:443 rufus.ie tcp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 136.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 216.239.32.3:443 beacons2.gvt2.com tcp
US 216.239.32.3:443 beacons2.gvt2.com udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 142.250.178.142:443 fundingchoicesmessages.google.com tcp
FR 142.250.178.142:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.142:443 fundingchoicesmessages.google.com udp
FR 216.58.214.161:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com udp
FR 172.217.20.163:443 p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com tcp
FR 172.217.20.163:443 p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com tcp
FR 172.217.20.163:443 p4-cytndg2epoa5e-eezps3j4xqhdcuty-if-v6exp3-v4.metric.gstatic.com udp
FR 216.58.214.161:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 valid-fixed.gexperiments6.com udp
US 8.8.8.8:53 dnssec-nd.gexperiments1.com udp
US 216.239.32.55:443 dnssec-nd.gexperiments1.com tcp
US 216.239.32.55:443 dnssec-nd.gexperiments1.com tcp
US 8.8.8.8:53 55.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
FR 216.58.214.68:443 www.google.com udp
US 8.8.8.8:53 ubuntu.com udp
GB 185.125.190.20:443 ubuntu.com tcp
GB 185.125.190.20:443 ubuntu.com tcp
US 8.8.8.8:53 assets.ubuntu.com udp
US 8.8.8.8:53 res.cloudinary.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 20.190.125.185.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 172.217.20.194:443 ade.googlesyndication.com tcp
FR 172.217.20.194:443 ade.googlesyndication.com udp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 185.125.190.20:443 assets.ubuntu.com tcp
GB 2.18.108.33:443 res.cloudinary.com tcp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
GB 185.125.190.20:443 assets.ubuntu.com tcp
US 8.8.8.8:53 33.108.18.2.in-addr.arpa udp
GB 185.125.190.20:443 assets.ubuntu.com tcp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 10451423.fls.doubleclick.net udp
GB 2.22.139.144:443 munchkin.marketo.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
FR 172.217.20.166:443 10451423.fls.doubleclick.net tcp
FR 216.58.215.34:443 pubads.g.doubleclick.net tcp
FR 172.217.20.163:443 www.google.co.uk tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
FR 172.217.20.163:443 www.google.co.uk tcp
FR 172.217.20.163:443 www.google.co.uk tcp
FR 172.217.20.163:443 www.google.co.uk tcp
FR 172.217.20.163:443 www.google.co.uk tcp
US 8.8.8.8:53 144.139.22.2.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 166.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 066-eov-335.mktoresp.com udp
FR 172.217.20.166:443 10451423.fls.doubleclick.net udp
US 192.28.147.68:443 066-eov-335.mktoresp.com tcp
FR 172.217.20.163:443 www.google.co.uk udp
US 8.8.8.8:53 68.147.28.192.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 script.crazyegg.com udp
US 8.8.8.8:53 www.redditstatic.com udp
FR 216.58.215.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 scout-cdn.salesloft.com udp
US 8.8.8.8:53 serve.nrich.ai udp
US 8.8.8.8:53 snippet.maze.co udp
GB 151.101.188.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 p4-cytndg2epoa5e-eezps3j4xqhdcuty-145793-s1-v6exp3-v4.metric.gstatic.com udp
US 151.101.65.140:443 www.redditstatic.com tcp
GB 173.222.211.56:443 snap.licdn.com tcp
US 104.19.148.8:443 script.crazyegg.com tcp
US 34.117.77.79:443 ml314.com tcp
FR 51.178.78.162:443 serve.nrich.ai tcp
US 104.16.72.105:443 scout-cdn.salesloft.com tcp
DE 185.60.217.28:443 connect.facebook.net tcp
GB 143.204.68.56:443 snippet.maze.co tcp
FR 216.58.215.35:443 p4-cytndg2epoa5e-eezps3j4xqhdcuty-145793-s1-v6exp3-v4.metric.gstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 88.221.135.104:80 apps.identrust.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 54.78.34.191:443 w.usabilla.com tcp
US 8.8.8.8:53 t.co udp
GB 143.204.68.56:443 snippet.maze.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 151.101.65.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 scout.salesloft.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 34.117.77.79:443 ml314.com udp
DE 185.60.217.28:443 connect.facebook.net udp
US 104.244.42.131:443 analytics.twitter.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 151.101.129.140:443 alb.reddit.com tcp
PL 93.184.221.165:443 t.co tcp
US 151.101.65.140:443 alb.reddit.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 54.158.232.70:443 scout.salesloft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 104.19.148.8:443 script.crazyegg.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 56.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 8.148.19.104.in-addr.arpa udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 105.72.16.104.in-addr.arpa udp
US 8.8.8.8:53 56.68.204.143.in-addr.arpa udp
US 8.8.8.8:53 162.78.178.51.in-addr.arpa udp
US 8.8.8.8:53 28.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 191.34.78.54.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 140.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 70.232.158.54.in-addr.arpa udp
US 8.8.8.8:53 tracking.crazyegg.com udp
US 8.8.8.8:53 pagestates-tracking.crazyegg.com udp
US 8.8.8.8:53 assets-tracking.crazyegg.com udp
IE 52.215.76.52:443 tracking.crazyegg.com tcp
GB 18.164.68.53:443 pagestates-tracking.crazyegg.com tcp
GB 18.154.84.75:443 assets-tracking.crazyegg.com tcp
US 8.8.8.8:53 prompts.maze.co udp
US 18.235.216.163:443 prompts.maze.co tcp
US 8.8.8.8:53 js.zi-scripts.com udp
US 18.235.216.163:443 prompts.maze.co tcp
US 104.18.37.212:443 js.zi-scripts.com tcp
US 8.8.8.8:53 75.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 52.76.215.52.in-addr.arpa udp
US 8.8.8.8:53 53.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 163.216.235.18.in-addr.arpa udp
US 104.18.37.212:443 js.zi-scripts.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 104.16.118.43:443 ws.zoominfo.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 104.16.118.43:443 ws.zoominfo.com udp
US 8.8.8.8:53 212.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 43.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.18.37.212:443 js.zi-scripts.com udp
US 8.8.8.8:53 divergentnetworks.mm.fcix.net udp
GB 213.5.132.18:443 divergentnetworks.mm.fcix.net tcp
GB 213.5.132.18:443 divergentnetworks.mm.fcix.net tcp
US 8.8.8.8:53 18.132.5.213.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 8.8.8.8:53 www.google.co.uk udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 172.217.20.163:443 www.google.co.uk udp
FR 172.217.20.163:443 www.google.co.uk tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 216.239.32.116:443 beacons4.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 172.217.20.163:443 www.google.co.uk udp
US 8.8.8.8:53 beacons2.gvt2.com udp
CA 172.217.13.99:443 beacons2.gvt2.com udp
US 8.8.8.8:53 99.13.217.172.in-addr.arpa udp
US 104.16.118.43:443 ws.zoominfo.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
FR 216.58.215.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 udp
FR 216.58.215.35:443 udp
FR 216.58.215.35:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 185.125.190.20:443 tcp
GB 185.125.190.20:443 tcp
GB 2.18.108.33:443 tcp
N/A 185.125.190.21:443 tcp
N/A 185.125.190.21:443 tcp
N/A 185.125.190.21:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
FR 216.58.214.68:443 udp
US 8.8.8.8:53 udp
FR 216.58.214.68:443 tcp
FR 216.58.214.68:443 udp
US 8.8.8.8:53 udp
FR 172.217.20.206:443 udp
FR 216.58.214.68:443 udp
FR 216.58.214.68:443 tcp
FR 172.217.20.206:443 udp
FR 172.217.20.206:443 tcp
FR 216.58.214.68:443 udp
US 8.8.8.8:53 udp
FR 216.58.215.35:443 udp
FR 216.58.215.35:443 udp

