CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log
FILE	chrome	2025-07-14 10:34:50	2025-07-14 10:37:56	186 seconds	Show Options	Show Log

procdump=1
amsidump=1

2024-04-29 04:31:22,687 [root] INFO: Date set to: 20250714T03:34:49, timeout set to: 150
2025-07-14 03:34:49,000 [root] DEBUG: Starting analyzer from: C:\tmp9sa_k9cw
2025-07-14 03:34:49,000 [root] DEBUG: Storing results at: C:\SuHdmL
2025-07-14 03:34:49,000 [root] DEBUG: Pipe server name: \\.\PIPE\EiLQFNy
2025-07-14 03:34:49,000 [root] DEBUG: Python path: C:\olddocs
2025-07-14 03:34:49,000 [root] DEBUG: No analysis package specified, trying to detect it automagically
2025-07-14 03:34:49,015 [root] INFO: Automatically selected analysis package "chrome"
2025-07-14 03:34:49,015 [root] DEBUG: Importing analysis package "chrome"...
2025-07-14 03:34:49,015 [root] DEBUG: Initializing analysis package "chrome"...
2025-07-14 03:34:49,015 [root] INFO: Analyzer: Package modules.packages.chrome does not specify a DLL option
2025-07-14 03:34:49,015 [root] INFO: Analyzer: Package modules.packages.chrome does not specify a DLL_64 option
2025-07-14 03:34:49,015 [root] INFO: Analyzer: Package modules.packages.chrome does not specify a loader option
2025-07-14 03:34:49,015 [root] INFO: Analyzer: Package modules.packages.chrome does not specify a loader_64 option
2025-07-14 03:34:49,046 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2025-07-14 03:34:49,046 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2025-07-14 03:34:49,046 [root] DEBUG: Importing auxiliary module "modules.auxiliary.default_apps"...
2025-07-14 03:34:49,046 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2025-07-14 03:34:49,062 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2025-07-14 03:34:49,062 [root] DEBUG: Importing auxiliary module "modules.auxiliary.evtx"...
2025-07-14 03:34:49,078 [root] DEBUG: Importing auxiliary module "modules.auxiliary.fiddler"...
2025-07-14 03:34:49,078 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2025-07-14 03:34:49,093 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2025-07-14 03:34:49,093 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-07-14 03:34:49,156 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-07-14 03:34:49,156 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-07-14 03:34:49,156 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2025-07-14 03:34:49,156 [root] DEBUG: Importing auxiliary module "modules.auxiliary.tlsdump"...
2025-07-14 03:34:49,171 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2025-07-14 03:34:49,171 [root] DEBUG: Initializing auxiliary module "Browser"...
2025-07-14 03:34:49,171 [root] DEBUG: Started auxiliary module Browser
2025-07-14 03:34:49,171 [root] DEBUG: Initializing auxiliary module "Curtain"...
2025-07-14 03:34:49,171 [root] DEBUG: Started auxiliary module Curtain
2025-07-14 03:34:49,171 [root] DEBUG: Initializing auxiliary module "DefaultApps"...
2025-07-14 03:34:49,203 [modules.auxiliary.default_apps] DEBUG: Getting current user SID using WinAPI
2025-07-14 03:34:49,203 [root] DEBUG: Started auxiliary module DefaultApps
2025-07-14 03:34:49,203 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2025-07-14 03:34:49,203 [modules.auxiliary.digisig] INFO: signtool.exe was not found in bin/
2025-07-14 03:34:49,203 [modules.auxiliary.digisig] INFO: dummy
2025-07-14 03:34:49,203 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, unsupported analyzer package
2025-07-14 03:34:49,203 [root] DEBUG: Started auxiliary module DigiSig
2025-07-14 03:34:49,203 [root] DEBUG: Initializing auxiliary module "Disguise"...
2025-07-14 03:34:49,609 [modules.auxiliary.disguise] INFO: Setting NoRecentDocsHistory
2025-07-14 03:34:49,609 [root] WARNING: Cannot execute auxiliary module Disguise: [WinError 2] The system cannot find the file specified
2025-07-14 03:34:49,609 [root] DEBUG: Initializing auxiliary module "Evtx"...
2025-07-14 03:34:49,625 [modules.auxiliary.evtx] INFO: Loading audit policy C:\tmp9sa_k9cw\bin\auditpol.csv
2025-07-14 03:34:49,890 [modules.auxiliary.evtx] INFO: Wiping logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:34:50,546 [root] DEBUG: Started auxiliary module Evtx
2025-07-14 03:34:50,546 [root] DEBUG: Initializing auxiliary module "Fiddler"...
2025-07-14 03:34:50,546 [modules.auxiliary.fiddler] INFO: fiddler package: dummy
2025-07-14 03:34:50,546 [root] DEBUG: Started auxiliary module Fiddler
2025-07-14 03:34:50,546 [root] DEBUG: Initializing auxiliary module "Human"...
2025-07-14 03:34:50,546 [root] DEBUG: Started auxiliary module Human
2025-07-14 03:34:50,546 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2025-07-14 03:34:50,546 [root] DEBUG: Started auxiliary module Screenshots
2025-07-14 03:34:50,546 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2025-07-14 03:34:50,562 [modules.auxiliary.sysmon] INFO: Seeing if we need to update sysmon config
2025-07-14 03:34:50,562 [root] DEBUG: Started auxiliary module Sysmon
2025-07-14 03:34:50,562 [root] DEBUG: Initializing auxiliary module "TLSDumpMasterSecrets"...
2025-07-14 03:34:50,562 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 556
2025-07-14 03:34:50,562 [lib.api.process] INFO: Monitor config for process 556: C:\tmp9sa_k9cw\dll\556.ini
2025-07-14 03:34:50,562 [modules.auxiliary.sysmon] INFO: Found Sysmon Executable
2025-07-14 03:34:50,562 [modules.auxiliary.sysmon] INFO: Found Sysmon config
2025-07-14 03:34:52,671 [modules.auxiliary.sysmon] INFO: Clearing existing sysmon logs
2025-07-14 03:34:53,578 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2025-07-14 03:34:53,578 [lib.api.process] INFO: Option 'amsidump' with value '1' sent to monitor
2025-07-14 03:34:53,578 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-07-14 03:34:53,578 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp9sa_k9cw\dll\agkjlt.dll, loader C:\tmp9sa_k9cw\bin\MGPcLIxr.exe
2025-07-14 03:34:53,593 [root] DEBUG: Loader: Injecting process 556 with C:\tmp9sa_k9cw\dll\agkjlt.dll.
2025-07-14 03:34:53,640 [root] DEBUG: 556: Python path set to 'C:\olddocs'.
2025-07-14 03:34:53,640 [root] DEBUG: 556: Disabling sleep skipping.
2025-07-14 03:34:53,640 [root] DEBUG: 556: Process dumps enabled.
2025-07-14 03:34:53,640 [root] DEBUG: 556: AMSI dumping enabled.
2025-07-14 03:34:53,640 [root] DEBUG: 556: TLS secret dump mode enabled.
2025-07-14 03:34:53,640 [root] DEBUG: 556: Monitor initialised: 64-bit capemon loaded in process 556 at 0x000007FEECC50000, thread 356, image base 0x00000000FF8A0000, stack from 0x0000000001432000-0x0000000001440000
2025-07-14 03:34:53,656 [root] DEBUG: 556: Commandline: C:\Windows\system32\lsass.exe
2025-07-14 03:34:53,671 [root] DEBUG: 556: Hooked 5 out of 5 functions
2025-07-14 03:34:53,671 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-07-14 03:34:53,671 [root] DEBUG: Successfully injected DLL C:\tmp9sa_k9cw\dll\agkjlt.dll.
2025-07-14 03:34:53,671 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 556
2025-07-14 03:34:53,671 [root] DEBUG: Started auxiliary module TLSDumpMasterSecrets
2025-07-14 03:34:53,671 [root] DEBUG: Initializing auxiliary module "Usage"...
2025-07-14 03:34:53,671 [root] DEBUG: Started auxiliary module Usage
2025-07-14 03:34:56,359 [root] INFO: Restarting WMI Service
2025-07-14 03:35:00,515 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files\Google\Chrome\Application\chrome.exe" with arguments "--no-sandbox --test-type --ignore-ssl-errors "C:\Users\pgabriel\AppData\Local\Temp\PointDragControls.min.js.html"" with pid 2856
2025-07-14 03:35:00,515 [lib.api.process] INFO: Monitor config for process 2856: C:\tmp9sa_k9cw\dll\2856.ini
2025-07-14 03:35:00,531 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2025-07-14 03:35:00,531 [lib.api.process] INFO: Option 'amsidump' with value '1' sent to monitor
2025-07-14 03:35:00,531 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp9sa_k9cw\dll\agkjlt.dll, loader C:\tmp9sa_k9cw\bin\MGPcLIxr.exe
2025-07-14 03:35:00,546 [root] DEBUG: Loader: Injecting process 2856 (thread 1288) with C:\tmp9sa_k9cw\dll\agkjlt.dll.
2025-07-14 03:35:00,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-07-14 03:35:00,546 [root] DEBUG: Successfully injected DLL C:\tmp9sa_k9cw\dll\agkjlt.dll.
2025-07-14 03:35:00,546 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2856
2025-07-14 03:35:02,546 [lib.api.process] INFO: Successfully resumed process with pid 2856
2025-07-14 03:35:02,593 [root] DEBUG: 2856: Python path set to 'C:\olddocs'.
2025-07-14 03:35:02,593 [root] DEBUG: 2856: Disabling sleep skipping.
2025-07-14 03:35:02,593 [root] DEBUG: 2856: Process dumps enabled.
2025-07-14 03:35:02,593 [root] DEBUG: 2856: AMSI dumping enabled.
2025-07-14 03:35:02,593 [root] DEBUG: 2856: Dropped file limit defaulting to 100.
2025-07-14 03:35:02,593 [root] DEBUG: 2856: Google Chrome specific hook-set enabled.
2025-07-14 03:35:02,609 [root] DEBUG: 2856: Monitor initialised: 64-bit capemon loaded in process 2856 at 0x000007FEECC50000, thread 1288, image base 0x000000013F270000, stack from 0x0000000000912000-0x0000000000920000
2025-07-14 03:35:02,609 [root] DEBUG: 2856: Commandline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --test-type --ignore-ssl-errors "C:\Users\pgabriel\AppData\Local\Temp\PointDragControls.min.js.html"
2025-07-14 03:35:02,625 [root] DEBUG: 2856: Hooked 16 out of 16 functions
2025-07-14 03:35:02,640 [root] INFO: Loaded monitor into process with pid 2856
2025-07-14 03:35:02,640 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCA50000: C:\Windows\system32\cryptbase (0xf000 bytes).
2025-07-14 03:35:02,656 [root] DEBUG: 2856: DLL loaded at 0x000007FEF8690000: C:\Windows\system32\WINMM (0x3b000 bytes).
2025-07-14 03:35:02,656 [root] DEBUG: 2856: caller_dispatch: Added region at 0x000000013F270000 to tracked regions list (ntdll::NtClose returns to 0x000000013F377089, thread 1288).
2025-07-14 03:35:02,656 [root] DEBUG: 2856: caller_dispatch: Scanning calling region at 0x000000013F270000...
2025-07-14 03:35:02,656 [root] DEBUG: 2856: ProcessImageBase: Main module image at 0x000000013F270000 unmodified (entropy change 0.000000e+00)
2025-07-14 03:35:02,671 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB820000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2025-07-14 03:35:02,671 [root] DEBUG: 2856: DLL loaded at 0x000007FEFD560000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2025-07-14 03:35:02,671 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2516: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:02,671 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2516
2025-07-14 03:35:02,687 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC9F0000: C:\Windows\system32\apphelp (0x57000 bytes).
2025-07-14 03:35:02,687 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2516
2025-07-14 03:35:02,703 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:35:02,703 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
2025-07-14 03:35:02,703 [root] DEBUG: 2856: DLL loaded at 0x000007FEF99E0000: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2025-07-14 03:35:02,703 [root] DEBUG: 2856: DLL loaded at 0x000007FEFDFA0000: C:\Windows\system32\shell32 (0xd88000 bytes).
2025-07-14 03:35:05,546 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:35:05,859 [lib.common.results] INFO: File 1752489305765625000.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:35:05,875 [lib.common.results] INFO: File 1752489305812500000.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:35:05,890 [lib.common.results] INFO: File 1752489305765625000.Application.evtx.gz size is 6802, Max size: 100000000
2025-07-14 03:35:05,906 [lib.common.results] INFO: File 1752489305828125000.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:35:05,921 [lib.common.results] INFO: File 1752489305859375000.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:05,921 [lib.common.results] INFO: File 1752489305859375000.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:05,937 [lib.common.results] INFO: File 1752489305859375000.Security.evtx.gz size is 15634, Max size: 100000000
2025-07-14 03:35:05,953 [lib.common.results] INFO: File 1752489305875000000.System.evtx.gz size is 8819, Max size: 100000000
2025-07-14 03:35:05,968 [lib.common.results] INFO: File 1752489305921875000.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:35:07,500 [root] DEBUG: 2856: DLL loaded at 0x000007FEDEDB0000: C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome (0xa41f000 bytes).
2025-07-14 03:35:07,515 [root] DEBUG: 2856: DLL loaded at 0x000007FEDEC80000: C:\Windows\system32\dbghelp (0x125000 bytes).
2025-07-14 03:35:07,515 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA850000: C:\Windows\system32\IPHLPAPI (0x27000 bytes).
2025-07-14 03:35:07,515 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA900000: C:\Windows\system32\WINNSI (0xb000 bytes).
2025-07-14 03:35:07,515 [root] DEBUG: 2856: DLL loaded at 0x000007FEFDEC0000: C:\Windows\system32\OLEAUT32 (0xd7000 bytes).
2025-07-14 03:35:07,531 [root] DEBUG: 2856: DLL loaded at 0x000007FEDEBC0000: C:\Windows\system32\UIAutomationCore (0xba000 bytes).
2025-07-14 03:35:07,531 [root] DEBUG: 2856: DLL loaded at 0x0000000077010000: C:\Windows\system32\PSAPI (0x7000 bytes).
2025-07-14 03:35:07,546 [root] DEBUG: 2856: DLL loaded at 0x000007FEF1220000: C:\Windows\system32\OLEACC (0x54000 bytes).
2025-07-14 03:35:07,546 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC810000: C:\Windows\system32\Secur32 (0xb000 bytes).
2025-07-14 03:35:07,546 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCD80000: C:\Windows\system32\USERENV (0x1e000 bytes).
2025-07-14 03:35:07,562 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCC00000: C:\Windows\system32\profapi (0xf000 bytes).
2025-07-14 03:35:07,562 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCC70000: C:\Windows\system32\WINTRUST (0x3b000 bytes).
2025-07-14 03:35:07,593 [root] DEBUG: 2856: DLL loaded at 0x000007FEE9C00000: C:\Windows\system32\DWrite (0x196000 bytes).
2025-07-14 03:35:07,609 [root] DEBUG: 2856: DLL loaded at 0x000007FEF9410000: C:\Windows\system32\WINSPOOL.DRV (0x71000 bytes).
2025-07-14 03:35:07,625 [root] DEBUG: 2856: DLL loaded at 0x000007FEF9B90000: C:\Windows\system32\WINHTTP (0x71000 bytes).
2025-07-14 03:35:07,640 [root] DEBUG: 2856: DLL loaded at 0x000007FEF9B20000: C:\Windows\system32\webio (0x65000 bytes).
2025-07-14 03:35:07,640 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA500000: C:\Windows\system32\dhcpcsvc (0x18000 bytes).
