Malware Analysis Report

2025-05-06 00:24

Sample ID 241109-z2efra1pgs
Target 627121 (1).mp3
SHA256 00e381f0e1418be601cb5d607ea266298ba0d29ece03ae762a13483571223590
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

00e381f0e1418be601cb5d607ea266298ba0d29ece03ae762a13483571223590

Threat Level: Shows suspicious behavior

The file 627121 (1).mp3 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Enumerates connected drives

Drops desktop.ini file(s)

Drops file in Windows directory

Program crash

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:12

Reported

2024-11-09 21:22

Platform

win10v2004-20241007-en

Max time kernel

599s

Max time network

589s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\627121 (1).mp3"

Signatures

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756604892526291" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}" C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{39A74533-8EAF-426D-AF97-46C9FC65F8D9} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{1DCFE364-74B2-4B2C-94F0-0CA4E0F1673C} C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3616 wrote to memory of 3608 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3616 wrote to memory of 3608 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3616 wrote to memory of 3608 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3608 wrote to memory of 4780 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3608 wrote to memory of 4780 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3856 wrote to memory of 3396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 3396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3856 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\627121 (1).mp3"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2d4 0x408

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3616 -ip 3616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 2348

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffddf69cc40,0x7ffddf69cc4c,0x7ffddf69cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4848,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3736,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3760,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5160,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5280,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5212,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5636,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6272,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6336,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6344 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6088,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6100 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6340,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6324,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5732,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6084,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5524 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4756,i,11378831560331052983,15944310987927450746,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 musicmatch-ssl.xboxlive.com udp
US 23.192.20.9:443 musicmatch-ssl.xboxlive.com tcp
US 8.8.8.8:53 9.20.192.23.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 geometrygame.org udp
US 8.8.8.8:53 universal.wgplayer.com udp
US 172.67.155.251:443 geometrygame.org tcp
US 172.67.155.251:443 geometrygame.org tcp
US 172.67.155.251:443 geometrygame.org tcp
US 172.67.155.251:443 geometrygame.org tcp
US 172.67.155.251:443 geometrygame.org tcp
US 172.67.155.251:443 geometrygame.org tcp
US 104.22.3.60:443 universal.wgplayer.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 251.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.3.22.104.in-addr.arpa udp
US 172.67.155.251:443 geometrygame.org udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 afg.wgplayer.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
GB 142.250.178.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hahagames.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.67.68.74:443 static.hahagames.com tcp
US 13.107.246.65:443 www.clarity.ms tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.178.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 scout.wgimager.com udp
US 172.67.180.10:443 scout.wgimager.com tcp
GB 172.217.16.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 216.58.204.66:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
US 74.125.141.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 120.141.125.74.in-addr.arpa udp
US 8.8.8.8:53 video.wgplayground.com udp
US 172.67.74.181:443 video.wgplayground.com tcp
US 74.125.141.120:443 csi.gstatic.com udp
US 74.125.141.120:443 csi.gstatic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 videos.wgplayer.com udp
US 104.22.3.60:443 videos.wgplayer.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 181.74.67.172.in-addr.arpa udp
US 74.125.141.120:443 csi.gstatic.com udp
US 8.8.8.8:53 rr2---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.103:443 rr2---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 103.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.14:443 google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 google.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 4.153.129.168:443 b.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

MD5 90be2701c8112bebc6bd58a7de19846e
SHA1 a95be407036982392e2e684fb9ff6602ecad6f1e
SHA256 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf
SHA512 d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 799fa3b2ba04bc2fc5aa5f500d80980c
SHA1 2fbcca7e0001c775538d0b760f4caa8852e29fa2
SHA256 db9b7ca8f9df89c06a459c94c148525049e83d4be9da51c234775400bca516e5
SHA512 d20d44faeb172f08be7c3bca27f421e632e00f89cb474a331277ab734c97fc058626d0174c35f414b9fe6ad331d3928e9e991b309a4686b4b5d161ffc1f14cd7

