5c40783c92c09c8f2188409e8199f639dfd7cad28003a5a1587fa0216069fa4b

Resubmissions

05-11-2023 18:30

231105-w5wbwsab6x 8

05-11-2023 17:57

231105-wjvhgahg5y 8

Analysis

max time kernel
1589s
max time network
1435s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05-11-2023 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uniconverter15_64bit_full14204.exe
Size

241.6MB
MD5

e87a0c14cce47ad451f89103ad9510b0
SHA1

2e8470a17f0ccdf8950179f527f287484e86d8b7
SHA256

5c40783c92c09c8f2188409e8199f639dfd7cad28003a5a1587fa0216069fa4b
SHA512

1b751d2372545c8c7d4220eb4496e318fe0981beee27bd19c05be4af0d719d52b0a6ceab337c0aa5957b13d1ab6a547a186c2a87b2ba7a12cd15cc6c10c512bb
SSDEEP

6291456:miw2Y8eH40Db+syIWETg3jf5LXd8il6R69BBWkjPIbvl:X+HdDb79WXjf5LXd8ile6rwGA9

Score

8^/10

discovery evasion exploit persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	cmd.exe

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
4092	netsh.exe

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
4688	takeown.exe
4332	icacls.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4688	takeown.exe
4332	icacls.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UniConverterUpdateHelper = "C:\\Program Files\\Wondershare\\UniConverter 15\\WSVCUUpdateHelper.exe"	uniconverter15_64bit_full14204.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wondershare Helper Compact.exe = "C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"	Wondershare Helper Compact.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wondershare Helper Compact.exe = "C:\\Program Files\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"	uniconverter15_64bit_full14204.tmp

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	uniconverter15_64bit_full14204.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	VideoConverterUltimate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	VideoConverterUltimate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	VideoConverterUltimate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Wondershare\UniConverter 15\is-F8M50.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\D3D\is-5UQ9G.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-NSIEA.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\wscrashcli.dll	7zG.exe
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\Transfer\AppleService\msvcr90.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\svg\is-1LMLT.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\api-ms-win-core-heap-l1-1-0.dll	7zG.exe
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-NU5JB.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Transfer\is-L3RE8.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-VG37O.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\trial\is-UPEN3.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon16\is-TUO6P.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon24\is-PBSON.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\pythondlls\is-9PLAV.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-NG90M.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\Transfer\msvcr90.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\is-POG6O.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\home\is-OQR6F.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon16\is-A0480.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\animation\is-M283C.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\illustration\is-C1K9V.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon40\is-9SFLB.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Transfer\is-8VRA7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon32\is-Q3HJE.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-PJ7O3.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\button\is-K80AK.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\illustration\is-F7MEO.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\Transfer\iTunesLibrary.dll	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\AIPortrait\is-8GPPJ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-J5M22.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\basic\is-984U1.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-77HBB.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\EffectPlug\Merge\is-280JF.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-6ECHF.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\Crypto\Util\is-0DPIH.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\cffi\is-582R9.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-Q4CG0.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-VD725.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\basic\is-O8G5H.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-243D4.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\WS_MediaSlide.dll	7zG.exe
File created	C:\Program Files\Wondershare\UniConverter 15\UploadRes\facebookads\utils\is-HOHMN.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\wccCom\Skin\Default\wccCom\is-MOELM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\extractor\is-8GIII.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\WS_Extractor\is-1S2DR.tmp	uniconverter15_64bit_full14204.tmp
File opened for modification	C:\Program Files\Wondershare\UniConverter 15\WS_PlayDecMgr.dll	7zG.exe
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon16\is-12I6T.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\Crypto\Cipher\is-E52Q3.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\basic\is-S7E34.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\icon\format\is-VUQ6K.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\icon\icon_basic\is-72HEG.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\trial\is-IA6T2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\icon\icon_state\icon40\is-8I5U8.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon40\is-ADV56.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\youtube_dl\WS_Extractor\is-9HT43.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-4M7S7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\is-B7KG0.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\Default\home\is-IAQ08.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Transfer\is-K1M2I.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-88RLL.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\is-J05MR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\DownloadRes\Crypto\Hash\is-U2GRT.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Program Files\Wondershare\UniConverter 15\Skin\common\install_banner\is-8AR50.tmp	uniconverter15_64bit_full14204.tmp

Drops file in Windows directory 47 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\is-H4Q0S.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-ED8B9.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-AILST.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-7F0VU.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-KUBPR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-9LA23.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-KDSME.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-PIVPI.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-VVJR7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-FR0UV.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-UGRIQ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-H6DQM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-9IICC.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-8JOOD.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-F9M21.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-4L6NM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-12O6E.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-0SK5L.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-3RARB.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-QL6C5.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-EG0SM.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-87KBK.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-TKPS4.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-QR8R2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-11P2C.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-05SI2.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-BAT5S.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-8LR4R.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-KSVU9.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-G38TC.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-OV6P7.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-9Q3NE.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-798GO.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-9CVPR.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-IHDNJ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-5EQ0F.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-J03T9.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-T9A9G.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-I6GCG.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-63LKJ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-B0I74.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-AJTBC.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-DDE8J.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-GFFTE.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-ES9CJ.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-2KE4J.tmp	uniconverter15_64bit_full14204.tmp
File created	C:\Windows\Fonts\is-R986U.tmp	uniconverter15_64bit_full14204.tmp

Executes dropped EXE 44 IoCs

pid	Process
4436	uniconverter15_64bit_full14204.tmp
5840	_setup64.tmp
3644	Wondershare NativePush_14416_64bit.exe
2116	Wondershare NativePush_14416_64bit.tmp
5532	_setup64.tmp
5488	WsNativePushService.exe
5788	WsNativePushService.exe
4768	WsNativePushService.exe
2644	Wondershare Helper Compact.exe
1312	WsToastNotification.exe
4936	Wondershare Helper Compact.tmp
5220	WSHelper.exe
6008	URLReqService.exe
3832	GraphicAccelerateCheck.exe
2444	2Dto3D.exe
5192	FileAssociation.exe
4608	FileAssociation.exe
5668	FileAssociation.exe
5964	cmdCheckMFForVCE.exe
816	winrar-x64-624.exe
4996	7z2301-x64.exe
1292	7zG.exe
4980	VideoConverterUltimate.exe
1848	WsCloudHelper.exe
4692	TransferProcess.exe
2780	sniffer.exe
3264	GetMediaInfo.exe
3996	unins000.exe
3664	_iu14D2N.tmp
5244	unins000.exe
2800	_iu14D2O.tmp
4920	WUCPatch.exe
3644	VCPlayer.exe
4876	VideoConverterUltimate.exe
4272	TransferProcess.exe
3944	sniffer.exe
5828	GetMediaInfo.exe
2456	WsMsgPush.exe
6092	VideoConverterUltimate.exe
100	TransferProcess.exe
3452	sniffer.exe
3952	GetMediaInfo.exe
5836	WUCPatch.exe
4100	7zG.exe

Launches sc.exe 12 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4160	sc.exe
4064	sc.exe
740	sc.exe
5148	sc.exe
5140	sc.exe
6060	sc.exe
4856	sc.exe
5128	sc.exe
3252	sc.exe
4584	sc.exe
3852	sc.exe
5336	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4436	uniconverter15_64bit_full14204.tmp
4436	uniconverter15_64bit_full14204.tmp
4436	uniconverter15_64bit_full14204.tmp
4436	uniconverter15_64bit_full14204.tmp
4436	uniconverter15_64bit_full14204.tmp
1312	WsToastNotification.exe
1312	WsToastNotification.exe
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
5220	WSHelper.exe
5220	WSHelper.exe
5220	WSHelper.exe
5220	WSHelper.exe
5220	WSHelper.exe
5408	regsvr32.exe
2808	regsvr32.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
2436	RegAsm.exe
6008	URLReqService.exe
3832	GraphicAccelerateCheck.exe
3832	GraphicAccelerateCheck.exe
3832	GraphicAccelerateCheck.exe
3832	GraphicAccelerateCheck.exe
3832	GraphicAccelerateCheck.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5964	cmdCheckMFForVCE.exe
5832	taskmgr.exe
3272	Process not Found
1292	7zG.exe
908	WUC v15.x Patcher v1.0.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe
4980	VideoConverterUltimate.exe

Registers COM server for autorun 1 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\LocalServer32	WsToastNotification.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Wondershare\\Wondershare NativePush\\WsToastNotification.exe\" -ToastActivated"	WsToastNotification.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\CFDecode64.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939}\LocalServer32\ = "\"C:\\Program Files\\Wondershare\\UniConverter 15\\DownloadRes\\URLReqService.exe\""	URLReqService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\CFDecode64.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939}\LocalServer32	URLReqService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AD83011E-01D1-4623-91FD-6B75F183C5A9}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}\InprocServer32\ = "C:\\Program Files\\Wondershare\\UniConverter 15\\CFDecode64.ax"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E962A61-DFC4-49B1-B7AE-91FBAFB7191C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	VideoConverterUltimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GetMediaInfo.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GetMediaInfo.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GraphicAccelerateCheck.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	VideoConverterUltimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	cmdCheckMFForVCE.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	cmdCheckMFForVCE.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	VideoConverterUltimate.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	VCPlayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GetMediaInfo.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GetMediaInfo.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	VCPlayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	VideoConverterUltimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GraphicAccelerateCheck.exe

Delays execution with timeout.exe 5 IoCs

evasion

pid	Process
3236	timeout.exe
2092	timeout.exe
4496	timeout.exe
368	timeout.exe
876	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
816	TASKKILL.exe
5144	taskkill.exe
3020	taskkill.exe
3936	taskkill.exe
1076	TASKKILL.exe
3860	taskkill.exe
4372	taskkill.exe
4360	taskkill.exe
1744	TASKKILL.exe
4936	taskkill.exe
5556	taskkill.exe
100	taskkill.exe
2288	taskkill.exe
3968	TASKKILL.exe
3048	taskkill.exe
1996	taskkill.exe
5496	taskkill.exe
5408	taskkill.exe
5932	taskkill.exe
5184	taskkill.exe
4172	taskkill.exe
4412	TASKKILL.exe
4332	taskkill.exe
2240	taskkill.exe
2940	taskkill.exe
3896	taskkill.exe
5308	taskkill.exe
2956	taskkill.exe
2140	TASKKILL.exe
3364	TASKKILL.exe
3416	taskkill.exe
5656	taskkill.exe
5012	taskkill.exe
6052	taskkill.exe
4300	TASKKILL.exe
4048	taskkill.exe
888	taskkill.exe
5944	taskkill.exe
456	TASKKILL.exe
4364	TASKKILL.exe
380	TASKKILL.exe
5508	taskkill.exe
860	taskkill.exe
4088	TASKKILL.exe
5156	TASKKILL.exe
5248	TASKKILL.exe
528	taskkill.exe
3904	taskkill.exe
2008	taskkill.exe
2104	taskkill.exe
5600	TASKKILL.exe
5400	TASKKILL.exe
3364	taskkill.exe
5440	taskkill.exe
4944	taskkill.exe
5188	TASKKILL.exe
1004	TASKKILL.exe
4880	taskkill.exe
1896	taskkill.exe
4276	taskkill.exe
5132	taskkill.exe
3148	taskkill.exe
6008	taskkill.exe
3644	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main	uniconverter15_64bit_full14204.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\Main\TabShutdownDelay = "0"	uniconverter15_64bit_full14204.tmp
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133436808381928601"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB1F307A-9734-46E4-B8D4-33169BBC08CD}\TypeLib\Version = "1.0"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5D17DB29-50CE-3671-8254-44D4F0686252}\TypeLib\Version = "1.0"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C4C4614-EE1D-4DB9-BC2D-A09746667975}\ProxyStubClsid32	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22DD3A2B-CE83-38AA-A93C-932E3CE253C6}\TypeLib\Version = "1.0"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.aiff\	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.3G2\shell\open\command\ = "\"C:\\Program Files\\Wondershare\\UniConverter 15\\VCPlayer.exe\" \"-openfile\" \"%1\""	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{28E2D8EC-DED8-3EEF-AEAF-3F3749C4F0E5}\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7625870B-CC1B-31E0-9DB2-60DB1E5BCB08}\1.0.0.0	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5CAFA8E-F69D-4E6F-9BF3-1F4522AFD4BE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B47D9895-FCDB-3B49-AEA9-76D3266605DF}\InprocServer32\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46884330-13BA-4AC9-BEDC-3A2E955EB8DA}	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{905BFB89-B8E7-4697-9D69-1E1550413A30}\TypeLib	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4720606C-8820-3F4F-AED2-D0AB9E15B0C4}\TypeLib	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.DV	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A6E61D83-DC0F-3F2E-9AA1-BACC7CD056CF}\1.0.0.0\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FCB-975B-59BE-A960-9A2A262853A5}\InprocServer32\1.0.0.0\Class = "IMAPI2.Interop.ProgressItemClass"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.WEBM\shell\open	FileAssociation.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2301-x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.AVI\shell\open	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.MPEG\shell\open\ = "Reproduce con el reproductor Wondershare UniConverter"	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{225BE4D8-64CA-49B1-9630-917F2D92F452}\ = "ISilentInstallProduct"	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.M4P\shell\open	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2ACB5457-93C4-3087-836D-D022BDDA8EBA}\ = "_ConvertProgress"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5610D1A9-5B54-4E77-9190-94FF9E59AFBA}\TypeLib\Version = "1.1"	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB1F307A-9734-46E4-B8D4-33169BBC08CD}\TypeLib	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.3G2\shell	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wondershare.Burner.EraseProgress\ = "Wondershare.Burner.EraseProgress"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA4FFF3E-39BF-3894-9E3B-0BFB606DDFA7}\ProxyStubClsid32	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tod\ = "UniConverter14.AssocFile.TOD"	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.MOV\shell\open	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.AC3	FileAssociation.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5E91D68-955D-4DE1-AB8E-89B26DF6A331}\ = "IUserExpData"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{47F5D30E-5206-3A92-9089-B483006708A2}\ = "_DWriteEngine2_EventHandler"	RegAsm.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C941FC8-975B-59BE-A960-9A2A262853A5}\InprocServer32\RuntimeVersion = "v2.0.50727"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27354132-7F64-5B0F-8F00-5D77AFBE261E}	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.MOV	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.OPUS\shell\open\command	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\AppUserModelId\Wondershare.NotificationApp	WsToastNotification.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C91DBF93-5FEB-4761-8E72-936C6118C6F6}\3.0\HELPDIR\ = "C:\\Program Files\\Wondershare\\UniConverter 15"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLReqService.ReqService.1\CLSID	URLReqService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB2E6C5A-CC98-4B0E-B982-92F82D7583F1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	URLReqService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UniConverter14.AssocFile.M2T\DefaultIcon	FileAssociation.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E90BA470-0728-47E6-B2E7-0ED0C0CFEA8F}\ = "IContactCustomService"	WSHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B85EFC06-6855-3E7E-BE2E-AE6A5010B84C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{476D46AF-0DCE-3362-B51B-98197FDCDBA9}\InprocServer32\1.0.0.0\Assembly = "WsBurner, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a0a98582c8d3e9fb"	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C4C4614-EE1D-4DB9-BC2D-A09746667975}\TypeLib\Version = "3.0"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDE9985D-A983-4F79-8880-906C69BDF204}\TypeLib	RegAsm.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55DB3C89-37B9-41E8-87CC-7C578D2F5374}\TypeLib\Version = "1.1"	WSHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9C49D7A2-5D77-39D3-ABF4-6772690D6A71}\1.0.0.0	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D17DB29-50CE-3671-8254-44D4F0686252}\ProxyStubClsid32	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.opus\	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7C57A97-4CC2-439C-8D0B-D4700309225D}\1.0\FLAGS	RegAsm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vob\ = "UniConverter14.AssocFile.VOB"	FileAssociation.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{564F2F1E-E001-41D2-8459-9C9B865CC6B0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B85EFC06-6855-3E7E-BE2E-AE6A5010B84C}\ = "_MediaFile"	RegAsm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27354132-7F64-5B0F-8F00-5D77AFBE261E}\TypeLib	RegAsm.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 964509.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
4264	chrome.exe
4264	chrome.exe
4436	uniconverter15_64bit_full14204.tmp
4436	uniconverter15_64bit_full14204.tmp
2116	Wondershare NativePush_14416_64bit.tmp
2116	Wondershare NativePush_14416_64bit.tmp
4768	WsNativePushService.exe
4768	WsNativePushService.exe
4768	WsNativePushService.exe
4768	WsNativePushService.exe
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
4936	Wondershare Helper Compact.tmp
2640	msedge.exe
2640	msedge.exe
5196	msedge.exe
5196	msedge.exe
5608	msedge.exe
5608	msedge.exe
5480	msedge.exe
5480	msedge.exe
2892	identity_helper.exe
2892	identity_helper.exe
6096	msedge.exe
6096	msedge.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4876	VideoConverterUltimate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
5196	msedge.exe
5196	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeDebugPrivilege	2884	taskmgr.exe
Token: SeSystemProfilePrivilege	2884	taskmgr.exe
Token: SeCreateGlobalPrivilege	2884	taskmgr.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe
2884	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4684	SearchApp.exe
3536	SearchApp.exe
4000	SearchApp.exe
4684	SearchApp.exe
2584	SearchApp.exe
5220	WSHelper.exe
816	winrar-x64-624.exe
816	winrar-x64-624.exe
6060	SearchApp.exe
4356	SearchApp.exe
728	SearchApp.exe
4324	SearchApp.exe
5052	SearchApp.exe
5204	SearchApp.exe
3264	GetMediaInfo.exe
3996	unins000.exe
3664	_iu14D2N.tmp
5244	unins000.exe
2800	_iu14D2O.tmp
3952	GetMediaInfo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 4568	3256	chrome.exe	92
PID 3256 wrote to memory of 4568	3256	chrome.exe	92
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 3488	3256	chrome.exe	95
PID 3256 wrote to memory of 1704	3256	chrome.exe	94
PID 3256 wrote to memory of 1704	3256	chrome.exe	94
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96
PID 3256 wrote to memory of 2028	3256	chrome.exe	96