2025-07-14 03:35:07,656 [root] DEBUG: 2856: DLL loaded at 0x000007FEF99E0000: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2025-07-14 03:35:07,656 [root] DEBUG: 2856: DLL loaded at 0x000007FEFDFA0000: C:\Windows\system32\shell32 (0xd88000 bytes).
2025-07-14 03:35:07,671 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB1B0000: C:\Windows\system32\uxtheme (0x56000 bytes).
2025-07-14 03:35:07,687 [root] DEBUG: 2856: DLL loaded at 0x000007FEFBEA0000: C:\Windows\system32\GPAPI (0x1b000 bytes).
2025-07-14 03:35:07,687 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA760000: C:\Windows\system32\wkscli (0x15000 bytes).
2025-07-14 03:35:07,703 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA780000: C:\Windows\system32\netutils (0xc000 bytes).
2025-07-14 03:35:07,765 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA790000: C:\Windows\system32\netapi32 (0x16000 bytes).
2025-07-14 03:35:07,765 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC770000: C:\Windows\system32\srvcli (0x23000 bytes).
2025-07-14 03:35:07,765 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB620000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32 (0x1f4000 bytes).
2025-07-14 03:35:07,796 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489307.796875.sysmon.evtx.gz to host
2025-07-14 03:35:07,796 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 26086, Max size: 100000000
2025-07-14 03:35:07,812 [root] DEBUG: 2856: DLL loaded at 0x000007FEFAB30000: C:\Windows\system32\NLAapi (0x15000 bytes).
2025-07-14 03:35:07,828 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA540000: C:\Windows\system32\dhcpcsvc6 (0x11000 bytes).
2025-07-14 03:35:07,828 [root] DEBUG: 2856: DLL loaded at 0x000007FEFADD0000: C:\Windows\system32\dwmapi (0x18000 bytes).
2025-07-14 03:35:07,843 [root] DEBUG: 2856: DLL loaded at 0x000007FEFEFA0000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2025-07-14 03:35:07,859 [root] DEBUG: 2856: DLL loaded at 0x000007FEFDFA0000: C:\Windows\system32\SHELL32 (0xd88000 bytes).
2025-07-14 03:35:07,875 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA9D0000: C:\Windows\system32\WTSAPI32 (0x11000 bytes).
2025-07-14 03:35:07,890 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCB20000: C:\Windows\system32\WINSTA (0x3d000 bytes).
2025-07-14 03:35:07,906 [root] DEBUG: 2856: DLL loaded at 0x000007FEDEB20000: C:\Windows\system32\mscms (0x9c000 bytes).
2025-07-14 03:35:07,921 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB4C0000: C:\Windows\System32\MMDevApi (0x4b000 bytes).
2025-07-14 03:35:07,921 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2368: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:07,921 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB390000: C:\Windows\System32\PROPSYS (0x12c000 bytes).
2025-07-14 03:35:07,921 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2368
2025-07-14 03:35:07,921 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2368
2025-07-14 03:35:07,921 [root] DEBUG: 2856: DLL loaded at 0x000007FEFDCE0000: C:\Windows\system32\SETUPAPI (0x1d7000 bytes).
2025-07-14 03:35:07,921 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCC10000: C:\Windows\system32\CFGMGR32 (0x36000 bytes).
2025-07-14 03:35:07,921 [root] DEBUG: 2856: DLL loaded at 0x000007FEFCCB0000: C:\Windows\system32\DEVOBJ (0x1a000 bytes).
2025-07-14 03:35:07,937 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
2025-07-14 03:35:07,953 [root] DEBUG: 2856: DLL loaded at 0x000007FEEE290000: C:\Windows\System32\Wpc (0x6f000 bytes).
2025-07-14 03:35:07,968 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC600000: C:\Windows\System32\wevtapi (0x6d000 bytes).
2025-07-14 03:35:07,968 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2452: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:07,968 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2452
2025-07-14 03:35:07,968 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA6E0000: C:\Windows\system32\samcli (0x14000 bytes).
2025-07-14 03:35:07,968 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2452
2025-07-14 03:35:07,968 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Version
2025-07-14 03:35:07,968 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB370000: C:\Windows\system32\SAMLIB (0x1d000 bytes).
2025-07-14 03:35:08,000 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2524: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:08,015 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2524
2025-07-14 03:35:08,015 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2524
2025-07-14 03:35:08,031 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History
2025-07-14 03:35:08,078 [root] DEBUG: 2856: DLL loaded at 0x000007FEFBCF0000: C:\Windows\system32\FirewallAPI (0xbb000 bytes).
2025-07-14 03:35:08,078 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
2025-07-14 03:35:08,078 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF149307.TMP size is 327, Max size: 100000000
2025-07-14 03:35:08,093 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
2025-07-14 03:35:08,093 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
2025-07-14 03:35:08,093 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
2025-07-14 03:35:08,093 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log size is 0, Max size: 100000000
2025-07-14 03:35:08,109 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT size is 16, Max size: 100000000
2025-07-14 03:35:08,125 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG size is 351, Max size: 100000000
2025-07-14 03:35:08,156 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old size is 311, Max size: 100000000
2025-07-14 03:35:08,171 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001 size is 41, Max size: 100000000
2025-07-14 03:35:08,203 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK size is 0, Max size: 100000000
2025-07-14 03:35:08,249 [root] DEBUG: 2856: DLL loaded at 0x000007FEF99E0000: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2025-07-14 03:35:08,265 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
2025-07-14 03:35:08,281 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp
2025-07-14 03:35:08,281 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000001.dbtmp
2025-07-14 03:35:08,296 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp size is 1, Max size: 100000000
2025-07-14 03:35:08,375 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB540000: C:\Windows\system32\POWRPROF (0x2c000 bytes).
2025-07-14 03:35:08,423 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
2025-07-14 03:35:08,423 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 1424: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:08,423 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 1424
2025-07-14 03:35:08,423 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 1424
2025-07-14 03:35:08,423 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2032: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:08,439 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2032
2025-07-14 03:35:08,439 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2032
2025-07-14 03:35:08,501 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1494ad.TMP size is 329, Max size: 100000000
2025-07-14 03:35:08,534 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
2025-07-14 03:35:08,535 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
2025-07-14 03:35:08,550 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
2025-07-14 03:35:08,632 [root] DEBUG: 2856: DLL loaded at 0x000007FEF90B0000: C:\Windows\system32\explorerframe (0x1ca000 bytes).
2025-07-14 03:35:08,648 [root] DEBUG: 2856: DLL loaded at 0x000007FEFAE40000: C:\Windows\system32\DUser (0x43000 bytes).
2025-07-14 03:35:08,679 [root] DEBUG: 2856: DLL loaded at 0x000007FEFAE90000: C:\Windows\system32\DUI70 (0xf2000 bytes).
2025-07-14 03:35:08,695 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF149568.TMP size is 317, Max size: 100000000
2025-07-14 03:35:08,744 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
2025-07-14 03:35:08,759 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 1408: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:08,759 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 1408
2025-07-14 03:35:08,759 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 1408
2025-07-14 03:35:08,822 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB540000: C:\Windows\system32\POWRPROF (0x2c000 bytes).
2025-07-14 03:35:08,822 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB540000: C:\Windows\system32\POWRPROF (0x2c000 bytes).
2025-07-14 03:35:08,842 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA4E0000: C:\Windows\system32\wlanapi (0x20000 bytes).
2025-07-14 03:35:08,858 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA6B0000: C:\Windows\system32\wlanutil (0x7000 bytes).
2025-07-14 03:35:08,952 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2660: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:08,952 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2660
2025-07-14 03:35:08,967 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2660
2025-07-14 03:35:08,983 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC340000: C:\Windows\system32\mswsock (0x55000 bytes).
2025-07-14 03:35:08,999 [root] DEBUG: 2856: DLL loaded at 0x000007FEFBDB0000: C:\Windows\System32\wshtcpip (0x7000 bytes).
2025-07-14 03:35:09,014 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\2c9dcacf-df49-4ee5-9610-8858c3ba312d.tmp
2025-07-14 03:35:09,046 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496a1.TMP size is 9213, Max size: 100000000
2025-07-14 03:35:09,074 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index
2025-07-14 03:35:09,075 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\e8d90067-acab-40aa-a62d-3d7135e08915.tmp
2025-07-14 03:35:09,077 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1496b0.TMP size is 323, Max size: 100000000
2025-07-14 03:35:09,085 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496ef.TMP size is 9054, Max size: 100000000
2025-07-14 03:35:09,243 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Temp\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp
2025-07-14 03:35:09,404 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Temp\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp
2025-07-14 03:35:09,420 [root] DEBUG: 556: DLL loaded at 0x000007FEF8CA0000: C:\Windows\system32\keyiso (0xb000 bytes).
2025-07-14 03:35:09,446 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Temp\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp
2025-07-14 03:35:09,629 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Temp\789359b3-0e42-4161-b990-0e84c9735e45.tmp
2025-07-14 03:35:09,684 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG.old~RF149941.TMP size is 405, Max size: 100000000
2025-07-14 03:35:09,814 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1499be.TMP size is 405, Max size: 100000000
2025-07-14 03:35:10,085 [root] DEBUG: 556: TLS 1.2 secrets logged to: C:\SuHdmL\tlsdump\tlsdump.log
2025-07-14 03:35:10,164 [root] DEBUG: 556: DLL loaded at 0x000007FEF9E90000: C:\Windows\system32\cryptnet (0x27000 bytes).
2025-07-14 03:35:10,179 [root] DEBUG: 556: DLL loaded at 0x000007FEFD560000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2025-07-14 03:35:10,242 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC3A0000: C:\Windows\system32\CRYPTSP (0x18000 bytes).
2025-07-14 03:35:10,242 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC0A0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2025-07-14 03:35:10,257 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC570000: C:\Windows\system32\ncrypt (0x50000 bytes).
2025-07-14 03:35:10,257 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC4B0000: C:\Windows\system32\bcryptprimitives (0x4c000 bytes).
2025-07-14 03:35:10,351 [root] DEBUG: 2856: DLL loaded at 0x000007FEF9E90000: C:\Windows\system32\cryptnet (0x27000 bytes).
2025-07-14 03:35:11,814 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA4E0000: C:\Windows\system32\wlanapi (0x20000 bytes).
2025-07-14 03:35:11,814 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA6B0000: C:\Windows\system32\wlanutil (0x7000 bytes).
2025-07-14 03:35:11,830 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma size is 1048576, Max size: 100000000
2025-07-14 03:35:11,892 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66299726-990.pma size is 4194304, Max size: 100000000
2025-07-14 03:35:11,892 [root] DEBUG: 2856: DLL loaded at 0x000007FEDE720000: C:\Windows\system32\mf (0x3f1000 bytes).
2025-07-14 03:35:11,892 [root] DEBUG: 2856: DLL loaded at 0x000007FEFAAD0000: C:\Windows\system32\ATL (0x19000 bytes).
2025-07-14 03:35:11,892 [root] DEBUG: 2856: DLL loaded at 0x000007FEDE6B0000: C:\Windows\system32\MFPlat (0x6d000 bytes).
2025-07-14 03:35:11,892 [root] DEBUG: 2856: DLL loaded at 0x000007FEFB360000: C:\Windows\system32\AVRT (0x9000 bytes).
2025-07-14 03:35:11,892 [root] DEBUG: 2856: DLL loaded at 0x0000000074030000: C:\Windows\system32\ksuser (0x6000 bytes).
2025-07-14 03:35:11,923 [root] DEBUG: 2856: DLL loaded at 0x000007FEF0CB0000: C:\Windows\system32\mfreadwrite (0x42000 bytes).
2025-07-14 03:35:11,955 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6874DD5B-B28.pma size is 4194304, Max size: 100000000
2025-07-14 03:35:12,064 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt size is 4, Max size: 100000000
2025-07-14 03:35:12,158 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14a2f5.TMP size is 139, Max size: 100000000
2025-07-14 03:35:12,658 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000038.dbtmp
2025-07-14 03:35:12,720 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF14a4e9.TMP size is 16, Max size: 100000000
2025-07-14 03:35:12,861 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000037.log size is 0, Max size: 100000000
2025-07-14 03:35:12,876 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000036 size is 50, Max size: 100000000
2025-07-14 03:35:12,923 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Browser
2025-07-14 03:35:13,001 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2212: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:13,001 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2212