Files

memory/2768-3-0x00007FFD0B763000-0x00007FFD0B764000-memory.dmp

memory/2768-5-0x000002A3A7670000-0x000002A3A7692000-memory.dmp

memory/2768-8-0x000002A3A7840000-0x000002A3A78B6000-memory.dmp

memory/2768-9-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

memory/2768-10-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ipdqcmx4.e5k.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/2768-31-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

memory/2768-35-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

\??\pipe\crashpad_1412_SAGOWVMDZOCUKQMY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5737671e3eab919c8f69e0e8b28fb6d
SHA1 ffa89a78e404934c90bf9378d310d1c267920ef0
SHA256 314f1caf8ec2bfc5739c732a2a80f60cf02f2a823c7ef23990c9e03672431c56
SHA512 978b5e5d6a7184db069fabbdb92dccea20a2a1d9771309ea4787c8b4f5a19bfa262f5791fb08660946a8db7ca5816814ea95619712974a71f1a27dd711c5351e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b013377918240bcf1d52b938c5bc256
SHA1 3751a6e3d4e9454ebaad7bf313374a89ab7d44c2
SHA256 273606246d3b24ec6f4f5ce1d2581ac00d7757d5f803f3ff78918fcc18bddc8e
SHA512 26ff027686444baae74faf4f6646944a2f6607f802104ce08d3734b2006159134795eeeaca6763ba6f0ade5e0f5f94a589aee39da06386a44e00b6096504bfe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d4e9dcf5919919cb56d8e5a900f34343
SHA1 711de1d618551361c94ebf510f191628d7f90b8d
SHA256 67a7e259928ffb6f6bbf8107ba448ef9c9336ed4cf307b12e9542c919d3c28e6
SHA512 4f1cd01b34b818f512110f56d2d87d2852365d2b00dedc82e9fa9a32e41cca96d5bfd6a5f4933d647f0fe060469a2b6e8dc7c934c6dd0063112a7532f8fb7a13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 be848f8ee93e3687eb8de77183d4acf3
SHA1 108faf0aed520ce0709ea3154c59fa949841f5b3
SHA256 b4ded9c7f59011cae185012cd2807ffd5b0ac720f842575ca7e83b1643f82266
SHA512 4881d264c7e8d04fcd70fa7a758dc72a57675ac16a654017e9294d3be12c1097e08690a90522943d0a1fc3064af7fdd557a53aae84bb26b272afccf8a311a548

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1286548eb1b6388d4b00f7b9f59a769c
SHA1 f041e255f1e7ec12bd500e92fcd5b6d94d7f638d
SHA256 581789a566f7b5fba64e1d8324b3d4e5c234e140cd26d928ad6e5e15e5a321ec
SHA512 79844b81f31a55f338c9bfc2f78d114089176164a03298f143880fcfe56d74b12112f563d1608ce0666ff15b00435f800fa04ddf143fb7656f3a9016b0421b2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 29b5bae3fe3ec02972812bf044f3b8e6
SHA1 ddc9016db62d6cbab646702d0a0621d3cc60b5af
SHA256 48ae40e36190fafda7b193763b8bcb896eb42a378ec37d233582d42cd76c3e87
SHA512 193cd2366dfbccb32d1d53d123a374e3cb8955d2964ddcac8c04cb7560dc667d6d792f109c96636fbd412f94d89af343525e340eac0db3a18a131f43756db2fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a311472780a5fa4b2e1960fe8d15e793
SHA1 3353d314912113f8eff15493092cd79400b68b72
SHA256 354d4173ab272ff1d3bb2ef3113b83cc4452b2a43e7f38a81cf3f991d0509a3e
SHA512 775bc0ec409b26c0ecc4ea271300c07c7fa8206ace0b447c2674ae8e2bb1c51cb64dd07f24419b785dea9b4d335893da6293768a380c28f9ea20469ccd23e97f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56d73a440328db8f7c6d4ac3ca60df69
SHA1 ec31717a30315acd64252a389fb5ad18fc5ac772
SHA256 1727bcdf4213dd5a97092782e021af9e1ed4ce485c9a8eb18ffc99d513cd94b7
SHA512 926e46bac52f7071e55996e26119789342191f0b0a717c99db36411af941a4d0b75b1435fb97ff8d7fb1d8c8d8517da2fe002bbd201cb8192f2fa875cb307409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c28f05abf2e00a0ea49c7215eb731109
SHA1 653e99ec559bc92eb497eadb344d39b0ff5ab5a9
SHA256 7f746438a5d4a1354bcf4d4153f02adf4b6ff4933285df4afe8f26862d788560
SHA512 41782119e9a4daa4e5e3f994c0ef0594cf452a5c8422598d989f428dd8e8a3f8d551d70f35096b496494afa3ca0650d502ee3b91a3c1b4602d1aedfb03a143da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 227fe034b8395a605ed89fe9fe9b15d7
SHA1 1a32bf7bc1811248026376201f358ab69d44bdbc
SHA256 d6814241a0d8b06413ecf2f7ab081e2966e78ffa8f7cac38c9af2ba35b153d12
SHA512 540c856b0b9dece8608fc7a6c2f1e4c9c39d8bf4da3db3f4b197174d30fb20ed33cc0b23a7dfe18777b94e5233d3b1dd5d48fa2e7fd7df6d0d8c7be351fe43b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2be59c723084e77ab55bdc95a1209b4f
SHA1 5e14287fbd3a63068826b619761850916d9436eb
SHA256 b7747d5ad410bed3b6501b9cb4520f739dda834a3b895dd01520d0d806e59ae9
SHA512 6a2e7966a4a22465b842fc24358e9dfe8a77d0ab9483a35c59d893d8dc1e29137f2a03c4df800dd25aaa835a114d6f233eb75940fab9893de30a53a72459d418

