Malware Analysis Report

2024-10-23 17:09

Sample ID 220318-pytq6ahfc7
Target http://62.182.20.70
Tags
plugx discovery spyware stealer trojan persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://62.182.20.70 was found to be: Known bad.

Malicious Activity Summary

plugx discovery spyware stealer trojan persistence

Modifies system executable filetype association

PlugX

Registers COM server for autorun

PlugX Rat Payload

Sets file execution options in registry

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies data under HKEY_USERS

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-03-18 12:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-03-18 12:44

Reported

2022-03-18 13:15

Platform

win7-20220311-de

Max time kernel

782s

Max time network

1798s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

Signatures

PlugX

trojan plugx

PlugX Rat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1832 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1832 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7594f50,0x7fef7594f60,0x7fef7594f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1140 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2540 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1108 /prefetch:8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=Ce6H7vz+34wBHTnXM3MpM43MuCkBKcWiiRbrwiAh --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x13f3825a0,0x13f3825b0,0x13f3825c0

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3012_NFMPQNZYYLRLPRSQ" --sandboxed-process-id=2 --init-done-notifier=480 --sandbox-mojo-pipe-token=8461175678321162450 --mojo-platform-channel-handle=456 --engine=2

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3012_NFMPQNZYYLRLPRSQ" --sandboxed-process-id=3 --init-done-notifier=640 --sandbox-mojo-pipe-token=4118511718685858603 --mojo-platform-channel-handle=636

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1044,2349564291107185135,51001063388092310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:8

Network

Country Destination Domain Proto
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 62.182.20.70:80 62.182.20.70 tcp
NL 142.250.179.174:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
NL 142.250.179.174:443 clients2.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:443 dns.google udp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 142.251.32.225:443 udp
US 142.251.32.225:443 clients2.googleusercontent.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
N/A 224.0.0.251:5353 udp
US 142.250.68.131:443 ssl.gstatic.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 142.251.32.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 142.251.32.195:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 142.251.32.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 142.251.32.195:443 udp
US 142.251.32.195:443 update.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:443 dns.google tcp
DE 142.251.36.195:443 update.googleapis.com tcp

Files

\??\pipe\crashpad_1832_JEHWPCKBCLRDQELK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 d2b564f5bf737f5370e5927c8e93df3d
SHA1 30a467b7d99d3adcdb1b3d641d605ebc3105e99e
SHA256 477faf035629616f3ec9b69581952291e3f0bd46c7881d982b930480cbecc581
SHA512 827bca1104531af3a14f76b607d2e42c3c89d2d00905a5bd0a7adfa8839e26d4f9ef4a19a718bddb75d71f214df7dedde61b8718b1dd4a2c6d63113c5424e2c8

memory/2084-78-0x000000013F387000-0x000000013F388000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

memory/2084-76-0x000000013F387000-0x000000013F388000-memory.dmp

\??\pipe\crashpad_3012_NFMPQNZYYLRLPRSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 d2b564f5bf737f5370e5927c8e93df3d
SHA1 30a467b7d99d3adcdb1b3d641d605ebc3105e99e
SHA256 477faf035629616f3ec9b69581952291e3f0bd46c7881d982b930480cbecc581
SHA512 827bca1104531af3a14f76b607d2e42c3c89d2d00905a5bd0a7adfa8839e26d4f9ef4a19a718bddb75d71f214df7dedde61b8718b1dd4a2c6d63113c5424e2c8

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\edls_64.dll

MD5 e9a7c44d7bda10b5b7a132d46fcdaf35
SHA1 5217179f094c45ba660777cfa25c7eb00b5c8202
SHA256 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1
SHA512 e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em000_64.dll

MD5 d0cf72186dbaea05c5a5bf6594225fc3
SHA1 0e69efd78dc1124122dd8b752be92cb1cbc067a1
SHA256 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907
SHA512 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em001_64.dll

MD5 7adcb76ec34d774d1435b477e8625c47
SHA1 ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256 a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512 c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em002_64.dll

MD5 5913dc18fc2a5dd49ba064655ac75c24
SHA1 d941ea7f6a7aa6c8b7dbc65fa37b6bf41dcd9069
SHA256 090b958bd2806e2571198847fad60ba446282b783d2da44efe3a879d0507701f
SHA512 d71edd1d2a5fa643f22fe0947c5910cf6b796845f6a782dd8503907babce49055175010296fbd890ff9ce0b3dd5df7ebfe7b8fb079c0ae4b7e562099d6e84197