2025-07-14 03:35:13,001 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2212
2025-07-14 03:35:13,695 [lib.common.results] INFO: File c:\olddocs\1752489308679.saz size is 4596, Max size: 100000000
2025-07-14 03:35:13,726 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:35:13,789 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2976: C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SwReporter\92.267.200\software_reporter_tool.exe, ImageBase: 0x000000013F9C0000
2025-07-14 03:35:13,789 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2976
2025-07-14 03:35:13,804 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2976
2025-07-14 03:35:13,992 [root] DEBUG: 2856: DLL loaded at 0x000007FEF0D00000: C:\Windows\system32\bthprops.cpl (0xb5000 bytes).
2025-07-14 03:35:14,117 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old~RF14aa87.TMP size is 0, Max size: 100000000
2025-07-14 03:35:14,179 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK
2025-07-14 03:35:14,179 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG
2025-07-14 03:35:14,179 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG.old~RF14aad5.TMP size is 0, Max size: 100000000
2025-07-14 03:35:14,257 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOCK
2025-07-14 03:35:14,257 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG
2025-07-14 03:35:14,257 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF14ab23.TMP size is 0, Max size: 100000000
2025-07-14 03:35:14,273 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK
2025-07-14 03:35:14,273 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
2025-07-14 03:35:14,273 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old~RF14ab32.TMP size is 333, Max size: 100000000
2025-07-14 03:35:15,869 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF14b15d.TMP size is 0, Max size: 100000000
2025-07-14 03:35:15,947 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK
2025-07-14 03:35:15,947 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
2025-07-14 03:35:15,962 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF14b1ba.TMP size is 0, Max size: 100000000
2025-07-14 03:35:15,978 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK
2025-07-14 03:35:15,978 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
2025-07-14 03:35:15,978 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF14b1da.TMP size is 0, Max size: 100000000
2025-07-14 03:35:16,009 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK
2025-07-14 03:35:16,009 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
2025-07-14 03:35:16,009 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache size is 6, Max size: 100000000
2025-07-14 03:35:16,025 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
2025-07-14 03:35:16,212 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 3236: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:16,212 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 3236
2025-07-14 03:35:16,212 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 3236
2025-07-14 03:35:16,228 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF14b2c4.TMP size is 341, Max size: 100000000
2025-07-14 03:35:16,291 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF14b302.TMP size is 323, Max size: 100000000
2025-07-14 03:35:16,593 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF14b44b.TMP size is 0, Max size: 100000000
2025-07-14 03:35:16,609 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOCK
2025-07-14 03:35:16,609 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG
2025-07-14 03:35:16,890 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF14b573.TMP size is 0, Max size: 100000000
2025-07-14 03:35:16,906 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK
2025-07-14 03:35:16,906 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
2025-07-14 03:35:17,906 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\2486a0db-c5bb-48c0-aff2-9106c9a0957d.tmp
2025-07-14 03:35:17,921 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14b96b.TMP size is 312116, Max size: 100000000
2025-07-14 03:35:19,008 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\4376ae96-a359-4fe2-a929-98b6b1bf75c4.tmp
2025-07-14 03:35:19,008 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14bdb1.TMP size is 9054, Max size: 100000000
2025-07-14 03:35:21,021 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:35:21,318 [lib.common.results] INFO: File 1752489321224609300.Application.evtx.gz size is 6724, Max size: 100000000
2025-07-14 03:35:21,349 [lib.common.results] INFO: File 1752489321240234300.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:35:21,349 [lib.common.results] INFO: File 1752489321240234300.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:35:21,365 [lib.common.results] INFO: File 1752489321224609300.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:35:21,412 [lib.common.results] INFO: File 1752489321318359300.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:21,427 [lib.common.results] INFO: File 1752489321318359300.Security.evtx.gz size is 7979, Max size: 100000000
2025-07-14 03:35:21,443 [lib.common.results] INFO: File 1752489321318359300.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:21,458 [lib.common.results] INFO: File 1752489321333984300.System.evtx.gz size is 8794, Max size: 100000000
2025-07-14 03:35:21,474 [lib.common.results] INFO: File 1752489321396484300.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:35:22,818 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:35:25,450 [root] INFO: Process with pid 2660 has terminated
2025-07-14 03:35:26,220 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\87a77485-65f9-4318-b07c-ecd58195eb7b.tmp
2025-07-14 03:35:26,236 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF14d9e4.TMP size is 66968, Max size: 100000000
2025-07-14 03:35:28,080 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489328.0800781.sysmon.evtx.gz to host
2025-07-14 03:35:28,086 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 240293, Max size: 100000000
2025-07-14 03:35:33,804 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\5145b08d-c34d-4ab7-a78f-4649087084ee.tmp
2025-07-14 03:35:33,804 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14f77e.TMP size is 373290, Max size: 100000000
2025-07-14 03:35:33,835 [lib.common.results] INFO: File c:\olddocs\1752489328789.saz size is 193139, Max size: 100000000
2025-07-14 03:35:33,851 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:35:36,511 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:35:36,784 [lib.common.results] INFO: File 1752489336721679600.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:35:36,799 [lib.common.results] INFO: File 1752489336721679600.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:35:36,831 [lib.common.results] INFO: File 1752489336721679600.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:35:36,846 [lib.common.results] INFO: File 1752489336721679600.Application.evtx.gz size is 6724, Max size: 100000000
2025-07-14 03:35:36,862 [lib.common.results] INFO: File 1752489336784179600.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:36,877 [lib.common.results] INFO: File 1752489336784179600.Security.evtx.gz size is 7609, Max size: 100000000
2025-07-14 03:35:36,893 [lib.common.results] INFO: File 1752489336799804600.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:36,893 [lib.common.results] INFO: File 1752489336799804600.System.evtx.gz size is 8884, Max size: 100000000
2025-07-14 03:35:36,909 [lib.common.results] INFO: File 1752489336846679600.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:35:36,987 [root] INFO: Added new file to list with pid None and path C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\a1ba565b-3d15-44ae-8cf0-4857f51727a9.tmp
2025-07-14 03:35:36,987 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1503f1.TMP size is 9183, Max size: 100000000
2025-07-14 03:35:43,106 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:35:48,056 [root] DEBUG: 2856: DLL loaded at 0x000007FEFA790000: C:\Windows\system32\NETAPI32 (0x16000 bytes).
2025-07-14 03:35:48,056 [root] DEBUG: 2856: DLL loaded at 0x000007FEFC770000: C:\Windows\system32\srvcli (0x23000 bytes).
2025-07-14 03:35:48,056 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 3132: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:35:48,056 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 3132
2025-07-14 03:35:48,056 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 3132
2025-07-14 03:35:48,072 [root] DEBUG: 2856: Dropped file limit reached.
2025-07-14 03:35:48,211 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489348.211914.sysmon.evtx.gz to host
2025-07-14 03:35:48,211 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 7546, Max size: 100000000
2025-07-14 03:35:51,955 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:35:52,205 [lib.common.results] INFO: File 1752489352158203100.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:35:52,220 [lib.common.results] INFO: File 1752489352158203100.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:35:52,220 [lib.common.results] INFO: File 1752489352142578100.Application.evtx.gz size is 6724, Max size: 100000000
2025-07-14 03:35:52,251 [lib.common.results] INFO: File 1752489352205078100.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:35:52,267 [lib.common.results] INFO: File 1752489352205078100.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:52,283 [lib.common.results] INFO: File 1752489352220703100.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:35:52,283 [lib.common.results] INFO: File 1752489352220703100.Security.evtx.gz size is 7674, Max size: 100000000
2025-07-14 03:35:52,298 [lib.common.results] INFO: File 1752489352251953100.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:35:52,314 [lib.common.results] INFO: File 1752489352251953100.System.evtx.gz size is 8616, Max size: 100000000
2025-07-14 03:35:53,950 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:36:03,233 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:36:07,366 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:36:07,663 [lib.common.results] INFO: File 1752489367584960900.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:36:07,694 [lib.common.results] INFO: File 1752489367569335900.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:36:07,709 [lib.common.results] INFO: File 1752489367569335900.Application.evtx.gz size is 6780, Max size: 100000000
2025-07-14 03:36:07,725 [lib.common.results] INFO: File 1752489367631835900.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:36:07,741 [lib.common.results] INFO: File 1752489367663085900.Security.evtx.gz size is 7603, Max size: 100000000
2025-07-14 03:36:07,772 [lib.common.results] INFO: File 1752489367663085900.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:07,772 [lib.common.results] INFO: File 1752489367678710900.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:07,772 [lib.common.results] INFO: File 1752489367709960900.System.evtx.gz size is 8630, Max size: 100000000
2025-07-14 03:36:07,772 [lib.common.results] INFO: File 1752489367725585900.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:36:08,324 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489368.3242185.sysmon.evtx.gz to host
2025-07-14 03:36:08,324 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 28008, Max size: 100000000
2025-07-14 03:36:09,058 [root] DEBUG: 2856: CreateProcessHandler: Injection info set for new process 2432: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x000000013F270000
2025-07-14 03:36:09,058 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2432
2025-07-14 03:36:09,058 [root] DEBUG: 2856: ProcessMessage: Skipping monitoring process 2432
2025-07-14 03:36:14,055 [lib.common.results] INFO: File c:\olddocs\1752489369011.saz size is 5534, Max size: 100000000
2025-07-14 03:36:14,055 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:36:22,815 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:36:23,054 [lib.common.results] INFO: File 1752489382992187500.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:36:23,070 [lib.common.results] INFO: File 1752489382992187500.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:36:23,085 [lib.common.results] INFO: File 1752489382992187500.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:36:23,117 [lib.common.results] INFO: File 1752489383023437500.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:36:23,132 [lib.common.results] INFO: File 1752489383054687500.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:23,148 [lib.common.results] INFO: File 1752489383054687500.Security.evtx.gz size is 7757, Max size: 100000000
2025-07-14 03:36:23,148 [lib.common.results] INFO: File 1752489383054687500.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:23,148 [lib.common.results] INFO: File 1752489383101562500.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:36:23,148 [lib.common.results] INFO: File 1752489383070312500.System.evtx.gz size is 8629, Max size: 100000000
2025-07-14 03:36:23,351 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:36:28,430 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489388.4296875.sysmon.evtx.gz to host
2025-07-14 03:36:28,430 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 28214, Max size: 100000000
2025-07-14 03:36:34,108 [lib.common.results] INFO: File c:\olddocs\1752489389103.saz size is 8357, Max size: 100000000
2025-07-14 03:36:34,124 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:36:38,184 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:36:38,434 [lib.common.results] INFO: File 1752489398372070300.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:36:38,450 [lib.common.results] INFO: File 1752489398356445300.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:36:38,465 [lib.common.results] INFO: File 1752489398372070300.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:36:38,481 [lib.common.results] INFO: File 1752489398387695300.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:36:38,497 [lib.common.results] INFO: File 1752489398434570300.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:38,512 [lib.common.results] INFO: File 1752489398434570300.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:38,512 [lib.common.results] INFO: File 1752489398434570300.Security.evtx.gz size is 7569, Max size: 100000000
