Analysis Overview
SHA256
02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6
Threat Level: Known bad
The file Mt5_Servers.exe was found to be: Known bad.
Malicious Activity Summary
Detect XenoRat Payload
XenorRat
Xenorat family
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Enumerates connected drives
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Checks processor information in registry
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-17 11:15
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-17 11:15
Reported
2025-03-17 11:28
Platform
win10ltsc2021-20250314-en
Max time kernel
725s
Max time network
727s
Command Line
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
XenorRat
Xenorat family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\windows\SysWOW64\cmstp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866842261109577" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "75" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\XenoManager\\Mt5_Servers.exe\"" | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open\command | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell\Open | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings\Shell | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\ms-settings | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe
"C:\Users\Admin\AppData\Local\Temp\Mt5_Servers.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA1CE.tmp" /F
C:\Windows\SYSTEM32\cmd.exe
cmd /c start "" "%windir%\system32\fodhelper.exe"
C:\Windows\system32\fodhelper.exe
"C:\Windows\system32\fodhelper.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2264.tmp" /F
\??\c:\windows\SysWOW64\cmstp.exe
"c:\windows\system32\cmstp.exe" /au C:\windows\temp\cd3vo5s0.inf
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}
C:\Windows\SysWOW64\cmd.exe
cmd /c start "" "C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM cmstp.exe /F
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6624.tmp" /F
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Mt5 Servers" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8D53.tmp" /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1880,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=508 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1604,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1920 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2124,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2896,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2912,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --extension-process --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3432,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3712 /prefetch:2
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4032,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4132,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4172,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4144,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4672,i,10223212956724422955,11559428816599201862,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2356,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2352 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1872,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2016,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2424 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2844,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2856 