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4431f723546c69cd94e89c6c09bd4ba5
SHA1 89072faff462dc3033f4aedca1aa4fa7f60823c3
SHA256 fffab7db3cb25f33461397a7a7b1db62d22b1bf79dba2ea4b09234794f363e1a
SHA512 78c649177d529ee1ddd45158f10ed33cd043c6f03bf63af767ec1d5a163879c8b7b740003591ce6b7e0fb311442833dc8243b4aef8f568d9d0c35e2782ccb7b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b876890a65123d372e290a6f3c917dc8
SHA1 c57cefa6267633ea6ba015694896f12a0a9a138d
SHA256 5583cc5089be2e498547e2180d231da38843b69e6a1c9bec42c3a0b071789291
SHA512 0d22c39921a31470995f6c0281b65d1380dc99e88823648cb7947f14a4721fee3e44a614639e6d456a7a794aab6391073c5236518f86563a91303884780d1fa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d899dd52d1d5357b1c3974900f1fc88
SHA1 f96c9ea2bd8efdf669dc70012a1fd895f3f7fb34
SHA256 e5edd08f22d84e358f1bbe8eb6b986dadb2d090cdfec5a7127f4aca0e2a6cc43
SHA512 94fbda27f56bc6e7cd7e5125a8e3aaa93001e47b4294fff196ba2b58707d12d40cf6d77d70ca4a609f6b69ef57b316379f0af7791f8ae010aac59eadb36b45f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7030bf7e410254e072359a413a01c26e
SHA1 aeae40a762a7fc538e7bfe5a54758ea78fcf143b
SHA256 1ace3a55c529787a645df3ddbf33056d90df75d5264b5d9899d99223e101142e
SHA512 8f3835055c8826e6915a1b8b719904d47ed6941811894f3d1ee089a172819b5159082865fc151b3bcb5d9b71a53c522f067a591c75d91e8fa39c08beb5f132e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5913bd.TMP

MD5 c780355e1d4c9b0c94ee1defc024bbdd
SHA1 f0b059be50a33b22be1bfecaf625c7677af3856d
SHA256 c3f0081d0b1f0872c3e4b9764c7a3ec6c42be32a2c4a959c456749fd6a7f60d9
SHA512 c69bfe978b9f99348f5c6b0f897f6af5ef930142698a81c11587da7bf38a00933f4ec0c8134d1af919eeab14492db966f3202168753c85b5e8be2d62eb35c1b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 4a2961dddc7ca6732df1c0646aad5129
SHA1 ff0b7265d2bef3824709ee3000621aca2d2c8724
SHA256 58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597
SHA512 82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d54f191c313c97495a1cbcfb8fe30aa8
SHA1 0c576f9f98c3a72e8a2338c145c3d8706ae9cc32
SHA256 6a6f43e34a7ebe0471f1118d78dc084c7a0b5933f1257c6752ab29863b8e9df1
SHA512 5bc6cce6a30ed92d898d10a8317fae728bfb184930d81ea398f546f2d4381e7103538be51cda31c7d4fe957c23d6d3f1e88da22345c2900b8d4a68b3d14db95c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 25252be4e3ca22b92cd200904b2dad1d
SHA1 fc9213d3fda3460410226c698bbafb205e54de2a
SHA256 b3c17e793a2fed88b3275e47e16551f3c78d27c900bb094418631c5954c0f71f
SHA512 4ab64594f251953e0725cfa62ea2d7b6e537cd4431de58c54b49267c33b85a501d992866f8c63799e1627545cc4da5c137539be7c16d67d661d278c0719ed366