memory/3616-34-0x00000000044B0000-0x00000000044C0000-memory.dmp

memory/3616-33-0x00000000044B0000-0x00000000044C0000-memory.dmp

memory/3616-32-0x00000000044B0000-0x00000000044C0000-memory.dmp

memory/3616-31-0x00000000044B0000-0x00000000044C0000-memory.dmp

memory/3616-36-0x00000000044B0000-0x00000000044C0000-memory.dmp

memory/3616-35-0x00000000044B0000-0x00000000044C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 8f8a36d205da4b3d4e9d2a79592e2c24
SHA1 03e68a141d96fc9d89dde6293901f01c6189c0b1
SHA256 8e1450935ac24b06549cfde8c820e034037b40399c9213ffde876981475a1f02
SHA512 818f1138775f08a85d088c570f834e240d23829549db6ea37df1c24ed34da62c15be17e23ac9dad78e976a2e3e8a2414f4740823ef1b1f2018d5f83f3f3c0cff

C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

MD5 8f24740ade845f23dca30524c6ff63cc
SHA1 92155785072a7eba32a6c836b08321fc03c3b5e6
SHA256 1db8d5383d981c9c0aead3a5358c8497424e94847eb26636f2640c81bdcb6085
SHA512 62187c4cc327efa47beccb2fe1af4e81f040063869fcd1c8fb14cc593b019d05dda635a5f212e57889a96b0d6e43f238c5af49aa7b0bf8dd35fd86209ee51a54

memory/3616-51-0x00000000048F0000-0x0000000004900000-memory.dmp

memory/3616-61-0x00000000044B0000-0x00000000044C0000-memory.dmp

\??\pipe\crashpad_3856_LRPPWXWAWULRQGCZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 83e47e19050d40e91d4d272ee93e6cb9
SHA1 db92e7542b88f753f3dee133f8b4ed39fa67c7bc
SHA256 baf87aa4bd5cbb7b337b448600417d7003fec57f678e39f9015f625a810f880d
SHA512 beda1d5c062eadf5179d77f88783b6265be8d7d6a3a58b4d1ac841d4b696d403801daf0c583e419933ca62b8667a210151cf4af7499832ee207e071847fbad26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 502f04bee83874d9ee2400a4724842c0
SHA1 d8fe976963cce6b093f5216844df1ff363d7aa8a
SHA256 6d3ee8626278aaf120a52931fe83c77a97080c68fffd90f1dd2008bd9bfe5345
SHA512 e78910b9747c97140cdd272bdbb6ae4fc73aaff8680cf63be493ff1ad60a977b1317b5fdf6074e4459898c777cff8123e0bbe246e9bd3cb971fd74e523cd7a78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce18f0c82b4c369b2d983eca6231f4f2
SHA1 b48086f65fd4b4ed6bd4a3af8438e464238edd0b
SHA256 75e825186084111205182e7b6327207a39078619981f54d4122926a0eae4d02f
SHA512 925c5762307f19d139e2efe6bb2cb52bab780070e497fa2d4a6aedc1eecb5f5d5de0eff11d86e32ec451d7a3efebb1129e87bea431517a27ba3c40b2139a1ca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 d601b0ceec1510d30bd5ac20eac1ac87
SHA1 637b806cbf15b2b23980293139717dec78b62e13
SHA256 37bc4d715c6357db0dc736f86e50e249b8c8611419ca2763c3163356ec36f68d
SHA512 c66fd2cd05437f7e113c09f87f872491cf215dceb82a366c96cb74a7d033e1a4ebedd58ddfdded4bfa3deb6a502b22249a2335b992df0b06a86c01a52e39ee70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fd04ff322a3dfee012033f3be3e24e3
SHA1 4b771aee07e4403f66f206b17feeaf7f5e39187e
SHA256 6d67998ec62c32d4b57ec530c146a1c934908644978bfc2a9b4ebaa740e11060
SHA512 6f9b549aa00469ba5e50761b25999f44480e4b7c1f549062386bdc8548c47a9611c06af60f3e97e96813a0430156801c808eb117873615e823c5dfe1746774e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64454b7a7c04ba3c26be68dd5c249a62
SHA1 597f4f557fcc71a55e4fb78b6a68b06c78bb35a7
SHA256 a71e2dacc8b0baa6c3e70d99b0ec3e9d308f56523d989961d0c9d83489ac6de3
SHA512 5c6d68474c395725081517dd20ca4ab07278a79fe068b69f277087769d2aaeab818e98ed8274f745b0f61039606289fff3270241d69cf2ef0c3d9f5643d3e474

