Analysis Overview
SHA256
7d471840a5910c80a884e9762ebf46875217d6975378400f9237a7c562f8f36a
Threat Level: Likely benign
The file phish_alert_sp2_2.0.0.0 135.eml was found to be: Likely benign.
Malicious Activity Summary
PDF has QR code that contains a HTTP URL
System Location Discovery: System Language Discovery
One or more HTTP URLs in PDF identified
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 16:57
Signatures
PDF has QR code that contains a HTTP URL
One or more HTTP URLs in PDF identified
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-03 16:57
Reported
2024-11-03 17:14
Platform
win10v2004-20241007-en
Max time kernel
443s
Max time network
445s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Sunny Nagra Payroll Increment Bonus And Payroll Sign&Review nfuqdz.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D0118E0AF6B5339833155F9243872064 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D0118E0AF6B5339833155F9243872064 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65FD37CF8946DEE87E33BCB73D3C7E09 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=675EAA791FDD30BF33064946F8C9C59D --mojo-platform-channel-handle=1996 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6E0E61298F73DD94927528DA74A89A38 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6E0E61298F73DD94927528DA74A89A38 --renderer-client-id=5 --mojo-platform-channel-handle=2000 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=19666DD64842A33CBB6DFE0412D36B6D --mojo-platform-channel-handle=2676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=719F863BAABC03F52657544897E0B624 --mojo-platform-channel-handle=2788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.20.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | e80553bfd79e364b74a43cd4861e0106 |
| SHA1 | 1c08e04ca391c29f15783f4545919c26a457aceb |
| SHA256 | 11bfd9d2ff1b979cccf16b326f8014f3ad7d393515d50bdb2e214d6588ea0524 |
| SHA512 | 11e4db53b866eb88ddee4dc024fe8c25ddfdd271a57da2ba94d5122c5f89a57aba633059271969418691cc963d8175920e9bc23abbc098194a98231ea5820d04 |
memory/3548-123-0x000000000B7D0000-0x000000000BA7B000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 16:57
Reported
2024-11-03 17:07
Platform
win7-20240903-en
Max time kernel
361s
Max time network
364s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\DYPCWK.png
Network
Files
memory/2012-0-0x0000000001D70000-0x0000000001D71000-memory.dmp
memory/2012-1-0x0000000001D70000-0x0000000001D71000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-03 16:57
Reported
2024-11-03 17:08
Platform
win10v2004-20241007-en
Max time kernel
432s
Max time network
435s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\DYPCWK.png
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 73.239.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-03 16:57
Reported
2024-11-03 17:08
Platform
win7-20240903-en
Max time kernel
414s
Max time network
601s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\SnippingTool.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe230000100090e24d373f126545916439c4925e467b00000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5} | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f44471a0359723fa74489c55595fe6b30ee0000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\system32\SnippingTool.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a0000000e0859ff2f94f6810ab9108002b27b3d9050000005800000030f125b7ef471a10a5f102608c9eebac0c00000050000000920444648b4cd1118b70080036b11a030900000060000000 | C:\Windows\system32\SnippingTool.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\SnippingTool.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Windows\system32\SnippingTool.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\WISPTIS.EXE | N/A |