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2270181a96341f3234d9acdddc713f6d
SHA1 9f72197229be96dab3c84b3cb4ab2503ea6834fc
SHA256 506f6a7e76353a645c8b4452bd334988482c5e918fe2e767de2bf1cc0aaf273f
SHA512 dcf0a8da26921c45dbb2e067a1f2f2bb5065cf5d85ec438131b52d866b803a8ac338cc043422efafd82a6ed3ca4cddf158acfdac1fd6d88cba50b6fbe4eb3701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0a2895c7b4b2cd398c401effdc98e6c
SHA1 c8793afc4733ab4726060d94fa3044597bd153ab
SHA256 02416640534b723431ebc8a7b9fd308f83e779453f807d260db713db7462e93e
SHA512 1cf9862642e2cd74dcd4fd45a360c9e694777ced06cfc5276c8fee2bb4c30df9f9828eba76941271588cca9bde0c9a86ee2cfaa58cba2b50db09d311ad7183ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2e803de4cf37188d99638d26fd07022
SHA1 a0e9f4bea675bc47e0067dde80424e10931e0552
SHA256 d8a25a0d56ccaa34e4175447cf984824f21ae9207e067c6211f4e4556f4848cc
SHA512 8318b18f22f19c086b16537a8b080f51c92acee9ab934baa762226c3ef69b26c33740528224aa0b443d47e7bd7de00dbc526d2b9d35706b55cc8b7fea3e14f85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10177b82ccf30bb659169fa9904baa0c
SHA1 d73d5322f5a5fc4f2c9741f1d6a54413b7b634da
SHA256 9c19946d86dc34dfc595a421360a2d51170ba76bbe28e830251fd3f05d85bcbf
SHA512 f8b6a5acc54853a109d5cfc69fc0d80b6db4300853cfdb0bc826c9a839049729c831901fa946cb3547a2007a710cab901651a6be4c7c6c1548cae1504469b7c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e764a97e728054e1669f9a35f53e90d1
SHA1 eac13e0400986e72b1d4d8e72e36108f0058906d
SHA256 ecbd6c5ec95ecf240b4fb6c1621baccb053e518823916fce9811794b1502b7ec
SHA512 6fa9372eea78ba993e58065bb84616f21c534fea10faa491d4e4bf501d18aebb8156df44b9ceeba7c34d309026b7817ea109acb2e07d12bcc6a12e264b0f8b30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6665ee6cf54116923f195d992f97c23c
SHA1 17decd56886c76cbfdff9fd7ac5f67070fe0d52a
SHA256 9f146cf4e77122475e566f4e847ecced8f75dbe0f37c88f6610e376fd863875c
SHA512 26ffe36593d6e7e174a9074593f41d9ad63713a5578359c7598914957a04d1124a01cbd285274d79ac9d070e25e4865a3dbe4340a6d939236b5e09e3bf216f51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 684fd8d2ab9feb40eb0856b4fec69bf2
SHA1 41ca1ad358ded7f0a51b2d046644e105246b9841
SHA256 3614cb398eb09db1b553113a2c497161c1c71f5edbb152545418c9bd517f6a82
SHA512 0f67648871bf009bda33f0c4d5be89f47a27d1aef2af4e8ee15e26c3ffde72ec56bd3dd7313d2ddae330ba7f925e917ffd069d301fe1795b217f2e97d03c5426

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0601cd7992a8b064a63903de0c8b378b
SHA1 306654fe6bb4eea846bca5c558131bb2b0e5f521
SHA256 eba2118cdd36436213b8ada2560b7732115730dde818b756b1726083f2ff9b71
SHA512 700ea3d499e9efa5547dfb1bfa6a3550c3537d30dc2423b624afc0a951040d1f7b38b7731db494592d621dc9bdf89f4438c5675e0eae270e382ed4f91f2ce309

C:\Users\Admin\Downloads\Unconfirmed 568495.crdownload

MD5 129e5bbf63d8299d027186eafe92754a
SHA1 c50bd94af6af186edc536ec6ff83bdd233586618
SHA256 c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b
SHA512 a87a4b44ec3ce37a0da546a805f688bd3a68b52d662a294b8193717f383938f99fa68e50dddf9f012aad7b51e98fd017f6b757ca15332d79a2bb6b882c379a05

memory/1652-527-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 f9a49a3e2415016fa85ddff0b8b38419
SHA1 f8c987119269e58d22a6b17ae2e8eca7744fb385
SHA256 14694dbee3897b6bd5aa596ebfd893e727179b67811920c174dc70e6eee8e579
SHA512 91ea129a51d2c3b342287c1250f5b0da6ba2a61eff11791d1cfae1f5c6dd2654c935be1452f4a681e794fd723a3c295e9bc9e59b9005aa4d8bd55ed36c9ad91c

C:\Users\Admin\Downloads\rufus.ini

MD5 1765d4b9c67091d365344e51ce3e9fc3
SHA1 c703d37761aa46a29b6dc81433e606ae2057178f
SHA256 ef2d018e1aae6c2e548da2128d6cf04c77dba92528c875243cc6f3510fafbd99
SHA512 d7eab3c0332f2b128eb7b8029fda4a2be453c885d773bfb2a03f162f4192c7ef835ed3362cde6a234ed85038c035db5e4afc6b9a3309c30af03705e92308eaf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 70aca268571399a5fac5bc4717b63433
SHA1 518975a08190926522938d28417cfa5d1434b420
SHA256 4c52229c931803bfe833dfe939e0d568cd2e1556e23a51c02fb6bdb05cf31022
SHA512 ba1725cbec1acc31f7292ac7bf31a6992923ae7311aa9accf8230cb7fb9eedf4f7db46b011cba85cf45991de240ed802042dde08d9a09fcdad1c57494041faea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 967210e9bccf27fbac2965f840e9edca
SHA1 edadbc3a6889b4336c2ea600e29dd6b1fad32fec
SHA256 05e0ead3a0ee1d914c7086e2c8a7891d45545e65bf35012706914d8f4c23c7ec
SHA512 4108fea3e330799eea06ddc397a61d54baf235b0c1608e3d14ec6b04242b39bc625538440a29898ad5c63757b3c10e4772c74c9fd3ff72e32746d2507751738e

memory/1652-688-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 7da3516a70be51b749edcaae58335dc6
SHA1 0c7b8dc06876d078bc2d98c8070166a2ff18e6a3
SHA256 40477e9a77b25cb7bc53ddc2e8d389072a7f47460f708efa21f3de75c008b147
SHA512 4e8daa93b96eed640b07daffc47d345f7423dcd32056a500a45da0a7e32b3eb718589508ddd156aadee77582972fdecdd4929eef460ea8ec647e11574b16dee5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 5581a54a66ff276c3793d92f793e8e28
SHA1 a38d7e21a9181a8c6ebf26d4cf50ade760b25eb6
SHA256 d0da2042f4d42646402554bd84e946b93d256f96352d5acb14c04d3bf47fa450
SHA512 a23c20e4411749749ecd5fa3a1e57aa2c23215694b05b7c9e2d5867bfec0681bd0c302d43b55e146ac251fd04b9e22077e52f4fef98286ac3a8b94a830b21957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 fdc0e3459d36ba0f37156be6a9e63c8a
SHA1 6113b69a7b0823c0cb1cf4b7ad7bd4347f18810d
SHA256 83b9a8f94c61ba9bf0ec1a8c68922331f4dc1f6f3c00734f41cf15cd9a39af29
SHA512 cb83b12a43837f038e7fa426c73a915262c9afa2e3d087d4f8216f8575976078771b6b38d1c7fe177a7c0139f52a9584b2a212d0e3575158824ece5788bb3928