C:\Users\Admin\AppData\Local\Temp\1a4eb03a-acc7-44e3-a473-47079d7499b0.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir3856_1434920033\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 7f4cd950b8a718611a1fffc30afbf55e
SHA1 eb1863a96c3776ab53ab654f9de5987926a78a79
SHA256 0ec5833e6bee87fac09714f14c10cdb2e8fcc02a5cc3eb7c3a803e9b0ed29401
SHA512 218b5091b72dbe9e6b72f85bcdb1202905f781bccb145727d4d87adfbdf823bface7f89ea859bb07cbc224b48684bdb775043c125a8011ab4b895c4ae970fc71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02352deea2e2f8a7c6c00a0957ee4632
SHA1 01d9f708097278e1228747377862f3400a59150d
SHA256 a6a6d36edef90183efd5bce3786554b32b6460f540b4f97216604a4fdd2b9b71
SHA512 71c47ebe4b98b37de7ee155811ae780121dbf388ea74072b70dbb017b727800163c57d1938b9026c1821a66cd4340a96471f742c4dd917d312a5ea47536636b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c71a654ef62dd0d89e0fec25995dc167
SHA1 d367ee46f75c55a39001470f7b8770c94a31139f
SHA256 fe1321253fdf8aa368a9a9f140639f2303c416de5264916ec993aa6e8a669245
SHA512 1783a91dc69d5053906e693f57772160afe9f2fa9f4a7a7cf6c9da6e738d27955857b43900edd83fcb5763185dd2bd9a2cecad4aca5ee1331c41c30735d846c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9a4d9bdc4ab2d518146744045eb29324
SHA1 70bedac6f44c7b20e30c397fca6c47a28d14749d
SHA256 40f82dc5169d37eb83ae400d56d3a1ecc67e8aba0bc27bfe1255fba11cb9624c
SHA512 6c96d2de1cb355221e21f5ba790660f81996b7ab4b7a3317fed0d8a4fa229740d5e34b6a7c0975751384f7700eb160316623f954c2d6eb8bf290bcad1173e6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_geometrygame.org_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 685144b982407481f0abe72ba2cc8e77
SHA1 88a8a5bca80211e89ea68c8c22e79b3135f93a90
SHA256 2f5af25c3b7821cde4b05e2355ce0ad677a1b95e9848ff889820c689ffd6b482
SHA512 eb9eb5aefe3e305445a8de83596de0c9c66e131c18ab62cf6db6635247e1138ebcf526cf49b26ff5eb8034f89904d2be92db14f6d852d9a9df7299385a21d383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3b3323ed4416d390b7a7a93b846ec90
SHA1 6d2adbe7c0707095faad49a18d54d9e9abdbb206
SHA256 b8d9fd60d6b74269b007742b00e58e1bf26652f7ce50e0be450af0cb1bd9efb2
SHA512 82a2e257353dba852084fe1a4a0b7f5687da501b9b425f73aff18d4ec1fdc792da472a2a0eecb5a158a4079e0c6e150cde4ae59387b1a7779873f72618bc4138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 512c3e0ac82b6948e1118878e5273d4e
SHA1 215a764368231ce0458f8cedd6a48b852d6516c6
SHA256 877b9e4833ae7c7ef0681205e21f4ab18a84e3ae3219dbf8a2f891b46b0aba64
SHA512 79a257fac2c34e49ed6c2def3c50d5587068a8e853a01f1d08cd264270fc8d4d8163453ea69719fdc717623b78424b80ce2a162069794b5773a650b61aa68014

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbd7fb014ee3ca20a2bc22b992350815
SHA1 1bf506715e32857abcfb30be0d85ccfaacc2e610
SHA256 218e63fe14d448ac4edc2e31a4393fc686fc7f750c9eecb5e433c5bb683f6a10
SHA512 073100fea736bb3f362e48754fe55c8eb185b4647da3f01f8185fb233b4f9f2ec5b1d317b2f39db8ff831a0e171f32c50b9e65a946c904e2d6c14ed31c9c8826