| N/A | N/A | C:\Windows\system32\SnippingTool.exe | N/A |
| N/A | N/A | C:\Windows\system32\SnippingTool.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Sunny Nagra Payroll Increment Bonus And Payroll Sign&Review nfuqdz.pdf"
C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
C:\Windows\SYSTEM32\WISPTIS.EXE
"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5459758,0x7fef5459768,0x7fef5459778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1280 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3604 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3592 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2380 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1980 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2340 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1428 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4140 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1936 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4040 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4084 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1276 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2820 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1dc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1616 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4396 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3824 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4252 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4276 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2604 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3604 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1416 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1436 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=924 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=1316 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4040 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4520 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4400 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4136 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3464 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=2356 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4624 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3876 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=4588 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4864 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4292 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4312 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1384,i,11680225020202990005,13583506362613214336,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.178.14:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | scanqr.org | udp |
| US | 172.67.151.90:443 | scanqr.org | tcp |
| US | 172.67.151.90:443 | scanqr.org | tcp |
| US | 172.67.151.90:443 | scanqr.org | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 172.67.151.90:443 | scanqr.org | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.qrstuff.com | udp |
| NL | 18.238.243.12:443 | www.qrstuff.com | tcp |
| NL | 18.238.243.12:443 | www.qrstuff.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.qrstuff.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| NL | 18.239.36.70:443 | cdn.qrstuff.com | tcp |