2025-07-14 03:36:38,528 [lib.common.results] INFO: File 1752489398434570300.System.evtx.gz size is 8618, Max size: 100000000
2025-07-14 03:36:38,543 [lib.common.results] INFO: File 1752489398481445300.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:36:43,444 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:36:48,530 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489408.5302732.sysmon.evtx.gz to host
2025-07-14 03:36:48,545 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 17099, Max size: 100000000
2025-07-14 03:36:53,594 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:36:53,833 [lib.common.results] INFO: File 1752489413786132800.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:36:53,864 [lib.common.results] INFO: File 1752489413786132800.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:36:53,864 [lib.common.results] INFO: File 1752489413786132800.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:36:53,879 [lib.common.results] INFO: File 1752489413786132800.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:36:53,895 [lib.common.results] INFO: File 1752489413848632800.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:53,911 [lib.common.results] INFO: File 1752489413848632800.Security.evtx.gz size is 7668, Max size: 100000000
2025-07-14 03:36:53,926 [lib.common.results] INFO: File 1752489413833007800.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:36:53,926 [lib.common.results] INFO: File 1752489413848632800.System.evtx.gz size is 8628, Max size: 100000000
2025-07-14 03:36:53,958 [lib.common.results] INFO: File 1752489413879882800.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:36:54,208 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:37:03,564 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:37:08,627 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489428.6279297.sysmon.evtx.gz to host
2025-07-14 03:37:08,627 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 7659, Max size: 100000000
2025-07-14 03:37:09,002 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:37:09,252 [lib.common.results] INFO: File 1752489429190429600.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:37:09,268 [lib.common.results] INFO: File 1752489429190429600.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:37:09,284 [lib.common.results] INFO: File 1752489429174804600.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:37:09,299 [lib.common.results] INFO: File 1752489429206054600.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:37:09,315 [lib.common.results] INFO: File 1752489429252929600.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:09,331 [lib.common.results] INFO: File 1752489429252929600.Security.evtx.gz size is 7807, Max size: 100000000
2025-07-14 03:37:09,346 [lib.common.results] INFO: File 1752489429252929600.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:09,362 [lib.common.results] INFO: File 1752489429268554600.System.evtx.gz size is 8639, Max size: 100000000
2025-07-14 03:37:09,362 [lib.common.results] INFO: File 1752489429299804600.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:37:14,368 [lib.common.results] INFO: File c:\olddocs\1752489429346.saz size is 7006, Max size: 100000000
2025-07-14 03:37:14,394 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:37:23,657 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:37:24,396 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:37:24,630 [lib.common.results] INFO: File 1752489444568359300.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:37:24,646 [lib.common.results] INFO: File 1752489444568359300.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:37:24,662 [lib.common.results] INFO: File 1752489444568359300.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:37:24,677 [lib.common.results] INFO: File 1752489444568359300.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:37:24,693 [lib.common.results] INFO: File 1752489444630859300.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:24,708 [lib.common.results] INFO: File 1752489444630859300.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:24,708 [lib.common.results] INFO: File 1752489444630859300.Security.evtx.gz size is 7758, Max size: 100000000
2025-07-14 03:37:24,724 [lib.common.results] INFO: File 1752489444646484300.System.evtx.gz size is 8638, Max size: 100000000
2025-07-14 03:37:24,740 [lib.common.results] INFO: File 1752489444677734300.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:37:28,722 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489448.7226562.sysmon.evtx.gz to host
2025-07-14 03:37:28,722 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 7270, Max size: 100000000
2025-07-14 03:37:33,284 [root] INFO: Analysis timeout hit, terminating analysis
2025-07-14 03:37:33,284 [lib.api.process] INFO: Terminate event set for process 2856
2025-07-14 03:37:33,284 [root] DEBUG: 2856: Terminate Event: Attempting to dump process 2856
2025-07-14 03:37:33,284 [root] DEBUG: 2856: DoProcessDump: Skipping process dump as code is identical on disk.
2025-07-14 03:37:33,315 [lib.api.process] INFO: Termination confirmed for process 2856
2025-07-14 03:37:33,315 [root] DEBUG: 2856: Terminate Event: monitor shutdown complete for process 2856
2025-07-14 03:37:33,315 [root] INFO: Terminate event set for process 2856
2025-07-14 03:37:33,315 [root] INFO: Created shutdown mutex
2025-07-14 03:37:34,315 [root] INFO: Shutting down package
2025-07-14 03:37:34,315 [root] INFO: Stopping auxiliary modules
2025-07-14 03:37:34,315 [modules.auxiliary.curtain] ERROR: Curtain - Error collecting PowerShell events - [WinError 6] The handle is invalid
2025-07-14 03:37:34,315 [lib.common.results] INFO: File C:\curtain.log size is 0, Max size: 100000000
2025-07-14 03:37:34,331 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:37:34,461 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:37:34,555 [lib.common.results] INFO: File 1752489454493164000.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:37:34,571 [lib.common.results] INFO: File 1752489454493164000.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:37:34,586 [lib.common.results] INFO: File 1752489454493164000.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:37:34,602 [lib.common.results] INFO: File 1752489454493164000.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:37:34,602 [lib.common.results] INFO: File 1752489454555664000.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:34,618 [lib.common.results] INFO: File 1752489454555664000.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:34,633 [lib.common.results] INFO: File 1752489454555664000.System.evtx.gz size is 8596, Max size: 100000000
2025-07-14 03:37:34,649 [lib.common.results] INFO: File 1752489454555664000.Security.evtx.gz size is 7668, Max size: 100000000
2025-07-14 03:37:34,665 [lib.common.results] INFO: File 1752489454602539000.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:37:39,783 [modules.auxiliary.evtx] INFO: Collecting logs: Application, HardwareEvents, Internet Explorer, Key Management Service, OAlerts, Security, Setup, System, Windows PowerShell
2025-07-14 03:37:39,783 [modules.auxiliary.fiddler] ERROR: Saz log file not found in guest machine
2025-07-14 03:37:39,783 [modules.auxiliary.sysmon] INFO: Doing final sysmon log dump
2025-07-14 03:37:40,001 [lib.common.results] INFO: File 1752489459955078100.HardwareEvents.evtx.gz size is 214, Max size: 100000000
2025-07-14 03:37:40,017 [lib.common.results] INFO: File 1752489459970703100.InternetExplorer.evtx.gz size is 252, Max size: 100000000
2025-07-14 03:37:40,033 [lib.common.results] INFO: File 1752489459955078100.Application.evtx.gz size is 6711, Max size: 100000000
2025-07-14 03:37:40,048 [lib.common.results] INFO: File 1752489459970703100.KeyManagementService.evtx.gz size is 261, Max size: 100000000
2025-07-14 03:37:40,064 [lib.common.results] INFO: File 1752489460001953100.OAlerts.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:40,064 [lib.common.results] INFO: File 1752489460017578100.Setup.evtx.gz size is 247, Max size: 100000000
2025-07-14 03:37:40,080 [lib.common.results] INFO: File 1752489460017578100.Security.evtx.gz size is 7628, Max size: 100000000
2025-07-14 03:37:40,095 [lib.common.results] INFO: File 1752489460033203100.System.evtx.gz size is 8637, Max size: 100000000
2025-07-14 03:37:40,111 [lib.common.results] INFO: File 1752489460033203100.WindowsPowerShell.evtx.gz size is 222, Max size: 100000000
2025-07-14 03:37:43,751 [modules.auxiliary.sysmon] INFO: Dumping sysmon logs
2025-07-14 03:37:45,001 [modules.auxiliary.sysmon] INFO: Uploading sysmon/1752489465.0019531.sysmon.evtx.gz to host
2025-07-14 03:37:45,001 [lib.common.results] INFO: File C:\Sysmon.evtx.gz size is 12599, Max size: 100000000
2025-07-14 03:37:45,033 [root] INFO: Finishing auxiliary modules
2025-07-14 03:37:45,033 [root] INFO: Shutting down pipe server and dumping dropped files
2025-07-14 03:37:45,033 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat size is 40, Max size: 100000000
2025-07-14 03:37:45,048 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\google\chrome\user data\shadercache\gpucache\index": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\google\\chrome\\user data\\shadercache\\gpucache\\index'
2025-07-14 03:37:45,048 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Version size is 13, Max size: 100000000
2025-07-14 03:37:45,064 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History size is 126976, Max size: 100000000
2025-07-14 03:37:45,080 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001 size is 41, Max size: 100000000
2025-07-14 03:37:45,095 [lib.common.results] INFO: File c:\users\pgabriel\appdata\local\google\chrome\user data\default\site characteristics database\current size is 16, Max size: 100000000
2025-07-14 03:37:45,111 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\google\chrome\user data\default\gpucache\index": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\google\\chrome\\user data\\default\\gpucache\\index'
2025-07-14 03:37:45,111 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG size is 335, Max size: 100000000
2025-07-14 03:37:45,126 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 size is 41, Max size: 100000000
2025-07-14 03:37:45,142 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log size is 5424, Max size: 100000000
2025-07-14 03:37:45,158 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001 size is 41, Max size: 100000000
2025-07-14 03:37:45,173 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\default\2c9dcacf-df49-4ee5-9610-8858c3ba312d.tmp does not exist, skipping
2025-07-14 03:37:45,173 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\google\chrome\user data\grshadercache\gpucache\index": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\google\\chrome\\user data\\grshadercache\\gpucache\\index'
2025-07-14 03:37:45,173 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\default\e8d90067-acab-40aa-a62d-3d7135e08915.tmp does not exist, skipping
2025-07-14 03:37:45,173 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\temp\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\temp\\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp'
2025-07-14 03:37:45,173 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\temp\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\temp\\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp'
2025-07-14 03:37:45,173 [root] INFO: Error dumping file from path "c:\users\pgabriel\appdata\local\temp\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp": [Errno 13] Permission denied: 'c:\\users\\pgabriel\\appdata\\local\\temp\\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp'
2025-07-14 03:37:45,173 [root] WARNING: File at path c:\users\pgabriel\appdata\local\temp\789359b3-0e42-4161-b990-0e84c9735e45.tmp does not exist, skipping
2025-07-14 03:37:45,173 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\default\data_reduction_proxy_leveldb\000038.dbtmp does not exist, skipping
2025-07-14 03:37:45,173 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Browser size is 106, Max size: 100000000
2025-07-14 03:37:45,189 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,205 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,220 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,236 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,251 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,267 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,283 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,298 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,314 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,330 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,345 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,361 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,376 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache size is 677, Max size: 100000000
2025-07-14 03:37:45,392 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,408 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,423 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK size is 0, Max size: 100000000
2025-07-14 03:37:45,439 [lib.common.results] INFO: File C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG size is 0, Max size: 100000000
2025-07-14 03:37:45,455 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\2486a0db-c5bb-48c0-aff2-9106c9a0957d.tmp does not exist, skipping
2025-07-14 03:37:45,455 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\default\4376ae96-a359-4fe2-a929-98b6b1bf75c4.tmp does not exist, skipping
2025-07-14 03:37:45,455 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\87a77485-65f9-4318-b07c-ecd58195eb7b.tmp does not exist, skipping
2025-07-14 03:37:45,455 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\5145b08d-c34d-4ab7-a78f-4649087084ee.tmp does not exist, skipping
2025-07-14 03:37:45,455 [root] WARNING: File at path c:\users\pgabriel\appdata\local\google\chrome\user data\default\a1ba565b-3d15-44ae-8cf0-4857f51727a9.tmp does not exist, skipping
2025-07-14 03:37:45,455 [root] WARNING: Folder at path "C:\SuHdmL\debugger" does not exist, skipping
2025-07-14 03:37:45,455 [root] INFO: Uploading files at path "C:\SuHdmL\tlsdump"
2025-07-14 03:37:45,455 [lib.common.results] INFO: File C:\SuHdmL\tlsdump\tlsdump.log size is 2192, Max size: 100000000
2025-07-14 03:37:45,470 [root] INFO: Analysis completed