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2112	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe27089758,0x7ffe27089768,0x7ffe27089778
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4976 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5736 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5668 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4572 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5792 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4956 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3076 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5012 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4600 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4532 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6016 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6176 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5896 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5732 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6524 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6680 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6920 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6888 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7252 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7196 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7696 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7436 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5800 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6708 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7524 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6444 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8440 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8456 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7512 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7948 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8464 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8220 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7036 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6540 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8104 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8764 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8928 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8392 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Wondershare hosts blocker.bat" "
  2⤵
  - Drops file in Drivers directory
  PID:4032
- - C:\Windows\system32\fltMC.exe
    fltmc
    3⤵
    PID:4192
- - C:\Windows\system32\takeown.exe
    takeown /f "C:\Windows\System32\drivers\etc\hosts" /a
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:4688
- - C:\Windows\system32\icacls.exe
    icacls "C:\Windows\System32\drivers\etc\hosts" /grant administrators:F
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:4332
- - C:\Windows\system32\attrib.exe
    attrib -h -r -s "C:\Windows\System32\drivers\etc\hosts"
    3⤵
    - Drops file in Drivers directory
    - Views/modifies file attributes
    PID:2112
- - C:\Windows\system32\find.exe
    FIND /C /I "www.wondershare.net" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5824
- - C:\Windows\system32\find.exe
    FIND /C /I "www.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5936
- - C:\Windows\system32\find.exe
    FIND /C /I "www.wondershare.web" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5268
- - C:\Windows\system32\find.exe
    FIND /C /I "filmora.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:4228
- - C:\Windows\system32\find.exe
    FIND /C /I "mobilego.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5640
- - C:\Windows\system32\find.exe
    FIND /C /I "support.wondershare.net" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5768
- - C:\Windows\system32\find.exe
    FIND /C /I "support.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5804
- - C:\Windows\system32\find.exe
    FIND /C /I "cbs.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:3048
- - C:\Windows\system32\find.exe
    FIND /C /I "cbs.wondershare.net" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5244
- - C:\Windows\system32\find.exe
    FIND /C /I "platform.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5340
- - C:\Windows\system32\find.exe
    FIND /C /I "statics.was.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:2848
- - C:\Windows\system32\find.exe
    FIND /C /I "resource.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:4724
- - C:\Windows\system32\find.exe
    FIND /C /I "myphone-download.wondershare.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5932
- - C:\Windows\system32\find.exe
    FIND /C /I "antipiracy.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:4920
- - C:\Windows\system32\find.exe
    FIND /C /I "cc-antipiracy.wondershare.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:3552
- - C:\Windows\system32\find.exe
    FIND /C /I "sparrow.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:4212
- - C:\Windows\system32\find.exe
    FIND /C /I "dc.wondershare.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:2476
- - C:\Windows\system32\find.exe
    FIND /C /I "cbs.wondershare.cn" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5616
- - C:\Windows\system32\find.exe
    FIND /C /I "api.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:1968
- - C:\Windows\system32\find.exe
    FIND /C /I "product-api.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:3684
- - C:\Windows\system32\find.exe
    FIND /C /I "myphone-api.wondershare.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5608
- - C:\Windows\system32\find.exe
    FIND /C /I "order-api.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:2584
- - C:\Windows\system32\find.exe
    FIND /C /I "www.media.io" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5192
- - C:\Windows\system32\find.exe
    FIND /C /I "www.keepvid.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:888
- - C:\Windows\system32\find.exe
    FIND /C /I "srv1.keepvid.cc" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:3852
- - C:\Windows\system32\find.exe
    FIND /C /I "pop.wondershare.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5356
- - C:\Windows\system32\find.exe
    FIND /C /I "pop.iskysoft.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:2532
- - C:\Windows\system32\find.exe
    FIND /C /I "pop.aimersoft.com" C:\Windows\system32\drivers\etc\hosts
    3⤵
    PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=3456 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9476 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5540 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9480 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8916 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9272 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9184 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8700 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=1268 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7720 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2216 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7208 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9468 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9440 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9452 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7440 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7024 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9288 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9396 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9284 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=9400 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9264 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7684 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7660 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=9388 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=9348 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=880 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9296 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9516 --field-trial-handle=1788,i,10726243765426004726,13130872393676500166,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Users\Admin\Downloads\winrar-x64-624.exe
  "C:\Users\Admin\Downloads\winrar-x64-624.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:816

C:\Users\Admin\AppData\Local\Temp\uniconverter15_64bit_full14204.exe
"C:\Users\Admin\AppData\Local\Temp\uniconverter15_64bit_full14204.exe"
1⤵
PID:1240
- C:\Users\Admin\AppData\Local\Temp\is-SG6RG.tmp\uniconverter15_64bit_full14204.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SG6RG.tmp\uniconverter15_64bit_full14204.tmp" /SL5="$90116,252108162,172032,C:\Users\Admin\AppData\Local\Temp\uniconverter15_64bit_full14204.exe"
  2⤵
  - Adds Run key to start application
  - Checks computer location settings
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM iTunesConverter.exe
    3⤵
    - Kills process with taskkill
    PID:2140
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM GraphicAccelerateCheck.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM TransferProcess.exe
    3⤵
    PID:5580
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM CmdConverter.exe
    3⤵
    - Kills process with taskkill
    PID:456
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM kv_dr.exe
    3⤵
    - Kills process with taskkill
    PID:5600
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM DVDMaker.exe
    3⤵
    - Kills process with taskkill
    PID:1744
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ScreenCapture.exe
    3⤵
    - Kills process with taskkill
    PID:3364
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM sniffer.exe
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM StartRecorder.exe
    3⤵
    - Kills process with taskkill
    PID:5188
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM VideoConverterUltimate.exe
    3⤵
    - Kills process with taskkill
    PID:1076
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsTaskLoad.exe
    3⤵
    - Kills process with taskkill
    PID:4088
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM VideoToImages.exe
    3⤵
    - Kills process with taskkill
    PID:4412
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WSVCUUpdateHelper.exe
    3⤵
    - Kills process with taskkill
    PID:5400
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM FeedBackHelper.exe
    3⤵
    - Kills process with taskkill
    PID:816
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsPushHelper.exe
    3⤵
    - Kills process with taskkill
    PID:3968
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM WsMsgPush.exe
    3⤵
    - Kills process with taskkill
    PID:5156
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ProductUpdate.exe
    3⤵
    - Kills process with taskkill
    PID:4364
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM ElevationService.exe
    3⤵
    - Kills process with taskkill
    PID:5248
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM AppleMobileService.exe
    3⤵
    - Kills process with taskkill
    PID:1004
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM addCloudDrive.exe
    3⤵
    - Kills process with taskkill
    PID:380
- - C:\Windows\SysWOW64\TASKKILL.exe
    "C:\Windows\system32\TASKKILL.exe" /F /IM fileUploadUi.exe
    3⤵
    - Kills process with taskkill
    PID:4300
- - C:\Users\Admin\AppData\Local\Temp\is-8RM68.tmp\_isetup\_setup64.tmp
    helper 105 0x624
    3⤵
    - Executes dropped EXE
    PID:5840
- - C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe
    "C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe" /VERYSILENT /BINDINSTALL
    3⤵
    - Executes dropped EXE
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\is-FC6KB.tmp\Wondershare NativePush_14416_64bit.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-FC6KB.tmp\Wondershare NativePush_14416_64bit.tmp" /SL5="$701C0,2821410,938496,C:\Program Files\Wondershare\UniConverter 15\Wondershare NativePush_14416_64bit.exe" /VERYSILENT /BINDINSTALL
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\is-4KSQV.tmp\_isetup\_setup64.tmp
        
        helper 105 0x404
        5⤵
        Executes dropped EXE
        
        PID:5532
    - - C:\Windows\system32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="WsToastNotification" dir=in security=authnoencap action=allow program="C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
        5⤵
        Modifies Windows Firewall
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
        
        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" install
        5⤵
        Executes dropped EXE
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
        
        "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" start
        5⤵
        Executes dropped EXE
        
        PID:5788
- - C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe
    "C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe" /VERYSILENT
    3⤵
    - Executes dropped EXE
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\is-P0SHA.tmp\Wondershare Helper Compact.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-P0SHA.tmp\Wondershare Helper Compact.tmp" /SL5="$801C0,2101139,54272,C:\Program Files\Wondershare\UniConverter 15\Wondershare Helper Compact.exe" /VERYSILENT
      4⤵
      Adds Run key to start application
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4936
    - - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        
        "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:5220
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s LAVSplitter.ax
    3⤵
    - Loads dropped DLL
    PID:5408
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s CFDecode64.ax
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:2808
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s ScreenCaptureFilter.ax
    3⤵
    PID:5716
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s C:\Windows\system32\WS_ATLMovie.dll
    3⤵
    PID:5868
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Program Files\Wondershare\UniConverter 15\WsBurner.exe" /codebase /tlb
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:2436
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" "C:\Program Files\Wondershare\UniConverter 15\VideoToImages.exe" /codebase /tlb
    3⤵
    - Modifies registry class
    PID:1020
- - C:\Windows\system32\CertUtil.exe
    "CertUtil.exe" -addstore TrustedPublisher "C:\Program Files\Wondershare\UniConverter 15\WsInfoTech.cer"
    3⤵
    PID:1488
- - C:\Windows\system32\CertUtil.exe
    "CertUtil.exe" -addstore TrustedPublisher "C:\Program Files\Wondershare\UniConverter 15\WsInfoTech2018.cer"
    3⤵
    PID:5852
- - C:\Program Files\Wondershare\UniConverter 15\DownloadRes\URLReqService.exe
    "C:\Program Files\Wondershare\UniConverter 15\DownloadRes\URLReqService.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:6008
- - C:\Program Files\Wondershare\UniConverter 15\GraphicAccelerateCheck.exe
    "C:\Program Files\Wondershare\UniConverter 15\GraphicAccelerateCheck.exe" "Wondershare UniConverter 15" "C:\Program Files\Wondershare\UniConverter 15"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:3832
  - - C:\Program Files\Wondershare\UniConverter 15\cmdCheckMFForVCE.exe
      "C:\Program Files\Wondershare\UniConverter 15\cmdCheckMFForVCE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:5964
- - C:\Program Files\Wondershare\UniConverter 15\2Dto3D.exe
    "C:\Program Files\Wondershare\UniConverter 15\2Dto3D.exe" /regserver
    3⤵
    - Executes dropped EXE
    PID:2444
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /C ".wmv;.asf;.avi;.mts;.ts;.m2ts;.m2t;.tp;.trp;.tod;.mod;.mp4;.mpg;.mpeg;.vob;.3g2;.3gp;.mov;.m4v;.f4v;.flv;.mkv;.wtv;.ogv;.mxf;.vro;.webm;.divx;.rm;.rmvb;.dat;.dv;.nsv;.ts4;.mp3;.wav;.m4a;.mka;.wma;.aac;.ac3;.ape;.ogg;.aiff;.aif;.opus;.amr;.au;.flac;.mp2;.mpa;.ra;.ram;.m4b;.m4p;.m4r;.caf" "C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\player.ico" "Reproduce con el reproductor Wondershare UniConverter"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:5192
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /A ".use" "C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\TypeIcon.ico" "Abrir"
    3⤵
    - Executes dropped EXE
    PID:5668
- - C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe
    "C:\Program Files\Wondershare\UniConverter 15\FileAssociation.exe" /A ".wmv;.asf;.avi;.mts;.ts;.m2ts;.m2t;.tp;.trp;.tod;.mod;.mp4;.mpg;.mpeg;.vob;.3g2;.3gp;.mov;.m4v;.f4v;.flv;.mkv;.wtv;.ogv;.mxf;.vro;.webm;.divx;.rm;.rmvb;.dv;.nsv;.ts4;.mp3;.wav;.m4a;.mka;.wma;.aac;.ac3;.ape;.ogg;.aiff;.aif;.opus;.amr;.au;.flac;.mp2;.mpa;.ra;.ram;.m4b;.m4p;.m4r;.caf" "C:\Program Files\Wondershare\UniConverter 15\VCPlayer.exe" "C:\Program Files\Wondershare\UniConverter 15\skin\common\player.ico" "Reproduce con el reproductor Wondershare UniConverter"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cbs.wondershare.com/go.php?pid=14241&m=i&product_version=15.0.4&client_sign=&is_silent_install=2
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe23c546f8,0x7ffe23c54708,0x7ffe23c54718
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:2692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
      4⤵
      PID:1660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17283321316956089059,5885176287744200535,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:2536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4640

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2884

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4864

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4684

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4000

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4684

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
"C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4768
- C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
  "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3832

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:728

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4324

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5052

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe23c546f8,0x7ffe23c54708,0x7ffe23c54718
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2284,16497532803995198221,11694278070083056399,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:5276
- C:\Users\Admin\Downloads\7z2301-x64.exe
  "C:\Users\Admin\Downloads\7z2301-x64.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Registers COM server for autorun
  - Modifies registry class
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5676

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:5832

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WUC v15.x Patcher v1.0\" -spe -an -ai#7zMap18546:106:7zEvent6117
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1292

C:\Program Files\Wondershare\UniConverter 15\WUC v15.x Patcher v1.0.exe
"C:\Program Files\Wondershare\UniConverter 15\WUC v15.x Patcher v1.0.exe"
1⤵
- Loads dropped DLL
PID:908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Program Files\Wondershare\UniConverter 15\Fixer.bat"
  2⤵
  PID:376
- - C:\Windows\system32\fltMC.exe
    fltmc
    3⤵
    PID:2800
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare NativePush_14416_64bit.exe" /T
    3⤵
    - Kills process with taskkill
    PID:528
- - C:\Windows\system32\timeout.exe
    TIMEOUT /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3236
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Helper Compact.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5508
- - C:\Windows\system32\timeout.exe
    TIMEOUT /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update(x64).exe" /T
    3⤵
    - Kills process with taskkill
    PID:6008
- - C:\Windows\system32\timeout.exe
    TIMEOUT /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4496
- - C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe
    "VideoConverterUltimate.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:4980
  - - C:\Program Files\Wondershare\UniConverter 15\WsCloudHelper.exe
      "C:\Program Files\Wondershare\UniConverter 15\WsCloudHelper.exe" /lang "es-es" /msgHanle "262818" /procId "4980" /uid "" /skin "2"
      4⤵
      Executes dropped EXE
      PID:1848
  - - C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe
      "C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe" "MessageHanle=263230"
      4⤵
      Executes dropped EXE
      PID:4692
  - - C:\Program Files\Wondershare\UniConverter 15\sniffer.exe
      "C:\Program Files\Wondershare\UniConverter 15\sniffer.exe" 132336 "" "" "C:\Program Files\Wondershare\UniConverter 15\log\DownloadRes\sniffer.log"
      4⤵
      Executes dropped EXE
      PID:2780
  - - C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe
      "C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe" msgHandle 262798 AppID 0 ThumbWidh 214 ThumbHeight 120 SupportDRM 1 ParentPID 4980 FastGetMediaInfo 0 ThumbPath "C:\ProgramData\Wondershare\UniConverter 15\TempThumbDir\
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:3264
- - C:\Windows\system32\timeout.exe
    TIMEOUT /t 7 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:368
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WAFSetup.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsAppClient.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5932
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "DriverInstall.exe" /T
    3⤵
    PID:5180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsAppService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4880
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WSVCUUpdateHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WSHelper.exe" /T
    3⤵
    PID:388
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Helper Compact.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "VideoConverterUltimate.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3644
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "UniConverter.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4936
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "TransferProcess.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "GraphicAccelerateCheck.exe" /T
    3⤵
    - Kills process with taskkill
    PID:888
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "GetMediaInfo.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3364
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "sniffer.exe" /T
    3⤵
    - Kills process with taskkill
    PID:1896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "BsSndRpt.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5944
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "BsSndRpt64.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5440
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "CrashService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5556
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "ProductUpdate.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2240
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsPushHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5184
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3416
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update(x86).exe" /T
    3⤵
    - Kills process with taskkill
    PID:5144
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update(x64).exe" /T
    3⤵
    - Kills process with taskkill
    PID:100
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsCloudHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "bspatch.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2940
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsNativePushService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4276
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsToastNotification.exe" /T
    3⤵
    PID:6048
- - C:\Windows\system32\sc.exe
    sc config "WsAppService" start= disabled
    3⤵
    - Launches sc.exe
    PID:5140
- - C:\Windows\system32\sc.exe
    sc stop "WsAppService"
    3⤵
    - Launches sc.exe
    PID:6060
- - C:\Windows\system32\sc.exe
    sc delete "WsAppService"
    3⤵
    - Launches sc.exe
    PID:4584
- - C:\Windows\system32\sc.exe
    sc config "NativePushService" start= disabled
    3⤵
    - Launches sc.exe
    PID:3852
- - C:\Windows\system32\sc.exe
    sc stop "NativePushService"
    3⤵
    - Launches sc.exe
    PID:5336
- - C:\Windows\system32\sc.exe
    sc delete "NativePushService"
    3⤵
    - Launches sc.exe
    PID:4856
- - C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe
    "C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
      "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Wondershare\Wondershare NativePush\unins000.exe" /FIRSTPHASEWND=$5044C /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3664
- - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe
    "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\_iu14D2O.tmp
      "C:\Users\Admin\AppData\Local\Temp\_iu14D2O.tmp" /SECONDPHASE="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe" /FIRSTPHASEWND=$701B2 /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:6008
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact.exe" /f
    3⤵
    PID:4000
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WSHelperSetup.exe" /f
    3⤵
    PID:5424
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "DelaypluginInstall" /f
    3⤵
    PID:4572
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WSVCUUpdateHelper.exe" /f
    3⤵
    PID:3984
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "UniConverterUpdateHelper" /f
    3⤵
    PID:4416
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\BugSplat" /f
    3⤵
    PID:5980
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\DownloadManager" /f
    3⤵
    PID:5172
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\WAF" /f
    3⤵
    PID:5272
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:4820
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f
    3⤵
    PID:5636
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wow6432Node\BugSplat" /f
    3⤵
    PID:5116
- - C:\Windows\system32\reg.exe
    reg delete "HKCR\*\shellex\ContextMenuHandlers\WondershareVideoConverterFileOpreation" /f
    3⤵
    PID:1700
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare" /f
    3⤵
    PID:3944
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare\WAF" /f
    3⤵
    PID:5492
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:5660
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\BugSplat" /f
    3⤵
    PID:5484
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:112
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact.exe" /f
    3⤵
    PID:5200
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WSHelperSetup.exe" /f
    3⤵
    PID:3220
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "DelaypluginInstall" /f
    3⤵
    PID:1284
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WSVCUUpdateHelper.exe" /f
    3⤵
    PID:3524
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UniConverterUpdateHelper" /f
    3⤵
    PID:5452
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\DownloadManager" /f
    3⤵
    PID:4032
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\WAF" /f
    3⤵
    PID:5052
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:1028
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}" /f
    3⤵
    PID:5352
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f
    3⤵
    PID:416
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:4044
- - C:\Windows\system32\findstr.exe
    FINDSTR /V /I "ShowNPSForm AntiState CBSJumpType= PreShowNPSFormTime= NPSPopupInterval= SkinName= mail= Password= ProductId= Jump=http Page=http Data0= Data1= Data2= Data3= Data4= Data5= Data6= Data7= Data8= Data9= Data10= Data11= Data12= Data13= Data14= Data15= Data16= Data17= Date= Update] Check= Period= PeriodDef1= HasShowGuide= HasShowSkinGuide= ShowVideoConvertGuide= ShowVideoEditGuide= ShowVideoDownloadGuide= ShowVideoRecordGuide= ShowDVDBurnGuide= ShowFormatTips= ShowAdvert= AutoReframeFirstLanuch= SpecificPortraitFirstLanuch= RemoveWatermarkFirstLanuch= HasShowSkinGuide= HasShowGuide= SubtitleEditHasUsed= SmartTrimHasUsed= WatermarkHasUsed= BackgroundRemoverHasUsed= FixVideoShakeHasUsed= AutoReFrameHasUsed= AICutOutHasUsed= BatchTrimHasUsed= UserAuth= ToolBoxWatermarkHasAuth= ToolBoxTrimmerHasAuth= ToolBoxAudioToSubtitleAuth= ToolBoxSubtitleAuth= ToolBoxAutoReframeAuth= ToolBoxAIPortraitAuth= ToolBoxBatchTrimAuth= ShowDefaultPlayerBanner= ShowDefaultPlayerDialog= SetAsDefaultPlayer= VoiceChangedHasUsed= PlaylistExpend= OpenHighSpeedConvert= TrimIntroAndOutroShowApplytoAllConfirmMessage= OptionSettings] AIPortraitShowNotice= RemoveWatermarkShowApplytoAllConfirmMessage= AIPortaitDelShowHint= PixcutListDelAllShowHint= RecordFuncBeforeShutdown= WondershareDefaultPlayer=" "C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini"
    3⤵
    PID:3924
- C:\Program Files\Wondershare\UniConverter 15\WUCPatch.exe
  "C:\Program Files\Wondershare\UniConverter 15\WUCPatch.exe" /verysilent /nobackup
  2⤵
  - Executes dropped EXE
  PID:4920

C:\Program Files\Wondershare\UniConverter 15\VCPlayer.exe
"C:\Program Files\Wondershare\UniConverter 15\VCPlayer.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:3644