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f570fe1abe1e32b6bec7d2fa645220e5
SHA1 a5017acd193c5096996201751f0bdc8a37182979
SHA256 22d944fa57518d87534f15c0c70f5e5bbfdf8e97fb58b4e34cb0f2b4b0ee692c
SHA512 366d776a3e120b1af5f75959e170f8ac9b006b64fd492e3bab5cf682a2f1fadf3a6e1257a3791b028fad80e8ab8d497aeeb404829ac95c2c40b840de130f5f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5419030063653814e5e04cdba70384d
SHA1 c93deef66e11bf255a0e492f6bcbc41e4f58bfee
SHA256 7992ff0a6bc54e9f1585459fb55d050ef9e56de0f47adf2d94185d3a9740d5cb
SHA512 57a38443422486cc52e3f2eb79dc164c4ce162efe0032e7b49fab9e1eabe8afe034d9f3fb0fef7f9927db21dd01af9e17ee1944eeff2a37ed5b0a6f54667e5cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24802c8f546e83f071fa1c907ca542c7
SHA1 ae3ac5d996cc8d0f1802637c1b2724fe113b948f
SHA256 22c854506609312f2d81bddecdda93f402324e9f9efb68f1380bdb5df1f47bff
SHA512 3bdaf1edbe562fd684f41d1bea97ea7db448b6ee4dce937517c1b62f7452db33e3334b83f069983a8303a5a5ef7d311cedc982d8744f1deadac8b34ea76a9988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c45b6376e1e8c0cc3dc4b8164e7f542
SHA1 92d27967f4bacb6752f9949d61aba9b98f0117ec
SHA256 de0962bb5fd952f797695b87204a6441c445a4a0342da0dfbfcf49367414563d
SHA512 34b892e38ba161ac021410e9a649219913193f12df21e68e7a1b8dd5dc53bf1dc392a6393bf4f356c94725e84edbd28c5e667d0acb2f254ba71459ec75dcd0c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f4945d71e8795bc5c0cd27198076eae
SHA1 6990b76d41a7c1eda82c26598676eba56d94139b
SHA256 c777cca1e191839c7c2655a916780183590ca7e4d727546843da56005fddfaf2
SHA512 c1358eb81bd186921634ba027ac9d256a478cedf08cc900757bda1af3efe00e144686fc4071997fec9741d13042a18baafebbb73bf58dff63be6bfcb2354f6ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48ba542f62d99ddea31ebb3795f15f0a
SHA1 3c20ca0c578bd7aae8d3cabb0b122be6a9cbeab9
SHA256 22d176c02dc39ddf04c96b447eae80b7f76c8ed4767deefd56d0d7fab8092d32
SHA512 d4a4d00a32411769ac2cacbde782732bf73a4d8a1909c5f8a9ace13528c0e7ff406777358a583f2927c41763ec21b83e9a06a9097037a33377f2669ba6a3a065

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18c3c1d51cdac3acfa5b819df6dd9739
SHA1 a491bef0d2eec06895dc6b02d4fb454593c4d575
SHA256 f49007d8dc58dac3bb383a3d486e767c957284a3412b73b63486d65a128e9f38
SHA512 838eaea480d2f73e9e78b03e0ab8412606331f240cba1c7f992dd254e01a5e0ae7a9f610ebf81a6e7f12480430abb2b8cfa347a27f5d467e88d3fdfcf6309300

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c00510e189e4c4110d326f29df0a24b
SHA1 f18046d649ba17a9e68c276a68f12086e28aa0c3
SHA256 22cd344dafd7922254cc2e4cbba85f85cd2a92e269deeb7471b62716baa1f8b4
SHA512 73f79d4a6e0aa32d67e4690ae5dd2fd62f609e62877b697fa06806d6d3432b68ebfabb59db982ba5accf45b4c5e1fc69bad7751432cf49fe40c1151c48a75c03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae309578c39e4abc013b05ca2ee72c52
SHA1 1eb16de63ecb383a34dd6c2519c372bd4c430ce3
SHA256 54ac46bd713e54b9398fb893865ed29804847e8501e2ab632e8c03a34dc2d0ab
SHA512 9b72b6fdaa77e944c0caace418b707f2893879533528b50faef1796ec816b302c8b8601cae785f0680f8904a871a85c58fe3f1af6c079094519ed3395f104797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79bb76398a6a396232d70237b6fd832c
SHA1 7d03c76ee9e4b213d740bc7badcb73c973e9c4f1
SHA256 2117ae963d52fb243be3b10ab990c1e8ffc9dd20090308e4f1e849a55640ffac
SHA512 ce272723c90f349d05d3299a13211226785aae065c0a3d281510d737f05083af3d288ca86c62b6bff3b036d2109abedecb2c193e60aabdd98022ef3ee915bd48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4464d407d68c93c2b16cfe417bb69b74
SHA1 0560060dbb151bfd31fe75fe02d4bb989cca7af2
SHA256 85bd55d43c03183dbfff08417f97ff724031cd83a74617dd56deac38b3c52602
SHA512 32e8c9eb51236ae12b3a562b79c2a1379aea6f0175c0b061e4bdaa9313bb8086d84665f3057c111933b22293d25783dec8cbdea939238bdcc936dfc78fb52068