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win7office2k3flash2800137TWN3H102	win7office2k3flash2800137TWN3H102	KVM	2025-07-14 10:34:50	2025-07-14 10:37:56	internet

File Details

File Name	PointDragControls.min.js.html
File Size	8327 bytes
File Type	HTML document, ASCII text, with very long lines
MD5	ec9a10132187b2d19b1b54b7321a5890
SHA1	89a957366c183690834b8f361c1587c49b3c3117
SHA256	80b2f0176275a354325467b3084b13ca5a6d4f1430324c85a355efebed3c0089
SHA512	135fb94e239c2d857af4f5d52e4c155e57b64e8c8e64a504d269319209fd1b0371016e1237c9c52885e25ccd7f8e340b59e5d0f95aa39c304badbbc18e67bf3e
SHA3-384	28537fc649df10ece475c31fbf38dd5ad26812b801a2a10941f54f08291fa9122e7514585c5b6f34885ea1a32d23fcab
CRC32	8B7BCEED
TLSH	T1F3027559E83A78B6808701F9B3BA4D59B3371441118194449CE9D580AFF8FAFC6FF36A
Ssdeep	96:KhIeRmivRDb9CToQU/zborFP3XnaeDOwqr/QgocoA25XJACXJMXxhxYfVhDxLGJd:KOeR/D88XAFye6wXcUfkaPO
	File Text
	<!DOCTYPE html> <html> <body> <script> THREE.PointDragControls=function(){this.globals={raycaster:new THREE.Raycaster,pointer:new THREE.Vector2,rev_intercept_from:99999999,pointer:{current:void 0,last:void 0,orig:void 0},intersect:{forward:void 0,reverse:void 0,offset:void 0},active_axes:{r:void 0,t:void 0},origin_touch_id:void 0,init_dt:{x:0,y:0},dt:{x:0,y:0},mode:void 0,click_timer:void 0,double_click_timeout:500,object_id_index:[]};var t=this.globals;function e(){if("translate"==t.mode)t.mode="rotate";else{if("rotate"!=t.mode)throw"invalid mode: "+t.mode+" not recognised";t.mode="translate"}}this.init=function(n,r,i,o){var a={objects:n.children,turning_circle:90,near:t.raycaster.near,far:t.raycaster.far,snap_distance:4,z_shift_distance:10,z_control_axis:"y",mode_auto:!0,init_mode:"rotate",lock_translation_axes:!1,lock_rotation_axes:!0,auto_render:!1},c=o\|\|{};for(var d in a)void 0===c[d]&&(c[d]=a[d]);t.raycaster.near=c.near,t.raycaster.far=c.far,t.mode=c.init_mode;for(var s=0;s<=c.objects.length-1;s++)t.object_id_index.push(c.objects.uuid);function l(e){t.raycaster.setFromCamera(e,r);var n=t.raycaster.intersectObjects(c.objects);if(n.length>0){t.intersect.forward=n[0];var i=(new THREE.Vector3).setFromMatrixPosition(t.intersect.forward.object.matrixWorld);t.intersect.offset=t.intersect.forward.point.clone().sub(i);var o={origin:t.raycaster.ray.origin.clone().addScaledVector(t.raycaster.ray.direction,t.rev_intercept_from),direction:t.raycaster.ray.direction.clone().multiplyScalar(-1)};return t.raycaster.set(o.origin,o.direction),o.intersects=t.raycaster.intersectObjects(c.objects),t.intersect.reverse=o.intersects[o.intersects.length-1],!0}return!1}function u(){null==t.click_timer?t.click_timer=setTimeout(function(){t.click_timer=null},t.double_click_timeout):(clearTimeout(t.click_timer),t.click_timer=null,e())}function m(e){void 0===t.active_axes.r&&(t.init_dt.x+=Math.abs(t.dt.x),t.init_dt.y+=Math.abs(t.dt.y),t.init_dt.x-t.init_dt.y>c.snap_distance?t.active_axes={t:"x",r:"y"}:t.init_dt.y-t.init_dt.x>c.snap_distance&&(t.active_axes={t:"y",r:"x"}))}function x(){if("translate"==t.mode)l=function(){var e=i.domElement.clientHeight/2,n=(i.domElement.clientWidth,_(new THREE.Vector3(t.intersect.forward.point.x,t.intersect.forward.point.y,t.intersect.forward.point.z))),r={x:t.pointer.current.x-t.pointer.orig.x,y:t.pointer.current.y-t.pointer.orig.y},o=_((new THREE.Vector3).getPositionFromMatrix(t.intersect.forward.object.matrixWorld).add(t.intersect.offset)),a=new THREE.Vector3;t.active_axes.t.match(/x/)&&a.setX(g(n.z,e,r.x)+o.x-n.x);t.active_axes.t.match(/y/)&&a.setY(-g(n.z,e,r.y)-o.y+n.y);t.active_axes.t.match(/z/)&&a.setZ(t.dt[c.z_control_axis]/c.z_shift_distance);return(new THREE.Matrix4).makeTranslation(a.x,a.y,a.z)}(),u=p(),m=t.intersect.forward.object.matrixWorld.clone(),x=u.pos.clone().multiply(l).multiply(u.neg).multiply(m),t.intersect.forward.object.matrixAutoUpdate=!1,t.intersect.forward.object.matrix.copy(x);else{if("rotate"!=t.mode)throw"invalid mode: "+t.mode+" not recognised";e=function(){var e=new THREE.Vector3((t.intersect.forward.point.x+t.intersect.reverse.point.x)/2,(t.intersect.forward.point.y+t.intersect.reverse.point.y)/2,(t.intersect.forward.point.z+t.intersect.reverse.point.z)/2),n=_(e),r={x:t.dt.y/c.turning_circle,y:t.dt.x/c.turning_circle,z:t.dt[c.z_control_axis]/c.turning_circle},i={x:(new THREE.Matrix4).makeRotationX(r.x),y:(new THREE.Matrix4).makeRotationY(r.y),z:(new THREE.Matrix4).makeRotationZ(r.z)},o={x:Math.atan(n.y/n.z),y:Math.asin(n.x/Math.sqrt(Math.pow(n.x,2)+Math.pow(n.y,2)+Math.pow(n.z,2))),z:0},a={x:{pos:(new THREE.Matrix4).makeRotationX(o.x),neg:(new THREE.Matrix4).makeRotationX(-o.x)},y:{pos:(new THREE.Matrix4).makeRotationY(o.y),neg:(new THREE.Matrix4).makeRotationY(-o.y)}},d=new THREE.Matrix4;t.active_axes.r.match(/x/)&&d.multiply(i.x);t.active_axes.r.match(/y/)&&d.multiply(i.y);t.active_axes.r.match(/z/)&&d.multiply(i.z);return{matrix:a.y.pos.clone().multiply(a.x.pos).multiply(d).multiply(a.x.neg).multiply(a.y.neg),origin:e}}(),o={neg:y(e.origin.clone().multiplyScalar(-1)),pos:y(e.origin)},a=p(),d=t.intersect.forward.object.matrixWorld.clone(),s=o.pos.clone().multiply(a.pos).multiply(e.matrix).multiply(a.neg).multiply(o.neg).multiply(d),t.intersect.forward.object.matrixAutoUpdate=!1,t.intersect.forward.object.matrix.copy(s)}var e,o,a,d,s,l,u,m,x;1==c.auto_render&&i.render(n,r)}function p(){var t={pos:r.matrixWorld.clone().setPosition(new THREE.Vector3(0,0,0))};return t.neg=(new THREE.Matrix4).getInverse(t.pos.clone()),t}function _(t){var e=t.clone().sub(r.position.clone()),n=new THREE.Vector4(r.up.x,r.up.y,r.up.z,0).applyMatrix4(r.matrixWorld),i=new THREE.Vector3(n.x,n.y,n.z),o=i.clone().cross(r.getWorldDirection());return{x:e.dot(o),y:e.dot(i),z:e.dot(r.getWorldDirection())}}function v(){t.intersect.forward=void 0,t.intersect.reverse=void 0,t.active_axes={r:void 0,d:void 0,t:void 0},t.pointer.last=void 0,t.init_dt={x:0,y:0}}function y(t){return(new THREE.Matrix4).makeTranslation(t.x,t.y,t.z)}function f(){var e=!1;return("translate"==t.mode&&1==c.lock_translation_axes\|\|"rotate"==t.mode&&1==c.lock_rotation_axes)&&(e=!0),e}function h(t){var e=i.domElement.getBoundingClientRect();return new THREE.Vector2((t.x-e.left)/i.domElement.clientWidth2-1,-(t.y-e.top)/i.domElement.clientHeight2+1)}function g(t,e,n){return ntMath.tan(r.fov*Math.PI/360)/e}i.domElement.addEventListener("mousedown",function(e){e.preventDefault(),t.pointer.current={x:e.clientX,y:e.clientY},t.pointer.last={x:e.clientX,y:e.clientY},t.pointer.orig={x:e.clientX,y:e.clientY};var n=function(t){for(var e,n=["left","right"],r=0;r<=n.length-1;r++){if("buttons"in t&&t.buttons==r+1){e=n[r];break}var i=t.which\|\|t.button;if(i==r+1){e=n[r];break}}return e}(e);void 0!==n&&(l(h(t.pointer.current))?"right"==n?t.active_axes={r:"z",t:"z"}:f()\|\|(t.active_axes={r:"xy",t:"xy"}):c.mode_auto&&u())}),i.domElement.addEventListener("touchstart",function(e){e.preventDefault(),t.pointer.current={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},t.pointer.last={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},t.pointer.orig={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},l(h(t.pointer.current))?(t.origin_touch_id=e.changedTouches[0].identifier,t.pointer.last=t.pointer.orig,2==e.touches.length?t.active_axes={r:"z",t:"z"}:f()\|\|(t.active_axes={r:"xy",t:"xy"})):c.mode_auto&&u()}),i.domElement.addEventListener("touchmove",function(e){if(void 0!==t.intersect.forward&&void 0!==t.pointer.last){var n=e.changedTouches,r=0;2==e.touches.length&&(r=void 0,1==n.length&&n[0].identifier==t.origin_touch_id&&(r=0),2==n.length&&n[1].identifier==t.origin_touch_id&&(r=1)),void 0!==r&&(t.pointer.current={x:e.changedTouches[r].clientX,y:e.changedTouches[r].clientY},t.dt={x:t.pointer.current.x-t.pointer.last.x,y:t.pointer.current.y-t.pointer.last.y},1==e.touches.length&&f()&&m(),void 0!==t.active_axes.r&&x(t.pointer.current),t.pointer.last=t.pointer.current)}}),i.domElement.addEventListener("mousemove",function(e){void 0!==t.intersect.forward&&(t.pointer.current={x:e.clientX,y:e.clientY},t.dt={x:t.pointer.current.x-t.pointer.last.x,y:t.pointer.current.y-t.pointer.last.y},f()&&m(),void 0!==t.active_axes.r&&x(t.pointer.current),t.pointer.last=t.pointer.current)}),i.domElement.addEventListener("contextmenu",function(t){return t.preventDefault(),t.stopPropagation(),!1}),i.domElement.addEventListener("mouseup",function(t){return v(),!1}),i.domElement.addEventListener("mouseout",function(t){return v(),!1}),i.domElement.addEventListener("touchend",function(t){return v(),!1}),i.domElement.addEventListener("touchleave",function(t){return v(),!1}),i.domElement.addEventListener("touchcancel",function(t){return v(),!1})},this.include=function(e){for(var n=0;n<=e.length-1;n++)for(var r=!1,i=0;i<=t.object_id_index.length-1;i++){if(e[n].uuid==object_id_index[i]){r=!0;break}r\|\|(p.objects.push(e[n]),t.object_id_index.push(e[n].uuid))}},this.exclude=function(e){for(var n=0;n<=e.length-1;n++)for(var r=0;r<=t.object_index.length;r++)t.object_id_index[r]==e[n].uuid&&(p.objects.splice(r,1),t.object_id_index.splice(r,1))},this.toggle_mode=e,this.set_mode=function(e <truncated>