C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe
"C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4876
- C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe
  "C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe" "MessageHanle=460016"
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Program Files\Wondershare\UniConverter 15\sniffer.exe
  "C:\Program Files\Wondershare\UniConverter 15\sniffer.exe" 918262 "" "" "C:\Program Files\Wondershare\UniConverter 15\log\DownloadRes\sniffer.log"
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe
  "C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe" msgHandle 525004 AppID 0 ThumbWidh 214 ThumbHeight 120 SupportDRM 1 ParentPID 4876 FastGetMediaInfo 0 ThumbPath "C:\ProgramData\Wondershare\UniConverter 15\TempThumbDir\
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:5828
- C:\Program Files\Wondershare\UniConverter 15\WsMsgPush.exe
  "C:\Program Files\Wondershare\UniConverter 15\WsMsgPush.exe" brand:Wondershare/prodName:UniConverter/pid:14241/lang_3:ESP/lang:es-es/wsid:/prodVer:15.0.4.17/appKey:676f9818cdf18355794ea8a310576940/appSecret:3a274eb29fa128027d58b9146ceafde7/token:/msgHanle:197836/clientSign:{1bf65f6b-3634-46f0-b714-eda20a3a23ebG}/procId:4876/theme:Default
  2⤵
  - Executes dropped EXE
  PID:2456

C:\Program Files\Wondershare\UniConverter 15\WUC v15.x Patcher v1.0.exe
"C:\Program Files\Wondershare\UniConverter 15\WUC v15.x Patcher v1.0.exe"
1⤵
PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Program Files\Wondershare\UniConverter 15\Fixer.bat"
  2⤵
  PID:4320
- - C:\Windows\system32\fltMC.exe
    fltmc
    3⤵
    PID:5100
- - C:\Program Files\Wondershare\UniConverter 15\VideoConverterUltimate.exe
    "VideoConverterUltimate.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:6092
  - - C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe
      "C:\Program Files\Wondershare\UniConverter 15\Transfer\TransferProcess.exe" "MessageHanle=524336"
      4⤵
      Executes dropped EXE
      PID:100
  - - C:\Program Files\Wondershare\UniConverter 15\sniffer.exe
      "C:\Program Files\Wondershare\UniConverter 15\sniffer.exe" 1049120 "" "" "C:\Program Files\Wondershare\UniConverter 15\log\DownloadRes\sniffer.log"
      4⤵
      Executes dropped EXE
      PID:3452
  - - C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe
      "C:\Program Files\Wondershare\UniConverter 15\GetMediaInfo.exe" msgHandle 786510 AppID 0 ThumbWidh 214 ThumbHeight 120 SupportDRM 1 ParentPID 6092 FastGetMediaInfo 0 ThumbPath "C:\ProgramData\Wondershare\UniConverter 15\TempThumbDir\
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3952
- - C:\Windows\system32\timeout.exe
    TIMEOUT /t 7 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:876
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WAFSetup.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsAppClient.exe" /T
    3⤵
    PID:5600
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "DriverInstall.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5308
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsAppService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WSVCUUpdateHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4372
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WSHelper.exe" /T
    3⤵
    PID:5404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Helper Compact.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5656
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "VideoConverterUltimate.exe" /T
    3⤵
    - Kills process with taskkill
    PID:1996
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "UniConverter.exe" /T
    3⤵
    PID:4572
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "TransferProcess.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3020
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "GraphicAccelerateCheck.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5496
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "GetMediaInfo.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2956
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "sniffer.exe" /T
    3⤵
    PID:3396
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "BsSndRpt.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2008
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "BsSndRpt64.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4172
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "CrashService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2288
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "ProductUpdate.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5132
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsPushHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3148
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update.exe" /T
    3⤵
    - Kills process with taskkill
    PID:4944
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update(x86).exe" /T
    3⤵
    - Kills process with taskkill
    PID:4360
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "Wondershare Uniconverter Update(x64).exe" /T
    3⤵
    - Kills process with taskkill
    PID:5012
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsCloudHelper.exe" /T
    3⤵
    - Kills process with taskkill
    PID:2104
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "bspatch.exe" /T
    3⤵
    - Kills process with taskkill
    PID:3936
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsNativePushService.exe" /T
    3⤵
    - Kills process with taskkill
    PID:6052
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im "WsToastNotification.exe" /T
    3⤵
    - Kills process with taskkill
    PID:5408
- - C:\Windows\system32\sc.exe
    sc config "WsAppService" start= disabled
    3⤵
    - Launches sc.exe
    PID:5128
- - C:\Windows\system32\sc.exe
    sc stop "WsAppService"
    3⤵
    - Launches sc.exe
    PID:3252
- - C:\Windows\system32\sc.exe
    sc delete "WsAppService"
    3⤵
    - Launches sc.exe
    PID:4160
- - C:\Windows\system32\sc.exe
    sc config "NativePushService" start= disabled
    3⤵
    - Launches sc.exe
    PID:4064
- - C:\Windows\system32\sc.exe
    sc stop "NativePushService"
    3⤵
    - Launches sc.exe
    PID:740
- - C:\Windows\system32\sc.exe
    sc delete "NativePushService"
    3⤵
    - Launches sc.exe
    PID:5148
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:2668
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact.exe" /f
    3⤵
    PID:2024
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WSHelperSetup.exe" /f
    3⤵
    PID:1148
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "DelaypluginInstall" /f
    3⤵
    PID:1640
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "WSVCUUpdateHelper.exe" /f
    3⤵
    PID:5872
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run" /v "UniConverterUpdateHelper" /f
    3⤵
    PID:5292
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\BugSplat" /f
    3⤵
    PID:384
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\DownloadManager" /f
    3⤵
    PID:5616
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\WAF" /f
    3⤵
    PID:1128
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:4020
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f
    3⤵
    PID:1416
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wow6432Node\BugSplat" /f
    3⤵
    PID:5296
- - C:\Windows\system32\reg.exe
    reg delete "HKCR\*\shellex\ContextMenuHandlers\WondershareVideoConverterFileOpreation" /f
    3⤵
    PID:3796
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare" /f
    3⤵
    PID:2140
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare\WAF" /f
    3⤵
    PID:5696
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:3708
- - C:\Windows\system32\reg.exe
    reg delete "HKCU\SOFTWARE\BugSplat" /f
    3⤵
    PID:2896
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:4892
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact.exe" /f
    3⤵
    PID:332
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WSHelperSetup.exe" /f
    3⤵
    PID:3744
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "DelaypluginInstall" /f
    3⤵
    PID:2568
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WSVCUUpdateHelper.exe" /f
    3⤵
    PID:5948
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UniConverterUpdateHelper" /f
    3⤵
    PID:3876
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\WAF" /f
    3⤵
    PID:1660
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\DownloadManager" /f
    3⤵
    PID:4164
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Wondershare\Wondershare Helper Compact" /f
    3⤵
    PID:4780
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}" /f
    3⤵
    PID:3484
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f
    3⤵
    PID:5620
- - C:\Windows\system32\reg.exe
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Wondershare Helper Compact" /f
    3⤵
    PID:3240
- - C:\Windows\system32\findstr.exe
    FINDSTR /V /I "ShowNPSForm AntiState CBSJumpType= PreShowNPSFormTime= NPSPopupInterval= SkinName= mail= Password= ProductId= Jump=http Page=http Data0= Data1= Data2= Data3= Data4= Data5= Data6= Data7= Data8= Data9= Data10= Data11= Data12= Data13= Data14= Data15= Data16= Data17= Date= Update] Check= Period= PeriodDef1= HasShowGuide= HasShowSkinGuide= ShowVideoConvertGuide= ShowVideoEditGuide= ShowVideoDownloadGuide= ShowVideoRecordGuide= ShowDVDBurnGuide= ShowFormatTips= ShowAdvert= AutoReframeFirstLanuch= SpecificPortraitFirstLanuch= RemoveWatermarkFirstLanuch= HasShowSkinGuide= HasShowGuide= SubtitleEditHasUsed= SmartTrimHasUsed= WatermarkHasUsed= BackgroundRemoverHasUsed= FixVideoShakeHasUsed= AutoReFrameHasUsed= AICutOutHasUsed= BatchTrimHasUsed= UserAuth= ToolBoxWatermarkHasAuth= ToolBoxTrimmerHasAuth= ToolBoxAudioToSubtitleAuth= ToolBoxSubtitleAuth= ToolBoxAutoReframeAuth= ToolBoxAIPortraitAuth= ToolBoxBatchTrimAuth= ShowDefaultPlayerBanner= ShowDefaultPlayerDialog= SetAsDefaultPlayer= VoiceChangedHasUsed= PlaylistExpend= OpenHighSpeedConvert= TrimIntroAndOutroShowApplytoAllConfirmMessage= OptionSettings] AIPortraitShowNotice= RemoveWatermarkShowApplytoAllConfirmMessage= AIPortaitDelShowHint= PixcutListDelAllShowHint= RecordFuncBeforeShutdown= WondershareDefaultPlayer=" "C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini"
    3⤵
    PID:3460
- C:\Program Files\Wondershare\UniConverter 15\WUCPatch.exe
  "C:\Program Files\Wondershare\UniConverter 15\WUCPatch.exe" /verysilent /nobackup
  2⤵
  - Executes dropped EXE
  PID:5836

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap18590:92:7zEvent22375 -ad -saa -- "C:\Program Files\Wondershare\UniConverter 15"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini

Filesize
4KB

MD5
277b3c478dbe797110dd5c67adf060a6

SHA1
e25f9187cbf64c86010374a475fe0de65452fe19

SHA256
7d2aa443b54ec63207dd1c4d8222fe2338ff5f77bcb97bd7b9d92943acd21943

SHA512
9d9e9209b49f61072cc04bd45f7f472ed17fcd624f86caebce372be8909c68207e8882e170a89b37d62cddeadd948ab583d8a960b50d877cd704ed992eb05407

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\is-BKAE0.tmp

Filesize
48KB

MD5
2d8ef1f86c38696abef55d64942a2c4a

SHA1
f6710bdda76a1cdb2669f49796f6c3161a895973

SHA256
e6be04c390cee6b4955c8af0c78221fdea3907ca5d0fb5f4f256fe7b05e8a332

SHA512
f668c37d9f722ce8217b87fe6cf2183ecc16451a1402a9d8d143ceac914e7b0056cf8d6aca8f81889cb954c85f12af304efe6d5d9121d4287e47aec2b6732da7

Download Submit
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\is-VKP3O.tmp

Filesize
35KB

MD5
4ef13e267ebbf804dd4157b447aa7059

SHA1
b9507c5b02bbae456ae5de7132ebafd27206b944

SHA256
2476d897a6d20653578fcb98737c85ccd96a42e57f67843ffbc431c0d05909a7

SHA512
81df3f309b6a734fae2e824a4535d9a7251d94885593c7c37ee70853f7c721062023d0d22ba1c92845c6fd14356048478b83c132aa9cec9360690a65b74bf360

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Customization.xml

Filesize
183KB

MD5
28afc77eee3d06162fc589d3d7abe547

SHA1
934fb0871c61340a05100046e6aec1630b184ca3

SHA256
5822a1823304a0d62923d19f3a3e6601fa1cd65ee4f3302eae84c53610d7993d

SHA512
fed7d3844bac90318d4419d13d569c536e026626d06ce4ee6b948ffb4738c35e4861f72e319833e7325debc6f100a1150ad209c1abe00f0c5d6be9d389bd6070

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Core.dll

Filesize
705KB

MD5
335f42c8190c4cc9883a49d0e98e3961

SHA1
26a2e1df26420ba68139b2ce2c94f88fc4093e2e

SHA256
c35ab5048862768fc245fe95c63ad87303f2c2bd80dcc060314fabb8cd10bc4e

SHA512
4d9ec56e0e71010be0620ebddbac877a65f17ffda95b8c28b458f5b3e622463f76150bff1b9a47303bfc03377dd901343349630f0f37a1bd95bd1f6389ef65f2

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Ctrls.dll

Filesize
1.6MB

MD5
32ea38f6458c43020f34f235ad489cfe

SHA1
03f5eea8146d4068e1c49361ec7c2d46293c8ba4

SHA256
acfb46b6ed197e760a2d436284a8f9de20a62284a977fef1b516814659e77e18

SHA512
0feecbd3874f3a8abe1be734492718e523c420d024684525435bb68e35586115e7bd98063495694f99dbf408dbaa7d45863474715c518da7a1626a4cfe9caf1a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DRMConverter\WUL.Localization.dll

Filesize
64KB

MD5
f150af3943816319946c4fe0fe94c828

SHA1
a63467f22c3be58916ef039d28021a1d8c9f5b96

SHA256
b5fc35f2533deff99ffb18a007f4628e0185f20d1992bae127139f70d69bf961

SHA512
fc45e8cda1b3ac0b8bb1f4fcd4b172c004cf31cd2fecedfdb216163b6c0483fdcffb494c7a667cd592a7fdc658b35545cc7aa0b510a3218dd88db1c58a5bbfcd

Download Submit
C:\Program Files\Wondershare\UniConverter 15\DeviceConnection.dll

Filesize
51KB

MD5
b4aa09590a22db67c127fb565122c1ee

SHA1
280aea451a3c449a238d5dc8bdf40488b7228c12

SHA256
5ca32daa80d67c0688d520af0eec85c16ea2a728352cf358a0ee2217d259f72d

SHA512
f992a24f31414d932b38b9b3daf9f3cceade97415531d813c45914b3381206fb7bc499efd712c8839bf86b66f14a33f1533d4a030b91e75d6550548cab0f1710

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Fixer.bat

Filesize
31KB

MD5
518c5fda70965d432a418a1e80689594

SHA1
b807cea85a974deefbfa4762eac71ba43b2fd48c

SHA256
fc50c4f4a549fbaf43b87c1b07432bb5d4da7300000b2a1111bb5edaddbcf34e

SHA512
2015d1450699796a8f214802c27d12b32a4d192e40312308210b6e92f6b2e82d75b040e343122284a1f895229096a0dd933c66c02c89e340bfb5c7eb69d12a0c

Download Submit
C:\Program Files\Wondershare\UniConverter 15\ProductUpdate.exe

Filesize
7KB

MD5
6cac012da7acf3b262bdfaca7547e0f5

SHA1
3a3303dfa617a95354d4782a4431608abe6601c1

SHA256
b10fb33529c38f02c5b9c3b94c8991077715e8c642b989a1fdceddb43a38c628

SHA512
d78ccb9c0edc81f935b43681e5af41aab6f4176a135108f93f9fdda436c2b9fbe162927e7fec14780e0a8ed2faa5d66baba6d5ec8f4338e8462d263e08995562

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\tag_beta\is-2KLVM.tmp

Filesize
1KB

MD5
cbbfdbee1d6bd8528748ce3e2c20ab8f

SHA1
1def5a48f4e6bde9aaa9d4764cbf28e3f6b7320b

SHA256
fab9379dca8276433cb74d00c9b02dd97f28c5afa7f14a7fe5c656b15ad07e6d

SHA512
1479e771f11c197f4a8065bc36872225a5d295fb5acd33209ff882cf0fa09427916ec8a3b7166179d9c9163a9e39ffb3c23f66d61572627db5af04bea2ab61f8

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\control\tag_beta\is-3HA6S.tmp

Filesize
2KB

MD5
098e5fdb3f1001e475b9ce8dda3a152c

SHA1
220d22e0c8638dd6947e23c26d3a20f0cf3a4fd7

SHA256
393a9f6c47838ade58de761d17ceefe4a8bc464ada7e36a38af9489cee003467

SHA512
31e81b1f3eb6d832a3dd03940f27381c95130c1170742460067041ce1d1c14c559651a417bacc56e44c5744e4ec29392fd07fbbff9dc1fe143f2883e229f6ccb

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Default\svg\is-JSM51.tmp

Filesize
1KB

MD5
9cbf21825fe26869b3dc476dcb02566e

SHA1
06544fca19338c51374249e1fab3762e025c2b42

SHA256
ad865d2ed5043601211f1e0e2085142483aaa0b8a98f15d0f425075894678dcf

SHA512
9285e2476fcfc0b946cc5e42a1711dfdf9017cc32c600e956de3e3f7ea5296f807bae20627dd2ea0625e6bfbcd3937e2baa0707e0bfef70d99a4ea1f8dadb23a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\basic\is-9ETU9.tmp

Filesize
999B

MD5
4b3f740cf4a7a0106540a1c78fd8fe70

SHA1
b09172c3b0d08375e313068203497b32df725a6d

SHA256
41ecfb9c8b49aa61a1bd214b138c9532a41e80710b083b3e08b0b7959fd3b499

SHA512
110f3a10899b68cbd9a430fec91b48e0da959ce878097a7538f1c32e82a8117602c3fd831741d1b23e8fbf1843d01966952a3ad7a682892be95fd5c3e96aab0c

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\tag_beta\is-5C2AB.tmp

Filesize
1KB

MD5
f33d79238e0b13cd5c9289c501837563

SHA1
43d182ed04a83379be3a5c137b026117b2407bb8

SHA256
f00c76580b5c97e82a1d36d3f5b249486452382a1ff30260312a9e06a4b54641

SHA512
663f0d7934a4a27bdee4f7334179b2b71115e2e73f34e37e0ccc4aa1a1d49f430147af359d4d89ea51ca5c77ab1cd72f8fe32f6cb999175256618ac27b568f75

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\control\tag_beta\is-EJE39.tmp

Filesize
1KB

MD5
c9e7e5d8de2d8a216a3684c85c634f00

SHA1
859c9d94e9a39067b1df6bb6e76b477cda92fd48

SHA256
c04d15e8f5ea740c51ab7ef14d75c506b4b7fb160205aa2f1b23447bf971e662

SHA512
fb6ca62ed0826668af366d26b65a06fc7652b0fc946f197b942e064476d4fe7acd059861f694a069cab6e642678c02314f0d5406d0c4f499192dbdd09ee250f0

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-03VD6.tmp

Filesize
413B

MD5
10f9224755f3e1d536ccc5544db091e8

SHA1
404c6e149361ad04b9f966eb173c92dd16c3b2b6

SHA256
40497bd1a21af08670487bea09a2ccf06e86c58c04f478434058d19cf0587500

SHA512
114d2324ffd2d4697ce86d33f6a30c2de58c3e6288e6691e37c48bd5528a9a945586c172b17c9456f85c0c86a3177ae8af1640446a6855e1b662a3c961e8b21e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-F88EF.tmp

Filesize
599B

MD5
48a159520aa5fcdb4d9e77ceedabf47b

SHA1
192dbbb418f24e8183d0c5fa8c79c9878d7df1d9

SHA256
be2c1a65b74682cceddcbed281a7b5ded60cf04eb61b64feb1e78a009636f83e

SHA512
dcd3112160eeb9c944d77567cdc907dedc07cfa532d7ef4ae87e7d6b95a864abfeec40d90efa7626055aaee9574ee2fb3ea07e7bdebefb658f8d1218c2b4dd7e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-HSMUB.tmp

Filesize
787B

MD5
237d048b497a21e3024575b2f93c5835

SHA1
d35aaef8d13dc802060300f1c7e8b636bd85e878

SHA256
184c83dcb4bde47b70d4f797ce5fdc0a1b3216bfb8e430d277b590d3ba5f0436

SHA512
ec72344e948bd71eb6a877f966ed3477fcc3de4483d59cd5666da6f4a21ee1e782c3d969eeb572661c18543acf1d552a9e105d5b86a8138b8d5e0d7e8bcad92e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_basic\icon16\is-IJJ2B.tmp