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2860,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3900,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3936,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4008,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3992 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4384,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4568,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4900,i,8103543952476679287,18380769222170591623,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb83c5dcf8,0x7ffb83c5dd04,0x7ffb83c5dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2108,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=1900,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2540 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=2112,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1880 /prefetch:8
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2868,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2876,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2936 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3964,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\ChromeAutomationData" --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2836,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3960,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=3988,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=3984 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\ChromeAutomationData" --field-trial-handle=4608,i,16546835972617493342,13477520718094796767,262144 --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\OptimizeClear.docx" /o ""
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe"
C:\Windows\SysWOW64\shutdown.exe
"C:\Windows\System32\shutdown.exe" /s /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39fc855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.31.169.57:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp | |
| ES | 83.50.225.25:4892 | tcp |
Files
memory/3360-0-0x0000000074A7E000-0x0000000074A7F000-memory.dmp
memory/3360-1-0x0000000000F10000-0x0000000000F48000-memory.dmp
C:\Users\Admin\AppData\Roaming\XenoManager\Mt5_Servers.exe
| MD5 | 5d2230f9507200accc5a6defc551bdf3 |
| SHA1 | d502142597ff51da2124c3688ec677a81206f3ea |
| SHA256 | 02b05f38602f3f153a01bc5585e7a7482852bfb964cc8865905b584e62eb71b6 |
| SHA512 | 31e9be6b7f98f2723ef8dc3e7863ccb0b9220368f013fa7735c4404d859a139753172758302b1844b9a9d8072ac0d734fa67d9d7bdb67ea41b1a20f98c9edd9e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Mt5_Servers.exe.log
| MD5 | 66aea5e724c4a224d092067c3381783b |
| SHA1 | ee3cc64c4370a255391bdfeef2883d5b7a6e6230 |
| SHA256 | 04b17cab961f973464bba8924f764edef6451d1774f2405d27ef33d164296923 |
| SHA512 | 5d719e303f491d1443cb7c7e8946481e90532522a422c98f82466e1eddcd1ef24a4505dcbf75f2191fbb66825d3550566d7f408a3854edeb4c1a192c8c9a6d06 |
memory/1488-5-0x0000000074A70000-0x0000000075221000-memory.dmp
memory/1488-6-0x0000000074A70000-0x0000000075221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpA1CE.tmp
| MD5 | c37d1bd58f29daae6573ed1ab1b00763 |
| SHA1 | 3ade010a47d3f9fd5964c3990ebca5f568bc4001 |
| SHA256 | 52b097cec40ccdb94fae545fe77de2a3e5f4fd0d1935aa069bac20fd3ca515ea |
| SHA512 | 6beb0ee089a9d044233634771de0a895bf87e2f040f663f348199cd3682885d3dc05f53182a9eca578cbc13c8ae5395cd94ffb2268b9c04d923d6f3d36e0e72b |
memory/1488-9-0x0000000005DF0000-0x0000000005E56000-memory.dmp
memory/1488-10-0x0000000074A70000-0x0000000075221000-memory.dmp