Strings

THREE.PointDragControls=function(){this.globals={raycaster:new THREE.Raycaster,pointer:new THREE.Vector2,rev_intercept_from:99999999,pointer:{current:void 0,last:void 0,orig:void 0},intersect:{forward:void 0,reverse:void 0,offset:void 0},active_axes:{r:void 0,t:void 0},origin_touch_id:void 0,init_dt:{x:0,y:0},dt:{x:0,y:0},mode:void 0,click_timer:void 0,double_click_timeout:500,object_id_index:[]};var t=this.globals;function e(){if("translate"==t.mode)t.mode="rotate";else{if("rotate"!=t.mode)throw"invalid mode: "+t.mode+" not recognised";t.mode="translate"}}this.init=function(n,r,i,o){var a={objects:n.children,turning_circle:90,near:t.raycaster.near,far:t.raycaster.far,snap_distance:4,z_shift_distance:10,z_control_axis:"y",mode_auto:!0,init_mode:"rotate",lock_translation_axes:!1,lock_rotation_axes:!0,auto_render:!1},c=o||{};for(var d in a)void 0===c[d]&&(c[d]=a[d]);t.raycaster.near=c.near,t.raycaster.far=c.far,t.mode=c.init_mode;for(var s=0;s<=c.objects.length-1;s++)t.object_id_index.push(c.objects.uuid);function l(e){t.raycaster.setFromCamera(e,r);var n=t.raycaster.intersectObjects(c.objects);if(n.length>0){t.intersect.forward=n[0];var i=(new THREE.Vector3).setFromMatrixPosition(t.intersect.forward.object.matrixWorld);t.intersect.offset=t.intersect.forward.point.clone().sub(i);var o={origin:t.raycaster.ray.origin.clone().addScaledVector(t.raycaster.ray.direction,t.rev_intercept_from),direction:t.raycaster.ray.direction.clone().multiplyScalar(-1)};return t.raycaster.set(o.origin,o.direction),o.intersects=t.raycaster.intersectObjects(c.objects),t.intersect.reverse=o.intersects[o.intersects.length-1],!0}return!1}function u(){null==t.click_timer?t.click_timer=setTimeout(function(){t.click_timer=null},t.double_click_timeout):(clearTimeout(t.click_timer),t.click_timer=null,e())}function m(e){void 0===t.active_axes.r&&(t.init_dt.x+=Math.abs(t.dt.x),t.init_dt.y+=Math.abs(t.dt.y),t.init_dt.x-t.init_dt.y>c.snap_distance?t.active_axes={t:"x",r:"y"}:t.init_dt.y-t.init_dt.x>c.snap_distance&&(t.active_axes={t:"y",r:"x"}))}function x(){if("translate"==t.mode)l=function(){var e=i.domElement.clientHeight/2,n=(i.domElement.clientWidth,_(new THREE.Vector3(t.intersect.forward.point.x,t.intersect.forward.point.y,t.intersect.forward.point.z))),r={x:t.pointer.current.x-t.pointer.orig.x,y:t.pointer.current.y-t.pointer.orig.y},o=_((new THREE.Vector3).getPositionFromMatrix(t.intersect.forward.object.matrixWorld).add(t.intersect.offset)),a=new THREE.Vector3;t.active_axes.t.match(/x/)&&a.setX(g(n.z,e,r.x)+o.x-n.x);t.active_axes.t.match(/y/)&&a.setY(-g(n.z,e,r.y)-o.y+n.y);t.active_axes.t.match(/z/)&&a.setZ(t.dt[c.z_control_axis]/c.z_shift_distance);return(new THREE.Matrix4).makeTranslation(a.x,a.y,a.z)}(),u=p(),m=t.intersect.forward.object.matrixWorld.clone(),x=u.pos.clone().multiply(l).multiply(u.neg).multiply(m),t.intersect.forward.object.matrixAutoUpdate=!1,t.intersect.forward.object.matrix.copy(x);else{if("rotate"!=t.mode)throw"invalid mode: "+t.mode+" not recognised";e=function(){var e=new THREE.Vector3((t.intersect.forward.point.x+t.intersect.reverse.point.x)/2,(t.intersect.forward.point.y+t.intersect.reverse.point.y)/2,(t.intersect.forward.point.z+t.intersect.reverse.point.z)/2),n=_(e),r={x:t.dt.y/c.turning_circle,y:t.dt.x/c.turning_circle,z:t.dt[c.z_control_axis]/c.turning_circle},i={x:(new THREE.Matrix4).makeRotationX(r.x),y:(new THREE.Matrix4).makeRotationY(r.y),z:(new THREE.Matrix4).makeRotationZ(r.z)},o={x:Math.atan(n.y/n.z),y:Math.asin(n.x/Math.sqrt(Math.pow(n.x,2)+Math.pow(n.y,2)+Math.pow(n.z,2))),z:0},a={x:{pos:(new THREE.Matrix4).makeRotationX(o.x),neg:(new THREE.Matrix4).makeRotationX(-o.x)},y:{pos:(new THREE.Matrix4).makeRotationY(o.y),neg:(new THREE.Matrix4).makeRotationY(-o.y)}},d=new THREE.Matrix4;t.active_axes.r.match(/x/)&&d.multiply(i.x);t.active_axes.r.match(/y/)&&d.multiply(i.y);t.active_axes.r.match(/z/)&&d.multiply(i.z);return{matrix:a.y.pos.clone().multiply(a.x.pos).multiply(d).multiply(a.x.neg).multiply(a.y.neg),origin:e}}(),o={neg:y(e.origin.clone().multiplyScalar(-1)),pos:y(e.origin)},a=p(),d=t.intersect.forward.object.matrixWorld.clone(),s=o.pos.clone().multiply(a.pos).multiply(e.matrix).multiply(a.neg).multiply(o.neg).multiply(d),t.intersect.forward.object.matrixAutoUpdate=!1,t.intersect.forward.object.matrix.copy(s)}var e,o,a,d,s,l,u,m,x;1==c.auto_render&&i.render(n,r)}function p(){var t={pos:r.matrixWorld.clone().setPosition(new THREE.Vector3(0,0,0))};return t.neg=(new THREE.Matrix4).getInverse(t.pos.clone()),t}function _(t){var e=t.clone().sub(r.position.clone()),n=new THREE.Vector4(r.up.x,r.up.y,r.up.z,0).applyMatrix4(r.matrixWorld),i=new THREE.Vector3(n.x,n.y,n.z),o=i.clone().cross(r.getWorldDirection());return{x:e.dot(o),y:e.dot(i),z:e.dot(r.getWorldDirection())}}function v(){t.intersect.forward=void 0,t.intersect.reverse=void 0,t.active_axes={r:void 0,d:void 0,t:void 0},t.pointer.last=void 0,t.init_dt={x:0,y:0}}function y(t){return(new THREE.Matrix4).makeTranslation(t.x,t.y,t.z)}function f(){var e=!1;return("translate"==t.mode&&1==c.lock_translation_axes||"rotate"==t.mode&&1==c.lock_rotation_axes)&&(e=!0),e}function h(t){var e=i.domElement.getBoundingClientRect();return new THREE.Vector2((t.x-e.left)/i.domElement.clientWidth*2-1,-(t.y-e.top)/i.domElement.clientHeight*2+1)}function g(t,e,n){return n*t*Math.tan(r.fov*Math.PI/360)/e}i.domElement.addEventListener("mousedown",function(e){e.preventDefault(),t.pointer.current={x:e.clientX,y:e.clientY},t.pointer.last={x:e.clientX,y:e.clientY},t.pointer.orig={x:e.clientX,y:e.clientY};var n=function(t){for(var e,n=["left","right"],r=0;r<=n.length-1;r++){if("buttons"in t&&t.buttons==r+1){e=n[r];break}var i=t.which||t.button;if(i==r+1){e=n[r];break}}return e}(e);void 0!==n&&(l(h(t.pointer.current))?"right"==n?t.active_axes={r:"z",t:"z"}:f()||(t.active_axes={r:"xy",t:"xy"}):c.mode_auto&&u())}),i.domElement.addEventListener("touchstart",function(e){e.preventDefault(),t.pointer.current={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},t.pointer.last={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},t.pointer.orig={x:e.changedTouches[0].clientX,y:e.changedTouches[0].clientY},l(h(t.pointer.current))?(t.origin_touch_id=e.changedTouches[0].identifier,t.pointer.last=t.pointer.orig,2==e.touches.length?t.active_axes={r:"z",t:"z"}:f()||(t.active_axes={r:"xy",t:"xy"})):c.mode_auto&&u()}),i.domElement.addEventListener("touchmove",function(e){if(void 0!==t.intersect.forward&&void 0!==t.pointer.last){var n=e.changedTouches,r=0;2==e.touches.length&&(r=void 0,1==n.length&&n[0].identifier==t.origin_touch_id&&(r=0),2==n.length&&n[1].identifier==t.origin_touch_id&&(r=1)),void 0!==r&&(t.pointer.current={x:e.changedTouches[r].clientX,y:e.changedTouches[r].clientY},t.dt={x:t.pointer.current.x-t.pointer.last.x,y:t.pointer.current.y-t.pointer.last.y},1==e.touches.length&&f()&&m(),void 0!==t.active_axes.r&&x(t.pointer.current),t.pointer.last=t.pointer.current)}}),i.domElement.addEventListener("mousemove",function(e){void 0!==t.intersect.forward&&(t.pointer.current={x:e.clientX,y:e.clientY},t.dt={x:t.pointer.current.x-t.pointer.last.x,y:t.pointer.current.y-t.pointer.last.y},f()&&m(),void 0!==t.active_axes.r&&x(t.pointer.current),t.pointer.last=t.pointer.current)}),i.domElement.addEventListener("contextmenu",function(t){return t.preventDefault(),t.stopPropagation(),!1}),i.domElement.addEventListener("mouseup",function(t){return v(),!1}),i.domElement.addEventListener("mouseout",function(t){return v(),!1}),i.domElement.addEventListener("touchend",function(t){return v(),!1}),i.domElement.addEventListener("touchleave",function(t){return v(),!1}),i.domElement.addEventListener("touchcancel",function(t){return v(),!1})},this.include=function(e){for(var n=0;n<=e.length-1;n++)for(var r=!1,i=0;i<=t.object_id_index.length-1;i++){if(e[n].uuid==object_id_index[i]){r=!0;break}r||(p.objects.push(e[n]),t.object_id_index.push(e[n].uuid))}},this.exclude=function(e){for(var n=0;n<=e.length-1;n++)for(var r=0;r<=t.object_index.length;r++)t.object_id_index[r]==e[n].uuid&&(p.objects.splice(r,1),t.object_id_index.splice(r,1))},this.toggle_mode=e,this.set_mode=function(e){if("rotate"!=e&&"translate"!=e)throw"Invalid mode: "+e+" not recognised";t.mode=e},this.mode=t.mode};