Filesize
457B

MD5
90a926af2d93322e1c963b4bf9efa0bf

SHA1
bc7e4d9b28299b00f5956bacb2712bc64f3c2c3e

SHA256
208509d60ef021830fe55fb50bd731f1592a7f79c95ad61920d2d78fd51eb1a0

SHA512
fdaee36fea5be674f96a60207c2e222788acae2c64eb4cc9b1f3629f66d9324668f175ac28b6027fcb3945f31b5d56da822db5485a1f7190f2908ffbad0be18e

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\icon\icon_state\icon24\is-2IIEN.tmp

Filesize
2KB

MD5
787f76317ccb305bb108d0009cf0e92f

SHA1
6b431e3b76abf900b82c35422058e5e65a22a854

SHA256
6cdcf2635f8dccccce8276d779a8bcca43655170325b3e2562224e737f63d020

SHA512
5726b3a049edfe3902892bc3fec9ecb51053839ab35a4135c86fdeafe6f3bca46d7d4459536e3a5faaf151687824048322c9b64d53ac9d743ebe6182c56cc249

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-3UR2D.tmp

Filesize
2KB

MD5
38ab610d0695898db52a0dc6e5bda02f

SHA1
64fb453846d61325009bca1843e9602dd8a775db

SHA256
984c62b98b790bf888dc02d9411fccbae24ac72be43b2725eaf09f15392df6cc

SHA512
13b681eb9106a07e4646eb76b94e7bff2b60ad470a348b689e6d852507ce9780ff91f86646871d423e35f32b4e04bb3bf062c227f56a3f5d9290c0a6673a1bea

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\svg\is-9P8R2.tmp

Filesize
1KB

MD5
7df1cd3401c7603cfcc5130c69e60345

SHA1
6ae83d01c7a9445cc90ac07538b373e632572210

SHA256
a7a8dfdce1d169ada7adb0a725c2529e3aba8a73a903fd17f4b530ecadc64542

SHA512
f10a20baccf80d5851886f0d5cb1c2b2bc4ded598c4b157a902d2b1f6f76c7fff6c549b745749cc3507da7512cb990792cc1d7659c5384f3103fe89413eaab51

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\trial\is-7UKBG.tmp

Filesize
46KB

MD5
73c09d89c564da9d5a9f56e1f3cf68ca

SHA1
42f300438995f1b39260e7053362e956f9301ef3

SHA256
c70d6023960a6a4f4ff0261c66b05019ed2443118cdd23546688f1d5c7ccec7f

SHA512
be3ca168b7c09cd7d7298bd56a8e1cbfecae5f33264ba2b2b452b5fbe06342f6797013547a42ff39c63b693ec47d9754c040d99bbf40be988a6e4b332fc271ee

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Light\trial\is-D9OKT.tmp

Filesize
63KB

MD5
de8589ad00bceead5d7aa45c7c336b2f

SHA1
d317fa3dec5e9e4503857331ea0931e641eb0f54

SHA256
48e30e5c40fa2ae027e1e12e78a8e3312beca7bace719a34455df9a604096dae

SHA512
5598276102835793c48acd7e8501b551973f641c9f0a81a6c014d7ac9a07f3a043515f647d2acdb4d840f2b1f0ad7afcb30214fc0869455b609428c2ba9921d3

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\Uninstall\is-2Q31A.tmp

Filesize
308KB

MD5
8f439908e8867afa394c7fceb46c0005

SHA1
fa583b65e2ece0b93a5ddeca6743fa1a651c1017

SHA256
f44af18991dfab82386b53f676df25ffaeb8de8d8903f87e687e8e9c054132f6

SHA512
0dfddede0ba9db1922feff6e52c0984d9b303e990ff7de6e7c6e4b752d5847110c9e33e4ed4b26cacca097572bc84d3a8d09e304b06bdb4bc29d24c9bac09272

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-52F8I.tmp

Filesize
3KB

MD5
13f1b188160720a71af9042a826f6c54

SHA1
eb3f36e4f1fa59aab69a0321361c0b516e9bacaf

SHA256
74eea94510ef769a008aa8f8140e78611a7fc2fbb87cdcdedf58335546bf4358

SHA512
9f2d1f796924e1041e4c3de146e4a5f089ebc0ecc1351a0526c7021d037301e155a7e3f3de8cb26efb79ce2e0b85dc388a032e1733795fbf3396dd95d0cb46e1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-C5M2U.tmp

Filesize
9KB

MD5
0b2c7e627cc3fd83a6fb6c5f78af8f71

SHA1
7f4c41b77a9e39900f6d67023bb5217c7f5a01ed

SHA256
e73637d4ed5a9cbffd05f2e2949000538cce4bd971776f4a45b4b8d56783d952

SHA512
4ae8c77c296d05bd58c0c8f9458d8b7e094732a4781a4f7432a6ad73d76ea174ae72711b350f9d0b8d487904a80f2174bfa30bb7ad474d0134aa4608e75287c2

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Skin\common\ws\is-SSACM.tmp

Filesize
7KB

MD5
31a1def6a2dfb7e541392db33863a26b

SHA1
46bff4c8561e0c606d2f038e79647ef71d92f2f5

SHA256
205f7ace6640894799b053ba9b49ebd14d441cec0e9ffe6e6a9e6e8e06733893

SHA512
71488d663f28528440f0c05a2a7b7a34cc6be74172311e4a4b627d9fb2db03e87b5e924deb3c647d0035527e23e45d9412f932d5cad03a097dafd1cc4e1694e1

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\MultimediaLibs\is-27650.tmp

Filesize
168KB

MD5
3a505ca49c5680b763997491a45d4f7e

SHA1
abae4fe8d087a654aec8baf13caa0a60bb3844a9

SHA256
cce0aed1987f6fc8ede5229d9f609b3b3693fcb58c866d53d270399a5b0de074

SHA512
026415e672f9249bbb8e0a4c09c203d430fd65fdc2cdc24f61781199e296d8fab14f52905852a795abc445fc80b256c45c5880af9a64ab5d70780e9e5e628e23

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\WUL.Zip.dll

Filesize
142KB

MD5
a6edfbaa6bae8d8faeb9519781b6df6a

SHA1
aef5b7fafa64c0037bea385d700bf663321242a1

SHA256
340b98c07cb04f015eacb899f0ec307eae88c4930335aa5737d4c517da618415

SHA512
f01e7441121169ef08e9347e44ebecadd19dd23002317c6f46cd1ef02c293ee5a8eb9826df50153f6e286dd3374066de8873dbfcca2c9b329d00bd26c0c17469

Download Submit
C:\Program Files\Wondershare\UniConverter 15\Transfer\is-BGR3I.tmp

Filesize
2KB

MD5
2aa25646584c234f3c09ffe3113753c3

SHA1
ada6a017195703c4fbc36235fce1a68536972b36

SHA256
bbdc8182726a41f766ec1c849cbceb0ba6203353d37b6b218e8721c53cda1572

SHA512
5b88396e148ff99f7640bb3e3d63cd22a9bd920d6ddb69570561b54d2c228a8cd2c18a867820b15b698ab67dc63336764f37e176285a3b3302f4b30c7be396d5

Download Submit
C:\Program Files\Wondershare\UniConverter 15\UploadRes\pythondlls\sqlite3.dll

Filesize
512KB

MD5
0734cb3bd3abbc19228e6a1f383b1f42

SHA1
8e92fe641ac3f9a35d24efb0a20815b4c41f8358

SHA256
e97ef947b52a8970ca35a40dadae19fa9b4d12d446079d11fc59349a2a0e5ae4

SHA512
b7d02808a2101b82eb3e34992e85da731d9559a0499e3037dcd8bd35feb064af41713efbc164ee77b80055d89e879352170f79545b6c3141b66440be7d759b46

Download Submit
C:\Program Files\Wondershare\UniConverter 15\UploadRes\requests\packages\urllib3\packages\is-BJRMI.tmp

Filesize
32KB

MD5
7c55d43afdfb1fa830835edbdd283c38

SHA1
c9df234b93fe3f43b0a9766068518a8372608186

SHA256
3194eb5336b8ea6a37b22817b649a95540721ea7184b602fe76843cb4c9fc39f

SHA512
33699a846a745e6c14fb6ca50d0ed5273d738a982f209c4146098c2712419b1731990f6892528c668c44907f610f1cd9ee3d58014c00f048694c83802a4b5164

Download Submit
C:\Program Files\Wondershare\UniConverter 15\WUCPatch.exe

Filesize
505KB

MD5
76ad2c7862080cc3f9118ec3c19200a9

SHA1
c413179011ff35620111b4aeba6b17e49f7530d8

SHA256
61216c38f1548b6184092869820343d2e5155fcf1986680e2e259c24239d92a6

SHA512
5864e34c529a0ac0bbe42d7fae3849b933e1d3bb938b75c32c9d7b15e981f8708faabc6000bcd6ea4d63d1292108218b6ac6153ccacefafbdf9ab2a27b662e79

Download Submit
C:\Program Files\Wondershare\UniConverter 15\is-1RDVI.tmp

Filesize
112KB

MD5
ffd6fb9845892ae75d587b8596a62bc5

SHA1
4727584e2d10aa9a5d10b761cea4f22a7320a341

SHA256
b8b4d5a02ea13971972e0222573fc3cc3d3b2e07e97831b07faf680c5a66fb78

SHA512
e5affe102895543acb5c6f13a00950384e8966c8931662ef43f2d4bd1aa6b5ef627d8abbee4062ed28f0398ab85dac0611b9c7a03b8a46dffc608998522cc06a

Download Submit
C:\Program Files\Wondershare\UniConverter 15\is-7GTNB.tmp

Filesize
202KB

MD5
103c351e5051e875ab540faca321035e

SHA1
225a6f3544a0d6ea5c3a5fbd24c4615c3f9097fa

SHA256
dc285c100d5d2495e98e1c4ddf3924343dfaae989aad86c733f94f25a502832e

SHA512
71ef1acf45f67e84f9c2a5699245b581188fbaa6c2532d33c318bafe33f57e2182f794f534f3448f7db0dd408028c25c20769678b80d9add49d69dcd2aae8440

Download Submit
C:\Program Files\Wondershare\UniConverter 15\unins000.exe

Filesize
1.2MB

MD5
d6d0071d34ebe3f1334e61f99773868c

SHA1
3748bd0960be87190062661b10e16074d0c1a97e

SHA256
e1bae9836c594d98790b7df33dd41febb8937435d6a30db1e82c218592714041

SHA512
c73d9741317ce83bb7c35e9d033cd0728f358afab9c6c62cc2268496badc96f00f41940d28a248e25e9119ade2d67561b51c7307728d85cc7ceb32a67d1bdcbb

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\SensorsAnalytic\abtest\sensors_abtesting_experiments

Filesize
101B

MD5
09749882cceb0f1e225ef416fc175df1

SHA1
1d14c0ccf17a57ffbdbd5029e5a860b51405526d

SHA256
a45ac4ab83c48f3e5ef95736c09158955518f2c367de1e1aa7c94c581aed6f27

SHA512
a0584760fddd3830c6f96a4fee90fa151dbe579408a026228c96ee367fbacb8da2e0597fffb061c79d4fa278d3d170b60ffc5a28937f1c8f35ffa540a254319e

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
d08bbf9513cfa0c975e2d151bc540f96

SHA1
de66abe6ebf1570638402f201c21977762ab816b

SHA256
a280cce637c42c25c586d2bd587d1e01bb0e423afd1ab86701032ad858fd00e8

SHA512
27af8f48d74e819e06698789276c464ad37950f86b4bd98c65eb6dda1be09596d936e17d4c6693d267c3a9147f42802aa9d79f85a3d079ec7bb8d4a387147495

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
d08bbf9513cfa0c975e2d151bc540f96

SHA1
de66abe6ebf1570638402f201c21977762ab816b

SHA256
a280cce637c42c25c586d2bd587d1e01bb0e423afd1ab86701032ad858fd00e8

SHA512
27af8f48d74e819e06698789276c464ad37950f86b4bd98c65eb6dda1be09596d936e17d4c6693d267c3a9147f42802aa9d79f85a3d079ec7bb8d4a387147495

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
e73d93ad064b6771ba28771226ee1013

SHA1
45d56b1842c8ae770b8da547669d284ed9864738

SHA256
847cfc79a7fe2a0ef6b0d2bc42aa86b82dd62579311452c8cf5b6ea9555cbf22

SHA512
1ab3b7a80e54dc8b573b983d0c4784ec75986015c46642dd91023bc96fbbf885395697d57624da98c63ff1c1617a4db5eb54a95b0d8fea8b3ef9b10bbd926bd7

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
1KB

MD5
a2b79642a6e4d3c4c9fbfe5903f7f746

SHA1
f34e03c243fe3bb681ecf5b73bf9cead34c2b6b0

SHA256
de3f7afce28944bf8fdf498742480463f7f8bb9cdf9c71c1c29d845e33ebff25

SHA512
1439b52f3384b17ade4209da921ca11e33b13e7405ed5cebf5d8531797c841c544c844d8835700fe20d883e67849c2da064fd899b71810a813390209d0e73cf8

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
3KB

MD5
3cc93d0d8cc8843d1d787b69ea454fc1

SHA1
1cdc534c434d2aa0dcefbc598ab203d1faf3f155

SHA256
2a0ad0bd3beac8691aeda6343dbf7c71696b45224c3a8d1aac596d0d7f8fa26e

SHA512
c7811d919be54b8f94c8b182bc15588ca1baa3edb4f642eef0fa864d1d6d51a571412268af3787f4e3a2a35550bded31577b1f13370c1d7eb2eb0d3c425d7440

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
3KB

MD5
1e65f0b77b7cf58cecd799c5154db4f9

SHA1
e5f7e450b79be1a40209b122557c099231b05382

SHA256
785914e2ce33bb0dd8e041ecebcef7dd72f0d8bb59bacb7398fd67c804baa005

SHA512
655c7df4d8af8ec6e8ea493b9dc67556f9f45665ff21d0e5baeaed4313a4b700de69e879b62c7ee0240da7d3708e2af658e53d9d85c571b52ebbf9a770953427

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini

Filesize
4KB

MD5
1f8d59d83cfcd32aad114aa6dddc941b

SHA1
484d4d9cab771ee285f7db23a7ec55559da1a132

SHA256
7436c1e1854b4a25e165cda66bbfa12356af52986be75c1d8b612ed4d24c1f05

SHA512
bec7112acd5dbb9985b36b90c2fbea84af777b68f5c84439bf0e63ef791ad44e81f03bf1da43ad93008c1a899e6b37137b112b65fea8acb28dbf932bfe717f60

Download Submit
C:\ProgramData\Wondershare\UniConverter 15\UniConverter.ini.BAK

Filesize
1KB

MD5
631a19babf36d881e31eeb91832b9e13

SHA1
47d030d70cb7360f266618814f27a333b0fc12bf

SHA256
c4044a001bcfc733482858b98f03f54b2ebbaff87d7278cdffd812bfe78630ad

SHA512
4229d7cc78c569cee649fea333c59345c29553652a6e7bf5365c6b817a684dea1f7d372493d6555f66f933e4088c98ee9a3c197341628b4bc17f5f57cb869955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
de9a324190d335be5f0acda41e803a35

SHA1
dbf161fdf53e52d269d7ce80429c8edec2c765e8

SHA256
9f4a31909c1299bf74f45fc6ce9fa1f67c56f66c7aa95338da79daf3ba3b712e

SHA512
d6f4acf685a5a2ed5903b6f8bc2f44a4dd0752e561f4763c128f98f9517cb1f1dd3040b37a7aebd144b89a67f21b9c0ad1fa87189c4fc7d328fb270d793f5293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
57KB

MD5
a499e1975904a648129325e2e826bbf3

SHA1
cb5bf09a711036c48d46a1e42baee19456c92e52

SHA256
5809dfaa4edb2bbe57ea87b85ff6845ae43bc992a292027d62204154660e6251

SHA512
db9a008fca62cc101f09101d090c0b4838ca6ea1fc069f039c5c827aead37fd8e4ffbb5621f630a25eaa30ed27a7533f06ceb70502fa93843907f8ca0f3d7a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
25KB

MD5
947b7b96c830b83cc2f06bb27f4be73f

SHA1
a221e5919af446393acc428b9a781b413f7776ea

SHA256
82cbfb11944684c9199402b1eacc05984d105c872517082ba25b2c74ec0e4944

SHA512
b2e3eed0274b1a7689b6a7a94778e7534f121c94d50a43e8bada832be5785e3ad1dcf8f150750485dd323a1d64a609880d2d19bd0867312a25bdbfd1e9347d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
42KB

MD5
79cbf5b6645638246cb94c0fe4b59bc7

SHA1
7edc0b05ee0d9e945f74742e46c20cc83de2b3ee

SHA256
2dc8cb2fe5802944f5a378daa649ccaee14ce3025b76447824c75eb26fa78936

SHA512
9e7a5efa1a0d6ceebae3db6c90b2c0bf59162fbe6dce5b7695dc46636fb7bc631dacea71c5e4cd8c1192a610a23ce4d8e154eb26c9423917bf69a056ec640dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
51KB

MD5
6e2df673cf4661a6709df74b340a712e

SHA1
78951ef50dd7d443f8480af8c8cbe8f2a00aba5e

SHA256
5adbc8850a787767d3726dc34e3cc71f4d91382f2392a34ca9c97f7aa411f182

SHA512
8ac2e49e092f03ede6cedb19418c4654b12449bfc4b34d4ef1009f74b171f4ff244f0fa0b4999e99b257eef2c8337e8e87b1a803030c986da3f3a3b198f51fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
148KB

MD5
96e85c379eeda755e1aa6e1bf73ad0f7

SHA1
6ac5f0a9e2c644e534153458091554f7bfa20913

SHA256
9de8771c824caf3d91775c5da6d6b30e36e309e8c595214b5fbf58974b047368

SHA512
df82025a8b9fb3de60d507b21de9d7172ffff4dc6fe5734862ad54d0a6589aae4dfefa12d980526c67555c0c321210b4f38444ef5c64c24e61612cd657e330e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
47KB

MD5
e2d74c5e631bc53a7240bbfe4be99c8f

SHA1
eb513857bb01cc4f7249067fc7e969bef415fc90

SHA256
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

SHA512
ce26a692dbae0d0a5a0ccda9d5e10b0bd135d104428beddee0edaf7da6961f9dbf27bae19130cfd11564f2acfdc414559bb8c918cfe459d7a7fae44abb5fe1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
63KB

MD5
db6945139289b821167bbed40ac9d272

SHA1
50abcb3dbb0f97112b4bee4bb2bfa060394eaa93

SHA256
132f8c0cc32abe8bcdf2d9948cd2449ae04dc13011bf93bed990c41e300acb18

SHA512
94cee19556a11b889b1d7d4806912136fe7a8df00287c1d05454ca0ef6d4780a5d46808efed7ae0e19066a96d0b3da0da1be9683fe049065f73bb0f8239456ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
81KB

MD5
2e4c7900eac56292184a4b6544aa8980

SHA1
f3b6f224f43f811a01e0f840b8825f80a179cd3b

SHA256
4006195ca89170e35b36576af505c72566267742b366b6c4b5b641e5d5130652

SHA512
9aa155e3c292978cebd9bdd19ab84769e991142932d66bd19e1fa89d653a83547b752b82589c7fe6c0ec6466174aa2968c55407a1c7c9f70c33791e2f6bd2af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
186KB

MD5
4a2977698422c3c6e58b664643322efa

SHA1
939e0f3f916f936be7c8c49121d8f245b99cab1b

SHA256
d60610d21436821de350b6e21d3915e5ea1617d97cf20f7aaa1d5ae782cc4cd8

SHA512
ca9d91650de72ff1faed43344dbc86ea3e81d4fd615b89347d31c7676fde084ddcae30a9dbfa3b341ec32b00966004fe7d6d96e383b18363ebd8f02b982ffd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
80KB