| NL | 18.239.36.70:443 | cdn.qrstuff.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| NL | 18.239.36.70:443 | cdn.qrstuff.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | udp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| NL | 18.239.94.121:443 | static.hotjar.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 2.18.190.141:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | qrcodescan.in | udp |
| US | 185.199.110.153:443 | qrcodescan.in | tcp |
| US | 185.199.110.153:443 | qrcodescan.in | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | udp |
| US | 185.199.110.153:443 | qrcodescan.in | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | qrcoderaptor.com | udp |
| US | 172.67.147.40:443 | qrcoderaptor.com | tcp |
| US | 172.67.147.40:443 | qrcoderaptor.com | tcp |
| US | 172.67.147.40:443 | qrcoderaptor.com | udp |
| US | 172.67.147.40:443 | qrcoderaptor.com | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | browserling.com | udp |
| US | 52.6.10.88:443 | browserling.com | tcp |
| US | 52.6.10.88:443 | browserling.com | tcp |
| US | 8.8.8.8:53 | www.browserling.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 151.101.192.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-4g5e6nsz.gvt1.com | udp |
| DE | 173.194.182.230:443 | r1---sn-4g5e6nsz.gvt1.com | udp |
| DE | 173.194.182.230:443 | r1---sn-4g5e6nsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | queue2.browserling.com | udp |
| US | 54.88.120.57:443 | queue2.browserling.com | tcp |
| US | 54.88.120.57:443 | queue2.browserling.com | tcp |
| US | 54.88.120.57:443 | queue2.browserling.com | tcp |
| US | 8.8.8.8:53 | encoder-15-235-9-184.browserling.com | udp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| CA | 15.235.9.184:443 | encoder-15-235-9-184.browserling.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.67:80 | www.gstatic.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.67:80 | www.gstatic.com | tcp |
| US | 216.239.34.21:80 | virustotal.com | tcp |
| US | 8.8.8.8:53 | dnschecker.org | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| US | 104.26.6.89:443 | dnschecker.org | tcp |
| US | 104.26.6.89:443 | dnschecker.org | tcp |
| US | 8.8.8.8:53 | static.dnschecker.org | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 104.18.21.206:443 | a.pub.network | tcp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 104.18.21.206:443 | a.pub.network | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.privacy-mgmt.com | udp |
| NL | 108.156.60.77:443 | cdn.privacy-mgmt.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.86:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 108.156.60.77:443 | cdn.privacy-mgmt.com | tcp |
| US | 104.26.6.89:443 | static.dnschecker.org | tcp |
| NL | 108.156.60.77:443 | cdn.privacy-mgmt.com | tcp |
| NL | 108.156.60.77:443 | cdn.privacy-mgmt.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | c585b2bf103c92d2da7b4f5c57346ae8.safeframe.googlesyndication.com | udp |
| NL | 18.239.83.126:443 | sb.scorecardresearch.com | tcp |
| GB | 216.58.213.1:443 | c585b2bf103c92d2da7b4f5c57346ae8.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 104.26.6.89:443 | static.dnschecker.org | tcp |
| US | 104.18.21.206:443 | a.pub.network | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 104.26.6.89:443 | static.dnschecker.org | tcp |
| US | 34.160.152.31:443 | d.pub.network | udp |
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | be71cf9a380d94e28f180d4eef84524f |
| SHA1 | a3cb6b05259ca584e95b543db0b39069e2993696 |
| SHA256 | b7177f509db84633739f0540a883565bb1f42e09fb11dcf15822e2cbf265f07a |
| SHA512 | e036ae789dce2ae8c257a9f00c4e9f885626e5b025ece7630388eecc6e689ed6eed33ca47ae891ba10fbe678dc6c13e311ff2df9aca9bb17f4f78dadc8931bce |