memory/1488-11-0x0000000074A70000-0x0000000075221000-memory.dmp
memory/1488-12-0x00000000056F0000-0x00000000056FC000-memory.dmp
memory/1488-16-0x0000000006850000-0x0000000006DF6000-memory.dmp
memory/1488-17-0x0000000006340000-0x00000000063D2000-memory.dmp
C:\windows\temp\cd3vo5s0.inf
| MD5 | b16c886f906327b92eaa65a1e6083f0d |
| SHA1 | ce2bbbad0b9e90c57bdb341ffd177665f164322e |
| SHA256 | 38a863d84497ec9a824bfaf5182796403fec02977c5b0138d94f28ee4658f04c |
| SHA512 | f9b89078cd9ba0b1251b1bbe3d896f7a3d34faefbd4cc4fbd5c0a34b5a85d052dea3d9e55cdcf20e94de20bf6a47b5ddd7f5a38f678f267279e5295ba23e26fd |
memory/1488-20-0x00000000011A0000-0x00000000011AA000-memory.dmp
memory/1488-27-0x0000000005B40000-0x0000000005B4A000-memory.dmp
memory/1488-28-0x0000000007900000-0x00000000079FA000-memory.dmp
memory/1488-29-0x0000000007BD0000-0x0000000007D92000-memory.dmp
memory/1488-30-0x0000000006530000-0x0000000006580000-memory.dmp
memory/1488-31-0x0000000007A00000-0x0000000007A76000-memory.dmp
memory/1488-32-0x00000000082D0000-0x00000000087FC000-memory.dmp
memory/1488-33-0x0000000007EC0000-0x0000000007EDE000-memory.dmp
memory/1488-34-0x0000000007F80000-0x000000000801C000-memory.dmp
memory/1488-35-0x0000000008020000-0x00000000082A0000-memory.dmp
memory/1488-36-0x0000000005630000-0x000000000563A000-memory.dmp
memory/1488-37-0x00000000055F0000-0x0000000005602000-memory.dmp
\??\pipe\crashpad_2912_IIVUMOROUTRFOMJB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ChromeAutomationData\Local State
| MD5 | bf0dd5f4b7857a4fb6ae9ee4b513b5c7 |
| SHA1 | 2c1b0769e2ece6be95dd58aebe6dc7e24df4ce33 |
| SHA256 | 3791c07be2c5ec66008e2351869eca1e1ee86a32ac44990c29278e94b2b5dc00 |
| SHA512 | 62cc2211923b93bf0af0726e06b4e3140e7a9251d2605fbbe5b6daaa01c645dc72d423313f54645c0dbdc8d5a9d87000c878b52a34af38017457c7385f55cf3f |
C:\ChromeAutomationData\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\ChromeAutomationData\Default\BrowsingTopicsState
| MD5 | 744f6c484393727f256bb925c2f27eda |
| SHA1 | 2cab0180f3c638992a4dbf1e74292e03b2d33643 |
| SHA256 | 0c0a9805afa2d6e889669b063177dc14e4dd06d84a3fb5b6eb9661c60e6d1727 |
| SHA512 | 43289ec07022b223fa156252a67e77a5a9a8e9865db5607bd9d99065d3b14ee60c8276e52eabeaeafd72260856fcad020d2774fc7caa53ee9bef293e05ad444d |
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 16c0033fd74093dd043d47d1d5c53020 |
| SHA1 | 575f5fa53cfb6db49230af50f7e1dc17f9c61a51 |
| SHA256 | 77dada8818138cfdf6d6dd699c25b0f39a200d09fcee180bdd01801a1a2ed0ca |
| SHA512 | 47803750db8d5f4102d031444d9fc99d550d75bef9609a5d1d9ec8e25819167f29b0ebf954823a0b6c6b02f49812252f4952b533f4dd53ae3484cf5205332f5e |
C:\ChromeAutomationData\Local State
| MD5 | 485e42af369d714d4ce4a5b6021ab11a |
| SHA1 | 50ee4a2e7db41416ab51809a4ae48abf25787988 |
| SHA256 | 146ea698538f7a0bcdb6f2debd640dab6bf6c4c5f5ac39bfad9ba93f546ed69c |
| SHA512 | 4b7a43c4af205a0b0f1f3e6bfce42b36aed4229a6e9013e5d6caf166e0b8cb5366b6a13421ed7e3f4c519fe6c5d47b2c364d4acdd027e489d30e5f8dc1b98bc4 |
C:\ChromeAutomationData\Default\Secure Preferences
| MD5 | 371befadf0edc1ee90c90599fe460d35 |
| SHA1 | 9e19526143c97d5eee0af5f02aee210cf8d3f705 |
| SHA256 | 0e7511cb39de92f07374e417633050b676442ce1961853d764c2a356f004041b |
| SHA512 | 9c8846415d1771d3e6f217e02c8c3dc75b19f858f2634e446cf229f304acd1968e856676b9cd686a9d7fd75283240f42b896cbb141b82440069bb8e02cfa99e5 |
C:\ChromeAutomationData\Default\Preferences
| MD5 | 5994b9662100064c941aeaa43f332e4c |
| SHA1 | 8f6a5b1950d0628fb7a2a4d66a44871de28295d3 |
| SHA256 | 12a7bdf6b5142f42dfd6079aa22c40b18842d324b6207b9a743cb38a1994154e |