MD5
fde411352405b179002a289cbb63d594

SHA1
13dcdae52ec15f40080c25ce7cd1aaf379fb7af7

SHA256
6e1ad1875b332cb7a180bbba94ac07c8ad92bb80cdae223f50cd3008158d2369

SHA512
37ad4b92893fb123e8427ddfd98a9da8580ebb85e761281cc33f297bbd7ff3c4c869324b9b4762e6dbbbc0f327a7be1b090ac1158bb9289fe2f805610824a53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
80KB

MD5
8c7c647acf71bc70ad9e5266d2f70b48

SHA1
34029e525ad9dba2d5095065854cc9aeed86e0d8

SHA256
ddebb680cb9629636e01bae65c5f4296b9a61105b244a4f6b54e87fe3162dc77

SHA512
f8d3f00084247b194d5e8cdf810e7b3658085e6d3f312dfd0173f76e88f02df403ea8078904a003bbd876f710fec08cb81dd57c585db4bb34b242ba9f7f16355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
86KB

MD5
fba903e3d30717b3d35340d4c97332ee

SHA1
7d83db97b6f5147ac18599563118fec02eea6078

SHA256
5bb4216cba740e3d4ac22a4c56f9a6ac5e1fa79d88eacefc42e2caafdc9069a7

SHA512
aa9ae6c5396aca0249e6b7d4dcc1b84fb9aebb52f16fa29164552790e261220051e723191422513919d5c2fd14d1aaff3e01eb0d4bd0ec715a9402c577528512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
49KB

MD5
c46331b1973cb2c4bf5ec271bfc0705f

SHA1
065108ebfb6d66d61dd3d5fd22c6a31bf2f49a24

SHA256
83b0dea4f0b6094f685d0c2a37a28f923a1a689dceba5962f99b8305ddfe0056

SHA512
dbe809f2353ae62d344741d73f2337ff4edc2aa02d3aab472cd6e31f222c7bd8b864139d812c05bbc156f790ec2e3c33a75986bd03823c192a1493b98dcae08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
44KB

MD5
6585f435f65331523c03a5d702c4f723

SHA1
57c40c9392ce6e75262612e82b0c2ce1961e6e85

SHA256
e86be4d131de0f63c41665c5c3bc664eec7cd915da36b29c9312c23724218207

SHA512
ab9e3c96ca4fd7a2b4161be663207c26cfa8a640b84b6ba92dafc262636a375a8990d962a3fccc30e1073be9569dbbf4276b84971da9ade6a2d7882d6d926b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
53KB

MD5
78326f80b2ea84dda148025ae0e48466

SHA1
e145083a36fd2a76fcf4b52e354707d866ded93f

SHA256
50ba628f8606047f4c5c336c658338465e484f0652498e8fbc0bf9b2f9e0615a

SHA512
82f82c6abfd7e9c578e8018b951afbd8b431f15d4605d3a1a6ee49b1303cabf888fefba5e5e93839045e3ea0496a2a47a1ba7c01b533828bbd225dea472bc49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
82KB

MD5
5dd54eb108a44accc072b0704381a47f

SHA1
617362cc1712709248b702fdc14ab49df4b7f762

SHA256
e73b67aa5ccc6f9f3cff72e2394a97a12dd8086b783c113ba306c33ca8adc0ea

SHA512
f9e75f1e9518d64c202cd16ccd902ef85aed2998b3d11b793938a68b617f0dc72c5ad58074b78acc3754cce51cc7e33ae2560e083ed4874cd395c60a8f87d29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
83KB

MD5
8cb780a21ab2bc30c602f522c6c690f1

SHA1
e418e4dc1184fb7ce562846cbdc758354f7c5f7b

SHA256
10d734bcf21b4ffd1903d96f36a1943b1a7d6cc324935b8e0dadebe697fb39e4

SHA512
6ac82d5222b0af19de3e8dcfa385baf0fedf782f35b41beadbe42a302d419167bf356a6296626ffe500f641ff96f9139c3ab25fc0381367a5fa9954dba817232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
30KB

MD5
0bd5615fb6bc4ae01b2faf0f17c92390

SHA1
af8575bc734dce30cf141d4bf9f0bf21716d1d35

SHA256
6b7e9303230437546f411db1d9392123967bb450f70ab011a809f3d37763b5e5

SHA512
6c11baa4af7261ea070d85c08e4f0d8270cd194ebee4c1b1d574803757498a73b5d6b466b3f534199fc2151eaef873ce2ca2bbd998344c9c98a62a9163207801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
133KB

MD5
75fe3b4a73169ca4fe290dd269c2996a

SHA1
90c7d9c55b7377cfbe798339b2dec2ad75e4c1ab

SHA256
dc2f1b779fe3cee83a9f9c909db05bd4cd5a33b9c9abc9fdca9aeaeccc4fd2ce

SHA512
5742ceac362aae61817e58e68f81ceedee2bfdffbf61254c839993e555ae083aeac22e10c69fe929cf38cd04515d75445cd2b9e59967f9ceb35f3e54fe08ffc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
56KB

MD5
74e44ac3020b476c41337f7abd60811c

SHA1
4c32d0f936cf4eeae0fc6310cd7cb87d2840556a

SHA256
79fb90c206d1a3e3160eaf582c7237205b03250dbdd46f3fce8362f0478798ae

SHA512
ef3a6693f4a3c64503951f88a2f575642b505019b549ee12b77188ad92c3de7db21475f15f72b235186882dfd2b0f58b8a3ca1cb6de8560db7984b0019a9151a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
59KB

MD5
9be7981650497435ee50aa8c12930dac

SHA1
7fd5e5353198ed78c72530c3b481e64e076f0291

SHA256
7ad9cce6477898f1f63fcaf055eb1cb7a4d20b598d120f659766b7ceb4a81cce

SHA512
03b849ef06a1233ecbb041d665f31a00aa9a5b9e81a9082589346c1bceee886f9bddc18579af3f81ce51e5b66ec38cb79c66401b86be9294b7b5b7eaa115c293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
26KB

MD5
759c46f009b773648895476f75f7d8e6

SHA1
31d3b9d7c85eab0d659ed79f309078cecdc4036a

SHA256
68b9a19a8b9821eaee1b5cfc0b9793b1f8e634534d73c44260ae22a5ad142c2c

SHA512
744f5d198b5355f49af82b70ea674bbe2898b3a7b461dbdaae0fe2e7ed5c87b904759c2b91f2939ebbb9b26bf6d53066416459227dd9107bb795d590cc5d670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
29KB

MD5
393c66f5b2172522d5d69e802dd6e1eb

SHA1
e81033974d12d2defc548efd9e5878c24ea92f33

SHA256
4230e574fb400551532b3d32734a7c73aad21d9d0289ba161fe161c1d5008f68

SHA512
136d63db756ac34a0f87531eb551f582c82206917c46a1ebcf8712249be3b50ca0c1ee27b23efaa702601406ba3330e0edb21c308ab70e905f161b67ac7dc3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0707e9e3705bd99a_0

Filesize
281B

MD5
11de2f630e55377eb530e5f221dccc30

SHA1
a10df9ae166b6bf8b3f9397633e319fe4efe18a4

SHA256
841323f4d26663f03fb30188bfce7e085167e234e92598f5e9001a1fa21137d9

SHA512
2a1b95ed1649eed2d9f5b3eb0eefe73d753f1b175fd4098997bdc452cf209977cf2d5b08269f1d1ae7d2232988840db9307da2c83e2e41cfc2a1affcfc581607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e76227fe3be65c8_0

Filesize
125KB

MD5
1e1cbf6574ebefc89ecd6a5e1b94d5ca

SHA1
1af22c0d560c704a69914955ad1cea8c65298694

SHA256
16fe53bafb17706ae79454fd61686bf3e6d60f2643f2d1e8b4678b5acc09f364

SHA512
b213aa0fa87a825a98e19f04fb5e90c6d72ef523dcafe2d24f913c4e183677d8513e225a953d1b0418999e181a0038ec95999cd59ddbbdc76ac355aa01fbf377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15e57d4ad3b03a15_0

Filesize
261KB

MD5
1019f03e581372d79b71fdc73b7156f9

SHA1
f5d50c771de390338c3b027dfa56061522f51059

SHA256
f02c1b50a4d634bfc81646eeffdbe589ce45b73a98b113cbed4552d98d22211f

SHA512
30c89dfb7b68a0ecb0fcc875aba64a6cf25e417ca6c2c1d6549a4136ff6a70a50740aefc41ed9367d4ddb568eb008e4fc3ce48a58fc84518a006fcc16dcf37f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b7ca1af87e2168c_0

Filesize
242KB

MD5
38aef6d9f896145d17d64df7f3fffa41

SHA1
9999b92082551c0325505b0f57f95f633e18c832

SHA256
ba5117504e134512b656dbf2336322d8ed860f15557d3a5e780f9859545bb186

SHA512
34768f1089e820a438ba94333a878277a455bb5f70e4fd338b253e91a8a834b3147e58256aad36c389e7ed208d3574dc318a1320f68735599a686e3260839204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\64223413fcd8d885_0

Filesize
261B

MD5
8ee18789de19d17ad848991984415659

SHA1
89929edcbd65c03572deee868637756d6fd95e3e

SHA256
1c8095d9a5cf3c8a9d6e72209173fb339cda9f4b3cd398f6e9cefde0b60abfcb

SHA512
da68a5a8ef3349dd265e5d280e9a40967f27181d1c5d60c56fbd28d6121d8ff8f3f8cfd1139b9dd2f2dc3eb4d1b8a185044ddb6891da213814c68408ad9b02dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c371efb97d8fd7b_0

Filesize
371B

MD5
e96b3b3e52234e7e607dd46f4c3545da

SHA1
159a317172a01af499df08b866622f53c18c6849

SHA256
461afbfe6f1a47f1b6c7debd4d3d9009208f8c1ca55430ebf1adc06fa44fe4e2

SHA512
64680dd10c2b586eb134addd728cb8cf721be0dae2074beaa09631188a9c0c646560de4be8f697107e60e6b3baf3c179d7a82e4d4e4d80c664e1da1f01630562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e7904321d0ed4e7_0

Filesize
86KB

MD5
620fe825b29dd8235e2163f19f769933

SHA1
968af113d0f63e856767c978822847503e750c1f

SHA256
5cdd41ddfec90b3bf65824e304c14a1b209b96b498daf1ec315bbf0c6b17eeb5

SHA512
880bbbf54fa318dd0c618e850d84d9973553f1723686c546779586804da1ac655c1b87c13bf958334ab046b7dc2d5e5b89faafdfeba7a6696bca8f5e68fb0cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\838b3319b1ac26aa_0

Filesize
376KB

MD5
f1a881face704b8a883155ec9c656ab7

SHA1
fcbfa539b463cf25022831e39bbf95fda95f846c

SHA256
71167070949f35ec6ec855107582bb590334ea7b670916e59c33e4b9b7a959f3

SHA512
ce178c0b77180483936044b6a74ae0e16d11d8ae1f1709ee279b692b03dd8ada5536a172d50ac8bc86f0dd354c347e9c6a5772cce415ae598145c789f53be795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8da788ed8d3cf1ff_0

Filesize
264B

MD5
4b6dfd2eb5658ee2c4a45bde619c7782

SHA1
8c56ef808ff05df8a7476ab04cb641f2b6ba499e

SHA256
7c55776653c221507350933fb027012e9a77e94fc2bfaab6d0e1015116c9e06c

SHA512
c82046e9a4a7b076765a1c81686e3df5a0ea6d618362198490cdcb6b49303f46569d73e7d7b926ce0ec6c3978d6c54f61c4a902593cc9db60934a1073c457554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b41c96b8ec769b65_0

Filesize
263B

MD5
c69811e46c8f2b80e96e1b4b07cbed83

SHA1
bcdf6be64fc0994131aa6c93184046f634e0b300

SHA256
5e5949cf9def30eaf1f35c4a1b33a3a8600d745c6e1240eacbbabb4dbc5658a6

SHA512
0d165880eb799e6c73cac796ed6158a8a84b81f0607a33c60ffd6b7073e9d2f145d7c8cf20509d32e5374eb539533bee7069a7d6e3ea90c725c6a202e887fd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d2dd64a649140650_0

Filesize
253B

MD5
7c8b54175b58abfe90359416ffeb76df

SHA1
f6235899e418d73b88b8dfd4b9f9f5c45aaee3de

SHA256
8c97c00d44ad28c15d2dcab22d1703a1e85864e40978cb4ed46ddd1bfc9877a5

SHA512
a1098ce9331483762c9edfc4bcf4ff70bd57d9c27dd3955aedce29bd85d4afd10379eba4695eb74fe09daa06d6333aa9ebfeb735285814f29a02cff14ec46a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8f8589f0d0a21d4_0

Filesize
298KB

MD5
ae981eba7b3846e09726a7a6bdeabdd7

SHA1
b41511d94e56c6430ec6d3d47f9e7498c2fa84fb

SHA256
44c1a4526b19ed14f8b780e08eb9b98d822d65b1ecd8bf50d1e2dd6bcf5ef7f9

SHA512
c89124a08fd4d645e06e1e569994468c9e6c2c9c58afe82136029b9dc723b63d5da140c78d61f0ada8b2daa625acea4e799aea9a75d7cdd35e8969b8e63c2523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
52da0617bfec425020940dd00674e1eb

SHA1
cec49e9a98fc4bdfe1b6e38343f6505448b64420

SHA256
ced69fb56d8a6d52ae47b663b26bd5c718328379400e235851241c7d594fa15a

SHA512
ba55df939484c90c183410a06ff4498c23fb37475c3dab3c0a8413dec56ba3667313bb8ecec289fd222a2e3e062e39927dc6b22de42685395769624e98e55408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e960b9f23d8e95d7bf682cd7dcc75a23

SHA1
2983bf0847fd96abdf48fb70efa2b256a17a691d

SHA256
56f321309bccf9485cbf9ade28e719b1c52779c2089d54ffe921edafc175d443

SHA512
dfa45a88e974d08fc37c6a901061e0c34ea38f9512db147233d47983381b1c9de0b18327d25a7df53d43f310f94b99b1f3f0494a53e611dfefb5a41d5155f1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4d4fbd55bc31fca4120c937ee7644309

SHA1
eb45ae5edcac95d1af5148e103518dab45c86adf

SHA256
3cfed819e0134917cdbba1dfb0b405ba9dfe3df67a1b247888f98383075bceab

SHA512
6eb6dac116f416a31b8cf219f03d763d5c8903a4fb51462df73ed737a90f721eeb563b6071d1f9f6bfbd78367025712e3e75f7e4953c6623b6c1cd408679d4c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
34df06367d68fa60785c9522f29ecb54

SHA1
12133d8121e9d0ff6253f1fcf4e52fafff3150fe

SHA256
28d550592d39a98d690315720828ddd3acaf2be415dde0d803aa004fc0a89630

SHA512
9c203e4f409aa1108f152a0b7d5c8388207d1080de1c1bf83189925d10a759e35a91b38c7d3c5bc034cc654abaea8c590d965492427a765cbd66110ee5488a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd7e3abdf700c993db2cc590c38ae0cf

SHA1
ae2df38a8454ba5f5012b26ef16c6aec48a17c75

SHA256
3ccd7db67a9b95e2a70df2dfd58c07a3e8b59fcecc241baa29a1878385767027

SHA512
38fe8735af55a7782f1244ac6afa4569031ef18cb70162104c10df3822f15ed8ad6d181a52a9dc5a619e34ae2cb59e5e4b3bef671ff40b52cddc86ba6725cf01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f03ed036db8fedf79b4a9b65daf1c13e

SHA1
cb28c09d6c9e6f00af9a7f211dac4ba61c4da040

SHA256
d3128c23b90bf9e086b3b311a322a30f2a00db4a0e06741ebb079375dc80efea

SHA512
c84cc6cc657ac940ec974ac6d045d5993463f37cd9c63849ffc555d03d0a8e6eeb83e31274fdcd9622131445b8776959a166c8e510d95a068391d39fece9a34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\76a0c25b-aa7d-4d55-9491-f16440c7ebc9.tmp

Filesize
27KB

MD5
7d7774d572b6dcf8bbb6b69a4058972b

SHA1
4a89b2e68d7854169200aab4b90603bd2e112d2a

SHA256
ece402b710aa2f233000e013f6e875745c381a6166d5eb6b9a02c50820ca45fc

SHA512
99afbae91f945ab51ae4480a72da9db3ad024d2436c3af0429d8b5d8c1824116bda393453616844aa631593a66956dd89903a7d3e7875e9330206accdecbfa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\150de444-68a9-4832-88a3-626f6bd42906.tmp

Filesize
1KB

MD5
122bda48002e1a376c763f21bcbf1b7b

SHA1
03a994fdd0a34d491c101ab3ad460dbc9eb8ad92

SHA256
96084feb8465128ec20cf573602ffb2e0b5712fd593125c5222c396b20a52337

SHA512
cc17b17622843aa0e7bdacb81c9286be0bdb5109da5ee3b7583d45f16127a9a55ae3905a5de176f806e48c276623149376e64072c7cc499b245dc72c752f3269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
eda1e247e03c5b0554fb7f12d9851501

SHA1
e644dbcb2033c5c5744fce62051a8745c2e77e42

SHA256
3f39e22d30cd1f62a7f586ec7104bf5ac3cf78e031bcb7199d35b12f5c4a8fd1

SHA512
ceafd4d8704a6fe05f8c3c80453f0f4e1c0fda76ac2c46c3d393953faee7f3c671569f6e8397ccb55484202b99977382f8e8415c408496120b9e2ef6d0c328d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
6d827f1d19cbb72cc981e56667181b00

SHA1
ab48076610fdb5bdb409a3e4a5530edc15f9bca1

SHA256
6b7d995fae423b53f96fb58e98c1fa6f663d482140e6b8a4c787962c76fb800b

SHA512
c700151f7c3535496ab4de75b396a5d2fea9057b9cf0ca44ab9dba5ade77b85de4f1ffbc1edadfc048cd2f79c8f5cf7335b079469cdab869c0337b628f90723c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
dd4f70514cb30e0d5680b56e576b82ce

SHA1
1933e3d533650a11790fb71bdaa192c552fa057d

SHA256
0d023281cf4ef7e8dd59e797434b6f07bae0fa6ce449f14f61d5bc08cb55a46a

SHA512
b45719522c952c7183c1e9e9ca14e87c021f3a9266834994e8785a51bebcd16d52502553b866f351fe912abd52c2f5cd1a5245dcc2626f227c233f6b4b7f6c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
8f2309a786e0f42579e49193b5012bde

SHA1
b9da952c8e7908d20ba8e2fa1e0b89e43d7008c5

SHA256
c6b5b2b08a361b45bca8c05025ccfb80877241fd944b776c7625ac32d4a048e7

SHA512
bf243a94691b710458afebb74fdb92ed7f25892feebd8c1fac46895c1b5243016e38eab10d9dad348a665042598929b8be6280af5c17bfd23fe21fd4a1fa944c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
8fae0f63722f588ce3817148a45f219a

SHA1
10bcf5742ebcba3472c84e9fe21def684cdc34de

SHA256
4e69f4165ed10f6ad7a5bf8cebc1bbcd796beee4530167de650d8cd93fb03a5b

SHA512
d0d5506c826aaa16841ff0e9ccb68533c4079a080287c655c646ff544a22cf0c5390bd9be4fccd5b7d4c87de9acc5afec1ffe189ed7077eb343405eea037df6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
85c294ad8ce453ddcf86cff1d98a0b3a