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em003_64.dll

MD5 ced50723c5ae960adfd3fc726b34cdb1
SHA1 962a477d168b786b3d1a301793ab91e1a850f376
SHA256 5a9dc132339862cc79f38c1b17db4c0fafa58eec396608ac1583784f1b3b6532
SHA512 ad70cac1f0a65362f4c2d1c221564c23fc2beecc9842aeb513a1448f2820d987e014af0557a30d50ae136d0bea83b8254ba871937576d3097fce567add578bee

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em004_64.dll

MD5 6e1f355a54cf57047647beb9f5aca079
SHA1 529f42911634143507f28d4ea0b6757d6f17af65
SHA256 10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6
SHA512 5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em005_64.dll

MD5 169a2ef320119891cf3189aa3fd23b0e
SHA1 de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA256 1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA512 7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em000_64.dll

MD5 d0cf72186dbaea05c5a5bf6594225fc3
SHA1 0e69efd78dc1124122dd8b752be92cb1cbc067a1
SHA256 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907
SHA512 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em003_64.dll

MD5 ced50723c5ae960adfd3fc726b34cdb1
SHA1 962a477d168b786b3d1a301793ab91e1a850f376
SHA256 5a9dc132339862cc79f38c1b17db4c0fafa58eec396608ac1583784f1b3b6532
SHA512 ad70cac1f0a65362f4c2d1c221564c23fc2beecc9842aeb513a1448f2820d987e014af0557a30d50ae136d0bea83b8254ba871937576d3097fce567add578bee

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em001_64.dll

MD5 7adcb76ec34d774d1435b477e8625c47
SHA1 ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256 a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512 c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em002_64.dll

MD5 5913dc18fc2a5dd49ba064655ac75c24
SHA1 d941ea7f6a7aa6c8b7dbc65fa37b6bf41dcd9069
SHA256 090b958bd2806e2571198847fad60ba446282b783d2da44efe3a879d0507701f
SHA512 d71edd1d2a5fa643f22fe0947c5910cf6b796845f6a782dd8503907babce49055175010296fbd890ff9ce0b3dd5df7ebfe7b8fb079c0ae4b7e562099d6e84197

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em004_64.dll

MD5 6e1f355a54cf57047647beb9f5aca079
SHA1 529f42911634143507f28d4ea0b6757d6f17af65
SHA256 10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6
SHA512 5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em005_64.dll

MD5 169a2ef320119891cf3189aa3fd23b0e
SHA1 de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA256 1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA512 7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

memory/2236-113-0x000000013F387000-0x000000013F388000-memory.dmp

memory/2236-115-0x000000013F387000-0x000000013F388000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

C:\Users\Admin\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-sandbox.log

MD5 3ed9b6fce19894c6b5cbba412ab62d78
SHA1 f072c2e9f4cec94b55a0484272c3c98a02f24243
SHA256 fa192918c596a4ac6f80b4e86234d42e1acc600f5b02baedff291c6e9745eafe
SHA512 d49f09371379ccae11a30d063491bdccd6b0cb68db9a739b32b76d39853ef228a12ac58936abc63d96fe188fd9fa6c5462aeaec30c22bab1a34f5c2af74b014a

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 d2b564f5bf737f5370e5927c8e93df3d
SHA1 30a467b7d99d3adcdb1b3d641d605ebc3105e99e
SHA256 477faf035629616f3ec9b69581952291e3f0bd46c7881d982b930480cbecc581
SHA512 827bca1104531af3a14f76b607d2e42c3c89d2d00905a5bd0a7adfa8839e26d4f9ef4a19a718bddb75d71f214df7dedde61b8718b1dd4a2c6d63113c5424e2c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\edls_64.dll

MD5 e9a7c44d7bda10b5b7a132d46fcdaf35
SHA1 5217179f094c45ba660777cfa25c7eb00b5c8202
SHA256 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1
SHA512 e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

memory/2084-122-0x0000000000520000-0x0000000000560000-memory.dmp

memory/2084-123-0x0000000000560000-0x00000000005A0000-memory.dmp

memory/2084-124-0x0000000000520000-0x0000000000560000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-03-18 12:44