| SHA512 | 722c894d6d71e541298eafe898236740604928b04a58906eeeb061b19d184be8e7afa79002a65fb340412f5d97dc2c5ea8fab932f12d17beaf35b4b0291b2dd4 |
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e8da7.TMP
| MD5 | 8e87a52afe60f1ce03b287d6e672248d |
| SHA1 | c867999a1e5fcd74871a1f9ac21b78a120a2fe75 |
| SHA256 | 41e9a0e438943e0f44b863e2949a3912c8c63e83dd80671752f973aa5ffb8d30 |
| SHA512 | f11a3eced1de794ed9dc9af3ef1b19b48e89a90561b6ff64882b29bcd6dda5b7548ad623266e8241019f16222a3003a50a7a23678950d4c757755aec94d98ddd |
C:\ChromeAutomationData\Default\Network\Network Persistent State
| MD5 | cea8385e0d9393f3e72d898345b4bd63 |
| SHA1 | c2f6f1470c99bedbf70d0e1f3d92f9a032d7e10a |
| SHA256 | 88af61aa3d646bb24210c90c9fd28057d1c0d673d9c32d2d0c86743783bf70d6 |
| SHA512 | ec15fb1caf4c863ec29c8704c4595a8721a7fd9b7569bac88792ac4f6711d2305b94ee975e65ff3a78524dd44412ccd4c8eb84c066efc29a20a882a5dc3b2739 |
C:\ChromeAutomationData\Default\Network\TransportSecurity
| MD5 | 7bd184e68a3a37159733c8593a7d617f |
| SHA1 | a764f2582d5453dadd77499fb3bc398e2208b80c |
| SHA256 | 7a2a303f0106933a9198ac3562114c1050848a588527a76df63ac1750842e5cc |
| SHA512 | 42a6316ed90d0e5f25ec01726910490e6597e8f1efc8a7091731277d61e400539aef3958e6b6fb72fc87d28aa7060deb2171307d6fb25472fec933d19dd73737 |
C:\ChromeAutomationData\GrShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\ChromeAutomationData\CrashpadMetrics-active.pma
| MD5 | b0366599d64b0fc1adb2a712dcd02ee1 |
| SHA1 | b7a1c09ccd2846664cab5f76bd80b8e9f107acb0 |
| SHA256 | ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189 |
| SHA512 | d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0 |
C:\ChromeAutomationData\Crashpad\settings.dat
| MD5 | 877e1831bd7bef755e7954242558a2d7 |
| SHA1 | e4909c282432b5f3690004d582bfeee70cfc1417 |
| SHA256 | 7e20c83558de0b01fc56cd81408362bbab99dfafea1fd76a9532647a637d75d1 |
| SHA512 | c1cac7411448b9fef011035624b43e512e8c7feb85660482e756beea38a96463e556700239e22ea43bc3ef58d2054fec07c44ac2f565164b9cf7ad4400d5bed2 |
C:\ChromeAutomationData\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\ChromeAutomationData\Default\Cache\Cache_Data\f_000005
| MD5 | 3ae3bf0d2862a48df337b337cd9e40da |
| SHA1 | 12decab866f7c4296640aa3c7c0ef39c5d0dd87d |
| SHA256 | e6e322fd36c865540479809ced2c00bfe41edb1a7db9425a0e455b727f4845fa |
| SHA512 | eb61df0e3eee79bfa35058b44bf6e34b8a587b5b62756551aba484d7d60d27551dc6ce08d008b1fad35152e2afc658685fef14fd495db427f3d705b0e76cc334 |
C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7a2076312443818af7aaff888deafda |
| SHA1 | e37bdce34e3d9d4b58cf3d1b35838be2ec602fcf |
| SHA256 | e7af7aa2cf26507d234a2e609b404b2b397457bf375d4b72531f53266a4cee2f |
| SHA512 | fb83afd2964c15b6d88e7608ec5c8509c9de8fa065bdb872e6451522c413e794533fde9ac04eaa9ee2e0b66c92e32ceb1dfeaa52b5f1e6ea2fb233cc6401fb02 |
C:\ChromeAutomationData\Default\Network\Reporting and NEL
| MD5 | 47130b1690571336417c88634469c548 |
| SHA1 | dc952b5e7e9457b078e33ec09cbfb31ed0a75222 |
| SHA256 | 27bc77d1477a23f0d004b2bcf5be8bdc3791dcb11aa5d400043ff4c557417587 |
| SHA512 | a7ccc2ce4ebafb42dbec3e6a1cc8bdb029061693f5bb4b9eb5df2242243b50f632ecfda3b31c77e2e29e2f157dd61de1bc7c8190ad3f6d21df79501120e904c4 |
C:\ChromeAutomationData\Default\Service Worker\Database\000003.log
| MD5 | 9f1a0446e6aa1ebb7ef31a9ac4b37d0f |
| SHA1 | addd25b08a96832e81a8e1cce6e1a5d87b786402 |
| SHA256 | a0e640f6727332dc5433c31be17e1ccbb17ef6d274ce7e47083bfcedd51590fd |
| SHA512 | 6af461979bfd3cd368bcf50bb72754398a98cb3dcec2423d1ea71e7eb9f4727d7eadfc4cb8aa5334f8c8b1360802d1eaecd8d90661ac6d4d33d6c75370c3edea |