memory/1580-16-0x0000000003EB0000-0x0000000003EC0000-memory.dmp
\??\pipe\crashpad_2588_TTUUZMBUKSVUBWLO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78b02c3860cc712183e0339fe3705271 |
| SHA1 | dd9cfe9f5ed90f475e4d9c82783bffea4ebb42bf |
| SHA256 | ad9d04af50671869d657f764693de778d97be09e30eb3dfbc09c7d8f83061f30 |
| SHA512 | 706deaee94ef1c616407df5212be98875704fcd540e88d2cd6df8fb54e44feaa390737019e7feea4eee1f97aa51dd7938959f33936212a75251f708a1644ffbe |
C:\Users\Admin\AppData\Local\Temp\Cab1D62.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1DE2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf7d23c6.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54dc5e522db021b2af6a5ac796e79a87 |
| SHA1 | b7ff1732bf8f7faf8b71e1caf69ef70caed8b874 |
| SHA256 | 18408bf3a03383ea84b541d77ca1018603c5beed76a2b12e96ec5f01014f00fa |
| SHA512 | 34ec6241669e30e00030a12560b60028c30ef7da18c6de0752b6f68b8dc461e1fcb6b60622d5971a4bfc486d114d9cd22de340a13de8dcca898b0c3e1ba247d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7475f29b994e2bd55bd3c1961ac00247 |
| SHA1 | f6032bddadb9f853fd1e3b9bb7bdbe7a9156c253 |
| SHA256 | 802d4d6c66664ddd5fd25336b0401142d3cac8be819a0ada8e151f77bc650f27 |
| SHA512 | 3504139a000dcb346a3e223261541f83cc37ae73f4a0ca102da4eba232d8fd0041e6bde7b015581e57ada4ecb7c83104897928b305d951d6a8c745717ad42381 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74fbc27f0e824b6802ce573b36add4b4 |
| SHA1 | 2dd94f6f55c5213bc59e03b31807cfc9bafe544c |
| SHA256 | 1dd4c116d9ba18d3e68b5f0f3155878fa5fbdc0c37ca46dc0c1372e66c8184a6 |
| SHA512 | a7c12140bf3928d20f1e158c83fe7ec15bae5b4c1303f1d2c1441a9481d3d031665a5b755a377c331611051adfeea50160054870632fa74348063fa0050e997b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25af74b0f17b41aa42714580e6cefc58 |
| SHA1 | ef05caff629fb735c5004f52ae75b7b6e7041793 |
| SHA256 | d33bd4d12efeae99b438aaae91caa1bfa5b52a65834d4a5addb27bade37d787a |
| SHA512 | 381787eec933487a8bbfc472ca8ea645f3d03e10ffdc5cad6ca1c200b76f75c0d853abb795950874a044c6f81caecace192f70412796722e65fe9479dcfca999 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac83a8eadeb52836a9680bfd72de7b2f |
| SHA1 | 1c937e4de2b85ec26c5cfb7d98ba01a03b3f8cef |
| SHA256 | fb84d65f1f195e452e3238ce298256b8b336d5bfcf5ac5862870f3956db6ca45 |
| SHA512 | c9f2f577be84c60080ad54b9358fa2e962392c56cb6533b84ce1340aabdf7fb6ea7c6adc89928cde7167b0895c46251f72c45d6d9bf542cbb79120d34e3ab58c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c06a3cadd50740f61f07a54f979092ba |
| SHA1 | 695e4301d4d53735ded1857d2dc2ef1f66c3543d |
| SHA256 | f662bef709c16310174c583fdb41d96d9e99e4fdbf1134c56129b37f17e1f4e7 |
| SHA512 | 65e9b5c7925e2b6f2ef9fb00bd9b7014cee5e541a4353cb5a60b5216048142374dcbe6a471823a22e9d513a7dda8bd545e0c8edc5dcd7f4bf7cefdeb1247c8bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80658ca4c82d801d73c4e9abe5ea2f84 |
| SHA1 | e69faf644a65e6d496f61e6a6e340e2a7c33b1e7 |
| SHA256 | 4e11c240ba6623950f19a8086185e58899f2b6179374c86abcc9133c27bec017 |
| SHA512 | a5712d73cd7ac640d380238c16302b6d0d9a35648b11b6dc46a8ff4ff6933ec074fcec24e358bb7308a8fd2c2aab4873a5499151389bd6a076f50d263aaff4b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d5d09088d44c90b0b30d2370f008cf1 |
| SHA1 | 26f905803fda891460fc33f2f033a81b5dc5e161 |
| SHA256 | b194055efa4f0b1a2d13bd6282aefbfa4df7b9b65587637313290cbe85d0791f |
| SHA512 | ce6bef4b8fa4478bf65bb1df35a5c56d8c528b6434cb5636cab00c16f34cab68f1bb17b70d0e24c727c876a17220912b54d10ac9ddd506ef41e6ba6770c78544 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bfc64e8bfc006ff6f2bab2328d73129 |