Reported

2022-03-18 13:15

Platform

win10-20220223-de

Max time kernel

1755s

Max time network

1799s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

Signatures

PlugX

trojan plugx

PlugX Rat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3828 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3828 wrote to memory of 3976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8f35e4f50,0x7ff8f35e4f60,0x7ff8f35e4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1516 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5284 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4248 /prefetch:8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=ul+pjy632WenoubhxxdU4zYzSqugOgdrbvFq004Z --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6adbb25a0,0x7ff6adbb25b0,0x7ff6adbb25c0

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3404_VNZFGYPDBTZJGZMY" --sandboxed-process-id=2 --init-done-notifier=720 --sandbox-mojo-pipe-token=7494223719052809056 --mojo-platform-channel-handle=696 --engine=2

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3404_VNZFGYPDBTZJGZMY" --sandboxed-process-id=3 --init-done-notifier=928 --sandbox-mojo-pipe-token=652740354582763160 --mojo-platform-channel-handle=924

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3788 -s 708

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,12464058423745106503,5707219323820639530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4144 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 clients2.google.com udp
GB 62.182.20.70:80 62.182.20.70 tcp
NL 142.251.36.45:443 accounts.google.com udp
NL 142.250.179.174:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.250.179.174:443 clients2.google.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 go.cpanel.net udp
US 8.8.8.8:53 cpanel.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:443 dns.google udp
US 142.250.68.131:443 ssl.gstatic.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 142.251.32.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 142.251.32.195:443 udp
US 8.8.8.8:53 dns.google udp
US 142.250.114.95:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 142.251.32.195:443 update.googleapis.com tcp
US 142.251.32.195:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 142.251.32.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
DE 142.251.36.195:443 update.googleapis.com tcp

Files

\??\pipe\crashpad_3828_SAFCGVWLDGTDSSRV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 44407a7090676ea75ede2c8726791d7d
SHA1 ab265583e622a5852ee1150d55fcf16da696b9b8
SHA256 91c15fdb4505dd03c632efc6bd1b60af54a0e48473928a1c2303d66484fe173f
SHA512 2de780fc2420c7a88d8120f8fcf994816bb65340bea1ea40d311ecb1fbff803de989f94797b626c4a3451b61677a04e117ee95c28f4a6b166667567f724ddf59

memory/3788-127-0x00007FF8FD7B0000-0x00007FF8FD7B1000-memory.dmp

memory/3788-126-0x00007FF8FD520000-0x00007FF8FD521000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 44407a7090676ea75ede2c8726791d7d
SHA1 ab265583e622a5852ee1150d55fcf16da696b9b8
SHA256 91c15fdb4505dd03c632efc6bd1b60af54a0e48473928a1c2303d66484fe173f
SHA512 2de780fc2420c7a88d8120f8fcf994816bb65340bea1ea40d311ecb1fbff803de989f94797b626c4a3451b61677a04e117ee95c28f4a6b166667567f724ddf59

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\edls_64.dll

MD5 e9a7c44d7bda10b5b7a132d46fcdaf35
SHA1 5217179f094c45ba660777cfa25c7eb00b5c8202
SHA256 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1
SHA512 e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em000_64.dll

MD5 d0cf72186dbaea05c5a5bf6594225fc3
SHA1 0e69efd78dc1124122dd8b752be92cb1cbc067a1
SHA256 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907
SHA512 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em001_64.dll

MD5 7adcb76ec34d774d1435b477e8625c47
SHA1 ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256 a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512 c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em002_64.dll

MD5 5913dc18fc2a5dd49ba064655ac75c24
SHA1 d941ea7f6a7aa6c8b7dbc65fa37b6bf41dcd9069
SHA256 090b958bd2806e2571198847fad60ba446282b783d2da44efe3a879d0507701f
SHA512 d71edd1d2a5fa643f22fe0947c5910cf6b796845f6a782dd8503907babce49055175010296fbd890ff9ce0b3dd5df7ebfe7b8fb079c0ae4b7e562099d6e84197

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em003_64.dll

MD5 ced50723c5ae960adfd3fc726b34cdb1
SHA1 962a477d168b786b3d1a301793ab91e1a850f376
SHA256 5a9dc132339862cc79f38c1b17db4c0fafa58eec396608ac1583784f1b3b6532
SHA512 ad70cac1f0a65362f4c2d1c221564c23fc2beecc9842aeb513a1448f2820d987e014af0557a30d50ae136d0bea83b8254ba871937576d3097fce567add578bee