<!DOCTYPE html>

</script>

</body>

<body>

</html>

<html>

Reports

JSON

EVTX

Statistics (42.36)

Processing ( 41.93 seconds )

16.928 CAPE
16.62 Suricata
4.859 Zircolite
1.312 Dropped
1.28 BehaviorAnalysis
0.511 NetworkAnalysis
0.321 Fiddler
0.043 Deduplicate
0.033 TargetInfo
0.016 AnalysisInfo
0.002 Debug
0.002 Static
0.001 ProcDump
0.001 Strings
0.001 TLSMasterSecrets

Signatures ( 0.40 seconds )

0.104 stealth_file
0.084 guloader_apis
0.029 ransomware_files
0.022 masquerade_process_name
0.016 accesses_recyclebin
0.016 ransomware_extensions
0.014 antiav_detectfile
0.009 infostealer_bitcoin
0.007 antivm_generic_disk
0.007 mimics_filetime
0.007 virus
0.006 reads_self
0.006 antianalysis_detectfile
0.006 antivm_vbox_files
0.005 bootkit
0.005 infostealer_ftp
0.004 hancitor_behavior
0.003 stealth_timeout
0.003 infostealer_cookies
0.003 infostealer_im
0.003 poullight_files
0.003 qulab_files
0.003 sigma
0.002 api_spamming
0.002 decoy_document
0.002 Vidar Behavior
0.002 antidbg_devices
0.002 antivm_vmware_files
0.002 cryptbot_files
0.002 echelon_files
0.002 infostealer_mail
0.001 banned_exe_write
0.001 betabot_behavior
0.001 hawkeye_behavior
0.001 kazybot_behavior
0.001 kibex_behavior
0.001 network_tor
0.001 persistence_autorun
0.001 rat_nanocore
0.001 NewtWire Behavior
0.001 stack_pivot_file_created
0.001 tinba_behavior
0.001 neshta_files
0.001 antiav_detectreg
0.001 antivm_vbox_devices
0.001 geodo_banking_trojan
0.001 codelux_behavior
0.001 disables_windows_defender_logging
0.001 removes_windows_defender_contextmenu
0.001 apocalypse_stealer_file_behavior
0.001 modirat_behavior
0.001 rat_pcclient
0.001 territorial_disputes_sigs
0.001 ursnif_behavior

Reporting ( 0.02 seconds )

0.021 JsonDump
0.001 ReSubmitExtractedEXE

Signatures

Network activity detected but not expressed in API logs

Screenshots

Hosts

Direct	IP	Country Name
N	142.250.200.3 [VT]	United States
N	142.250.110.84 [VT]	United States
Y	8.8.8.8 [VT]	United States

DNS

Name	Response	Post-Analysis Lookup
accounts.google.com [VT]	A 142.250.110.84 [VT]	142.250.110.84 [VT]
_googlecast._tcp.local [VT]
www.gstatic.com [VT]	A 142.250.200.3 [VT]	142.250.200.3 [VT]

Summary

C:\Windows\Globalization\Sorting\sortdefault.nls
\??\pipe\crashpad_2856_EIUXJZQRGVMGNCLX
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\reports
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome.dll
C:\Windows\System32\oleaccrc.dll
C:\Program Files\Google\Chrome\Application\92.0.4515.131\icudtl.dat
C:\Program Files\Google\Chrome\Application\92.0.4515.131\v8_context_snapshot.bin
\??\PIPE\wkssvc
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6874DD5B-B28.pma
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome_100_percent.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome_200_percent.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\Locales\en-US.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\resources.pak
\??\Nsi
\DEVICE\NETBT_TCPIP_{7F6B1AE5-804D-4272-AD8A-B0FE1231F5C7}
\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
C:\Windows\System32\drivers\etc\hosts
\??\pipe\mojo.2856.2336.7093884947929526358
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
\??\pipe\mojo.2856.2336.15908987991356083897
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
\??\pipe\mojo.2856.2336.3340072836961683084
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\lockfile
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Version
\??\pipe\mojo.2856.2336.8616899520083274005
\??\PIPE\samr
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
\??\pipe\mojo.2856.2336.9439634476782484415
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Favicons
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Address Validation Rules
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Trusted Vault
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF149307.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
C:\Program Files\Google\Chrome\Application\92.0.4515.131\resources\pdf\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_metadata\computed_hashes.json
C:\Program Files\Google\Chrome\Application\92.0.4515.131\default_apps\external_extensions.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\30\9.28.0\Ruleset Data
C:\Program Files\Google\Chrome\Application\92.0.4515.131\WidevineCdm\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OptimizationHints\292\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Floc\1.0.6\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\20210609.1\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\2018.8.8.0\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\2018.8.8.0\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\7\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OriginTrials\1.0.0.8\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OriginTrials\1.0.0.8\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13358475348252945
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SafetyTips\2676\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000001.dbtmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\hyphen-data\94.0.4605.0\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp
\??\MountPointManager
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
\??\pipe\mojo.2856.1288.5770371742460707926
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
\??\pipe\mojo.2856.1288.4841977443923637282
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
\??\pipe\mojo.2856.2336.3671275461616422222
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
\??\pipe\mojo.2856.2336.7834931006469291139
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1494ad.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF149568.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\dasherSettingSchema.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
\??\pipe\mojo.2856.1288.16019688935761432297
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\manifest.js
\??\pipe\mojo.2856.2336.11020887092182323503
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\solve\script.js
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\Preload Data
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_locales\en\messages.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\solve\reset-button.css
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\content\setup.js
\??\pipe\mojo.2856.1288.17031653034986677583
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\2c9dcacf-df49-4ee5-9610-8858c3ba312d.tmp
\Device\Afd\Endpoint
\??\pipe\mojo.2856.2336.7994478501043804954
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\background\index.html
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496a1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1496b0.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\e8d90067-acab-40aa-a62d-3d7135e08915.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496ef.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Temp\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp
C:\Windows\System32\tzres.dll
C:\Users\pgabriel\AppData\Local\Temp\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp
C:\Users\pgabriel\AppData\Local\Temp\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp
\??\pipe\mojo.2856.2336.2337674666666680450
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History-journal
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\background\script.js
C:\Users\pgabriel\AppData\Local\Temp\789359b3-0e42-4161-b990-0e84c9735e45.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\common.js
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG.old~RF149941.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_locales\en\messages.json
\??\pipe\mojo.2856.2336.13474052158792091059
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1499be.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\16E05E41766F38EC0ECA3621CAA3D18988D6C437
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\73B42F65751749073832809A62801A542A21F9EA
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\7ECD219728B77D490C8221608B4A318067B0BDC0
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\FF6CE3C827B73414E58170B649D492064A598841
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\D394539080B1A12E1F64A1F908870C18C0BFAAB8
C:\Windows\System32\rsaenh.dll
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358475346077945
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13396962910546312
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13396962911261312
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9df34735-1ad7-414d-bae1-e5c6f52ecfcc
\??\usb#root_hub20#4&2d0b3f6d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66299726-990.pma
C:
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\PreferredApps
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14a2f5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000036
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000037.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000039.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000038
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000038.dbtmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF14a4e9.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\font_unique_name_table.pb
C:\Windows\System32\en-US\DWrite.dll.mui
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Browser
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\crl-set
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\data.json
\??\pipe\mojo.2856.2336.17284170926631796813
\??\pipe\mojo.2856.2336.17942814748658990555
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SafetyTips\2676\safety_tips.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\female_names.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\male_names.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\client_model.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\visual_model.tflite
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\surnames.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\us_tv_and_film.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\download_file_types.pb
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old~RF14aa87.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG.old~RF14aad5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF14ab23.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old~RF14ab32.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log
C:\Program Files\WinRAR\RarExt.dll
C:\Windows\System32\webcheck.dll
C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL
C:\Program Files\Microsoft Office\Office15\NAMEEXT.DLL
C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
C:\Program Files\Microsoft Office\Office15\VISSHE.DLL
C:\Program Files\Microsoft Office\Office15\ONFILTER.DLL
C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll
C:\Program Files\Microsoft Office\Office15\MSOHEVI.DLL
C:\Program Files\7-Zip\7-zip.dll
C:\Windows\System32\mf.dll
C:\Windows\System32\shdocvw.dll
C:\Windows\System32\ntshrui.dll
C:\Windows\System32\shell32.dll
C:\Windows\System32\syncui.dll
C:\Program Files\Notepad++\NppShell_06.dll
C:\Windows\System32\cscui.dll
C:\Program Files\Windows Sidebar\sbdrop.dll
C:\Windows\System32\stobject.dll
C:\Windows\System32\EhStorShell.dll
C:\Windows\System32\cryptext.dll
C:\Windows\System32\colorui.dll
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF14b15d.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF14b1ba.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF14b1da.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache
\??\pipe\mojo.2856.2336.13915732070650813405
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF14b2c4.TMP
\??\pipe\mojo.2856.2336.15407362134723186330
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF14b302.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OptimizationHints\292\optimization-hints.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF14b44b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF14b573.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\2486a0db-c5bb-48c0-aff2-9106c9a0957d.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14b96b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\4376ae96-a359-4fe2-a929-98b6b1bf75c4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14bdb1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\87a77485-65f9-4318-b07c-ecd58195eb7b.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF14d9e4.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\5145b08d-c34d-4ab7-a78f-4649087084ee.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14f77e.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\a1ba565b-3d15-44ae-8cf0-4857f51727a9.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1503f1.TMP
\??\pipe\mojo.2856.2336.10594236157770535906
\??\pipe\mojo.2856.2336.1747388065134544590
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\05963cf2-54c9-4ee7-99ae-46093c9f3551.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF154a41.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ad1f6de3-34b1-4793-a877-4feb1a1cfe39.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF155638.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ce42522e-c993-4709-a34e-82d6a7687954.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF155647.TMP
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\003CFDBC99DD994422240D5F4F7A8EE6208DB557
\??\pipe\mojo.2856.2336.3034589053789174511
\??\pipe\mojo.2856.2336.5779059003335117804
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\31dcaf36-1f13-45ca-bd14-41eea118b367.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF159033.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\fd0f56ba-886e-4076-b08d-ad1be730c210.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF159256.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\3227ee0b-96ca-44d2-8a18-9043f2970733.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15d5c8.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\987d9ceb-88c3-4ce7-80dc-eb54c7cebbb0.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF15e410.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\ef170278-dd15-4086-b514-02a39f55c5e4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF161c85.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\baed6e69-86d4-439f-882f-27e00a97b363.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF166278.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\0d27ca81-b4a4-4d48-bfda-deee06712f6a.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16a731.TMP