| SHA1 | 227a3984f1f1a3eaa3f17aa1aef2089604e33ab6 |
| SHA256 | 1b6e9a70a7b583a01e5a1e9de64399665e31902e201216d7802a0cf28bfe7add |
| SHA512 | b652c57dc2dd91600389f30d2301e38a59d4316f51ff3f9f3861df41604dedfff402e37291c079aafddf13a210ace7c405b11a3b7a85b58eee02f357f748ffa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b54821cef6aad9daf9eed7bfb23a2a3f |
| SHA1 | bdc866eb5124c7bcbf77f87483a60d1ac420aadf |
| SHA256 | 86fe4aca00f3e9c21bd7b66a416532d3365e43b42b399089dc6b3b6ad206fabe |
| SHA512 | 6edd5ac4e871218484fbb7601c6b769a9c9c3077dbb0fa17062d67029b0a66bb209b438686de94579d3bb35fee5b2c55ca4a9532cee572f6a0a260e10ed879d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec23d4d685bd880ba685a28cd1f781d6 |
| SHA1 | 6189dd260cc7a95367e090d769e2b64d27e3fe5b |
| SHA256 | 2eddc7f896f35ec04fd884cc098f65607b5526690325403816ea7a00ae211ad1 |
| SHA512 | 0e2584ec020772b2de630ba3b4a539776cd8abe81b2a79b75a0d70020d955cda05a0a2839ae667a231c1bae267ed49ac63c02b1d23897f05b4cf545eb0d57272 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f2b46ee1ab43d561ef16b09281b4281f |
| SHA1 | 993bda21ff79f911407703686998523a2fabeb20 |
| SHA256 | 9fbdb70a66d97d54ea126d215b5cff46f1c899f23e0facbc1fe363a97ca400a2 |
| SHA512 | 45936559013afd4b492462d7cf4b6d66c6907012e75a40865759396a1973573bd2ad338865362193e16582caba459e4e102746527daf5abd4531438f56e6695d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 7c244372e149948244157e6586cc7f95 |
| SHA1 | a1b4448883c7242a9775cdf831f87343ec739be6 |
| SHA256 | 06e6095a73968f93926a0a5f1e7af9d30ecca09c94c8933821ca0e45732161ed |
| SHA512 | 4ce4d73b785acde55a99f69ea808a56dec69df3bb44ac0d049c243fc85544db4c020412634da52a069b172e2484a6f2c36799e38adbfb988bcb5703fd45b3601 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | f2f4b76b2d35f80e6fcd7da4e76ad5dd |
| SHA1 | 4c1d84ae7efef710c4e63ae88d22f9a1e39c71a3 |
| SHA256 | 178639ceffc8e2887ea9ae4e3d209844e9c0f38a5c4167d4e275677a23feaeb8 |
| SHA512 | f979bb2ed1b70cf4485f0b21e98abac4907045572398acbd35ce3db0f2e2ec9f3bd1a43b85bffc87342442277cef43d422ff83ba2b3b0d31538a89ca7e4ed9fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | d74f9fd36c9e9780751d21ace00a3d91 |
| SHA1 | 59c7384690759885fd521f1963f606281fa0fed2 |
| SHA256 | 9133880487be7888eb0f81b70cd23c441d376d0102f34607883bcc9f68da2e34 |
| SHA512 | fc29509dc530a82047c941c9aedbd9862031fcffa7451ed79a2397010a373d0bf5741c359b1c0eeed817863e77832706bca9e411253bebd350e219873cae39ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | eb7d6ce5443052b5c9d4611541160d93 |
| SHA1 | cf1619eea7e7105a689ad4ab636acf98da6943a2 |
| SHA256 | 11f7a664ca3b8f9508ec45cc9bed38987597cbd42199c7d21045908fb09f302d |
| SHA512 | 36759cf06cd40ac23e6e7368a9ce44720f0a6c74689692c842c9dca56111a962fcc95615430ba64c2504e21c4ac502f4235d9ea469daff4b3f2a3a58901f58c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 15926f15eb62c6df3d17e56577bc18ef |
| SHA1 | 0bf4ba38e33be7bce4b429cf2824d37ca4a51a68 |
| SHA256 | 829e8ff76be9e26f64d61b9ac52cfb9711a96d487d0d2132c001a438312ae39f |
| SHA512 | 6250ca82f4bf310fac6e6aa454631ea4dbe30ddf1dbc992dc17a00f28fda9387ef6701e0b3d69738f34093573f3a4d2768df94900b52c4c4ce3d586e30a59790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | ab57448075c569d32b5e5994883e48e1 |
| SHA1 | c1c640fa3258d7d2af3fbdc2276785d803580d44 |
| SHA256 | c9f6503ef8e6014af8b051ad3d6ca809f260d25ac9c38132a7626d144061edb1 |
| SHA512 | f4b043aa7150e60c48f4a43efe949909d843c75cb41250b2d95c3b7ff79307433253765536ddf031461e1159430465a8555b4573ea0985c3eecc1aa1a7307cc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4878b9eafad93957f68fe478dd126ae6 |