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em004_64.dll

MD5 6e1f355a54cf57047647beb9f5aca079
SHA1 529f42911634143507f28d4ea0b6757d6f17af65
SHA256 10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6
SHA512 5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em005_64.dll

MD5 169a2ef320119891cf3189aa3fd23b0e
SHA1 de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA256 1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA512 7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em000_64.dll

MD5 d0cf72186dbaea05c5a5bf6594225fc3
SHA1 0e69efd78dc1124122dd8b752be92cb1cbc067a1
SHA256 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907
SHA512 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em001_64.dll

MD5 7adcb76ec34d774d1435b477e8625c47
SHA1 ec4ba0ad028c45489608c6822f3cabb683a07064
SHA256 a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d
SHA512 c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em003_64.dll

MD5 ced50723c5ae960adfd3fc726b34cdb1
SHA1 962a477d168b786b3d1a301793ab91e1a850f376
SHA256 5a9dc132339862cc79f38c1b17db4c0fafa58eec396608ac1583784f1b3b6532
SHA512 ad70cac1f0a65362f4c2d1c221564c23fc2beecc9842aeb513a1448f2820d987e014af0557a30d50ae136d0bea83b8254ba871937576d3097fce567add578bee

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em005_64.dll

MD5 169a2ef320119891cf3189aa3fd23b0e
SHA1 de51c936101ef79bbc0f1d3c800cf832d221eef8
SHA256 1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780
SHA512 7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em002_64.dll

MD5 5913dc18fc2a5dd49ba064655ac75c24
SHA1 d941ea7f6a7aa6c8b7dbc65fa37b6bf41dcd9069
SHA256 090b958bd2806e2571198847fad60ba446282b783d2da44efe3a879d0507701f
SHA512 d71edd1d2a5fa643f22fe0947c5910cf6b796845f6a782dd8503907babce49055175010296fbd890ff9ce0b3dd5df7ebfe7b8fb079c0ae4b7e562099d6e84197

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em004_64.dll

MD5 6e1f355a54cf57047647beb9f5aca079
SHA1 529f42911634143507f28d4ea0b6757d6f17af65
SHA256 10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6
SHA512 5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

C:\Users\Admin\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-sandbox.log

MD5 fa61651263e0e2b18f9acd4ef9ef343c
SHA1 b877d3b18f18c9e12eb31236bf4e1f63cf7b7d51
SHA256 df453626197a3b8fc8b7c1bbcc395e8415074df3717a43d5e6abd184ed57b982
SHA512 9cbab1dc80b7bec0d70ab2ab9d62f8e44cafdd15c189302d4a79cb505fa8d261425e579aa35e6f622050924cca96873f20f37676d1518641ed21b05f04d80b13

\??\pipe\crashpad_3404_VNZFGYPDBTZJGZMY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 44407a7090676ea75ede2c8726791d7d
SHA1 ab265583e622a5852ee1150d55fcf16da696b9b8
SHA256 91c15fdb4505dd03c632efc6bd1b60af54a0e48473928a1c2303d66484fe173f
SHA512 2de780fc2420c7a88d8120f8fcf994816bb65340bea1ea40d311ecb1fbff803de989f94797b626c4a3451b61677a04e117ee95c28f4a6b166667567f724ddf59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\edls_64.dll

MD5 e9a7c44d7bda10b5b7a132d46fcdaf35
SHA1 5217179f094c45ba660777cfa25c7eb00b5c8202
SHA256 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1
SHA512 e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

memory/3788-153-0x000001B141910000-0x000001B141911000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2022-03-18 12:44