C:\Windows\Globalization\Sorting\sortdefault.nls
\??\pipe\crashpad_2856_EIUXJZQRGVMGNCLX
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\reports
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome.dll
C:\Windows\System32\oleaccrc.dll
C:\Program Files\Google\Chrome\Application\92.0.4515.131\icudtl.dat
C:\Program Files\Google\Chrome\Application\92.0.4515.131\v8_context_snapshot.bin
\??\PIPE\wkssvc
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6874DD5B-B28.pma
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome_100_percent.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\chrome_200_percent.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\Locales\en-US.pak
C:\Program Files\Google\Chrome\Application\92.0.4515.131\resources.pak
\DEVICE\NETBT_TCPIP_{7F6B1AE5-804D-4272-AD8A-B0FE1231F5C7}
\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
C:\Windows\System32\drivers\etc\hosts
\??\pipe\mojo.2856.2336.7093884947929526358
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
\??\pipe\mojo.2856.2336.15908987991356083897
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
\??\pipe\mojo.2856.2336.3340072836961683084
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Version
\??\pipe\mojo.2856.2336.8616899520083274005
\??\PIPE\samr
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
\??\pipe\mojo.2856.2336.9439634476782484415
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Favicons
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Address Validation Rules
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Trusted Vault
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
C:\Program Files\Google\Chrome\Application\92.0.4515.131\resources\pdf\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_metadata\verified_contents.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_metadata\computed_hashes.json
C:\Program Files\Google\Chrome\Application\92.0.4515.131\default_apps\external_extensions.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\30\9.28.0\Ruleset Data
C:\Program Files\Google\Chrome\Application\92.0.4515.131\WidevineCdm\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OptimizationHints\292\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Floc\1.0.6\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\20210609.1\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\2018.8.8.0\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\2018.8.8.0\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\7\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OriginTrials\1.0.0.8\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OriginTrials\1.0.0.8\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13358475348252945
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SafetyTips\2676\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\hyphen-data\94.0.4605.0\manifest.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillStates\2020.11.2.164946\manifest.fingerprint
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
\??\pipe\mojo.2856.1288.5770371742460707926
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
\??\pipe\mojo.2856.1288.4841977443923637282
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
\??\pipe\mojo.2856.2336.3671275461616422222
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
\??\pipe\mojo.2856.2336.7834931006469291139
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\dasherSettingSchema.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
\??\pipe\mojo.2856.1288.16019688935761432297
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\manifest.js
\??\pipe\mojo.2856.2336.11020887092182323503
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\solve\script.js
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\Preload Data
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\_locales\en\messages.json
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\solve\reset-button.css
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\content\setup.js
\??\pipe\mojo.2856.1288.17031653034986677583
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\2c9dcacf-df49-4ee5-9610-8858c3ba312d.tmp
\Device\Afd\Endpoint
\??\pipe\mojo.2856.2336.7994478501043804954
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\background\index.html
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\e8d90067-acab-40aa-a62d-3d7135e08915.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Temp\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp
C:\Windows\System32\tzres.dll
C:\Users\pgabriel\AppData\Local\Temp\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp
C:\Users\pgabriel\AppData\Local\Temp\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp
\??\pipe\mojo.2856.2336.2337674666666680450
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History-journal
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl\1.2.2_0\src\background\script.js
C:\Users\pgabriel\AppData\Local\Temp\789359b3-0e42-4161-b990-0e84c9735e45.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\common.js
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_locales\en\messages.json
\??\pipe\mojo.2856.2336.13474052158792091059
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\16E05E41766F38EC0ECA3621CAA3D18988D6C437
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\73B42F65751749073832809A62801A542A21F9EA
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\7ECD219728B77D490C8221608B4A318067B0BDC0
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\FF6CE3C827B73414E58170B649D492064A598841
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\D394539080B1A12E1F64A1F908870C18C0BFAAB8
C:\Windows\System32\rsaenh.dll
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358475346077945
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9df34735-1ad7-414d-bae1-e5c6f52ecfcc
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\PreferredApps
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000036
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000037.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\font_unique_name_table.pb
C:\Windows\System32\en-US\DWrite.dll.mui
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6787\crl-set
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\AutofillRegex\2021.2.22.1142\data.json
\??\pipe\mojo.2856.2336.17284170926631796813
\??\pipe\mojo.2856.2336.17942814748658990555
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SafetyTips\2676\safety_tips.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\female_names.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\male_names.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\client_model.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\25\visual_model.tflite
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\surnames.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\us_tv_and_film.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\download_file_types.pb
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log
C:\Program Files\WinRAR\RarExt.dll
C:\Windows\System32\webcheck.dll
C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL
C:\Program Files\Microsoft Office\Office15\NAMEEXT.DLL
C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
C:\Program Files\Microsoft Office\Office15\VISSHE.DLL
C:\Program Files\Microsoft Office\Office15\ONFILTER.DLL
C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll
C:\Program Files\Microsoft Office\Office15\MSOHEVI.DLL
C:\Program Files\7-Zip\7-zip.dll
C:\Windows\System32\mf.dll
C:\Windows\System32\shdocvw.dll
C:\Windows\System32\ntshrui.dll
C:\Windows\System32\shell32.dll
C:\Windows\System32\syncui.dll
C:\Program Files\Notepad++\NppShell_06.dll
C:\Windows\System32\cscui.dll
C:\Program Files\Windows Sidebar\sbdrop.dll
C:\Windows\System32\stobject.dll
C:\Windows\System32\EhStorShell.dll
C:\Windows\System32\cryptext.dll
C:\Windows\System32\colorui.dll
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache
\??\pipe\mojo.2856.2336.13915732070650813405
\??\pipe\mojo.2856.2336.15407362134723186330
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\OptimizationHints\292\optimization-hints.pb
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\2486a0db-c5bb-48c0-aff2-9106c9a0957d.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\4376ae96-a359-4fe2-a929-98b6b1bf75c4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\87a77485-65f9-4318-b07c-ecd58195eb7b.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\5145b08d-c34d-4ab7-a78f-4649087084ee.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\a1ba565b-3d15-44ae-8cf0-4857f51727a9.tmp
\??\pipe\mojo.2856.2336.10594236157770535906
\??\pipe\mojo.2856.2336.1747388065134544590
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\05963cf2-54c9-4ee7-99ae-46093c9f3551.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ad1f6de3-34b1-4793-a877-4feb1a1cfe39.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ce42522e-c993-4709-a34e-82d6a7687954.tmp
C:\Users\pgabriel\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\003CFDBC99DD994422240D5F4F7A8EE6208DB557
\??\pipe\mojo.2856.2336.3034589053789174511
\??\pipe\mojo.2856.2336.5779059003335117804
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\31dcaf36-1f13-45ca-bd14-41eea118b367.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\fd0f56ba-886e-4076-b08d-ad1be730c210.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\3227ee0b-96ca-44d2-8a18-9043f2970733.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\987d9ceb-88c3-4ce7-80dc-eb54c7cebbb0.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\ef170278-dd15-4086-b514-02a39f55c5e4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\baed6e69-86d4-439f-882f-27e00a97b363.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\0d27ca81-b4a4-4d48-bfda-deee06712f6a.tmp

\??\pipe\crashpad_2856_EIUXJZQRGVMGNCLX
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
\??\PIPE\wkssvc
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6874DD5B-B28.pma
\??\pipe\mojo.2856.2336.7093884947929526358
\??\pipe\mojo.2856.2336.15908987991356083897
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
\??\pipe\mojo.2856.2336.3340072836961683084
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\lockfile
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Version
\??\pipe\mojo.2856.2336.8616899520083274005
\??\PIPE\samr
\??\pipe\mojo.2856.2336.9439634476782484415
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Favicons
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF149307.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000001.dbtmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
\??\pipe\mojo.2856.1288.5770371742460707926
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
\??\pipe\mojo.2856.1288.4841977443923637282
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
\??\pipe\mojo.2856.2336.3671275461616422222
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
\??\pipe\mojo.2856.2336.7834931006469291139
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1494ad.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF149568.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
\??\pipe\mojo.2856.1288.16019688935761432297
\??\pipe\mojo.2856.2336.11020887092182323503
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
\??\pipe\mojo.2856.1288.17031653034986677583
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\2c9dcacf-df49-4ee5-9610-8858c3ba312d.tmp
\Device\Afd\Endpoint
\??\pipe\mojo.2856.2336.7994478501043804954
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496a1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1496b0.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\e8d90067-acab-40aa-a62d-3d7135e08915.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496ef.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
C:\Users\pgabriel\AppData\Local\Temp\d09af41c-1e02-4c22-ba0d-cdce90252edc.tmp
C:\Users\pgabriel\AppData\Local\Temp\dcee2536-44ae-4c3c-8025-7fdc19a95fbb.tmp
C:\Users\pgabriel\AppData\Local\Temp\e8a6f940-c476-4c3a-b7d8-1c91d3f30ab0.tmp
\??\pipe\mojo.2856.2336.2337674666666680450
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History-journal
C:\Users\pgabriel\AppData\Local\Temp\789359b3-0e42-4161-b990-0e84c9735e45.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG.old~RF149941.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\000003.log
\??\pipe\mojo.2856.2336.13474052158792091059
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1499be.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13396962910546312
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13396962911261312
\??\usb#root_hub20#4&2d0b3f6d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14a2f5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000039.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000038
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000038.dbtmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF14a4e9.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Last Browser
\??\pipe\mojo.2856.2336.17284170926631796813
\??\pipe\mojo.2856.2336.17942814748658990555
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old~RF14aa87.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG.old~RF14aad5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF14ab23.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old~RF14ab32.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF14b15d.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF14b1ba.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF14b1da.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
\??\pipe\mojo.2856.2336.13915732070650813405
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF14b2c4.TMP
\??\pipe\mojo.2856.2336.15407362134723186330
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF14b302.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF14b44b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF14b573.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\2486a0db-c5bb-48c0-aff2-9106c9a0957d.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14b96b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\4376ae96-a359-4fe2-a929-98b6b1bf75c4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14bdb1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\87a77485-65f9-4318-b07c-ecd58195eb7b.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF14d9e4.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\5145b08d-c34d-4ab7-a78f-4649087084ee.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14f77e.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\a1ba565b-3d15-44ae-8cf0-4857f51727a9.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1503f1.TMP
\??\pipe\mojo.2856.2336.10594236157770535906
\??\pipe\mojo.2856.2336.1747388065134544590
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\05963cf2-54c9-4ee7-99ae-46093c9f3551.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF154a41.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ad1f6de3-34b1-4793-a877-4feb1a1cfe39.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF155638.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\ce42522e-c993-4709-a34e-82d6a7687954.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF155647.TMP
\??\pipe\mojo.2856.2336.3034589053789174511
\??\pipe\mojo.2856.2336.5779059003335117804
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\31dcaf36-1f13-45ca-bd14-41eea118b367.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF159033.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\fd0f56ba-886e-4076-b08d-ad1be730c210.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF159256.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\3227ee0b-96ca-44d2-8a18-9043f2970733.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15d5c8.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\987d9ceb-88c3-4ce7-80dc-eb54c7cebbb0.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF15e410.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\ef170278-dd15-4086-b514-02a39f55c5e4.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF161c85.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\baed6e69-86d4-439f-882f-27e00a97b363.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF166278.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\0d27ca81-b4a4-4d48-bfda-deee06712f6a.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16a731.TMP

C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF149307.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000001.dbtmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\987cda3f-a23f-4db3-a173-3e12e7c72985.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1494ad.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF149568.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496a1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF1496b0.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1496ef.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mpbjkejclgfgadiemmefgebjfooflfhl\LOG.old~RF149941.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF1499be.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66299726-990.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6874DD5B-B28.pma
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14a2f5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF14a4e9.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000037.log
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000036
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old~RF14aa87.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store\LOG.old~RF14aad5.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF14ab23.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old~RF14ab32.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF14b15d.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF14b1ba.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF14b1da.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old~RF14b2c4.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF14b302.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RF14b44b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF14b573.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14b96b.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14bdb1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF14d9e4.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF14f77e.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1503f1.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF154a41.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Module Info Cache~RF155638.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF155647.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF159033.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF159256.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15d5c8.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Local State~RF15e410.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma.tmp
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF161c85.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF166278.TMP
C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF16a731.TMP

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=92.0.4515.131 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef5715390,0x7fef57153a0,0x7fef57153b0
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1224 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1448 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --mojo-platform-channel-handle=1592 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --test-type --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --test-type --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --test-type --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --test-type --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --mojo-platform-channel-handle=3148 /prefetch:8
"C:\Users\pgabriel\AppData\Local\Google\Chrome\User Data\SwReporter\92.267.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=yiAtAf5a/I6Uu04KEH2ooMtkPddYFh+grEuliXSn --registry-suffix=ESET --srt-field-trial-group-name=Off
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=3816 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1180,16482174343204874615,177179508737423662,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --mojo-platform-channel-handle=612 /prefetch:8

Static Analysis

No static analysis available.

Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.