Malware Analysis Report

2024-10-19 02:31

Sample ID 220329-r81zbsfbc9
Target how-do-i-turn-off-private-network-in-windows-10.html
SHA256 58e384317b41f84dc77b45b5d99bd87aeaca9940bbf242d59db344d43b5de341
Tags
plugx discovery spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

58e384317b41f84dc77b45b5d99bd87aeaca9940bbf242d59db344d43b5de341

Threat Level: Known bad

The file how-do-i-turn-off-private-network-in-windows-10.html was found to be: Known bad.

Malicious Activity Summary

plugx discovery spyware stealer trojan

PlugX

PlugX Rat Payload

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks installed software on the system

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-03-29 14:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-03-29 14:52

Reported

2022-03-29 15:03

Platform

win10-20220310-en

Max time kernel

583s

Max time network

601s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\how-do-i-turn-off-private-network-in-windows-10.html

Signatures

PlugX

trojan plugx

PlugX Rat Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "355386355" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2304721932" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30950285" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc97f1ca6a559947bd54ec05e06c369200000000020000000000106600000001000020000000deb900263d6c7aa9adb67926dfc9c509e23bd6791b9a456fc2433dad5d940089000000000e8000000002000020000000f821fb0f656f5dcd6c967010c2ab07b6f5ea475f9e8bb5567f9991944696157620000000ec63dcd4b7f125b376bfa6d7450a0539901db281cc42bf0d553c4d5223dbfe6140000000c196322b5866cb0a19b3bbcba89939871da9ba282a5dd203e35dd8dee34f5b8ffb5dd441f02fef555de0b13f954e0133b83d35288ff5d732f3343dcca52c41e1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "355337767" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "355354364" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc97f1ca6a559947bd54ec05e06c369200000000020000000000106600000001000020000000b6a779289aeeb821fa695f696cd2eec9e3811f48c9c1779ec83647d611c839e9000000000e8000000002000020000000ec949b345b1245294bb3d2f723c83690cb9f59035594b7fca30f939524b7b835200000004458cd24597f63441a6fb377c10e365d6ef0d2386115985bdac4af0f77223adb40000000ea2d1baab9f514272f4c1e60907e4ed570f4c5eb94b622a7ad8106ee3bc839c94ec480b6d488fff7e72c13baa17545f794e59344ef704d2514a3c9053aa05c8c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708347ab8d43d801 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2367717658" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30950285" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B461D521-AF80-11EC-AD4A-4A126F461292} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2304721932" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30950285" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-370654639-3807403165-1443644579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a02d54ab8d43d801 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1896 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1896 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1896 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3360 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3360 wrote to memory of 1440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\how-do-i-turn-off-private-network-in-windows-10.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:82945 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd44944f50,0x7ffd44944f60,0x7ffd44944f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1504 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5592 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4840 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5896 /prefetch:8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=EyXZH/eeVpI/ng6nF9DJ8hxp21jNylt7gZAtR2c7 --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff64df725a0,0x7ff64df725b0,0x7ff64df725c0

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5084_FBZBMLWXPJLEGKMZ" --sandboxed-process-id=2 --init-done-notifier=720 --sandbox-mojo-pipe-token=340990399036233838 --mojo-platform-channel-handle=696 --engine=2

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5084_FBZBMLWXPJLEGKMZ" --sandboxed-process-id=3 --init-done-notifier=928 --sandbox-mojo-pipe-token=398154040258545563 --mojo-platform-channel-handle=924