Reported

2022-03-18 13:15

Platform

win10v2004-de-20220113

Max time kernel

1756s

Max time network

1805s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

Signatures

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Registers COM server for autorun

persistence

Sets file execution options in registry

persistence

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Elevation.tmp C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\s_sortedby_18.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\send-for-sign\js\nls\ro-ro\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\walk-through\js\nls\nl-nl\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer-select\images\file_icons.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\uss-search\css\main.css C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\walk-through\images\themeless\S_ThumbDownOutline_22_N.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\combinepdf\js\nls\ca-es\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\themes\dark\s_forward_18.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\app-center\js\nls\fi-fi\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\fss\img\tools\themes\dark\x_2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\scan-files\js\nls\nl-nl\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\read_EX_Challenger_1_DT-2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\fss\img\tools\line.cur C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\combinepdf\js\nls\hu-hu\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\app-center\js\nls\en-il\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\icons_ie8.gif C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\themes\dark\s_signed_out.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\scan-files\js\nls\it-it\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\editpdf\images\example_icons2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\generic-rhp-app\js\plugin.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es_2x.gif C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\js\nls\ca-es\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\file_types\s_shared_single_filetype.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\createpdfupsell-app\js\nls\sv-se\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\s_filter-disabled_32.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\fss\js\nls\nb-no\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\dd_arrow_small.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\win-scrollbar\arrow-left.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\files\dev\nls\cs-cz\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\unified-share\images\Close.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\themes\dark\next-arrow-disabled.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\RHP_icons_2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\js\nls\fi-fi\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\ob-preview\images\themeless\print_poster.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\search-summary\css\main-selector.css C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\th_get.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\files\dev\nls\root\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\send-for-sign\images\themes\dark\sfs_icons.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\scan-files\css\main.css C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\editpdf\js\nls\ja-jp\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\next-arrow-hover.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\ob-preview\css\main-selector.css C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\app-center\js\nls\fr-ma\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\themes\dark\s_filterselected-dark-disabled_32.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\scan-files\js\plugin.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\on-boarding\js\nls\fr-fr\ui-strings.js C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_2x.png C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\editpdf.svg C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\1d34582.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3458f.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345bb.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345ca.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345e3.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7CD2.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d34588.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\XFDFFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d3457c.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3457d.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345b4.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\PDXFile_8.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\1910676589\227395627.pri C:\Windows\system32\compattelrunner.exe N/A
File created C:\Windows\Installer\1d34577.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3457e.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d34579.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345ae.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345c4.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345eb.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\PDFFile_8.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7C82.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d34586.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34599.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SecStoreFile.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3456d.msp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345c4.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345dd.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345df.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345ea.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3458b.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d3457d.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345b2.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345c5.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345c7.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345d3.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9523.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7C02.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345d0.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345d5.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345e6.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345b1.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345d6.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345e8.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\XDPFile_8.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345a8.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345a0.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d3459f.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34588.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345ac.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345bf.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345ea.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9555.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6DD2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d3458c.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d3458d.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34590.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34595.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345bf.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d345df.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34585.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345a6.HDR C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1d345b3.HDR C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1d34580.HDR C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroCEF" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}\AppName = "AcroRd32.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4}\Policy = "3" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88}\AppName = "RdrCEF.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\ C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}\AppName = "AcroBroker.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}\AppName = "AdobeCollabSync.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}\AppName = "AdobeARM.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E}\AppName = "AcroRd32.exe" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}\Policy = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}\AppPath = "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}\AppPath = "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4}\AppName = "AcroRd32.exe" C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.FilePicker_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CParentalControls_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.XboxGameCallableUI_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.BioEnrollment_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.BioEnrollment_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.windows.narratorquickstart_8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.Search_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CShellExperienceHost_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.XboxGameCallableUI_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CallingShellApp_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CloudExperienceHost_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.ECApp_8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppResolverUX_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.LockApp_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Win32WebViewHost_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CPrintDialog%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CImmersiveControlPanel%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.FilePicker_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.FileExplorer_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.creddialoghost_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.ContentDeliveryManager_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AAD.BrokerPlugin_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.People_10.1902.633.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoftWindows.Client.CBS_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CPrintDialog%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Win32WebViewHost_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.People_10.1902.633.0_x64__8wekyb3d8bbwe%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%5Cresources.pri C:\Windows\system32\compattelrunner.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\Windows\system32\compattelrunner.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\ = "UpToDateCloudOverlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1\ = "SyncEngineFileInfoProvider Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\ = "NucleusNativeMessaging Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.acrobatsecuritysettings\EditFlags = 00000100 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdx\OpenWithProgids\ C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\TypeLib\ = "{E64169B3-3592-47D2-816E-602C5C13F328}" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\WOW6432NODE\INTERFACE\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\TypeLib\ = "{F904F88C-E60D-4327-9FA2-865AD075B400}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XDPDoc\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.acrobatsecuritysettings\OpenWithList\Acrobat.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\VersionIndependentProgID C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\ = "CAcroApp" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\TypeLib\Version = "1.1" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B744CAF070E41400\Version = "319442562" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ContextMenuOptIn C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID\ = "FileSyncOutOfProcServices.FileSyncOutOfProcServices.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\INTERFACE\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\ = "SyncEngineFileInfoProvider Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\DataFormats\GetSet\3 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AcroExch.acrobatsecuritysettings.1\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\WOW6432NODE\INTERFACE\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document.DC\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ = "CAcroRect" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\MiscStatus\ = "0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\FileSyncClient.AutoPlayHandler\CurVer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\TYPELIB\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\0\WIN32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.XFDFDoc\shell\Read\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Printable C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62776AC3-A015-4BA5-A1C7-DCD765881249}\ = "IAdobeInitializeWithFile" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\INTERFACE\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AcroExch.Document.DC\Insertable C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D3F22039-E3CF-4FC4-9A30-426A46056B8C}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\TypeLib\ = "{F904F88C-E60D-4327-9FA2-865AD075B400}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.fdf C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\acrobat2018\shell\open\ddeexec\application C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\WOW6432NODE\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\VERSIONINDEPENDENTPROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\{B4848E37-7C66-40A6-9F66-D3A9BC8F4636}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\PROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\ = "SyncEngineFileInfoProvider Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_CLASSES\WOW6432NODE\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeMachineAccountPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeTcbPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSecurityPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeLoadDriverPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSystemProfilePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSystemtimePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeBackupPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeRestorePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeShutdownPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeAuditPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeUndockPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeSyncAgentPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeManageVolumePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeImpersonatePrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1876 wrote to memory of 2236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 3812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 3812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1876 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" http://62.182.20.70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97f334f50,0x7ff97f334f60,0x7ff97f334f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1984 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4332 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe" -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5252 /prefetch:2