SHA1
be943e5289c6bb7f44b6e79e557ac167fe8f1908

SHA256
c668dbf60a092a646bc798c59cc2138efbc2e44e6dd7fa3cb744c28642c88e74

SHA512
95f77e7a77753627457401d379bc06b3b680b27174df92f37c493964ecb00ed3e951e248dacb317c23e2a42f00f3a77b3989a976bd1118a309badd283c9e0179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
a46fff57c17a80a3fedb8539d668ec7c

SHA1
b48216a215fc72ab28b56027b83a5b498f2a62e8

SHA256
0ef77e5d8c146f826c8657cc721b3bbcf5015dad73ec956daf093e8c18c7db50

SHA512
1d43a6961fd38aa43c8b79294c6da73fd1bb7918a8af2c6cdb59a10925dfb551420f6bf01b6fbaa50da5e26bab21b0f719b1419b849b78496fe622c3444cc035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c1c09d7bfd47567de7e52454599fe554

SHA1
471c554173e9d8db75f5fbd14bf63f0abd65140b

SHA256
0fee04f2f726916cbde46993b68793d12f436b28f9c702bc9f40f41b84e787f0

SHA512
b54ecf2554186eb3f8f026d3ad2e3a401cd285be078fae92624a189a4020ce0f82050442ec4d8eb47d529e071f3f426377debe803bae711ce5b9194a15621fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
767ec16221f0b8fc92c30c781f65fe7f

SHA1
ecad248d0257825f5eefe52328d390d4bffb4f9a

SHA256
ac032527152e2991f93e0b34ae60b4a7d8b9ab4a421515d4785591cb084bbc58

SHA512
b95fabacce95112aea2c2767020c9d4e4e540a69c4e6ecc0432c5ef3a15fe904bc937d0c925563b3bb0cb09303c53710d4da0475aabc013ae42c4146979d0063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0927b7692dc42b8e532bbab951b7fd37

SHA1
62dc04b3cace3c9fdd3664c92497eecb84647bbc

SHA256
ed4de8c0cd3f4761dfddbca341a18cf3adbf06d4f2c622e33da85f44d3ee5e79

SHA512
44d26ff2a368861ae243b29beead3c82927229006ff1df43ed3cc405a4536748a33f437b650adb6fd38b8d9e702af074510d176b422d9211ae5d1469a4bc83ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7a5cc944dc92e8fe1a562e778a0453ad

SHA1
860f829c29e1ba28cf6ac8df6ed2dfa18c5565c7

SHA256
dcf34f29f771ab79ccc4e04badd2197e398a49c836f938e0dbd5793ef3d039e8

SHA512
328e866da83626878bfacc85490ce687ea37efe391b956eee1753b7419500fcdd4b5d6bffc0cf906afd33b2be8aa6902ae4c29f2700989e86ce40ba7041e66d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
06733167dcfd27a82fa33f2fed60b5a1

SHA1
8f9c758c945bf6947286d33aefbc98f2001bffe1

SHA256
249726dd1c1b04b22e61c711524ae4871f55bf12c4551216071a66907d491adb

SHA512
25ada1d7d8b91ca138078b4886c9037aee0a1a86ccb2758acefc8318328a5c72ec0af28c5f58a431d87e0e84de5c44c4f14c83c9693bb733cc38b8602b195350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
512d840aab95c00f281a9ea7162c6ad0

SHA1
177bb46b67194419e0729f7f23146772063adfc5

SHA256
fe1d0dc8e387e8554bb3f97b2c65229d0ac75cc9022104a84007290e6468bde5

SHA512
e27f6954b2c64231506fa3842c8bb36fb74fe8ad56505deb5ed2b03d603b56af0c57c17c22ab5b22ad3b6804d706425067dee2c12f2e04e3e90d440467763f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
456c24a24542fc6471ac6f36040a2828

SHA1
158d20add732c2e6f805b9e4993e4c7853145ac9

SHA256
e6e3c5d73cba11d2a5c31bb53150011a0c29c4614a3b92203ed2239af852f557

SHA512
7a2e66f8ca96ec089b0f57e0522aff749f98b9f5f0fa65eaf0ccf8e4cabcac3f99dfa91e74b0d6bc5796138f1bc166fdb56c43dc77279b089d41e57aa5d419dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
070a2f6f9ba1921c5be6487720fcd159

SHA1
51541b544a01142718d6719cea62604783b7b147

SHA256
8157997bad3f3ca3baa1a8b2fe5a70bd7b07a5cb5b2f3357ed6e6b83036d75d7

SHA512
831fbd6ee545695f1fa7adb5d5162557965d43a11560fbee4eba4acdb7283f1b0f943c0609e9eae6cd8db03c4d6f20cb5e9830caedeec8ef11212dcdc127a06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
112383a8a391c3e6ce1bb262cce9c668

SHA1
63b77eb06ca0df546b5ecb4f5ef411ceeb438e35

SHA256
b69799506c4e1764abe64fc1c9e33e8d8f126a0313af92a20c0a1ad79772917d

SHA512
a0411df46ae603d6ed892725b8b42900ee10f39871b6b304be5e47ca156534e80b096204a6c73a9c1c4fdc2e46ec5fc3d7ebeee748a7d90211877db633836f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c14b85558e533af4af41d4fbd42129eb

SHA1
300b14c7b76bfd8e1a2d62ca04ff36eae58efaca

SHA256
eadddd9c0747f6ed205cca7dbfb2216f0b1cb385ba4217d8d73cfb4521e6955a

SHA512
21d4179a7550576a033986650088f1fc26f69049fce478b766f27681c745c5b56d28be583de3058c74f94a12f2f18d93698308ac65cffb71e0152321472b483f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4a7a3599746cf42fe8a0e7338181b6e5

SHA1
163fe862cd28ea0f484a6c44e26c6cf78fd55d33

SHA256
1171eaba5c69fc70f803b3b9038d0b9c0bd40ca5e79b4ae1dc064857fb94977e

SHA512
e3fbfec802e2c57e65a005627aeeb078dabac10a9eb13dfa3adbcea87a83411526522505a4a6cba05e5596cc0e2b51ca7831437203bd16ae94a335fe90497c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
767e50534b4a88e23d0a5e4d5d5fff9b

SHA1
3f78711626ae55b7cbb0e1e5e080fce828183ee4

SHA256
4dbaa2d9e21df6c2fd9ba780fe94bcaedc49aa1de5455362e4ba84c1e4ad7e74

SHA512
1b50ec1457705a996de160f8b2b53a1b061418f32ab16dec509be5cd949a4b8ab7813966a94808c434b89ca30936e7b19b597048125a78d6c126bfe6cc405dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
667c8b65b5a83c13f1f97ae21136e925

SHA1
5526d5976999600eb409c914d06dd2f6f4da6d35

SHA256
9043fb212e2f28b867de80b2e267e3cc2470b9159ba8b6bf7765f69ed17a3313

SHA512
a4247b1fee36a7e8751189b3da584c189a3e14360b63330d8f16cc9d18b23243ff3ad0a97af3c84f09b5a964f37edd1f3aad4cc9c2a267ef71164c4614b3b684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
35cd751a3e0aa456b810c9f71508bf90

SHA1
b04b54033b980b72c148683b72445b23e5696908

SHA256
f39959277248535846bf9195fcc698e677c20fe9a720f732ff056a31b40ebbe0

SHA512
7f9f4cc4fe8e0749daa2b813ac265776648c04758b5c9136bd37843d1db604914c4745ab2e0b9624d4c393d15a22885ef5f53b645182061bba75fefd8e1df119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
43e63593cc4b64afce7f2bdfd0c80ca9

SHA1
5e9e53ef8c70913b2d09f00cd60452a571909842

SHA256
b488493ca5c95642f11a94d8fc8bf9d572047d04d0cda7bb4f6d87ae69606765

SHA512
221703dbac7c8032940548e17cad47a33d9ace6f57733c3384b16ab818c6f70fd637b79165eef8c5f2c574b1d1d18a4db4981c29f7070cd94126ea7944cb7de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
5b805f2d346fcc2abf9a4c5ef93e63e6

SHA1
81b60c8f684c785ef139979f2d0c0fff9cedc34a

SHA256
40500e1b53f360447ab58a7f5372625be54728bf4f51763f1c065d6a2baa9ce6

SHA512
a38168a9bbf60ead76b7ac1a5e6ece8cf4c87020ec73b75dad70912b68724ee4f39c93f852f7ed591f17793cada50eedf8c2b2719a9349a0c7efde7ad3a86251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d6f3186fc0ebcf386a4b6bd844d1ace

SHA1
fe815371b7a25e38831c119cf7552f16bcf282ef

SHA256
fe5ea8c4de546e39e7d2b9afcff79f1d66f9c79e12b2428bc8a67043d2b6e0ce

SHA512
b88d9a50fd1625759c9086d52786ef3b08ab5c7a1145aac0e8b75a5f58143a8d2b6dd38c229187c25330dae63af67cce7bc7390700d1ce7575e039e2e40fa82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
790fd44c5796ea466837968cc163cc67

SHA1
faaf50408d71d8dda61fb54eff4eb19c3e8ffdc8

SHA256
236617af99013f228bf58e317d048cbc0351d188d5e79df1b329d969c7b66dd2

SHA512
21b71b50e33ff6f163325e57a490b7c3c67c5aa8c235d9533b7c8350030dcadd23b7e024db7cfcfccc144f56f4869bba2f2dbc107dd905903b415dfadb6944cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
baf416d3b55522211b4c0015d5b62573

SHA1
7e55fbbf2db0b6ae4f06b9a2e439580329d41d02

SHA256
877eb02083c1f5d05df0ed02508d6bf3b7b47b35aa27964f9e204ce29fa82cc2

SHA512
f3564a723b5d18a0cb6e9995a47c33373ac966009fbf4eaed5da2aed0cd7605b6420910d6e8e98072fef6e74d87ac445f8345a90f35ecef21b587e3faabc5496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b130a0c8e251a22603881a06bb78ed18

SHA1
e2fa2f2d457ab2140a36b5bf7faadecd7265c2a0

SHA256
12a213bcc8cdadf1a873d7be95c98b8c68d6b10ae64f1aa2eac9e10bd5753b45

SHA512
f75c9552b7b26037fe3afd1494534ab2b0d39aa37e9304aa54553a381738c655c176afeb9984f5f1a24f141f450f88d6beee895a3bc86c792e238ec6718e0e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4c9d8db033ba56bd6b50e74c1037b77

SHA1
96241fca2fa2748c76de9f36d7fcb95f7c658686

SHA256
690099c4b68ab7d289267200fba2d9976fbcf4bed783a8d0ae90610968b924ab

SHA512
5a9302fc3c94cbd0d0b80cb5be17bd6b5229ab3f56dc9533e7f246e50b2522dd5237f02421128160300124352a46a89ebf608d2411bf38e4c5a208b019853731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5937c2af682ff93cd192506e0b6f8f7

SHA1
7299f1d21af43559e986577f1c945934a414df41

SHA256
d3d13806e14e073ad02e07068f063f835e9872a64b9d96ab59e3789fc7607f8a

SHA512
ba14dbf9cec5bf9124503e7ee670ec9fecafce350625eb360ff27baeb2e814cd3a28dcc7cf1732d3c426a791b9ca3a2f51596f5b2f8b8be3797c8dc40a87f591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f17891e65cd760804fe81a3745820e80

SHA1
250904567effc853723e8d56dbe86ee72c43bc52

SHA256
49ff4be1a7ce6401dde88bd5623b4a300ddfdbb8d5790458170ddcbe9166756b

SHA512
7e9002bd0f0b537e579fb273dac8072771ce61f9c1ed3bdcc75f72308f9b977c36923ecaa7e4515f5af6f8e20294d3a18f64f5d6a473d9439f52d3bf55127b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f18251cbb20fd2842f7b712cbefcefbf

SHA1
6a76482468728a8d8b1a0d6125ac88f393bd5550

SHA256
dcb33db3e9f8524c9ee84e0288a802bf1e04be3ccabe7393e85124e37751ce02

SHA512
22760dc1a2f17aa57594536b87ab44ced91b4b180e52a260ca6708c043d39c84d9ad59f6492e64432626d5e0d165533cf53f786901e6fa78167a904ec0042576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
999f95cc5cda2e4e2581cf8fcdb06932

SHA1
a10d8787bf2d59d59697ab6519a5d2f596b95cf9

SHA256
4fdb0217495afb669f463f8d4b1320cc8b9b46f26c64c805e8630834307f193c

SHA512
9c572b2f6d3370770c01576cb97ec1671b7c3016dbd91d1ee0b21448f587ee515fdccc197cc90161914f04b7d32e3c10794482272eb92cb81bd197da9be5a25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
319916a0b9dcda72bbe1ea25123d7fba

SHA1
12c68ab3b919eb7d9afef3117533ab31ff6627ff

SHA256
f00eefd1db77a183957c360406525174c932426757f08240416325432545227a

SHA512
38c257e7c3ccbff9d20cc0600024fa94cf73960e94f47c9a3e5bc50075bacc0bb59805bc62fd69a8ebdff3ec8ab5721fa2b33997a26887ac569e0f6c170335e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
744e8f6ee31cd2fee6388cdca7767d5b

SHA1
32a16e3fcfda50b4795e48f087279f68b7c83cb0

SHA256
b3c11f060b958af7c5d0e6b124085c2265a5233aa792474481ae5475d5070e9a

SHA512
d59d23edb40b7307a8b9318cff5fb1a8609afbf2e822a37d75c91ea13732dc159bb0fd2db82d24afa5da35cfb6cfaad3e8cd793fcea598ba5b7fa66ffb7ef36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
303a37e07f07b3dd316b509f70da5a61

SHA1
ce53f32c23fcaffcb2eea3eeba86526f2d67b93e

SHA256
1ddbd98b134199e5145522ba68e293b1c93272d71fc6482b7b1a989a206cdcc5

SHA512
fda9de66f91af46d5411f49bc2e651f6de8befeb8c176d71eb7172babf8ad317b6304b49b3f0943185a50a5a11d4c7d6e869d68d9b21e1666473d6f682537f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
43b59076905c3e764c669c86c45f2303

SHA1
63990328e736295944211e933c5642e19f55e1e2

SHA256
9ac217449f1d329cf6f624beb376a922ae12e6ba735117234aa6f0db041004ac

SHA512
faac5223a6f3c8c79a6dcf86eb817e8885be1d6d1a057607a9aaeabe6cd82e9e0c44d4a9499cb3d4229fdbabee64cc8df79544d7fbac5e3e6dbe8feec20f7305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c3b72e9a15f23d1c97d4f13e21d0a88a

SHA1
c64d36595e3353e77c477daa666c236865e68371

SHA256
3e6f9e44d78137a6cd382198b99337f9dfe9d511361950b969f1045d6025d6f1

SHA512
05565f1def6b5da575472d667d8bca2c6e6253f7ec35a3a42bcea5f7c4b159a3cb5d200e1c42dd28685afbb91a3e4a1585b381d8b5b36647772532300553763e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cee98ce10bec70a164bc4f63cc8e2682

SHA1
3450c24d6bead42c1a875a7a8e29b096b3814561

SHA256
1164d7bea496bf6924e3ed88b77a7424748ef23455cc638d31a00db99e39c041

SHA512
e232f7900ebb6fc6447c3502bd339200ea9da69cdce0aa48673a8b2ff10925b54da5916151fbcf2f78e51e07eae6f96b735cc4659d17520cdfaebc7f51f9def6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
ccacacbe2e8370e216040f0ed19d97de

SHA1
0d3dbd2c1b6e763aaaefae01ebc7109a815e74a6

SHA256
34e5b1b33fe33275cb7baa723123618f2e95c49e9137cba474eb7869b44aaf07

SHA512
4edd0ad2909387a94d1794f7b7f60e0a7598f0894342acb993a767408aaa0a26ae81524764b6b54a260fb1ceae7d516d36d6572edbbb19e59e11c60cca099a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
8e6893a78d42c0aa2f9b9978c9ff241d

SHA1
3ca1ca0519f8c292cd37db5a9a285b792e0ae7aa

SHA256
9da4ef50a063d4e8a7916594acdce201d9a31677809e809b367b90298b23cf7c

SHA512
0eaf7599416860e346c6b858e563d0035ee9a484961fdf264d822127910cd091d4d0324fef30387dab425ad970bb43e3eccf73417ba7d19644818fdd3ff7d6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
9ebfe51798876f92bdc623d9f26b6926

SHA1
0a0f5ef6f95ffbd6278734744bfc4384ca8b2dc1

SHA256
a030c82a0f72e26752f83cb5f16d6113ecbfb53902c7091d930ea3f9923fcec6

SHA512
43c9b06cd82b297ab8935693d1ef5351141e624591eaaa4b27d8571d80fdeffab00b10ff055a80d48cce2bdbb1f0b40220d33d620560d9aeb36212fede79ace0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
f1f33f096951f7e40e6fe41f724db8f9

SHA1
ac06df46426ef8c9af96483c421825cc035681ff

SHA256
04cd3a8ab5a50a9264d1be4e7523b503c7d34984263810070c8a2dd568d3ebf0

SHA512
b9e019d44a0a37c608bfb717fb4968e8d2e2bf27228caaddd2a2b818f32fb3a89c544743795d8eb714df82851ce4a038503c230ab22625b524baeacdb34893ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
ff10918ae9bfd4198b0e6be18937d049

SHA1
c1db71b08fc10c82edfb9fc34ff28bc5e6c2abc9

SHA256
c0c00c22f7c9164a7683501aff12a15be87f4bc05b7cc43b972bfc0b518cee6c

SHA512
22ce382578bfffeb8f715635176ceae22f4fc1a07aca5bee6bc0e921f434bfd42842f92dfaa2ec8e03b868aabc076c250cb53ee1d62658c41eb32374bf19c1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
147bd84ddacab1676a0262330c867f24

SHA1
1e91faf7b0edbed2558d2035dc489ddcd7c4aa72

SHA256
61500dd7a3ea60697fa9aa57766ac43b552c41353bbea54bde9ad33a5161b40c

SHA512
b3b35d77700d7299768c58fc4363c3df876e4141dbc5e439fc46cbb275325c125201deffc6923e465b6948f10aad55bef9454cfb88fc72161e71401ee12445fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
a8068b9a9c6b776963382681288b20e0

SHA1
c7dc5327d9c114ffad0b2e50fe5b7b9049ed3d30

SHA256
faa7fb4ef821bc827e8c1d71cf51b4c9e9e88627bb930cc78851489f72f149c2

SHA512
7eeb4c8aaffab8dadf1ab4ecb70889d6ada7ecca94b36a1fb1f448bf0d5f4615aff8c933998f0c654a823984e3921dc39aff8c6e8beec7850ab38fb448af9058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
d2008b46c369dc3690e1964ae25c0fd2

SHA1
b3fb8ce3ab7d4d14be797b6c1946673639caa9a0

SHA256
c994e74aba98649b94c5f7808e49a47dde401f649ccb218d0368bfed6d0b9135

SHA512
a7912b9f67fa5b582e2ea0147f40a2e02e091be59e69be373b0c23d1979ea86df4c438bd06b747bd983ac7d919b3e0b4d04cc3b2c0101a919fab3cf2d7c3ebbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
078e1fa70983d5762f3706242ab23b13

SHA1
67185a658774114bd35fb7eebe5a704ba1b1bbe5

SHA256
4bff7c1f849b0fe83a44b2d862b806b6c07ad0187a3f37cf592eabeaebf054e8

SHA512
cbd36ce65e6fda2c7b1a020ae7e21096900743721c17642b90ea4f0fb571816790de2282a36b05e2cb663ebd8f99f17f364659d8dde4ebb02705d2f9846d2e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
ed625884b59882e913ef7860d066b85e