| SHA1 | 7722d643ab8523e4649774915bb4c1c4c69e3def |
| SHA256 | bbea659bae8ce0e59206209188e62b3b2a883477f6022892a9607038867badd4 |
| SHA512 | d96b62340509679af685f488dd08fa8ce39db69eff4700c3a554fe497042c9901e178391872d289c55851ef6469bd47eeedd41301ffd571200cdea78642bc7d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
| MD5 | 961b4e60bee35c1775233af68b08e1bc |
| SHA1 | 871d635638681ed786541da923f3af3b908c397f |
| SHA256 | f9a4c2809d3d4e72610751362f7c0afd0827723f275c4a7a144448ad1e6b11ec |
| SHA512 | 970a591272d53987d1a6a19fcb1a4d43175b2324a9c39f97a391fa958b877b537cb14a8fdd2709d82e955b09e2585f74444af133cbcafc17b12a617af294e8a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb3de2e50c2b5609b373a2d386b58448 |
| SHA1 | ef10d44dff7a787ddeb7843f2b3df8805ce25b7a |
| SHA256 | 119e3a4f4f5cbe0482f1993a9d31b5ed15d6f4e64c86e5eb6834d413d0faac50 |
| SHA512 | 1ae2ff2f9ecbba56af0238c6c0593cb3a45041deaf74f54b0836308e4c5ed458587da9f105fd3e28cac763632e4a2af7b1afc0901b38f363d4fd3285893419ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\Downloads\Capture.PNG
| MD5 | 5eb9729cb61d2e1e393823142e8f9fad |
| SHA1 | d5f24ba95398a8ef2c42d5bb5c6653e8da67be5e |
| SHA256 | 0226b10bae02e981b65760ee27fff108e95abee5c96d73d758e070ead70075b8 |
| SHA512 | 6abfa9e7b936a5e2a2f4efdf50ceca4e1fe7113e93625d749ebcc758cebb45b87d62619cde38b73adc1ba23076d46af0da8b529d46e1abc948e847af78c56317 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b2e7612127d605b990dee5584e6026a |
| SHA1 | 6515290ecb1e2b598ccc314264399377bd832504 |
| SHA256 | 6cba54f3ce66442bef06aac6f2fe61a1de741429e5bedb31be81c562696d8719 |
| SHA512 | a82edd7a91f0915acf16282dc4c47d826da449b568b18629444e1a2a9cd9f6ecee0ca12382bd3d835006e3d7d152439de792d450574c444e51330bb9c0026dfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e45e6b0604554bd97bd4d429617b5c1d |
| SHA1 | 567d80307cc640bd1661c08bace3a914f40837ec |
| SHA256 | 1741e3e336085c4101075f0092e89f72d260df7ab7384021e0384cefe73ea7b8 |
| SHA512 | 387035ed87ff9743915fe30d7133ff97032aa00af86d5374ea197f5ee821a6e4bd53e26ec3da9faeacde681ebeca0f3b5daddaa12a75b662996200941360e042 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18c474183d0f556548aa7d987d600f49 |
| SHA1 | 21de9983abd599f4970c84c7a25c25f68ce50355 |
| SHA256 | fb2fe6af045c941877757b2ac2ad1a88fda2e4feffd945126485b2066763dd9c |
| SHA512 | 6e67598a56f11e208347ee41a4e9e9a9f9f60289abd2ee9c8bc448b8e37efc04b352a082b8155abebd0eb07bf63448ce33a0c1dd373b27e0d3365381e7e67de6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0
| MD5 | d48186bd66259b635102fc736aa4c6db |
| SHA1 | 039a2f6823bdeeb12521525dc2e23c7c8feda76d |
| SHA256 | 2cd905adf814209e08e391a3507729b0cfad01a5f1161a80ea1350a453d85f58 |
| SHA512 | 4a18a9544e50596c9d3171d88d69eeef483ef3cb5af9604dac1a6eb39bc0978c577e5f21fd49b29431ec7e8a77b82239f2b7f9cc7b1f2e4bdab8323678b32545 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b01bb903dc4139d_0
| MD5 | 276af4fcf3e42b0a25239c7124c9f522 |
| SHA1 | dcf2f7f191464a8486521210e7a5cdca2e53a412 |
| SHA256 | ad2707179294fc97b75e6ff1e09a0b8f5569cf059b3b12f14a14cff2bb280c27 |
| SHA512 | 8928efb409c7b7bea6edd5f0b4af38ce4a830bf0932660facccbc42d37868470b7039a206df3710e27bbc4373ff6ddf9ba7172025433635caf46a9b5162177d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 953d34fc8b30647653f02b1cb32d44fe |
| SHA1 | 39a0bea8885faf7fe614dcd82b65fc61b5f4f805 |
| SHA256 | feb56b375f4a81cf3e507cabe5fe343f44d8c48953c17ef56b2225a50d85a804 |
| SHA512 | ff98b91f94ec934d279959065c4e2e512b2ef0772c4e2e1e250d15f40974e6ce04a9309ba507b32081166fcaf72d4b67760c71550b16d4d2e1cce983e5ea6768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28c9b527e199b1c4d9cd85347e96939f |