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1488,9224002471768451139,7873247637276963365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 frameboxxindore.com udp
US 8.8.8.8:53 fastred.biz udp
NL 51.15.15.73:443 fastred.biz tcp
US 172.67.152.52:443 frameboxxindore.com tcp
NL 51.15.15.73:443 fastred.biz tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 8.8.8.8:53 images.dmca.com udp
US 151.139.242.29:445 images.dmca.com tcp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 frameboxxindore.com udp
US 172.67.152.52:445 frameboxxindore.com tcp
US 104.21.80.171:445 frameboxxindore.com tcp
US 172.67.152.52:139 frameboxxindore.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.208.118:443 i.ytimg.com tcp
NL 216.58.208.118:443 i.ytimg.com tcp
NL 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.bing.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.174:443 clients2.google.com udp
NL 172.217.168.237:443 accounts.google.com udp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 8.8.8.8:53 fastred.biz udp
NL 51.15.15.73:443 fastred.biz tcp
US 172.67.152.52:443 frameboxxindore.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 dns.google udp
NL 104.110.191.14:80 repository.certum.pl tcp
N/A 224.0.0.251:5353 udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
US 35.201.104.59:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
NL 51.15.21.63:443 tcp
FI 95.216.65.102:443 www.takiparkrb.site tcp
FI 95.216.65.102:443 tcp
NL 216.58.208.98:443 partner.googleadservices.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.251.39.97:443 udp
DE 52.29.167.104:443 tcp
US 34.98.67.61:443 tcp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
NL 213.19.162.80:443 tcp
NL 213.19.162.80:443 tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 20.88.207.242:443 beacon.walmart.com tcp
NL 198.47.127.19:443 tcp
FR 2.18.99.184:443 tcp
FR 2.18.99.184:443 tcp
NL 142.250.179.162:443 tcp
NL 142.250.179.162:443 tcp
IE 108.128.215.255:443 tcp
DE 91.228.74.133:443 tcp
JP 52.196.179.39:443 tcp
NL 142.250.179.162:443 udp
JP 52.196.179.39:443 tcp
NL 142.250.179.166:443 tcp
NL 104.80.225.228:443 e.dlx.addthis.com tcp
US 8.8.8.8:53 dns.google udp
US 184.31.225.2:443 tcp
NL 185.33.221.88:443 tcp
NL 104.123.45.213:443 cdn.doubleverify.com tcp
NL 142.250.179.166:443 udp
DE 213.254.244.26:443 tps.doubleverify.com tcp
DE 213.254.244.112:443 tpsc-frc.doubleverify.com tcp
NL 172.217.168.194:443 ade.googlesyndication.com tcp
NL 172.217.168.194:443 udp
NL 172.217.168.194:443 udp
US 8.8.4.4:443 dns.google udp
RU 87.250.251.119:443 mc.yandex.ru tcp
NL 142.251.36.46:443 google.com tcp
US 35.185.21.228:443 e2c24.gcp.gvt2.com tcp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
CA 172.217.13.99:443 beacons2.gvt2.com tcp
CA 172.217.13.99:443 udp
NL 172.217.168.227:443 beacons.gvt2.com tcp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
NL 172.217.168.227:443 udp
NL 172.217.168.194:443 udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.174:443 clients2.google.com tcp
NL 142.250.179.174:443 clients2.google.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 172.217.168.194:443 udp
US 8.8.4.4:443 dns.google udp
NL 172.217.168.195:443 b1.nel.goog tcp
NL 172.217.168.195:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 172.217.168.195:443 udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 6291523270b8d874c343bfd3f4ed25eb
SHA1 5a0872b4a026c43a94be044162a3c3dd980ddd2d
SHA256 7ba0600af5c794881f0abb1b30194b571237e20d7cbe8cdacba99a3a662e3570
SHA512 b82e29a87d143525eaa8a3313f9d7280ccd72430b5f91c2f475c5118c5eb5d8573e188c38d2b6689bb11723d7c0ec62c2b10be97a8a190c9b9ec002112d86364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 8107a58c4b6110e69d7e511b99e2c9d7
SHA1 0316d7863d09edbd9cec42856f6ebd74b3c03880
SHA256 42b1f5f7e4f86fe503d18608273c84428a6584f4c5485808b568c37e5cd3ca4e
SHA512 aa8554db28f9b8adae0d9314f3ef96fc4b43dbd03f13bb9d028ec72105386a8a582f1e0997e1cdda3253256015c76dc3d69f3fdecb6d751bd7e0c29374bfdb5a

\??\pipe\crashpad_3360_GEDBKEYPUMXNXFNG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YZUW48VS.cookie