SHA1
71dec115c5738cc1cab14f00d03dc3a3d2f47257

SHA256
0d7da33bb69bb6dc105e10fef75de80dedb3de128cab42741db636d95e2520b4

SHA512
659c4e5822988fa97b44e2711597f78884fbed90938404d40c8d5ab8af6d9f965bc780766bcb53753e03a683e23ed2aede5a7f005188d64a2305dc0507f40662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
35448d7de46c517955170e03baa29884

SHA1
44074ac8a411c58926c89fa8838bed23318fa11f

SHA256
9c0aac0c0bad8bc53acf12de238517f53efa45aeb463d9fe3143d52596b66a5d

SHA512
80a5362a8131c3cc14a8c3f11c45e7d4e33e3929ac4b15b96e88ed279412050c6f32615a4b008f7b3bc6c90b0772ea23b3e4da970e2f59e3ab6f599751ded625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
fd2c2de2acde11879fa674abd37aade4

SHA1
cfcde02adf8ef69fb7e2c179197a0f916a536d69

SHA256
e8ea232fe3e62f7a57789220628fca856e6df5d697e7e6376fa7cdc46e821785

SHA512
ff6aed59fda5ee6d116fbd99a993d8e326f327688939b9838a400f02f62bb448ee973fd07883fd2df4d6b4b6d61209062c2134fb07ec2407f209c4b4a55900aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
78ea74c079286813368a0fdaad82d0ac

SHA1
f7e0d9b0ec70a091ae168664cdfabc12e0f28e8a

SHA256
3c664765b28cc5a3956fb8556815f3200a84af37d7603631cf074ef78fc53e3f

SHA512
8c79e2c0c0dfc61bf452523603202cfc6e312a8387c66a5c71e0308fbd7591f98b2877d83fd15911a75be7e3b4d1609fb55d066604ebb5116fefc8f0feee241e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
2cb96ec9990a40fe05b83ec39a76a20a

SHA1
ce257e04ee041763199a2868cdf40e47265f56f7

SHA256
5b374aefe127e9c20d51246480384c47b6a8faca88cf2ddf4bcf152ec559e82b

SHA512
7df9f7ce65691722951703ebbd49e2b8330929dde11faf6d21e7b71dbb7a5a56ec4f467639dce4fe83cf7e3625d7a8acd82d793d32194ca5d9ea49f05e958174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
5ec45edea47d0a6bcdfd94dbac1c0588

SHA1
27edb5c5064da5ce7db8f4a1371acd64cde6a847

SHA256
4f9cad354b66853affb455b9337641d167d5bdde36d14e70d49efd236fbf6cde

SHA512
51582ebea18e9f7af8b387841637f7c57b5f30f49ebac9ea838d409c297cc0de745cbeb07db1fa950adadf6bffd9ac878c087b2bd30e551e0bda0cf636e9b6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
5c29daad75cdbd71c86bc93f3b541f0c

SHA1
3190c43ffbee208a6cc35a9112aa072e6203ced7

SHA256
b5606844714fbf662030a4f6e004c9975e443cc803bd3210e2a67f562d7d4d42

SHA512
8d9654c34dc2681297051416241f79b5b2c0275adcb9b0e824d9c804c899fb88c5fa1b988db2146507446590c8820bd597334d165ad6d945fc61584407637df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
22d71493632a3f6ad1f11010962fc963

SHA1
df95584757870de86c47a34d27e1f2547df359a5

SHA256
95396166bf0ff62366615509cc16e62a4a2ed784786ee9b671d9248594e22126

SHA512
c2a5e564b4dcd0a9c5900df98640dd16db098161356bde0677dc795f8b48c33588a04fe46a3844a1adcaed63ab62c79a398268ae2c4357be6e8d4a9efb8e6222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
6f6120bc2236ba022b7a5624a5b907d7

SHA1
b615d8f393bdd6c20af86d3829acee20a4c22283

SHA256
55b1458c29ef463108d446e9664ed1dc723d31d431f2d6b3890de4f2ee62fccb

SHA512
face3cc2b90958ff6cecdb791859cb06627be5b187f132bb36bcfb783942cf04be49be917ee1f35b0e4dc49657a89fd8fe3754bd6fbe046f1fbadab5a7f218c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
54ea5cccdf79a7ec2609d459cb172e60

SHA1
1f2f2337e5037f4ce178b0b4d5de60d966698cda

SHA256
2740067f727503664f7672b311a21dec4a78b1db7ea52d89f4ec401b9acccb5b

SHA512
2e5e4dc46b456d9f29586ea10bc0a65f35d22f687e6d26ef4da1ba29b13a3cf064e0d7b906e678f9e11a88237ea57075c06a39509a8126497e3fe772c7a76b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
122KB

MD5
606769fe78140ca701cefdf8285f1edb

SHA1
b44af097912d3b26276a9df508c7a2aee39726c9

SHA256
88c542daf51a278a538082d9664ee0b3997b5d811db8f86d948b8da2d33534c6

SHA512
5f76d236f0b1c3fecf1c56ef0d94959513c7716b08c3b3992d48d8b4ad151dd05f431f9d5bdb498d7c53bbb56ca657f815e2bbc7984c3348b5f05570dd107b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5dd573.TMP

Filesize
99KB

MD5
021652a16b0a27c300099b3ce461aca8

SHA1
77234ca06bfe39b21184dfa6fb69163efa95a5e2

SHA256
b7398fc7bb36ed5d3d11522e2d70212f0f8f7fae2abc2df0bfee68715be87f72

SHA512
c9d94db57e503b026e32f37c63b21c2d13dff3cdf41d0f58650a32121b9d7b35b88f60ff0c6220c4aa003a84e8c2bc0f546d5edccaa274e5ce466cfb0ae2f109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cf42eeaa12d1b30b6c39116a54382b0a

SHA1
b9271294e8cde779528c4a31a5f56d7fd8e49587

SHA256
21f4f76c549a155b6fb43d65f34246b00b8a8dfdb49743a7f5e13f12af75fb93

SHA512
5f01343178fb416e71de1ef22a90431e14a911e11e810b61b0664c0d877b0400f3c3f409ecb1e01817ae740fe90b7f3b61b1af3a3c6cdd86c6ef6537a8af4f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
364a82ef9964c62d99d6f8c7093a8522

SHA1
eb9487ee4a31b549a1d96dc32f7ce1fe5133f57b

SHA256
21c00f02ca1152fac6adc9513b1a813ec5008bba50b614ef9c6bca510ac73a91

SHA512
954b16072c5fff54513a66949b457b5c59acc3e220295d2a82469d08ab71f675748eacab3d587482dd030ecf490eeb73211aba7289f36a95a3b8254d6f0c41b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66cb74400963de937bc85b21312c6f57

SHA1
7fca668847be7b24e5838f2f71f1bfdf007303a7

SHA256
49071e82aeb0aa5e624e69ac9b7f1f20d67d9ec6e2ebb0998da4c3f6fb0e3aac

SHA512
ac24388bb1c5d66ad9eaa304f8ee0c8252f9c914550ffe066a67637c08495d00e55bc541875271b29a1134ec97ae459a845906b5cf42f9f490b2001ed4ed2444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2db3ef14-3123-4d81-a05a-cf7a58780eca.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1e7f4132c979dcd5201e3dd22d86f903

SHA1
b2c2d3f69cbe49c00e5cdeba253791706cfb834c

SHA256
743208b54b7660b2ef90e8bdc3c34a7111aab19172edce15002066749d3ee679

SHA512
576e11ce4e80a4ecd09b6b9d00d8645d310cb93c15b179cd3c9b785126c2ae6931100d556f0bf8048fe4ac17ccf69564021bd5923de6a651ccfded0d8e4aa961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
1c02aa2e7507ad11bcd4b865e786a741

SHA1
5253b41fdc0b0ff7770105c16d3a3733bab7a206

SHA256
f81cb74b876ce97a8f45d633b8929024d410fe1fba646eea7c10b83b141afd7e

SHA512
cedd1e36cf7a832b4232327f55645a66a4ae504c9511f10edbcbf4e605076e0cc7d44439c625c807b1f99bf5f642bdf4a1f8ff758238dcb7b7c9919f5ee26a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db943a5b6ff0686c443a0dc021c49935

SHA1
99c1e95e0d2135c41fd638c83573242b6b228a7f

SHA256
c53e69c22fd604c8a41a813c2d27c8cf56cde2f4d17b8422811ed0650b9661d2

SHA512
5b80f0fe3899b559d302a45f7f99346ccf59f036dea758aa6e48e3870c577fd539767ff309dd67a4483c26063deb0ceec7088c79505bb7f34c527a82c0c6e142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3adff4f1a52c3030914a6f0b9053ddd4

SHA1
cf364f5ae24dbde361cbc0180d2d383691090249

SHA256
b27486673bb5b6e2112736c70c3977375a2a3fd043217b5bf0a2eca74c525021

SHA512
a75e2a0c0b931de7a0017cae5dde803818a7bdd96740751c241b7ee434eec2d45474ee383e23f4b93dd5045875a01b2749c0361bb94b1c1fdd757d4b55b480de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abc241c35aa1353af856ced08f673a8f

SHA1
eb3eb9ac0c966ce31e687b1554dcf1fb754ba5f2

SHA256
91eaef35fb007a597d09579c44e1ddae2f2c2dc7987ccece32443012b9845fb8

SHA512
1c84853f11ae2ddb92d8afcac67440a2f099ef01419c6f0bdf1243333bad3c3aadbfc31cf278a106a2bd2dd84f0b8fce1d2401a2e4fa7ccb2c89f1aa21b81eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea918ce43c53cfee714b0b07145ab69e

SHA1
e3f2f311958da9edb56cf45ef157ba7276fc7b1f

SHA256
40c36a631456d4f59baa0e25fbcb4fd7f3d4ca202d003f6113ed0429a327305c

SHA512
ec41b313a55e32aa3575b84745e374df028d1b9ad486028ea65fdde907d254608e02d929826304a871b1ffdf2ae50d170b8e2b0a91b819fcb089efa11b73c8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7bf98a0c06337e30493819dc21f06768

SHA1
fc6232b8b7a6cf36e81b5ce3f2f0d0690e8f07cd

SHA256
3356e24bb626b8270b5a0c312e27c718e45a3bdcf95ba814fabb09a8cc13f68c

SHA512
e6bbefbccd3b4c43c213adc62218453d1a660fa28e04e318af3d89cf0bfc8ff2c1b804815bc6d45ddb00b5439357d7a8563a7a3e75bb3a4c01c09f29e78eb3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6160585151e4d337b1d4522373fec312

SHA1
eecd784c88fbfcb9252bce982c467c6181984f25

SHA256
ad94afa1e805c94b80251ec323ff9bcb7ea535f36cc95cef25f7bb5666295f9f

SHA512
20fdadcc91af8e2c2f1fbb0dae859b49ec03df87fba7a4d859a99ca478ec840ffbcd06a4a9ecd218e051f078454c5f101a8dcce5bf89b4e9d02aac2877ced8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8996479a4b77b124786a13f7bcb8f625

SHA1
3af59cf6aba179731a69b21dcffddc9cfbff3d07

SHA256
c35b7a29622daa8ef53fd3cbb18b8ee16f04c67452b142861a7c12ee308c1611

SHA512
e3579d6347f15d48a94d0cfeb864c12d2c9e789b0cc0230dcb3612d4957fb4641d3b07c00af12d283355621ca4d8835689531b6d8ef7f140c070815076a02c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d86b2502d5f11e0a7f2cbf5d319a3b21

SHA1
8e9c095a2c5d6ecefbc1ed3413bc33be96222406

SHA256
1b1dbfed4284589a5ce1144ffe09aa866ff818cf47097884674ed9a6abcd8da3

SHA512
7a391617ee2fb3c5ff6d8bd8f9d9bdb197fb40c634c74eb9bc48b5203aaa1c102bbab1ddad2574048ae0a42be1a61f703865d9c258332ba326c7a2157f7e677f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e0b5dd9bb8d1258e5e647648629d3eb0

SHA1
d73c8cd7ecabb61487ef20322c0ed96db6c2a8ef

SHA256
5324cf21ff466c67bc74eee0e05f6c4ed0a2bc44cfd5426658457d62ec0ebd29

SHA512
62cc1a6e0c7b8fb572f825aaa5fa81dc92091c9ed4cb8037663e7101eb092d09ffcb7f1d326f0fede82b7cdb22ce5adf2b9c95fe9b9f9852a7660e9446128240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e848bcc42ac42d1a8c51342fcbc8736

SHA1
37fe947ecbe056bd6481a776b7f10e1d4fddb1d2

SHA256
4290dcdbe1bbf05aaa855f9e12d4528008a757354c83ed8b9b5ef6cf211edd7b

SHA512
75008bec5d6ca10146890b7fc68ee024fc4e6093f92c96524f5b22c4bb15456b99e2ee16da1015965358c0e95d0d7fed31a74be45309d3cedad844c2ede16514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
614899d84b15b4e035fec961bed5c875

SHA1
493e7dd34f7d0c6fe14726f2ad617114475661af

SHA256
613d31825ac8020a58e5696567bbd1e62dc79704f65d1fe36ca9534ee4bdd9a2

SHA512
cd87a35c9053ff5f84d64468c51a0b6b157ff270feda05196824975272e3b0ae8430bae98c30504484f1bfa32bfe7261bf79d23c627d2ed2b2c3cb66b55d6a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1ab37541ad90e4b0f83c4abfe1fc450

SHA1
62b8c22b56479645453065cb3de3f2e73b1ef822

SHA256
2f6b0833312b7fed4f29bc21584ebec7fa2e4153ca9f2cebb28cad0ac86821e6

SHA512
b81d6ee91c005323038c587761be4e9f768a8422418bf5235d9b891f5cdbf3d41a2a82c0906e352c907c473c8ae8a5892d5d08fda8d7fc0c3972a77a9c515567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
880cdfde4767db27d76767ba86425626

SHA1
caa33d7d14d4032fff6d27cf4d4773a0e7dce09f

SHA256
1f30682dd23ee783191a7244def22fad223b2feca224e224071f4b0e3ef4db03

SHA512
78e32c0f20426e0b8b11aa1c2e9250e23c98460fef9044842f1e89bab8757b07ad335e296df4a3e57482c77443726b36e7d9513f4f25ac4207cdaa4c373a08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85064f11c60a0a774469e22bac6ad937

SHA1
dc4fac0ccceddbc4737fd13287590dbca0312147

SHA256
df01da2386b3be55ea57f57c20c1f6c473d8e7d918e6a2139206ac691f8954c4

SHA512
1b346f9454d06d6973a7a3120e861dcef5483873989d8eb3bf9d4440568e861ea712e37b4713409ae2533cc3750e380379a13483d8a611748160b2c2926eb19c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml

Filesize
97B

MD5
0dfaf78473f3abc4592af5efa3697131

SHA1
e726b34092196e52e4bced2e1a91fde0a4bdc5c8

SHA256
fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

SHA512
f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15

Filesize
36KB

MD5
7b4b9fd2b81ce798f3b31e585fefbd06

SHA1
9b10727f132e741089047841df048fcadddcd9e0

SHA256
3eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7

SHA512
2e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe

Filesize
36KB

MD5
33cf1a9ad7e502fd7c2de69a7da48801

SHA1
a71f1a144616eda1ca60886843fae98703417a0b

SHA256
f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0

SHA512
edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{261c05e3-0cc6-44c6-92d7-9108283cdc8f}\0.0.filtertrie.intermediate.txt

Filesize
12KB

MD5
f6cc61b9ded8a8e01aa4f23a98c59cb1

SHA1
a4891689ae842aed44b8592aa17b656f82e93ae3

SHA256
149cbdd903fe5f3499eb1a8ff63c7ce79eac7cad1b4080d1e99e8f99c11c28f4

SHA512
65e3fd657f926907b9b70765f65c302b696878f076b1dff96fad2ecc607b2f98e8886a6d02d48b9e47217dbbf2115c542fcf3af711cd0ceeb985ab1a94160191

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{261c05e3-0cc6-44c6-92d7-9108283cdc8f}\0.1.filtertrie.intermediate.txt

Filesize
5B

MD5
34bd1dfb9f72cf4f86e6df6da0a9e49a

SHA1
5f96d66f33c81c0b10df2128d3860e3cb7e89563

SHA256
8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

SHA512
e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{261c05e3-0cc6-44c6-92d7-9108283cdc8f}\0.2.filtertrie.intermediate.txt

Filesize
5B

MD5
c204e9faaf8565ad333828beff2d786e

SHA1
7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

SHA256
d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

SHA512
e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{261c05e3-0cc6-44c6-92d7-9108283cdc8f}\Apps.ft

Filesize
17KB

MD5
94abf38cb86186012243ca61276e967d

SHA1
875175aa525e25e1075bfbf64a7654d14367444e

SHA256
1278c245b7e48189eb25ff94718849a0bfb910e9a7d03b69946bc94bb7df7c66

SHA512
4375068241601ba2d1b5627b1bf9c324a4069db005aae7c7b9175e5d34c9a4e4087c01fa8bb8f5a7d3b0a4a3078d5b0d9b2f7e02a59aa53be44ddcafe98fd154

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{261c05e3-0cc6-44c6-92d7-9108283cdc8f}\Apps.index

Filesize
958KB

MD5
e380c766f9b298e477bd6be73c422a32

SHA1
84993c2115b94e58bfb1b8468a8842747a75f167

SHA256
f6bc31f6421b2f41e70c74293d13251ba6d6c910d795eed26293218bfd91aa8a

SHA512
5a0954f3e31d4a39a00c2c06dc4c002abc9036554201d76fe7918f6a4cd1fae0d80f87fd3a68d70b0b6daa6ee2a338ceb58154e02960619ab330c3488413c5f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133436815384255465.txt

Filesize
76KB

MD5
852fbf8cced31c012f1ad4c5b29d473f

SHA1
f9dced33eaf8330bb38c4c475f13e8232db58420

SHA256
68f24f6eed5af2eaf58ab71b170ca39a788c242a3ea4e4c2eabb34b6925fc609

SHA512
0971821a87367e716f60dd77cf93bb94d6aefeda3831775e65874de1e0a7fb0f396ded89264f8efc151444e4d47ed01771783618e83bd8d67d9e0b95168e2a78

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133436818993554654.txt

Filesize
77KB

MD5
bad003aaed65b43375b424c61cacf1e4

SHA1
606e13ae2673ce3f681b6265392e75f40908b145

SHA256
7528d15e9b0c386fb7de5d63c366ccb41b915cd2e9474d80b17a3e4439c9a223

SHA512
e532aaf02c9d05bfc179be9acae62af838e3af97942a946f1272a2f093c4543a35cea278fca7dbc09b665c2008ee19be3a0ec39739c12cbab5dc1de652172a2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml

Filesize
97B

MD5
0dfaf78473f3abc4592af5efa3697131

SHA1
e726b34092196e52e4bced2e1a91fde0a4bdc5c8

SHA256
fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

SHA512
f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml

Filesize
97B

MD5
0dfaf78473f3abc4592af5efa3697131

SHA1
e726b34092196e52e4bced2e1a91fde0a4bdc5c8

SHA256
fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

SHA512
f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wondershare\NativePush\wsUpgrade.log

Filesize
941B

MD5
82002032fa2016d2e738692d7607b50b

SHA1
47bfc3fa631fde30b4d2c697dd4ec5af0fd7f688

SHA256
944e78d74691375bdb7ffcd18642bb028946e65c8c2085c5d7747e9362457368

SHA512
a778fbf9e6ca8c6afbd2f51f3ba9586ba1f616319ac62b4fd6744e4ccfb02cc3c0532a7ee47c547b9dee3a0f0b7d66961dc5e4b18a06c216d31de78a57e1ac30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