| SHA1 | 7a83f75ffcc020aafed2d29a937389685f75be80 |
| SHA256 | c37d9a9518c244413e3f0e3c6df2b1b147bbbf7e4c8e9e7f378a86c576af5124 |
| SHA512 | 4b120280e8ff0b5ebf5925d007f374651f57095743ffb5b3c6bf8627216ab8f0090d8a0ce215e9e0445a26697ecb31d5c2ad7c97e617303992ac69f6bd11b781 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc0adffeaf1969b8e326bdf75b25f4c9 |
| SHA1 | d7de666704bc8e63d9ba4d7254c881718c50f3b4 |
| SHA256 | 336c2b9daab8324d1e86ffdb90cb03e610ad1f009de54ae1a7bfab7067205482 |
| SHA512 | 55ed8ca23ee0ea33adcc754385b2688046fd03644df77289c168c86638893d80fc1a96f03a98e3c00ddf446060effd44e3e8eab74c709210b66c563d68ec16f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | e5fc91cbce096df1d36191f9eedd3c64 |
| SHA1 | 1a8076bf524b6d2b8a44c18fa8afb199a60dc1c9 |
| SHA256 | 0e111dba5797ec182bf4af537a2c928ebd3957b99ed291610fbf322d6c2c9e19 |
| SHA512 | c9b064fbcb2df48dcf5bfa4387c164acb2bae075af013e6c39166dddc7e91ce993caaa0fdfac3ba1c3a12ca6c21577d99776fb1445f3009c7359b926a173f668 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | d4586933fabd5754ef925c6e940472f4 |
| SHA1 | a77f36a596ef86e1ad10444b2679e1531995b553 |
| SHA256 | 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2 |
| SHA512 | 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab1bbf8d1a95ceea5ced04721aee16d7 |
| SHA1 | 15e31a37bf50faf81b779e0cfb68e93b25398ec7 |
| SHA256 | f9aca4897597fe4f7ea857ae280a0eb087dde8ecc26a35ccd9d09e7d118adee6 |
| SHA512 | 9ec69c272318cc49de5432cafe562c381ad06dfb3de85f6445ae1b4a83ed6522806b5ba7c179aec91a0ef55e08a5236ad3da5e162b17fb7d674b2addef13066a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 33b8bac9185659439e5b2459c67b0e5a |
| SHA1 | 20cd105f22d47db481a576e00af0e34e7d208981 |
| SHA256 | 16572627c088c5bfb74258f953632d7e7268f1d9c990f110130a0cf4d8980c32 |
| SHA512 | 26615bf45f1c3a71140006730ed0ecebae301fe66a554e5fbee6876f784179f7db2e400a95128051a4ab8d9e625787ddf83a015aed3994ab80161d98a293369b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 14a81e6ccc5300a4b07d04c0e37ed5c4 |
| SHA1 | eec696bfba343b32a434d4f9948aaa52903e3eae |
| SHA256 | d1629574c8c35319a87f04bdb5f6a8a7688d874c6ce40f741488ca236ae4d7a1 |
| SHA512 | f38e0d9d435166adfc7c4aa83cf82b0534442d05f886fee37e157d3e09de25cbe56f882d32b3d2a71300d47d695264253aeff49a2f22ec8447c7ae65dc583ce8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 31547fb1e0ff067323a1369840b480c8 |
| SHA1 | f0ab81cc3bbf81653112192e31cf1deb159a62b7 |
| SHA256 | befdd5ee25a62c11bad448fc6a33f2213d69fb9d43ab8db7560ac66882e2d5ce |
| SHA512 | 54885542cc8db2f369a09408abc8e659aeb7e5a25f73db7fe4f1138c6b3e8a1f47e9b10349aaaa2e6c6b2dd37fcc7c64fcf4213d4c4746ccdf042c102fcfbdcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 353a764f7030cd084dc787814817c2e1 |
| SHA1 | a5578b5e6da90fe50f595cedf9ee7cd7fefc81cf |
| SHA256 | 68be746d311cacee7750558a8cf2bd9fc4a14c28a7b003a8328205b75a057da6 |
| SHA512 | be00651606fa073c3c8adfb673c2358b0d719ed0623401b0e54a76b19772438319a5a7e198d1f3dcb42fca187979c5e8ebbf03e5b858a63114637be04b63816b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16b7aa220d0a8686d3364184395fa003 |
| SHA1 | 9f6c53f374fea9a8a4a3dab59f85517182e314b5 |
| SHA256 | 6cb3a50b6d52cc5bb67f5b9a2937cbe9f9876eeec2ae7ea51779a983f43d6ce2 |
| SHA512 | 838687e194f6cc3e83c68999eecdf714d31bc00e228014bd4f79d380943e2ccca7f8a8302b0050016e48be917c21a01545954d1770f7530df5abb9d2fa8b73cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a7e6752ebcd7fbddd41d1584b969bd1c |
| SHA1 | cd207370779e69eaae33f171868042513b26b384 |
| SHA256 | d5b64d810f7f44dce266d2ce414c3ca360df8ccc84fe40ac274c68251bef9cc6 |