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5549714364f2701e798ddbea5e9d441c
SHA1 0bb286bbcbb6ec7ec3c9b8fea7adc02e9650fdf1
SHA256 b618c3134107ea9ea0b6dc03c4b8f6a5a660d2fb5bd40a207e105e55c6f3f95c
SHA512 a71624b4a563092d872a073085f73273d6e047e9c5b72f8b11f79e48384a520e910149b990ac884b357b9fc0b43e25f820c0b349881b3409e8d256b70cc7f1a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c33237808239648edc68a0bc6641cdf
SHA1 cfc370794e9ce6ffea61d5174a752e5965f6614e
SHA256 bf80ce11f00119ff4391282c3f8b7108549a6a3ad2a4aa2bfe65c06a9a3af1af
SHA512 ca987773e23856356880a2f943f3fc03ce74a6764b6c5f869c4669f6679717cef04cbb230821ea26f5f6816a6de4e9594057154d8b266527a180cdae0dca5a77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1bfab5254160fc557f169797f05b0544
SHA1 68ddd44de56d18c74ec200785e8b9082f9d9b883
SHA256 d1b80d6197f224c3602fc81476a73c39f8dcee95ea521b68c8233c6685650786
SHA512 943ffa2106075e3c2c6ce1856def6b8e51e1f69422c2a3a863ab239c8d6a624233f1fc58162e779e9a18606ac199296882e3d09da6aaa7ab1c8cf2a78c54ccaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3214fe350418f436f905294c394bc87c
SHA1 818a2fc7fff89abfb7bb0143f58369c224d1b3e9
SHA256 fe09b3c77170619de2213146c099d36ff243e092261e6d7e3f59a5afd7be2db0
SHA512 7fb27cf20abc86ea24d2b5660a4d121f10165626ac0697f53003972a5526f3739fe25429dc1be44eb712719422f98e0ab240b2df8ee596e0f6686ee60461d2e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aafdabb1d815b8a9e76d0209dc7527d
SHA1 702e3288b12d93efa9fbd936323d483965a65674
SHA256 617522b9ab001e27d6138a26c17af8f6d68cce4e64b00a28d1ee16276a80272c
SHA512 c75f7ff8c1badbce73c1e8444170a6257b1a11b496632b97811e7dce50cba678d60ba60dd35f45fc7e5548ab0741605e2ef117e7e21bedc2ad103533efe0e436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04dd26c6a9bc309d7fbbe77edac13d96
SHA1 18e6ac728fdbcfa70331bafddf1ea21f01950c2b
SHA256 9d776128f3400d88ef6beed37702254a652848665d5972a93f08a94189e036bc
SHA512 7147a043a739a7a7667acaf8a10259324b89b1c6733c162930664f390c62e30e2b7ecd3dbe96d94e30ef59549e294cedcaba5e7bddf7784648ffcbd9673c65f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9113ca5c8c0a360d065a30b54363c420
SHA1 6271abd67c382536d01cbcee8985124775e7588d
SHA256 b1179ef3129318d8e48458f0d0c47fc03859db042dcfaba316e6c1f683608b92
SHA512 139a7c50dd0aba68ef2d791800d68465fde5eec84ae853c9527404fb72f773c0d2b777b59086db9be37ba613dd308e8649f1590cfe6893f93e616f12cbeb3df0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7132a92d0eac93d9a15580f41ea95655
SHA1 31bbf4903de3beef49624eefaf7e000a474ae219
SHA256 163545409b97cbff42e44956fbfa8b55286c179348ca8495a702dc8bdc7b028c
SHA512 016da1025210c9c2a2afe05837acee5474ca1ea72c53096cb9fbc60c7b2c6350b551e2e06b21b9fcb2bac4a040ab4875b5e294d95373b84a4e884136a74da45e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67fdda1b327e50852484bbd8db060094