MD5 cfb8f0ddee65d159eaaeecdc9be381aa
SHA1 84728eb96e4dd754d43a5e867b370ef71bb64167
SHA256 2866747bbb80d24fa55ec16e0888687c4cec70b05c787593701b314c8ee517ce
SHA512 8790e91d2748bf3a5454b657d02329730f2f432c1a6d8bc34142752a1d7d2aaf07bece2e7334edf4b086f73154dce828a27e46550617b51c3af9ce2414e8a8ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 64e9b8bb98e2303717538ce259bec57d
SHA1 2b07bf8e0d831da42760c54feff484635009c172
SHA256 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
SHA512 8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 635951e933ce74cfdd8b5385bb2fde4c
SHA1 35c148f109ee155e1445ffc7b7f3072aa615926b
SHA256 fb148e2012d89b42153ee23d4fe7248f0781f93f8b0b459d3ab15d5bb185cdc0
SHA512 8912d61b171b65e6acd557159d97d0c3ccc3700af26e4ad9796fff54e80a96ceb6d854b31424b9de7e03b6599e52acad8e98517e590ccf96b483eff40d2ac0b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 69511a066a295d458a89e2b926a249f7
SHA1 83d582f87fa55d528af6d783763bb2502b377bdc
SHA256 855e73ab029929bcaeaead593218c4b481fa40bb108f07aa3634af903bbbcf06
SHA512 9c44dd911dc73fa456cde99fbaef62486c9f5c2c0ee3a2250813b60a7398ca60dad824c625e3af7553069880f2bcbaef91602acd6cb423509243248a0e4a2a37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 840897f2a0ae71c490bc74c401e5b362
SHA1 bd7f8d67d0a8f62c22a7c22bfe152abf90caab53
SHA256 550e7583eebb6f33e2c1776b52f2319e1dc06e3db4bab5668900577e7f8e3beb
SHA512 68230e2dd4449a038d219b2d8e5637bf5c1bd21b1ad0cc80f7eb2eca9a1e9b04a4fa386a6cd5fb87cd9b509bc2049a87ef572da9a40c6daafade09aa1f3f3e59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_25C1C17E3D961AC8ED4EF9DAC6C8BB23

MD5 cd49db2cde3b3d687c7dc3a2239f42bc
SHA1 6e9e98a144403f207fbf2875482c9444dab3f620
SHA256 7e3d48cff108a3f2595d2defac1685219e6b747c2e8b54413a06f48b8132aa63
SHA512 855cd2713bdc497e9473b8689a80f4934a4c83b7cb78ec475544c57c5e01fcde0f7358c16e3eba2ea15f1405801f9190096bb93617034da18debbe6779f8069c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_25C1C17E3D961AC8ED4EF9DAC6C8BB23

MD5 e14df6fb7615c59f4d7cd344cbabe83f
SHA1 19e7c51c18347fce2f7d491f61ca2b2750ff51d7
SHA256 73a528c6b5466407e13d92c9caf8c579952ae13d67ef859d74438f8be02bd0cf
SHA512 540707c65634c0ac6602aaaa27891046a8fcc2b0eb7aa57a55039e0aae3f4c7ef093bcd1ca76145f1cff70ceb442d70ec7565772cf1d030b328d4b02748aab63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_DEA9E6EF835944EE4D67BEC1CABD1368

MD5 ad21d8a22bfc48de795d91501cc5a3e5
SHA1 c9f83b9049adc928eb87ce943ae7d24c271d247a
SHA256 301b1db4ad2040b0ef03b4edf7308057d12c355594d842ad81fa6a3b5dd0c15d
SHA512 4b45b6203e51aab9913fe685b6b95b18060aa7a66098db707332f34406de3cf60fcbc316ba96c1a893fe37e2a24ad20b4ac46d726a394f29862fa319efc1621f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_DEA9E6EF835944EE4D67BEC1CABD1368

MD5 f0fb80eeb017a337b9ffff106b5b7f1f
SHA1 12f70b0a255c72e65f8dc4e256e14b0cba000f7a
SHA256 15fe24ea6aca2079726acca17ab18043aedd747a5d126b4557284e447cadf14c
SHA512 f2dcc3b021a62d35c72a093a67ff045dcf6c36b913bb22b038789ab553742f910e01ee5badec11c3e3cbb94f0fe0efb26f28a459232894334676be842caef6b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 28402c7b5926dde005b08d39f5e75395
SHA1 85e085c8376ffb1a40ae33529c9fafebe81eb0b7
SHA256 c7df7b2e2635889c2c8c6611fc42669f4519fc97182e46e3be9f3a5e838e75ae
SHA512 b1487eec89948bf051c878fe7df9cd7f2f916901fa1bad0d3aa091771f504c0f21bc94786c6193dfbf1a248371b3cea5a65f4978f780f33959fbf9c05c74bbeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 581dafc9c80c9a810f7d104c60cbf727
SHA1 3d0fe4fe3074ea666b0ab678d2cf58c4505547f3
SHA256 cb241edd683c4111a2838251ef85c2f06669bd490cb7c8ed7ce8e1007915a813
SHA512 6fd74d913b485c71c40624684673d0eba9f2317acc8bba1d839a0547c6a8a2f80a450f0ccbea50647c0ccd0d3b0b8851ab3d5e192312614f6ccf960d841a95c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 54e9306f95f32e50ccd58af19753d929
SHA1 eab9457321f34d4dcf7d4a0ac83edc9131bf7c57
SHA256 45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72
SHA512 8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 4b9c2c4a3110c8bba1433d9c0a179f8d
SHA1 d711a146dc5a7d742cde50fe795024914076901b
SHA256 3a5efa04ddbec6191cf9c0f9d85928ae333158ede4661d0ef9fc6a93db7bfa85
SHA512 353bfa2e8bff8ab65a421e8621146d6c8bda2eca9c493f78ef190a1f884e9ce347ab0add47051762915a95ce97fa2a8220e6d9f25c2aa0e361e634560965e976