C:\ChromeAutomationData\Default\Network\Cookies
| MD5 | 7a602cfae1c105f7bbbd92bfd6df519f |
| SHA1 | d052a2c5417cf059c5e4a5d485a746443035a8d1 |
| SHA256 | 21a7c4d26f4e194165fc22de4da5a5de52ab888a3c35810f6233bc9d2d1fce3f |
| SHA512 | 6144e1d939a0a76f2d68f63e56a0942f53b37ebce98699c47494dec3acbd2c155b2a054b6b13c6298a6570e5f06295b858e0ae683764eb4beb05d9ad397b78bc |
C:\ChromeAutomationData\Default\Service Worker\Database\LOG
| MD5 | f9c6313cb02917f71283a75ca8ef2751 |
| SHA1 | 9c6cf8ca1243e1dcda01298f416af9c4491b6442 |
| SHA256 | a99bfeccf018ab966e5012080609b80f4e53ad444f452d29169dfdf3ea177281 |
| SHA512 | 61b53b8e09d13837fa6ef49f7a487f50b7d9a8b1b37864c31b49845221eb0f566e20ff3a12a2f31abaaf1e54b08693d5d33140fcd051bc1f6787de5c62918f80 |
C:\ChromeAutomationData\Default\Site Characteristics Database\LOG
| MD5 | e5b48e2df1f21e48581f6fdb1fefc8c2 |
| SHA1 | d5c036ea833e903cdc1737c94a972a17da9069b1 |
| SHA256 | c1f038c65fb43674f7df1a6c0a890f94ae0692c59954956ef4ade402029f2b86 |
| SHA512 | 75f335490dd1396c0c4eb3d81be0f425ba8f18695e58910df1ca5dbc2d1602aba5b9c1a7f311cd139c34a95df104fe9e257960332d8116c3b5af3e0e1d371564 |
C:\ChromeAutomationData\Default\Shared Dictionary\cache\index-dir\the-real-index
| MD5 | 43152d457bc29ffb8b8aee62cdf911a3 |
| SHA1 | 66eba778cd63b4f507777ae020969f5b50d2f037 |
| SHA256 | 17127dfbc33838a5ea58219587948b38faff2cf59cf391d243133d911533c5f0 |
| SHA512 | 14da73e24cccac3577cb51be50c721e353fa10e516d0c29e5df1dbdd0ce8985446aa7292be5ba3bb7871abc95895660d31e41426b03b9f632521df5517b0cc52 |
C:\ChromeAutomationData\Default\Sync Data\LevelDB\LOG
| MD5 | 6b8135a00966bc4a6a3a7712a9b54469 |
| SHA1 | 4844a61401da103bcd6cd8c3159db6aa56da015f |
| SHA256 | fb51c523b50058faabe98b4d581ef710c7e9cded56ae6a62cb596e6c38841f9e |
| SHA512 | 24c298ba775384112a14b6dcb85f411383e9fee31767c458287246cf203e1365b0b85ab9b6ac0c918e63a010e7e218661d25290ff560530833c7eb8a51a3ea22 |
C:\ChromeAutomationData\Default\Cache\Cache_Data\f_000006
| MD5 | 9fe7c2b4a9f6544f0a728739b7de1b3b |
| SHA1 | 4c65cce42054956839c0643110da633955ee2e5d |
| SHA256 | 923648bd8061e605a81c0b8add9ee441fd9620cf57b8e1ba8d1f655aced8abce |
| SHA512 | 362256848ba6aa0388244a87eaaa78fa9f162c2145cc53f10ec4f206f669c939af5db690bf7cb81e3e1fabd2b11c73bba4ab8c7f30fdc3ab8993a85fd88fbfc6 |
C:\ChromeAutomationData\Default\Cache\Cache_Data\data_3
| MD5 | c2e1b4b97b29403e9623a54c404c7a02 |
| SHA1 | 2d58b778e087520fd6c313a718692fa562d93990 |
| SHA256 | 851f065cf83bff317edb22d4bd43046295c5f47c40f7cb82b30a14d5ec78f670 |
| SHA512 | 76adf4854a12063597f413474f4f39c9cc48dec8d0f639bf98ee86ccf57856fc37353d49061bdaedd46cfbaf675fe6681d4245ff549695302ec726c086fdb35e |
C:\ChromeAutomationData\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | 94482eec5d93f0083925b12b69d12796 |
| SHA1 | ffc46b7310b23245ebd0930840fc3599f20bfb02 |
| SHA256 | 1212f05112950d6fec60a6f3e9de08d87627ad8fb888c3f3395d138f7d5d19fc |
| SHA512 | ad2bc6da4567a9926de6d3eb773527808c65a48b554778078c536a0c506048e34033572356a451e6249c78dc8c1e1b9a655d1f39544be010147889d90141845f |
C:\ChromeAutomationData\Default\Cache\Cache_Data\data_1
| MD5 | 501984b853089ed94a3d586f0ffb3966 |
| SHA1 | 9031c7fbf2a68c4db2bd863c4ec667703029e450 |
| SHA256 | fac74942c512203d291671817bba5a8fafa8a54e0609d5e456a27bc26c72b965 |
| SHA512 | 4f928fb3a805aa42d76f094c1b19211bbbe75f1df1c8ef960c7e678e344cbf5e628a56bbd6f8f216b4689583f8bfcfe1cc2634e8391173e62f479cea69fddbe7 |
C:\ChromeAutomationData\Default\Cache\Cache_Data\data_0