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 316413ca020e77b1886e7aafaffeea97
SHA1 3baab91bf670ca1cb477ecc9bb81ef6fe364a8fa
SHA256 a3a186bf7b73ec7c80975ef6fea25da449b04b5e63fc16541faa4d317e6e42d3
SHA512 4cffca892a3fb9293e4cc4c944a04dc300c6fd52dd360bc6dd5df52e83aab212083442b7219297d5d03d10d2299c6cd23f7b00472ea74a411d11dc6387147bce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 001999001bbdb9f6d95731e667ef9ad2
SHA1 46ed6870685a3e3a10c2436689fec46f4392fd04
SHA256 4b037618503a130f7ce67544b722e610ee4bca5eb9935b3223eb48db10b56b81
SHA512 24ee2443ede04ccb4b4f08ed06d693b5b65b02588f65ba9414fae27ed71c478cd99b336aa7fa704ecfb31ea69d1324205f7f3c1aabf2bf5d1f7874135b286a60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a12e51ff484c43bd17aa5594fcc20166
SHA1 3cd1cea036042856fb26afa04cde2285eccb93a0
SHA256 318b0b73c219c51b7424e28c81fd6dd9309374cbee0de7ac8e8abc4fa73e2efc
SHA512 813098122873a9744d5c782bfab39e55ce42886942acc8b1d8bf399f56cfc8085256d77ddbb485f3d0f536d8d3232cf5d55bfcf57cf6b738923cbb9b1bf5f45a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 7e5afba21f00b2b5efa309dc0635dcf3
SHA1 1c0e9a12aa6bcb6e22a48e30334aa8f5ad473cd3
SHA256 29f508b365bd4cd203c9dd31cb879e452ca37c17478b82f8d6c4f175bf5fa1e5
SHA512 a3f71eedbaca43f9ddd00509ec8bcaacc920fe4f0584d9772639789ceea947fe2fcc967c75a49ffd93d95c22cc8a5158cf1bf51c853af9ca55f1b6050bef0c2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 cdd6fda1ae9ffb4b444e54c12aec495f
SHA1 73f2fa9d1c052fbab61ce8d1e2411eeab588e082
SHA256 ff2a566a48c3efb0f4cd85b800e65e60fa89cc3fa1e599eab5782ee761779d6a
SHA512 ca357133a9a74bee3062fafe49c844e8b2c877bf6d667b2ee3878d7ca486f916068ced6a8c00dba919dd8e7c7756feeb62dc43a520861cec61d1781bb391317c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 2ce36f40ae85275b8092c2840f51992f
SHA1 2cfbe1ac1b116b328d07b086a7ded7ca747b12a5
SHA256 f55c1c6d000ad31704fd9496b963d37bfcaebc5d3724ced6954765446aa1adc8
SHA512 902f1468a6161d982d96600fdf1872d787e75b3e3ec41356391157429bc11e671a162c8fb5cf177e424b45b3f3feb9d5075d9317d9fd6e82f016ec5cdca9c9d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 b3b180e9f2e00c210a7b9ead791ef152
SHA1 dd022e01dea40af9a985c5e2e0484574b78888d6
SHA256 41c91b45babd2d0eb0060e80bd1b38a07a8d3b874872d734f9d9dc06b4aea804
SHA512 498cd1d163b7892289b5c5a131773d35ca6e20e966e3131d29374da66958fc43307cb7f5c5f5cb2b89c2fcfcde77e3464e4aaa5b0d27c44bfa829d80850ab000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 a7228a1cbe8e2e06ee05d894567d4bca
SHA1 387915a365f4868ef0b19812612510312ea18e9a
SHA256 f3e72336b3cecbbe81201037916b1a4940c4204d80df53fac21f57333675ba0c
SHA512 3c5777218243a32338c4a8af7a7e4829e5184c95b911e207a0dfdd407067772df50af30b30f7a9aa03604c3f627ae70e963f2be461c1212b9bef4ee0326f8d99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 15fd4fc9890b37b1bab009ec109b244b
SHA1 a4208cce8ce1037aeaa07938528485f0f911d145
SHA256 9df9ed7e8f8eea21c349e69ededbac3ba02135ae73c12478189377a0f3e97449
SHA512 5a7f2c092b8db11163c39244809aacfcb51bb4c22b29ad73e4ab9e3a6e1922fe24b999f3c056894c72f804cfa4315b6209f92ff5a478e6d9dfc4ece0951fd621

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e9462ee5d602d0193afe2bc46628006
SHA1 ce4d4990e44b171b06b570fdbcba45070e26be35
SHA256 0fa80128f8f161ca2e003be6daffc65329ff3a28bb591356480fa893b878f1c2
SHA512 62fe4104b124292c03ef6c67589897b720d683f319ceddb0c646effa18ee29c5469fb5f7a5918a8c3bffcfb99d4479d363b3352d2d07a946aa29ec5c87bbc0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a68ecdda99998a478bf287a8c92d8003
SHA1 ab1040bf661efec2ed128d2e0e06e8f8051880d9
SHA256 2f6f584fcc9a1994aa53cd3ada30f4bc6c2a1e7bc4dba9103b6399505e0fb083
SHA512 cbbd243750b66183f28fde39d82f136fb62942b78b11c04bd6466ed680085e7173433318460a1672859e2f326b71a857b9d12a9b1b61fe5222a8d7907b315e7f