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0B6306FEB5C531C40CF59383F55F54B

MD5 c52343c39b9e1013ce5d940835b0abee
SHA1 0c5a6f54eb6aaf5df474a97a9a62151ba60a37b9
SHA256 b5ebb4b79abee3367572ae3f2ccfe966aa39eeb25197e3603db290b22852da00
SHA512 1d503c75db82deee997ce840944dee5b6842a8f78d929dad5964476e3b3f859559dc08ab2dde6ddb6a8f04c10e127c3fb3e6caa31f1addcb596b5c027cf9b2b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0B6306FEB5C531C40CF59383F55F54B

MD5 ff03fcc3c95b688c3461d90a006a2980
SHA1 2064c2ce749f91c384d8c6a61ef705d8aa7cc806
SHA256 ca4507012892237b509f1f886a20530d53047bd8beb451b082fe9743f15a576e
SHA512 41563a8859469e8549ed77280e0000752a8ec6ac36e829a3d6e2c6163a50af5f4b3f013f0881c7603062e71b95c22792f4698fd929f2fc36a659fec8dbfc9105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_82D13286062ABFE0B4624929618E84DE

MD5 844d6123395d76e3e5ff43a0d34198bf
SHA1 03ee1ae772d77a5875cff421214283d761afeb72
SHA256 fbd232a237dbf1be46681ec5b2bc8d3551165b8f1a2764a324dc56c5ae1941a6
SHA512 efca0dd878162aebdec0e1db2cf9b8775b52cb081253b1902e1c974085eaba1b44e6bd6e959ebdb69004a82de53f20d6fd308b840e183d990bdfdd977d3f0f2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_82D13286062ABFE0B4624929618E84DE

MD5 52010e8bbad3cd19cc414c28fcf9025a
SHA1 5d3311084edd2ae87d74d5e2bd85aeb084e630f2
SHA256 dd6ba687e81fc20bd0fa4b7786387bd18ddc19e5ceaaef02a3f0dc4275c601a4
SHA512 47f705aafd3d1cc351e77fdc2394375306369b88eae0269204678b45d28217b10e807c416d067fad6799739fbb2eaa580e3031e339f711ca9176c8941b6a487b

memory/5084-138-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

memory/3884-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 8ae8686004857ca9f57ead5b49ad01ac
SHA1 503a52a2c3f9c8e3437fc38565968723d28b312c
SHA256 11e84f0554255621554efbcd4ce02db6d56b9b4b85fddf7f001b819cfe23a897
SHA512 6c27d4fc6cb177d385271156fb1a9dee9b420874860c1220045df6b4c68149ed755b67fe395e9b37a178ff70b21fe08ad6faa8f8b0b858a48c0c74722b3eb7b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe

MD5 3dcd45838971b3e51d01e62c09d36e08
SHA1 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a
SHA256 d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81
SHA512 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa

memory/4776-148-0x0000000000000000-mapping.dmp

memory/4776-152-0x00007FFD5E3D0000-0x00007FFD5E3D1000-memory.dmp

memory/4776-153-0x00007FFD5ED90000-0x00007FFD5ED91000-memory.dmp

\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat

MD5 8ae8686004857ca9f57ead5b49ad01ac
SHA1 503a52a2c3f9c8e3437fc38565968723d28b312c
SHA256 11e84f0554255621554efbcd4ce02db6d56b9b4b85fddf7f001b819cfe23a897
SHA512 6c27d4fc6cb177d385271156fb1a9dee9b420874860c1220045df6b4c68149ed755b67fe395e9b37a178ff70b21fe08ad6faa8f8b0b858a48c0c74722b3eb7b8

\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\edls_64.dll

MD5 e9a7c44d7bda10b5b7a132d46fcdaf35
SHA1 5217179f094c45ba660777cfa25c7eb00b5c8202
SHA256 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1
SHA512 e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

memory/4112-157-0x0000000000000000-mapping.dmp

memory/4776-162-0x000001BB4E340000-0x000001BB4E380000-memory.dmp

memory/4776-163-0x000001BB4E340000-0x000001BB4E380000-memory.dmp

memory/4776-164-0x000001BB4E340000-0x000001BB4E380000-memory.dmp

memory/4776-165-0x000001BB4E340000-0x000001BB4E380000-memory.dmp