| MD5 | 5d21d3d629531ca93207cdfdb759a21d |
| SHA1 | 98a1159c8fcb14ae06a33ba02ff05cfa098feae8 |
| SHA256 | 2d1f32969717d376eb2f7483fa50d3fbd90a6c869c4e5f614027101f164c16c7 |
| SHA512 | d1699813adcef6033093d089ca3879824a77bc2b2b13f2a279581cbd1da7e06d85cbf56604b1cf41f79f596498af493c7c3572d4e90a1b8d3db2ae2cb239f5a3 |
C:\ChromeAutomationData\Last Version
| MD5 | a4710a30ca124ef24daf2c2462a1da92 |
| SHA1 | 96958e2fe60d71e08ea922dfd5e69a50e38cc5db |
| SHA256 | 7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7 |
| SHA512 | 43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15 |
C:\ChromeAutomationData\Default\WebStorage\QuotaManager-journal
| MD5 | 0e7cd1dfc7d2560b4190317f4cd4ac80 |
| SHA1 | 94f2c00843aa0ccff73f3cece9b7f76eb475d837 |
| SHA256 | fd335710c1117703a3415bcd07fb6e06ddf5bc380179b30258a3bff0a00a0673 |
| SHA512 | 3cb3e15f710b05e673c85f9b7742e4c5981aa5e1bebdfc501903d7ab82377d427d4bbdbd9774a051839628dd28c6431657d9c938c1cb8bcd46ae2b7c780dd041 |
C:\ChromeAutomationData\Default\Extension State\LOG
| MD5 | 844cb20cab4999e4855b5f6da1ece2eb |
| SHA1 | 21fbf544a94c235ed3d6ba9d7d961680304d4690 |
| SHA256 | bddbe15e7dae86ead23aae785b57cb0f81d0b342d2ddb8fe569f675b68a52f46 |
| SHA512 | 886b4eb081594a39787ba694bf858a4d324c70ebb78cbd4339e8674850b6d2603a711f471b43c32218df9750e0bc2ec5386f4a52229f38ebcc7c34b338a481ad |
C:\ChromeAutomationData\Default\Session Storage\LOG
| MD5 | abd7e7e358783a3de581f0d29b1bf7ef |
| SHA1 | cf24f2ad347c0d3748d3029f8ac6d1a502cc8bc6 |
| SHA256 | a894e51c83e75236c9d74a7a4ad6b709f02a205c2a9b749a9e6ab7752f06276e |
| SHA512 | c84f9b0a481469d50fb2b6e91610328b6cd99658bdac6e92e6905fd2b38a171c15609447a7b62e78a66a1f8d5ee36436351b39ecd4c6d910935c051075fc4b75 |
C:\ChromeAutomationData\Default\Local Storage\leveldb\LOG
| MD5 | a2ecd4b31414f91326c5e7e331c2c040 |
| SHA1 | 13a8ed6dbba5365e6a08957acd0ae2ee0eafd4dd |
| SHA256 | 21d8e4c75dfbc5bc345c99f2c4bf0fd895f31c5df3c844cbe14e57f151c7a37e |
| SHA512 | 06fc63061a5ca4157aad30a3e3c0ec57ceeafeda9770c1a87580aca7ac78204f0d1e566c5be91527158a5923ff719530bc549f0dbeef11f16b9e54c4e902ea9a |
C:\ChromeAutomationData\Default\shared_proto_db\000003.log
| MD5 | e18c391ad084e9139bd94638efc7f8f1 |
| SHA1 | c1be85d4af510733c7a3d33df557813960638fe4 |
| SHA256 | a580436e8e14d59ca3859e00232dcdd5d2c47c81cb948bf2a5c723dbc626c9ae |
| SHA512 | f05f3c2725c33d423b68bcbc8bc4343fc8ced5c54abba929567c93a60cc5c17f6adc66d5dcc9249867a382fd41023c2a24d5cb66716a04fe0f907a736a08bf05 |
C:\ChromeAutomationData\Default\shared_proto_db\LOG
| MD5 | 22d21a333855f401b979fc2df08fba81 |
| SHA1 | d2443f4b3931a15070bdced29e5ff1b63acdfc8d |
| SHA256 | 5e87cfa91567fc2d4333c500e95022fc3e3c6c63a8f6ebc4b998145ce5238a02 |
| SHA512 | 4b41cd27614717a89e8d019c50f783f5f68d8cf33b779dfcf6621eac9778dab15d2d9cb155b49a5e66ff409ae759218e163d9c020f7d6af2a19f2aa3fa2a584f |
C:\ChromeAutomationData\Default\shared_proto_db\metadata\000003.log
| MD5 | 44c565ee1b5704cc3a0a524f7b342f28 |
| SHA1 | e08e26db0a2ba208a6c5792ef1feeac5fdc80f17 |
| SHA256 | a4a0ef17b61e3e6b5ee73ba71ec1e157b47819b352ee25b39f26df7401249279 |
| SHA512 | 3c2fab00ae32f2d167a00e31505334e2de976495af59499f9e8fe8400c3ec204d146efab1340cb702eb19c13629818e49e021c83dadbf8104e2b0cfec7d59e46 |
C:\ChromeAutomationData\Default\shared_proto_db\metadata\LOG
| MD5 | 0db8f69b65d2ad71fc5f22214c18f215 |
| SHA1 | c6b5f6ec19de489c24df2d266f1fbb96d45d021d |
| SHA256 | edb11007a598be94ee2042047ebf7a37e8b56e1a758a5556f487a4c703f8edb1 |
| SHA512 | 50a889a9440cc7b520cc1b0869814cc15c350d872030e70f0b26e90f0014bb05009bff29fa5e6c8f7c72e7b36d29024ea9bb8950f814fe100b39965f4adbea4e |