C:\Users\Admin\Downloads\rufus.ini

MD5 08f24f4f4939f125245222bb4cbce9f8
SHA1 a89716cb4e182bf9db89ccd9cd0111721b177e03
SHA256 38d8f56bce1a79976e66cfbe60457c5a94c88687078b8bb2f99ff4e4419a7292
SHA512 9e42c129133c8a8ca7241c2340b5d033d5a24189b094dd73c4f6e60b93b673cf497aeb9442f544546af42132bb6ea381bbf35346927d54a7e3227549b8050d95

memory/1652-854-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2f60c0264018f8ecfecdc9b741482fd
SHA1 4951381fb87b816a550dd1a48b9f6cbf36917095
SHA256 a867b6d8edc4d2a84bfa5343daf1d8f4b2736d5313822bc2ebff626f9df0ad65
SHA512 f70b273938cb73daa4a1c37dc8816d5bdf877960cd36138da3ab77518a171b5abaa1ad16e6528f5a46534acff7be206b248b6b78d0de6b2d2d6dcdb0fc3667d1

memory/1652-867-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 242869e8143cdf5b04d0330774b9d69e
SHA1 2948b0a67a1d240bfa16e920dd2a2713e473276d
SHA256 f3d938026849ff51c90edf74d361d7e751ca6aca91875350e88ee7dda0a46851
SHA512 0d2132d1c3de3b8381a2a63050ca7e1ae02c56a62857bd6b25a2b24898c49acfed0684f7962a90975ec9f249dd7b2e653111a0ef6f175804387c58343cd9cb0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 471948153e2be0bf3e725d82cd0d41f2
SHA1 025491dcfabe076ec5ae0124ecd263f7f3067816
SHA256 8ea85fd6d9ae954b49a89471a34400ea99d240bd025597114ad89950386cb0d4
SHA512 72524fb0cdf084f923138cb365acafd6b38a217774d91f82a4d67ea34ddad5c1737fd87e8862a546721c1c1fa07c326e29a4221095202fe26f5d1bb0f8677951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 097e16539a6f175dd47316072a008caa
SHA1 5e354936e9397fb1a6fbf949a94c818cd1921b1c
SHA256 dc91ded270463310fc7f9bbfff2322b16b25e73655e69a9f9d513084f40c6d4c
SHA512 c574b60f0c01203b2b9476917e1ba3349d27583c93eed021d55189b51fff7d560a27f15c06f21a6067b474a80e04c22781014e4b06219c6730b9ce09c93d9bf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ebd693207466a125318a6d0ea8eda60
SHA1 ad4953953c3e776a7383f153e95f30a92005ad12
SHA256 889e5f94e86ba985ef1d15746df4a8566165f46fab0b452832b93ea79ffd7474
SHA512 2ac0a29a065509c21730082730cf36b4c04e8b09d1c7d96f64a5b985b333204bc319f008681e4eaeba9822935d0b96ee7471be2b5b6f318e3a0e0f84077dcf59

memory/1652-1068-0x00007FF667FA0000-0x00007FF6683BF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 a03d8ed88c99c770f51c9f6f545c46d5
SHA1 e3ede24d58497dff81db26e39a564fd9171bf3ad
SHA256 d2936f76c2f6823f3f206b351387199ef2135d1bebb032441d0a82b26fcfb508
SHA512 7866d552cb33bc1bcb02ede33ab259bd5f32b5bd93b8fb729d674b27e2c6af116374a1f48b613e9ff2d39d73f3beb1a27a31eaf913fb0fe2c4f30a94ede96923

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 def103ceabe1f02701a2b33e7c513d81
SHA1 2c967ee797f9facb54d085e99523cc88c0c4ed67
SHA256 45e121283845792ff2ee5bc626a106b0e2ed280576de98d0ba3d7a73937fb42f
SHA512 4e7cc10f1028f7deb9b1416f70b1c7071dc3c1dd2d41c23d4f26032f7d78fc41a6c688d7fbad0e0187dd103ab2714b6dfe3b1cbdd278e07a53c2934b975603b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd46fe3573ee248c7c1f3c4b9f15da43
SHA1 1e0ed4ac06fba5334f204c1677cd1e44ba7cf033
SHA256 928945196aed16eb7a5536655f270ef42d73f6f062e42868b9f1f6f762aff333
SHA512 283fc5543e174468d1a3c3ca04cbf8e7dbb19d639326ddddba7ba3bbef2eb2d610380485b0b887b751c016f1c45e5dc4215817b7d3dbb67205ce3153a15a01d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7eafb05a70bb1e53839a499db609b51
SHA1 b13cfae2d4f7af58e091c8c232af137f518d9e2b
SHA256 b909fdd89d693961aa395800bac2c64e25473fd40a349d6046c9876f33a232a3
SHA512 66d8bed431ab2223672582eadc6cec90c13eb5f51086aa71d22f276233349fb11366e864af8d37fb7a9fe9403ec1eee41f0e97c18ef0ce2644a2b7c821f5c2c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b711c830d6cee19c56242df9773ea260
SHA1 c61569d910ae7a8b14d8a26b833c55152f525f45
SHA256 eff0513c26e7bce07400d6198d5dc05f780a76bc30fc52f09624252ee843a5da
SHA512 708aa7d763ba49af65b9863edd0d5ce8bdad19d815a580d26e568c0cdf452ab8054723d2bd4edecd335386c3ac8132207479cb607427d16b46a497178ba8cbc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8f3843a9da63a7c396a894b5865b2f67
SHA1 2e7f9776d1ba8b15aea00d84eff977929ed70022
SHA256 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a
SHA512 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 43d585d9c688f66a5a9c27cada92df17
SHA1 d0feea65e2bf43ae58034b124c54735aa428945b
SHA256 6d170c9ad9f64b096cad8e99c004476875d42a491610197f84e82a44af2d9cd9
SHA512 e35e159e2ba38c72541952579e986801275e96d2ee8f4fb67b97064331f48689aa36e0c493acbfe90b261c6a57729300cf6aa26e5eed9a0d9e612658663898d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\094aef1c-b3e4-4a7b-aeaf-e8e3fedca480.dmp

MD5 975204fbd52de9c5e51fd0ad3443eac7
SHA1 561a5464ac73de7efa208e455fb43fac04a0e02e
SHA256 75f08a1b6257235a08a32c588b229b9a131d204847e1a48a305523776596e9c5
SHA512 af61f7fca8e8a8ac99abe68f395665bed04f66b22e2338751d97090e07743113a24761ae83fe7baea517d03aa2d628734e96d7686731d76ff327947a6e99086b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 cabe4baaa138c1bc9a5e9cc0d41f0529
SHA1 5b0ffe9dc48e8abc812f3305f807b60dd7602285
SHA256 3c0ae82290c155a09d0bcc4ac5482d16d83e32d7b8097570b3120700997c6018
SHA512 f435c6f982606bdbac720e11db0a711e71fe78f6dfb993718b08e5029a0739eb7f89a51bf477d2d06762926e2139ac4a6f21bcd0efd494e90c797eda17759e10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 6cffbfe2b300352db6318e626a0268ab
SHA1 b59042451b429ce4cb28b658beff5d017270656e
SHA256 16f941b4eca05ba95139d8ada191892207ffc2fdfd97b180873c4aaa411bb10f
SHA512 0b8edff1c67e41871592343c152d7ff363623ae6c1439964134dd830361ec37c419778dc81010c5bb8db2f96b3accdf373d6d30d29f077f458a2e4b5658a1cfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13365895140601268