| SHA512 | 4fc2e04e27d9d291f58fea1a9df8a6235f3eb6561b73df688b5afaab83dd75d6d8eb2a5a46eb096a8163c4bb20900855d9ad78e912bece06893ed1d0b988c3e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 10ec6cbd45605650adb4c7f7cd6f3180 |
| SHA1 | 41ec1b5acde31dfaba6b28900af619c19ca7b541 |
| SHA256 | 13419fb6537df2a15baa35c3db7b53ef02d2d37e0df27d597a21a33f62e9283f |
| SHA512 | 8870c0a19c53b0d13adcc7424d285f15b2847fcfaf623615a6512728153b21fa08489e5289e2e989b8492c97158d5d0d3d93cbd891216028c0e589e11a3f56ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a771d6d1344dbf0a868adc66fb3e23f |
| SHA1 | bffdd6b99a70623054f760e92fc093c791b4c3c9 |
| SHA256 | ac9bf868b4bbdd2cf939291f3f2ae971c178a853b8ed17c5c8366ac5ba8d71bb |
| SHA512 | d6dd907a57450a5ad44072437865f1b216e7ea20c0146b40ad1c88853cc2af69ed9078be83544f6f04d7b6fb48ee43ef967937157406756add66eb602bc026bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae9a4c6b348318d25aa3f59a8268b364 |
| SHA1 | 009c19c609b37b3988284bf7f87fd579302a09bf |
| SHA256 | db75e0199410c85e95f830bd223619c50e633b09ed1f6605042b1c9dccb1ae1f |
| SHA512 | b3950191fe1de1db78364806949cb4a4d8ba8bdb923c5e6c05631150c04e7f9ae67159e0415176623ab3d32f32207be57fddcbf90fb48cd145a08603c2b81ed9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3bacc4613d8d85f5303bd4da3ebba755 |
| SHA1 | 0e0c2e9126371b8069705fd0b5c140e8da48edbf |
| SHA256 | 84e4c76dd8ab7bf78e723e6eefa7514cca5834ff8496d5319416721b793b57fe |
| SHA512 | 650679ce07e28eba8390dcca8fe75ec9b5228aa20369dcf48a6c84f1d2c0255c98b1265bb5d70af33f9069db5d4b08fbdea374e6816aa1459e237864da37aa75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080
| MD5 | bec2af13143a7771b0b89cec2ab92b27 |
| SHA1 | 9cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2 |
| SHA256 | 52aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab |
| SHA512 | 42d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a36cdf99dc3ba6100c4091107834d004 |
| SHA1 | c4e883357c4355ad9a614ceec9d331ca768ac5d6 |
| SHA256 | 11b352677c2619f6a19155136ce5c0ac96a86164a2152738b9a9adc8eaff67b0 |
| SHA512 | c77cf683c5d54db7e0e170050ea1c64ee526c9c2c26b82b2e651d1cf527cc9ab3773f79bf5d5d267f96bc54b776f9f4d8d597d5a3f11b4b6e1f83555bb3c3463 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba866d5eedbf43981ff3e2c15cb08fe2 |
| SHA1 | 22261a2245fd2293cb1423d136d9efdfcf32a6f2 |
| SHA256 | 1d33a0c9b5d52e635d6d89d7ea0ec67455266f23d8c02390853bb719403921ed |
| SHA512 | 8d2a366d57b72cd44257c36ad811d9df322b3f27007035ce832fbb8c23679d8631b066ca874a177e5d4ef105b810fb23f1edddbf9ea3b1fa738b604556337b5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 969320f3dfcce83a633efd882f8fcc9b |
| SHA1 | 3b722ac270c447393ae36027d676cd092a0ea7f1 |
| SHA256 | e9903a8b2db30249ecb9d5a6f8c6eb9ee13e3c1a8731c7cfa08912f726b4dc72 |
| SHA512 | fe8950e556fa4b4b4803b66111857261bc70405cabae3e0af74871165df9c77d4ae1fcf63bb3dc4f3b7f4c52d9bac55284dbd0cc3cd911b03f8af869bf888dda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e232a21eae0ad3e579096449507cd66 |
| SHA1 | 791de9b27a93533e24421755ba0878e834dcfdac |
| SHA256 | 1a4d30046416d579697126f225805dd68e57599fec6bf278676bed74e368fce2 |
| SHA512 | 4b5da97b033edbf767094ad4101f6ef5ade42ff16d79e4590d70051f0cb7406d9250199b184be598ade1fbbcff6252ac3f95d15fffcb3afd70e3e077c655b810 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7af3b87a13b6ebf2ed39076274b947ac |
| SHA1 | d6f046ab28585aca9580aa80efd2dc0e7e599bda |
| SHA256 | 721d5c80044355ccd8f1af63d775126ab15c1629be0c0b9538bb5dc4ef75d3e3 |
| SHA512 | 2830af9cb4c328309ea4326458d23a341dd79bfd2b6e422a880b9bd8953a13fe17de423a0770a2bcf9075d373c6b868ec81e6a5c8b1e712640ad96db23ffa560 |