C:\ChromeAutomationData\Default\WebStorage\QuotaManager
| MD5 | 548bd3db7df32db5794c8d969051e9fd |
| SHA1 | e52f06105525b650f59c122a7cc6613b11ff8ee1 |
| SHA256 | 8439f55472407cbcb8505f1fdd4da32a8b6ba6eb72d6123edbfd8705f1006ddc |
| SHA512 | 9c0ad65732a6dd5d4e2c623befbf3e5a6b8123a97452734aa97f9e16216b71bd2b6f4659be5f4ef4f5dbf9e50158974704b6cdfbb63f3cfe07e66d3484f4fb3c |
C:\ChromeAutomationData\Local State
| MD5 | 4fa24fbc5737792a09e920d3a41a2da1 |
| SHA1 | 61cbd5402bd1814be28effa8d56a7d4c1b14e616 |
| SHA256 | 55423b2cdf12f636fe4dfa256535beafa69aaafcbc7aab8b6f7838be2fcff520 |
| SHA512 | 7257ca9af271923470ee7e9425af4cbc9d207d61bbdec5ade20d0a8d56364939e8ad14a377627bc9b7c850007b8a9ce8ba736285c8ad74bfde9a0e18639ed39d |
C:\ChromeAutomationData\Default\Preferences
| MD5 | 684fb8949b75fe68d8d688a86c2e648e |
| SHA1 | 99e8885e6dadce0932bedf53fc6b4a147697268a |
| SHA256 | f17d76ae8064139f6e7c4ac11dc2d152c1a04934a72d40e7173b238ae519cc1b |
| SHA512 | 5d74b90bac7e1747737b4fd14f40c70117730ab15417926fb35acec8a7190469c1236b1dcfb7a7fab0bcfb3e153420add0d4af7e0bb8646f9a8147097af9a41f |
C:\ChromeAutomationData\Local State
| MD5 | 059898e0517d541df785b7f5f73db902 |
| SHA1 | 31dc0715e6fe817a6bac8f09fc02df459c646987 |
| SHA256 | 1911430bb6ef702b3387cbd42b1790ab39338f2cc45dcd669df497fcb8cdc057 |
| SHA512 | a1563f7aa0f02b8fa9d8eeac8b439999f151ead44d2df705d5c66a32e7bfe0e89228f41f3e0b27224936c5d89defb35d5595485436e63722970f6629680d9bdf |
C:\ChromeAutomationData\Default\Preferences
| MD5 | f322c4db7b54a1f21791570689ddb6f7 |
| SHA1 | 01c13150e85462f40b109d981e63466c5d9a805d |
| SHA256 | 124847c37dab8d9010777d5ff2a46949bb0bd6abf855312c9653379ab74f937c |
| SHA512 | bcae5f1b314e265f4527ae9104d6f4686cd92966092b5459a0a01d922593da04b86052ec96fbe31e5037efe16e92283416c91067dd12b32708b8d876ae4e0706 |
C:\ChromeAutomationData\Default\Network\TransportSecurity
| MD5 | 1b8f53fcc3b46a594654a7a0e6b18014 |
| SHA1 | e85c1172a5c8ba118539f9a7eda6e02bd364b465 |
| SHA256 | 928dd588476e6af7630c247486e087311fe97fc2652c2657dcf3896fd2dbb3e4 |
| SHA512 | e8bdc90e43c5f6daed0cd783631122304904bf6aeb3c074ad4a909c86ac7e848697bc9ba55f3802e0a7678c6151098719af6d3d6a5b91d9005046c5ab4767982 |
C:\ChromeAutomationData\Default\Network\Network Persistent State
| MD5 | f7ab5f1823fd4ebdc943ab3778f44a3c |
| SHA1 | 00e1e436276cf7081ec2831b015d0243ad025b28 |
| SHA256 | 42c648e53f9ce3d76ee6d51db8cbf6da955974cd8fff0e6ed0eae793deabf83c |
| SHA512 | ae5b0153d7209080d4e431fc467d90dd19d48026ba0ab23b483c62cccfbd3ad9ab903cda95a8b5101922e5dbba61311e4d33244783a5a8501c1bc05267b50df1 |
C:\ChromeAutomationData\Default\e7ed475c-c303-4cfd-bf35-524c642a0acd.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\ChromeAutomationData\Local State
| MD5 | 72ec919f68c8c16dcebc81566e825e5d |
| SHA1 | 21a777b367bd38c64cac92e0ea42bb178e06b9f5 |
| SHA256 | 14be57e55629687d9f5fc98390b7c35da6870518ef78db48f8813b14b4f70322 |
| SHA512 | f104ce17887ef3985926d24d468cff2144a183a65b7db6f01c8faddd2899fa5761989998a06eb068d4002b8717c9fa06b3f3b25bd6c3ad09922192be483e4938 |
C:\ChromeAutomationData\Default\Preferences
| MD5 | 77d70e1bcf25ecb5b2c315b557666b54 |
| SHA1 | 826e7cb9d97c4d197fb2423d8b099df6116bcfc6 |
| SHA256 | f2706d5eff51a9c024fef163fffb51fe3d00858e4a39fee707a4f2c99b028048 |
| SHA512 | cf9542238938be55e51c1f5d90588bd0d2a6715b13e4d4e29fb7c7f3ba7b2b1f3683af8bc78fef1d5c333132656fc8588af924c0c22d368b59b0434ae511db46 |
C:\ChromeAutomationData\Default\Network\TransportSecurity
| MD5 | 66ed69130aba8a47bf67b0b278534c89 |