MD5 bd813cdddfe4cccac4736ce00732762f
SHA1 b91ae4349309f58e5fc646cece60bf7f468ef56e
SHA256 76b19bdea7a331986de5feeceba5ebea472ad8417cd1a3e4f231c06724104d55
SHA512 5cf687e7a4132ae16fb338b4d4cda9f8a5a2610abb8ea4fed9090424e8c8df86a112e079e8e5d5313d1725e547a2c1ad98e79ca8f68afde12ff2ae2f6deab4de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13365895157384268

MD5 1bae923a1b22ed051f2260021841064b
SHA1 ff30fd3da64794bcb387742a0147b71abcf90370
SHA256 9b874c789ece05cdb8bfb36c20ec412bea37b234a2ceef49e7521289ac674d75
SHA512 bd96a17a94387a0a00efc1d788f5f466fff48e06f3645c73714590451ae96f9d656c1da8b48124f988cf0d843a17c9e70dde3850f0597a6f7b9ecfeffd84817d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 14d55aec15afd3ddaed8def480618921
SHA1 b2227f98544e47cc9d2ef3e9bdc14e1811274e39
SHA256 6ea3ce634cf81f355823162ef083a980cfd608cdfd666cbc537ef3663d3ab956
SHA512 3accbf553c31a321ef5728e03f4258dab483da267d342bc2604961209d8e00c63bb1e2448a56cd209e6757af4a633410c2a654aced9f1f4740196c48e124be77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 ac262e8139ec808763e696a86e88f8b4
SHA1 a805d357873fda583b1ee4ffa974b6fa84b6ce98
SHA256 1fd76fbeaee5c5c3ed5ce673ace91c6b62ef5e9b6ff99c0870d7a892067eb9ec
SHA512 7cb645729c0e96505a76635fcef95fd1c5de37de002bbe7b8fb0fb43282ca67223c613047a73cbf573919509d35a8a7e6b54182ec63cb825004a8703e93b1c6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 9a65d688a9c047e6cac29ef625f0ad96
SHA1 824024fcf0447edec9c971b5cdc4dc8dd43e26c0
SHA256 6c79dfe18026a7094efae31e99932161762eb95c07edbd2db432ac98c4974e06
SHA512 92cda8639597c8b03c5dcd17428583276efbfa3b49600150092ee4750bc8af13f3007428d2bc4e1c81e5d251232d7d85809b0c1f46f3fb3728f086dd90495741

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 c169dd60d11f9d25c380f653212023a7
SHA1 a77a928c55e646d1d6be7fbc6ff038997acc70b1
SHA256 be146ccb0e873a5a49c739d91e8436e01f2a388dd4ba1314a97d08ad026bd8e9
SHA512 ee2fc990bff9e1ab0ad0be157730f22e49669084232e2de3a50e870f6e0e1a1f0cfa7b537cd67e6652058a93204dac08e16c55e6471710a9fd7d4929a3b6edf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

MD5 ef3a676dbb510a5314f4632d255deaae
SHA1 25af3bf29b7a4b42215a422157e8f6a36a82e4a4
SHA256 100aa63acc59a6c3dc49c2287c6a4a8f16d2334a0ebe1ee288c840a04ad4bbc9
SHA512 91bf6b95a307ec43bf8ce3db37fa360956b359d0356763bcec2e8bf9c019cb7ac2d0e29826f6fac943923259f90e9b7070a2e6287b7139a5dec3ff78516b9423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 85847246e1f6d4095ab9954dddae1bbf
SHA1 93ec771956ab002a56592128af17f867e6597e4b
SHA256 0f26600ed114f7e2a04a413a13bc05ffb218e8f2aed0f6607bd6fbd626a79895
SHA512 3691ff85134db3c1c232936b1b82f832f8c23bb83a13dea88daafdff32d0533e826b783642978e12bdea30aeb4d8fbf19293a8cec5107da02f73021489eab5d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 1e4cf212873239e3538537fcdf3e4ed1
SHA1 1fedf635f1928b4b8238b01a84e1b03d6fed558d
SHA256 bfb831b8db8e9737365ff002a72a2bf41acb6205d69ed77825105ca4fad80ae9
SHA512 72f0b015e62c1d3a8eb8713637d3cce35b874d77573a95c18a006240afdd31c663f1a17de6bb7e6116ddb8747becebda14772c964397ff474c1e2ed43218b0f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 286978fbc9e06965f90f0a215e552c20
SHA1 e93351c88840e0ec4576a4eb6abf8233dda30374
SHA256 b7cb5c4c7fc307068817c157359bf3c3f71c36c0099ca5eba52fdca74e0287fa
SHA512 af87d5aca2a4e9e525d8cc0885eaaf9e453fc6262515e7524a76d0bcc6f19a54c5c6f68943a87bb17e4a58a80bbf62bddc9102da4430a94fca0f007c664111fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b573cfe0-3caa-493d-a8bf-c19ef1ee7a81.tmp