Filesize
3.2MB

MD5
1651b6ee1ae7f5fe602b52e1f39bf874

SHA1
faf14fda4db5e365f13b61d251eec6d1b1b95b38

SHA256
e47c9cd96ea18c968137f9e4189a8e4c6c6b54278f765ea1d49c470d058eed7e

SHA512
c580a281b570af0734a27e5d924d243408403086968b4bce6366b3aec93496bd3628b14952967f07e75faa8cc301c9fa587335617fa7d5dd7d2f466527f31923

Download Submit
C:\Users\Admin\AppData\Local\Temp\_iu14D2O.tmp

Filesize
706KB

MD5
a4a1b98720fa70874d30de97f079f516

SHA1
552e09860b9fbf43cea58e8e54c23b9c6af7a326

SHA256
6ae8ea4912a59413c78768592bc379d20483bc77a511a75c3cf11cc67b5886bb

SHA512
644c427f2e58ee406118c604ca314e41ac3ff655b6ff577419e34036136a1df55d6231167e5d1d5b38b7d0d150582c3a4aecefac05489805d55d81c09e3b3db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
879KB

MD5
c030204614acf37528aa716939e3fbd8

SHA1
794a95b3b7c717dcb021df0fe0f1569fd4fb6d48

SHA256
f93a03df515c11aa343f7dc346a5df6a9539f386fd529c40fb7e9147cd2c81ba

SHA512
a42b4d93418e08cc91b77fb9969c45df8611e90eb81b308f6442ace153398f5758ab9441c411ece8eaf63e813fc67da472754bb40735db654c17912267c90aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8RM68.tmp\Customization.xml

Filesize
195KB

MD5
322ee8f6a3f3ef7d071745ffed2d4599

SHA1
2e54d1328651edef37acf66a9aac48fe63fbc6e7

SHA256
5b4b77deac9d2055006599bf5f9803dc835293803fe6829ba99f395f11398abf

SHA512
a9c7298abf2d228da1270ed538a728e26b3be21e82cd9a7dfa1acdb7f88bca47c2e70f55a5b9c63772be6d9fb45050db4e95225772349fd06c994a032821d895

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8RM68.tmp\WS_VersionProcess.dll

Filesize
112KB

MD5
ffd6fb9845892ae75d587b8596a62bc5

SHA1
4727584e2d10aa9a5d10b761cea4f22a7320a341

SHA256
b8b4d5a02ea13971972e0222573fc3cc3d3b2e07e97831b07faf680c5a66fb78

SHA512
e5affe102895543acb5c6f13a00950384e8966c8931662ef43f2d4bd1aa6b5ef627d8abbee4062ed28f0398ab85dac0611b9c7a03b8a46dffc608998522cc06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8RM68.tmp\WS_VersionProcess.dll

Filesize
112KB

MD5
ffd6fb9845892ae75d587b8596a62bc5

SHA1
4727584e2d10aa9a5d10b761cea4f22a7320a341

SHA256
b8b4d5a02ea13971972e0222573fc3cc3d3b2e07e97831b07faf680c5a66fb78

SHA512
e5affe102895543acb5c6f13a00950384e8966c8931662ef43f2d4bd1aa6b5ef627d8abbee4062ed28f0398ab85dac0611b9c7a03b8a46dffc608998522cc06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GGN76.tmp\WSHelper.ini

Filesize
4KB

MD5
c3d37313bf465f6145bb6f9bd845622e

SHA1
1a27da4300e997e07da73f2916483862f9fe1fa4

SHA256
1b74775c8d88a46c6f1727029a4acbda6dd9cd1bf5298a3746ce104e0da8f8b6

SHA512
4e92ec23d618e8ef2559be1c5d2cb243e2eb074aad86ffb338e3584806953efdd22856847a35bdfee1aa77756dc2b34f526777bd6fedaf5e4b982391d31ad2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GGN76.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SG6RG.tmp\uniconverter15_64bit_full14204.tmp

Filesize
1.2MB

MD5
0943ea38b9e8be25cb68b6c4e9378292

SHA1
c70e7330d9853af2ac5a9d390795759cd30f0d0d

SHA256
4523126eb9c7a1ce5063d2abfa11e5f5b214e6b4aa9e3c824d05045ad98c3188

SHA512
2df03b69869ffd4c2fc82f343faaefd5d262e54da7dc6aa401f432c38808f1e6d0400cf43440112b37085fd9afd06142d2e4b8b417cdf341e1e725228a97d437

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SG6RG.tmp\uniconverter15_64bit_full14204.tmp

Filesize
1.2MB

MD5
0943ea38b9e8be25cb68b6c4e9378292

SHA1
c70e7330d9853af2ac5a9d390795759cd30f0d0d

SHA256
4523126eb9c7a1ce5063d2abfa11e5f5b214e6b4aa9e3c824d05045ad98c3188

SHA512
2df03b69869ffd4c2fc82f343faaefd5d262e54da7dc6aa401f432c38808f1e6d0400cf43440112b37085fd9afd06142d2e4b8b417cdf341e1e725228a97d437

Download Submit
C:\Users\Admin\AppData\Local\Wondershare\UniConverter 15\TryUsePrinciple\TryUsePrinciple.xml

Filesize
4KB

MD5
3992e4dd29483ea8a62b1f014e7a904a

SHA1
bd503c5e6a91f1d1900ed59ba2c1cbdac35fd900

SHA256
319c3d7e457670643722950ac5c1dc08d420a209650fd62ce2a9040721c3cd5a

SHA512
2b495d33ae94d663c82af1d3f61ae75e692b3148412413af029fee1a8da48fca0b01dd952bf0b7edef7f57bd58c93d06630dc7b4cf6d4e6a2fe20c648271bd22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
aefa90666612f14c512b35d6081c739b

SHA1
07c0eae20a509f0ec7493d3048299d6d55b7f554

SHA256
f1c16571cfb0eef35f5d2cf8b318c314ecbba556442999359157ded2562f52b0

SHA512
f85454e56411c2a94192b5b77bcad93a548daf1e0f49459cd734e1df93cb32b2d5bd7b24ec96a012adb1d06d98e34b21f983daadc2a7636dcdd9ac347310ec95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
ed1114c4365766b477474be195c2a68f

SHA1
fc8d8641948dfc499477f5bd7430a8a1a4d61fed

SHA256
d4cc95fc94dbc6b9911609c150c98ecf756f54c29635b427c56b6ef2969249d6

SHA512
98feebfda7fd0ea2eeba4c44b2ad7cd730c18713c56ce44cc679c46cdfa476a7276171b63ecf18fd532a1f6ff69d7071ddb2cbf524b3d5194d5ec290e24357d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
c9546a943efec763b30271bdf03f0e71

SHA1
704aedea9cb3d7ff63121aef11204e1dfbd19d89

SHA256
eb8cf023c5332880ee66de31be92e9421a88875ec503f575e3942ef0e909862a

SHA512
73b9c626ae87dcac6490f2a5f9bc975c7c33081d812ab9f339ae6e3749c759b14f062a744c791180ed3f187277024acce80730013785f2a7ae30c4bf886f79eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
6d0402e0c720da4724f71a5dc715f94f

SHA1
b69cfbce762914f9be6e2b6b5fb4c5a5649360d7

SHA256
b168abab579394d361642c4d4dc467f01467da2c71d84dd6321f5df82da24b7d

SHA512
1fa72fffd6ae7301738e00d1f151a72d6d2c3d74c7a73a41f6d186fa446577dbb6d9c642dca981944745d7b111477a7e3bba73f36f85ca9b191f74f36b21800b

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\AppleiOSNames.plist

Filesize
35KB

MD5
67dec0321e35f207aa00cf4fbec032c0

SHA1
49ebf07d6e1cd1f9d0dd063cab5f0281cbccf8f5

SHA256
66d0ebd66c3734be8a759cfecb954ab0d64d32adb42ff46f9b829f9fb986450e

SHA512
fa5ae2e0e22f0450ac6a47ac951a3c288a1dc8f870286a33f63eecaf82d4ee4b285b3593abe94caafdd07ae6a4a77e6586afdaec63aa7e280b4c3b1a0168ffe8

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\DeviceInfo.mapping

Filesize
711KB

MD5
3a037a9c9ab6b9372cf4480ffed25c4b

SHA1
6b74a37d784fada60a8e083aa80f9e28a07ae2c9

SHA256
681031199a372f99f0a283dab6accc642b74aa5f9ad3b44f084007ba8fd30f94

SHA512
a5b2b862a25e3c7e5c1d1631a10f550f4410047cd4d970d823c0621ebdc16446bac6d6398d385231e42133ff2460ab3ddb1282854c599c8e9de888a4bbbcfc0c

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_androidusb.zip

Filesize
5.6MB

MD5
a253ddee66bdcb03b08b15c831220b12

SHA1
70b7b9512ec8b7a03bf3cdb94bcf4556172757a6

SHA256
5a9abdc75dff968749b6c64407c9e39a036772f39ea619ef12d3c5ad9ed03105

SHA512
e7cefdfb8928ebf45d3b8b983270efd1b09bfafebbe9959778ff98bc79da0422a8b2375d7e621c0b5d8a7d239fcc61fc071425c7bd71acc7ff26f3a19f267e91

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_appleusb.zip

Filesize
3.5MB

MD5
fe16a38ba51f64c653ba39893c748044

SHA1
011156ed5627afb948ea06130efaa5d65ea66fa4

SHA256
2347c6b73267ee35ea62eada7e9cdefcec6c3dbeb8ab8bf32414643661d9db50

SHA512
3cfd846817dd7c5d60adbc9842e825bbcd82294f9bd93acce33d465e3c9cd45ed76f945598eb0f70d176cf8ad8c2b3e873276b9884f5858a4dd43235fa1eee1d

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\driver_resetdevice.zip

Filesize
44KB

MD5
81447f93aba874682c33f038c2564d9a

SHA1
166b77513e0e82007133e48305cef1ab759d5b38

SHA256
6fafb7a4ce1670b8eaf523371db369474166a73830c24442cfe87fbd98642a37

SHA512
ff13b5e196f3484eb67e16760f86eda4c81bf9709e3a6e17a6d46a9d71f6061b55850b31d303f8a1af511c98455a5edc4894dc0dcc3dd7cdf410861a7b6f3982

Download Submit
C:\Users\Admin\AppData\Roaming\TransferSupport\TransferProcess\Drivers\iTunesVersion.plist

Filesize
9KB

MD5
d45ecdd40078b6ea9699720e22bf2ffd

SHA1
5846b1ce642736c46f8f0164d4658b0370383d38

SHA256
4f5dc4aedd8c2dcb3af00f40ae9fc9c56bc0a1a0fabaf342c2e80c3e602e2875

SHA512
a43344bc4e0912287a87495d762853b7250c77623efeda63f10a1d784c54ff4a4e2e42ee3226d71e0ab81eee9ae359546bb867ca734aa6bf22f4b29bde83495d

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 964509.crdownload

Filesize
1.5MB

MD5
e5788b13546156281bf0a4b38bdd0901

SHA1
7df28d340d7084647921cc25a8c2068bb192bdbb

SHA256
26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd

SHA512
1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

Download Submit
C:\Users\Admin\Downloads\Wondershare hosts blocker.bat

Filesize
5KB

MD5
1badb991805bba70d8cf2961df21a758

SHA1
ec15fdc9b882ab0c10e6084d41eb33c031479281

SHA256
e7abe9cba625863dc43d9aa7c12f4a422d59bdb60cee67904d54b122365af89d

SHA512
6caaca7aa7ef76b6128424fa3a9bda97b57fbcc79d5fcbeba6819e81608a91653b831d12d62fc3492fb8306abcc07fe9f9fc37dd9e92b6187a73f50796a0dc29

Download Submit
C:\Users\Admin\Downloads\Wondershare hosts blocker.bat

Filesize
5KB

MD5
1badb991805bba70d8cf2961df21a758

SHA1
ec15fdc9b882ab0c10e6084d41eb33c031479281

SHA256
e7abe9cba625863dc43d9aa7c12f4a422d59bdb60cee67904d54b122365af89d

SHA512
6caaca7aa7ef76b6128424fa3a9bda97b57fbcc79d5fcbeba6819e81608a91653b831d12d62fc3492fb8306abcc07fe9f9fc37dd9e92b6187a73f50796a0dc29

Download Submit
C:\Users\Admin\Downloads\winrar-x64-624.exe

Filesize
3.4MB

MD5
15596b41dba42cdcce4f677fbbc86b6e

SHA1
1ed1e69e72028150f8562bff5ca1dd745874329a

SHA256
377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79

SHA512
d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
7c5e6e1608abf52e54d38fd4d487ed97

SHA1
429d192c9b3de3aa584cce96e073867f213876d8

SHA256
b658e900644346e9f82c3692cb33a06fccb554e219000a7b3b7faa1de0b7676c

SHA512
32171a4c6d066bb30ae6491ee33fb6b64e75f9473c760768efafd2dee2ac5ed3e80bbf6a02ef05787228c934dfe2317f9749cba67e6349e73458d79d281f0a28

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
8706d266cf989fe8958bf3c9dd1113f8

SHA1
f88cf14a632296985accf61b21ba919fd49ef45d

SHA256
b7cf0ad53bcfa1912c6a25fa91b58a65a953042dada2e0196baddf044ec15a1f

SHA512
5444853a4400f5456936249b625b72c04257470f7c93296295808b33308363fe30c24590236fbf1223dbc91f69b7c85341f0a5ca084bb27e16b895b5dc4c6ca7

Download Submit
memory/908-14680-0x0000000075750000-0x0000000075844000-memory.dmp

Filesize
976KB

Download
memory/1020-13161-0x00007FFE13F80000-0x00007FFE14921000-memory.dmp

Filesize
9.6MB

Download
memory/1020-13156-0x000000001E960000-0x000000001E9FC000-memory.dmp

Filesize
624KB

Download
memory/1020-13140-0x00007FFE13F80000-0x00007FFE14921000-memory.dmp

Filesize
9.6MB

Download
memory/1020-13155-0x00007FF4C28B0000-0x00007FF4C28C0000-memory.dmp

Filesize
64KB

Download
memory/1020-13154-0x0000000002110000-0x000000000211C000-memory.dmp

Filesize
48KB

Download
memory/1020-13157-0x000000001EA90000-0x000000001EB1E000-memory.dmp

Filesize
568KB

Download
memory/1020-13158-0x000000001EC50000-0x000000001EC7E000-memory.dmp

Filesize
184KB

Download
memory/1020-13153-0x0000000002160000-0x0000000002170000-memory.dmp

Filesize
64KB

Download
memory/1020-13143-0x000000001CDE0000-0x000000001CE2E000-memory.dmp

Filesize
312KB

Download
memory/1020-13141-0x0000000002100000-0x000000000210A000-memory.dmp

Filesize
40KB

Download
memory/1020-13142-0x00007FFE13F80000-0x00007FFE14921000-memory.dmp

Filesize
9.6MB

Download
memory/1240-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1240-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1240-13902-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1240-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1240-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2116-12847-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2436-13139-0x00000000722F0000-0x00000000728A1000-memory.dmp

Filesize
5.7MB

Download
memory/2436-13116-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/2436-13115-0x00000000722F0000-0x00000000728A1000-memory.dmp

Filesize
5.7MB

Download
memory/2436-13114-0x00000000722F0000-0x00000000728A1000-memory.dmp

Filesize
5.7MB

Download
memory/2644-13113-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2644-13092-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2644-12892-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2884-89-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-81-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-91-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-79-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-92-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-80-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-90-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-88-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-87-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/2884-86-0x000001A2DCAB0000-0x000001A2DCAB1000-memory.dmp

Filesize
4KB

Download
memory/3644-12843-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3644-12889-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3832-13165-0x0000000000540000-0x000000000054E000-memory.dmp

Filesize
56KB

Download
memory/3832-13168-0x000000001B200000-0x000000001B210000-memory.dmp

Filesize
64KB

Download
memory/3832-13167-0x00007FFE13E60000-0x00007FFE14921000-memory.dmp

Filesize
10.8MB

Download
memory/3832-13177-0x000000001B7A0000-0x000000001B81E000-memory.dmp

Filesize
504KB

Download
memory/3832-13185-0x000000001B070000-0x000000001B0A0000-memory.dmp

Filesize
192KB

Download
memory/3832-13166-0x000000001B210000-0x000000001B29E000-memory.dmp

Filesize
568KB

Download
memory/3832-13191-0x00007FFE13E60000-0x00007FFE14921000-memory.dmp

Filesize
10.8MB

Download
memory/4436-95-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4436-141-0x0000000000A30000-0x0000000000A4F000-memory.dmp

Filesize
124KB

Download
memory/4436-173-0x0000000000A30000-0x0000000000A4F000-memory.dmp

Filesize
124KB

Download
memory/4436-176-0x0000000000A30000-0x0000000000A4F000-memory.dmp

Filesize
124KB

Download
memory/4436-77-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-162-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-78-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4436-172-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-94-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-146-0x0000000000A30000-0x0000000000A4F000-memory.dmp

Filesize
124KB

Download
memory/4436-145-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-184-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-119-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4436-159-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4608-13184-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/4608-13181-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download
memory/4608-13192-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-12908-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4980-14855-0x0000000022990000-0x00000000229A2000-memory.dmp

Filesize
72KB

Download
memory/4980-14856-0x0000000021690000-0x00000000216D6000-memory.dmp

Filesize
280KB

Download
memory/4980-14691-0x0000000003770000-0x000000000379E000-memory.dmp

Filesize
184KB

Download
memory/4980-14692-0x0000000001E60000-0x0000000001E70000-memory.dmp

Filesize
64KB

Download
memory/4980-14693-0x000000001C1E0000-0x000000001C208000-memory.dmp

Filesize
160KB

Download
memory/4980-14696-0x000000001C370000-0x000000001C394000-memory.dmp

Filesize
144KB

Download
memory/4980-14697-0x000000001E000000-0x000000001E102000-memory.dmp

Filesize
1.0MB

Download
memory/4980-14698-0x000000001C820000-0x000000001C830000-memory.dmp

Filesize
64KB

Download
memory/4980-14689-0x0000000001E20000-0x0000000001E32000-memory.dmp

Filesize
72KB

Download
memory/4980-14707-0x000000001E1F0000-0x000000001E202000-memory.dmp

Filesize
72KB

Download
memory/4980-14685-0x00007FFE167A0000-0x00007FFE17261000-memory.dmp

Filesize
10.8MB

Download
memory/4980-14854-0x0000000022250000-0x0000000022290000-memory.dmp

Filesize
256KB

Download
memory/4980-14688-0x000000001C830000-0x000000001C8E2000-memory.dmp

Filesize
712KB

Download
memory/4980-14690-0x0000000003750000-0x0000000003768000-memory.dmp

Filesize
96KB

Download
memory/4980-14857-0x000000001C820000-0x000000001C830000-memory.dmp

Filesize
64KB

Download
memory/4980-14858-0x00000000229B0000-0x00000000229C8000-memory.dmp

Filesize
96KB

Download
memory/4980-14861-0x0000000022970000-0x000000002297E000-memory.dmp

Filesize
56KB

Download
memory/4980-14687-0x000000001C3D0000-0x000000001C56C000-memory.dmp

Filesize
1.6MB

Download
memory/4980-14686-0x0000000000BE0000-0x000000000154C000-memory.dmp

Filesize
9.4MB

Download
memory/5192-13178-0x0000000004FF0000-0x00000000050F2000-memory.dmp

Filesize
1.0MB

Download
memory/5192-13176-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download
memory/5192-13189-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download
memory/5192-13183-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/5192-13174-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/5220-13088-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/5220-13094-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/5668-13182-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download
memory/5668-13179-0x0000000072410000-0x0000000072BC0000-memory.dmp

Filesize
7.7MB

Download