| SHA1 | ede69e7e4da7c5a38ace0a5340db6216a9bf11a9 |
| SHA256 | a63f43ae4fcf2e58d8db2500b91119e9c9ab647ba7142376476113bafe27e9f9 |
| SHA512 | 036e9d4d77170adc87bc959cba91d0991f43cfc827f63ab80e54268aea5db1b27b5b5ddff14e99faa0fb30da489a8c6754f1db16253f4ea65db44a33cf5a634c |
C:\ChromeAutomationData\Default\Network\Network Persistent State
| MD5 | e305132260eb93d1b282265c7f32fd51 |
| SHA1 | 74bf39f3350781ddf335877447cd9ab6bd33a37c |
| SHA256 | c1ee1fcf7886123fe6af9839601634378d7abf997620005bcccd09192175fb15 |
| SHA512 | 34ffb6e1d179c3df64be359d52ebe4a911f4278014bb8957c5cf27e5bac7401e73a7b0e8780b94a6ca69017cee94f2bc203a35e0a56fe21b351dcbcf91e06f4a |
memory/6104-502-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-504-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-505-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-506-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-503-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-507-0x00007FFB506B0000-0x00007FFB506C0000-memory.dmp
memory/6104-508-0x00007FFB506B0000-0x00007FFB506C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 51fd5f0ed3721e2ad971c262e1d25db3 |
| SHA1 | 9eaf0facf8bf360ddbd1c5cbd3792d28585c21fd |
| SHA256 | 6525b59f5b05580d992e42d4c6a4bbe71e431e0bc05c293646a37fcae2638d3c |
| SHA512 | 17cd2a6b8feeb1092e47263bcadc8d65dbf6b44c22786da8be3d1311e5c7022554362322838b3ff6354b366cec58177b53c280e90f04a4d14845b6648a9f0d3d |
memory/6104-543-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-544-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-545-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/6104-546-0x00007FFB52CD0000-0x00007FFB52CE0000-memory.dmp
memory/5900-547-0x0000000007C50000-0x0000000007C5A000-memory.dmp
memory/1488-548-0x0000000005610000-0x000000000561A000-memory.dmp
memory/2020-549-0x0000000005030000-0x0000000005038000-memory.dmp
memory/3316-550-0x0000000002360000-0x0000000002396000-memory.dmp
memory/3316-551-0x0000000004F10000-0x00000000055DA000-memory.dmp
memory/3316-553-0x0000000005650000-0x00000000056B6000-memory.dmp
memory/3316-552-0x0000000004EC0000-0x0000000004EE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_esrpisf4.3ei.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3316-559-0x00000000057A0000-0x0000000005AF7000-memory.dmp
memory/3316-565-0x0000000005DF0000-0x0000000005E3C000-memory.dmp
memory/3316-564-0x0000000005D40000-0x0000000005D5E000-memory.dmp
memory/3316-566-0x0000000006310000-0x0000000006354000-memory.dmp
memory/3316-567-0x0000000007770000-0x0000000007DEA000-memory.dmp
memory/3316-568-0x0000000007110000-0x000000000712A000-memory.dmp
memory/3316-570-0x0000000007300000-0x0000000007332000-memory.dmp
memory/3316-571-0x000000006F4D0000-0x000000006F51C000-memory.dmp
memory/3316-572-0x000000006F700000-0x000000006FA57000-memory.dmp
memory/3316-582-0x00000000072E0000-0x00000000072FE000-memory.dmp
memory/3316-583-0x0000000007340000-0x00000000073E3000-memory.dmp
memory/3316-584-0x0000000007420000-0x000000000742A000-memory.dmp
memory/3316-585-0x00000000074E0000-0x0000000007576000-memory.dmp
memory/3316-586-0x0000000007460000-0x0000000007471000-memory.dmp
memory/3316-587-0x0000000007490000-0x000000000749E000-memory.dmp
memory/3316-588-0x00000000074A0000-0x00000000074B4000-memory.dmp
memory/3316-589-0x00000000075A0000-0x00000000075BA000-memory.dmp
memory/3316-590-0x0000000007580000-0x0000000007588000-memory.dmp
memory/2020-591-0x0000000007890000-0x0000000007898000-memory.dmp
memory/1488-592-0x0000000074A70000-0x0000000075221000-memory.dmp