MD5 fd572a71edda84336a1268dcc39f24b2
SHA1 379feae4a5866e104c84e6a60fd4ce2aae5ae6f6
SHA256 a30c2e5c68cdc4b6fc3190680ee021d235e920eaee5b27d4346fe38cb5b4c217
SHA512 f860255daebddc45d192c6e9928e92fb771cdc4c99dd04c06d629e0d4298c89c0d0309cd64fb26acfcb42492a7c2b28aaba501f629219b560ae47c165370cfe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f68d03bf53ebb78c3bc8999055c10f6
SHA1 bb0298d65bd3adc5b6941a4e9761afcdc6a4c1cf
SHA256 790eb4a6cb93642e3895552a6294146f27a7f6ef72acd3443fe79067a7b7bfc5
SHA512 e30773275bdb1f024b92ead584c744ccb95a8f39a43babde96e47f8249a3d69d981dc801cb15f6988d47b9660bd29f24ba689f6ffcf673b90229fd6487311a7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be83ff7e038bd034381a45b4bdc0e87a
SHA1 23c2c7e6db074a7531c0ebfc9752997b2ff1e4bc
SHA256 0c9c49b2337e999152183f6aad263e6d41451f22cfc4942baecaca1c4da02141
SHA512 e3f5abf1051630b86b563422c34cbaf3e5512afff82fb6ab4234b28bb2fa488caa1b20a142808ceef7cf20fee6775d18040ca7b507163bc469f20355d6990d71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d22afd1e96909f01c49331d8e8928d84
SHA1 90d0b68e1a5a25432d7f4738be27768cc2db4341
SHA256 69214548f15ed8e1f81e2e96e423878c50d32236054234ef8fb467bdf747cbaa
SHA512 a362871284283e412610eb5859064e0bf0a58b7161347c1cdfae21d2b745043d12efce61ed1d7d293e1f0074f163d46362759b633fa2f7bdb97734fbdb6bc189

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7a45a194ef3c03eef32583455d121ce
SHA1 7c66757e43b4f0592eebdfc593240bdfd97c89cd
SHA256 015fca7fb1cbd93499603001bd0c61ad4d82c77ce4c0fd084e738ed1d11e4120
SHA512 db29f85afdabbdcb24b6e62729c51d129752913f641e8045855e0373d1eb72c8efbc3bfc19e9d6e7aed8a28c3fe283db3ba220f2412c04c6d8f45cdd90ca8ea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 784719e82691cf94235f463ac59fab70
SHA1 18b51701afe7a15134c76ed9204926a774614406
SHA256 de952c074e96bd5434776d3286afb09ed9efaace755e305fde73be0e776a24e3
SHA512 a88d319487e776c34edbc5ae38e1f117dc2aa8dab50bb590569e6dd8a7412c8792a2d19460b21332bc01551cf6bd6275f889eb98ae637f78d7c50ec0e1c0aeef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\488b5932-3a3c-4655-8114-2e1831b31768.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2980f3586933c1cd20a25e00d47740fa
SHA1 f152ea2b259a7caa304091c8882a29a93ea7c12b
SHA256 c27381100576b0411f220d97f27fe2b3660ac0878dde653e808bb64cb7548c82
SHA512 17eb357114e28c9941040a901f2f41a58f920a86af4770bad4f72077ce067c15c04b322b260a1a8b49f9ee87f9572e6d4c2699820648bac90ce41304fee984df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8020a2cd07e157d02738358b6953b77
SHA1 fcc90f279202c421f32248f109068a475d2b7b05
SHA256 3c0506bc9bf5a280c6eb44c7349911c9af6ec934de10dd5b6a7b3d5201c9f5be
SHA512 9b93ae1c44a3a54a79016ee3f5d8d2b1ad65c8a9162d78253b697933e0d12c3f35432c45a3853a8c67cbe983ec2e18b657b41cbb3e44a526a1cc5ba095070ff0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4a135fe0a078e8e7eb7a3e89521aca56
SHA1 6672b03fe7ea812661c2de971fcacd04b9522040
SHA256 31d952de8220d6f6936bafa6bae843033e328421f451a8f4eb03bfee7277dbef
SHA512 15189c2cbd78d189cf1ed1fe35dd7dd5cb064c286058f3b6ecc8305b529fe030a1f9d9859a72d9d57b22ce0388fa61238170891accae60861f8840973c5b52c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e79665722ede2dcb5232389ed2f9b9b
SHA1 420523240bb9930e209649cfdb1a647d79c60382
SHA256 1b4e9b9bc4e2d88e33254fb3eef47f825b462e0004d48a3e6901c1f9cc2366b2
SHA512 2632fb92afc74fca32038dce8c2b76e538c3875073b0d798d98317bd6f7c4ff10b33ef62f17aa16707c3edfa67752e0946687a49205b3d3e900b186d91a08ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b90f5798b257c403856a23c4696d8282
SHA1 30699f0e9ad40906ab8ac6faf2cc9a2b4d310d7d
SHA256 03491f77688d8a6e44713afa04137c9f0959b9aef94a196e6402f546de1c4d1c
SHA512 5fafc42fb0b220f7e404b62ac0402327abd2eff9bd7cc5f594c2ca48e961bed5b891415192ee07a608dcf9e34fc09f8ce54ddfba1c2ebb0959bb86c02aade94b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b4809036737e9ef6a412c6ba49dd65d
SHA1 7bb6699cd78bd834bc8d6ffd66aaf174b26c4cdc
SHA256 76560329eea2249e14f192d748c1a58cecd3296d12275de242181da6c7d01fe3
SHA512 43221081750d538d17eecdfc06e97134d2c5ed9e7e09bfb441df57c81ebbf8d051dbf742220ad03749a0bcd2e3745fd519fc8a50aa2659b1c00fe6771a23516f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8b0287e7f5d4f411d71bb3e15555e545
SHA1 decad3968ad61e6e636aadc07f4c92cba922d339
SHA256 de0f438b95b773ae1dc25a69ec54c11b3e028ac91cdc91970cdd7ef32c4df53b
SHA512 42bf7d0fccc7aff5b499e103ef9e484b4f73a19b3028a0108ff143031a27aa3c1856b8f8066c7793f277fd3155341fa4ed9f2afd2cc72cfe9d2fa1fe7036e9c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e1d4962b16f2693a48b1138fabc7326f
SHA1 423d9d40aac52972a8c198bd36e58792f5f8b799
SHA256 bfd021a043cb5f13ffca050d57774a459ae68bb935745046bf3f0f51fbbee89b
SHA512 0902f14d235108a5d0696e9134e8ced6c0208daa61cb9460bfff405b6905ac4f0584659dcceabbacd87d2c9be263188d81f41de0a4bda0485ca02b4bc9c7b77e