C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe

"C:\ProgramData\Adobe\ARM\S\16377\AdobeARMHelper.exe" /ArmUpdate /MSI FOLDER:"C:\ProgramData\Adobe\ARM\S\16377" /MODE:3 /PRODUCT:Reader /VERSION:19.0 /LANG:ENU

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1E32688183DEDD26B1DB40A94B58595C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F5C613517EB74B254F59E1286E4A7C43 E Global\MSI0000

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /ArmUpdate /MSI FOLDER:"C:\ProgramData\Adobe\ARM\S\16377" /MODE:3 /PRODUCT:Reader /VERSION:19.0 /LANG:ENU

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B86EBB4A2E1D176F8A0F6EE77982EF1F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 34DAA9FBA203C9735E8BF3DE9D002A6D E Global\MSI0000

C:\Windows\Installer\MSI9523.tmp

"C:\Windows\Installer\MSI9523.tmp" /b 2 120 0

C:\Windows\system32\compattelrunner.exe

C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wsappx -p

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe" 19.010.20098 19.010.20069.0

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" /update /updateSource:ODSU

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /updateSource:ODSU /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe"

C:\Windows\system32\compattelrunner.exe

C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12456384467064382361,2067734377803338760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload mininterval:2880

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 clients2.google.com udp
GB 62.182.20.70:80 62.182.20.70 tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.250.179.174:443 clients2.google.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 cpanel.com udp
US 8.8.8.8:53 go.cpanel.net udp
GB 62.182.20.70:80 62.182.20.70 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 142.250.68.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:80 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 204.79.197.200:443 tcp
US 72.21.81.240:80 tcp
US 72.21.81.240:80 tcp
US 8.8.8.8:53 dns.google udp
NL 104.109.143.9:80 ardownload.adobe.com tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:80 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
NL 104.109.143.25:80 ardownload.adobe.com tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:80 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 142.250.114.95:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 35.241.43.25:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 142.251.32.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 172.217.1.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 142.251.32.195:443 udp
US 142.251.32.195:443 update.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 142.251.32.195:443 update.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
DE 142.251.36.195:443 udp
DE 142.251.36.195:443 update.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
DE 142.251.36.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp

Files

\??\pipe\crashpad_1876_KCTPSPBOMUAQMOJQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3704-131-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-133-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-132-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-134-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-135-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-138-0x00007FF99D330000-0x00007FF99D525000-memory.dmp

memory/3704-140-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-141-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-142-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-143-0x00007FF95D3B0000-0x00007FF95D3C0000-memory.dmp

memory/3704-144-0x00007FF99D330000-0x00007FF99D525000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\DeviceHealthSummaryConfiguration.ini

MD5 ba95c705a13fd5264d33896583d94a0e
SHA1 123a6427b1fa3a715a3ea8a24fd4edb2f772a5fa
SHA256 3cc165b1beb8f2f8a7e857e6b31a8d025ea368a69000778670c125725a53894f
SHA512 f7df587ed2f87004b6e08a96e639cbc826f3ccbf02bb926f8300bb8879e3f53566848e6ccc5618241b50655c49e2bb001448f4981f89976adceed9224a37dcbe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Cache\Arm_001824311644_15975797801193718868758618044128505669.msi

MD5 daef9610629678de57c4567339f6e52c
SHA1 3c2f60cce0d017c9f93fe0d09c80a7ca0dc63d0f
SHA256 9aebffc9bb8192c5ba7e51bf7b47246d53837fab2b435d71ccaeaee1cd74c701
SHA512 9a550ec8cb373b6ab488750aa9c679e419b8dfeddf3ccb02593c044553b5bb447516ceebc18e73db2b8c848b79f124ed6764484795b8f4a6d58d954b77f0b4a5

C:\Windows\Installer\MSI4769.tmp

MD5 fadffef98d0f28368b843c6e9afd9782
SHA1 578101fadf1034c4a928b978260b120b740cdfb9
SHA256 73f7e51214b775421f6679acabc51ac1d34b4271116f5f3dd3426df50d214886
SHA512 ba5ab56a7e5d2e54fc304d77c78a14b35b187fdd95a090d39193b3da6ab40ef1b38c3cd56b160edceded3d622c0b645376efaf3df8fc8c437f448f91587f3233

C:\Windows\Installer\MSI4769.tmp

MD5 fadffef98d0f28368b843c6e9afd9782
SHA1 578101fadf1034c4a928b978260b120b740cdfb9
SHA256 73f7e51214b775421f6679acabc51ac1d34b4271116f5f3dd3426df50d214886
SHA512 ba5ab56a7e5d2e54fc304d77c78a14b35b187fdd95a090d39193b3da6ab40ef1b38c3cd56b160edceded3d622c0b645376efaf3df8fc8c437f448f91587f3233

C:\Windows\Installer\MSI4B34.tmp

MD5 4184a5369d3bd6592b1db5cd2ac465ef
SHA1 be848190344933e38e0d40f0d56854594f113c42
SHA256 5f7b6321625dbc7901a8c22fc70d1902654aef3e47499d9e243ad7c2f83a0ac5
SHA512 49c10020c012cf89cfe27f31e51ca844c8ae0de9c21d3f491e5cab2b737693e1e09b37b4b8aeb1745524b0adce4a19ecc7d158b6eb97bcf2ba59c13569c200b1

C:\Windows\Installer\MSI4B34.tmp

MD5 4184a5369d3bd6592b1db5cd2ac465ef
SHA1 be848190344933e38e0d40f0d56854594f113c42
SHA256 5f7b6321625dbc7901a8c22fc70d1902654aef3e47499d9e243ad7c2f83a0ac5
SHA512 49c10020c012cf89cfe27f31e51ca844c8ae0de9c21d3f491e5cab2b737693e1e09b37b4b8aeb1745524b0adce4a19ecc7d158b6eb97bcf2ba59c13569c200b1

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5 10a58da77ae2073d1baf4f13630ea516
SHA1 aed9c3190f2a2508a150b2f03568f9aa0b4f00c0
SHA256 cb914e1a70aa98cbaae25192df867d73605aa9ae5db4ef77c274c266c2d0b2d8
SHA512 a83454e609d88111463e620f0ea2f2e066ec87136716ccc5146fab432a5fba8778335d9597cbf7bdf475207962194e0f6cf9c97ad8830c4694a23f5aa0a7766d