SHA1 18e27f2d5c1fe8fb286a90b4153dfc7d15146bcb
SHA256 b90a1fc611866fce436a453ca0ccb4fe14df8281e3e10f712fef2ac71537fb49
SHA512 664f57420f7fd5f6f27f4e1c5257a3ddbed723eb326ac7a338762345652c338dfa59402823ccc768bb178bee5edb622705b6b022fb88c6a8c5bac5fc55058535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca9e647032da4f041f73c9262581c7db
SHA1 1744ba6dd462534dbf87c93be8daf9333130ade1
SHA256 e46854b6fa94bc73604d52d87d9b8c8f1a4fee97b89a0bc3616bc895a2c1d9f6
SHA512 df2dce951e5cb3fede13e2786b7a341266a267e98a48ceb31dbd40005755d3272be4582723270d4c982f477534799c7037ca36d4587e0d5a0bf38ecfec395a86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1adca32c6d148acdd870e40ea9369bca
SHA1 59f5ca0764739d444eeed906b907bc9bfdaa082f
SHA256 c730ed9597aa1da41d715e39edaebfdfcff59217e600668e16e37cd3796cfd94
SHA512 94899a490b51737cf73c70e705f5e2e06f183fb0044c511f6789c2587947a7906d9840c732a7edddda2dce5a9162ee872f17e114c946e9127ff9f441dba526b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8240f63ae169df862b175aa1bdcda93
SHA1 ed54adc29408473cc0fbfba6d56df2ccd5144c34
SHA256 065611e0520880afd442c9f43f77e8d91b81d2a203ad44de13f1fe97c83dd3a4
SHA512 f1e8798eabbfff5f74eb54dd9c5e52e8507a74a144dcf2ce65d7c417c5d6cb64d50e69baecf15bcad50ec1652792f6e7002eb8e63b7bd8e198fa4bc171047269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a47cebe12acf969a8c55bbc71c667124
SHA1 cfca568f287fe9d4a3e7f561c6ebf71609452812
SHA256 bc5b629f810c117c89c100c7cdcd11e243793fdaf6be26c09af1b0b975d3a225
SHA512 67f49ab899f3bae569aa397a625b7abe41ad9526da38144074f8243f4d09028e5dc7a38d93721789f27724edeb8b1a3e791201a64bb135305e0b23c2d7291b67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60a05b829f510bdb19e65915b644380d
SHA1 0cebdb0bb1c28f8cc9054d6f5b5ee2356ce030d0
SHA256 f5d976ba1cd099bc7600b7ed0559ee7cd8f910287f0f83390c406f5a1dc2fbc9
SHA512 c1c359cbb458ac4a529ec4701abb11290a409c5107b63525598f118d19850359768b88a12e43a99dde80a679f5f8a978b093f8c40dc74553480b3f979b5c078e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 551c2bba10ea643a48a94572cd6c6063
SHA1 589a0fb0c3a45ee6d79ed057dba2d47afacd7bdf
SHA256 52a0e2ded31fe53144248bd09357b60f6dccaea08d018f346305f9dcd60978d0
SHA512 9d89f55829d9bdc0b38b6f384bd4f825978c38014554b6320e4708eca45f6c274f28ed39808b9022d2904cddbe69e5310b733232f5733e4534d0f6fa47449c84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a60911b287073cbf0e4520dc5363745
SHA1 0b9abf814ee761934e82185a247d22fbed13dc9d
SHA256 8c43e1bc0161d03e8bf8e631483b8c238cefd362c2829511cc468c10d9fea7ea
SHA512 1ae3569caf57eb971212c43af608e427a10891759c2f4a57d96d8c34ac02828c9dafc09da616185d043559dc9e60ab40290169582369156d824f6bc1a0fc8808