C:\Windows\Installer\MSI4BB2.tmp

MD5 4184a5369d3bd6592b1db5cd2ac465ef
SHA1 be848190344933e38e0d40f0d56854594f113c42
SHA256 5f7b6321625dbc7901a8c22fc70d1902654aef3e47499d9e243ad7c2f83a0ac5
SHA512 49c10020c012cf89cfe27f31e51ca844c8ae0de9c21d3f491e5cab2b737693e1e09b37b4b8aeb1745524b0adce4a19ecc7d158b6eb97bcf2ba59c13569c200b1

C:\Windows\Installer\MSI4BB2.tmp

MD5 4184a5369d3bd6592b1db5cd2ac465ef
SHA1 be848190344933e38e0d40f0d56854594f113c42
SHA256 5f7b6321625dbc7901a8c22fc70d1902654aef3e47499d9e243ad7c2f83a0ac5
SHA512 49c10020c012cf89cfe27f31e51ca844c8ae0de9c21d3f491e5cab2b737693e1e09b37b4b8aeb1745524b0adce4a19ecc7d158b6eb97bcf2ba59c13569c200b1

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5 50b17d217f07d5968b34f42311638f74
SHA1 de0c092e9e157288c661f3471301fc5ee1bddbb5
SHA256 9ad7c8083743312c9742f5844f6eff38d9273c3e363ed872ec3640303764e74c
SHA512 5dddf066ebaecdffda6a023704f86b53849d8ba2806b196a71eadb6e250fc77681cab009c1feec691d27aaf0049d0358ac38d17ffe4d73d7a8af5952c5a2c6fb

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5 50b17d217f07d5968b34f42311638f74
SHA1 de0c092e9e157288c661f3471301fc5ee1bddbb5
SHA256 9ad7c8083743312c9742f5844f6eff38d9273c3e363ed872ec3640303764e74c
SHA512 5dddf066ebaecdffda6a023704f86b53849d8ba2806b196a71eadb6e250fc77681cab009c1feec691d27aaf0049d0358ac38d17ffe4d73d7a8af5952c5a2c6fb

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

MD5 fd59fc6011af0e430fdc63aa15b6de75
SHA1 376a72f8ca10471b391d082e09d357a8a067e432
SHA256 28bafddf4f7f85cca3551a3920012e59a6fc4f9334ba80b9f755b43e605f9899
SHA512 11df7b783292f0d08df57eac67d25e1a2dac77010c2f3794dfc6895b532787a2cd2d57b7f72be04354db12a4082ed6760e322de766d6191c7b77c5e0f739c0b4

C:\ProgramData\Adobe\ARM\ArmReport.ini

MD5 b27c93bece6b7d59876fdc3a93e09c42
SHA1 25e8c04e116637e04bfe237567bd1f73ef6c915d
SHA256 0ed89a9b5da2684c55a029e7a060bc61cd8c74d2968614e2c7d4099a896648d2
SHA512 0d534f49a681d2dbb7100f91a51297a233467b2846713c74a9b8bfcc70b8ed33932cee68e37d9687075b749642210a8fd2b819712b2e5311a2ad93526c2b27a9

C:\Windows\Installer\MSI6A57.tmp

MD5 c23d4d5a87e08f8a822ad5a8dbd69592
SHA1 317df555bc309dace46ae5c5589bec53ea8f137e
SHA256 6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27
SHA512 fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b

C:\Windows\Installer\MSI6A57.tmp

MD5 c23d4d5a87e08f8a822ad5a8dbd69592
SHA1 317df555bc309dace46ae5c5589bec53ea8f137e
SHA256 6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27
SHA512 fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b

C:\Windows\Installer\MSI6DD2.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6DD2.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6E22.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6E22.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6E80.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI6E80.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI6EC0.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6EC0.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI6F3E.tmp

MD5 0e91605ee2395145d077adb643609085
SHA1 303263aa6889013ce889bd4ea0324acdf35f29f2
SHA256 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b
SHA512 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be

C:\Windows\Installer\MSI6F3E.tmp

MD5 0e91605ee2395145d077adb643609085
SHA1 303263aa6889013ce889bd4ea0324acdf35f29f2
SHA256 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b
SHA512 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be

C:\Windows\Installer\MSI71EE.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI71EE.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI725D.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI725D.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI7C02.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI7C02.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI7C23.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI7C23.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI7C62.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI7C62.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI7C82.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI7C82.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSI7CD2.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d