Malware Analysis Report

2024-11-30 05:16

Sample ID 240521-k5yw8sfh6z
Target https://youtube.com
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://youtube.com was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Suspicious use of SetThreadContext

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Checks processor information in registry

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 09:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 09:11

Reported

2024-05-21 09:17

Platform

win10v2004-20240426-en

Max time kernel

333s

Max time network

334s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com

Signatures

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\setup-atom.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2368 set thread context of 2008 N/A C:\Users\Admin\Downloads\setup-atom.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607563594719384" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4428 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4428 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,13922128239668387219,7127474122369206843,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2c8 0x45c

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffd308aab58,0x7ffd308aab68,0x7ffd308aab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff62652ae48,0x7ff62652ae58,0x7ff62652ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4980 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2040 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=872 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=2068,i,2446231343694571298,16787532546728971619,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7623:100:7zEvent19106

C:\Users\Admin\Downloads\setup-atom.exe

"C:\Users\Admin\Downloads\setup-atom.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
BE 64.233.166.84:443 accounts.google.com udp
US 8.8.8.8:53 84.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 226.83.221.88.in-addr.arpa udp
BE 88.221.83.251:443 www.bing.com tcp
US 8.8.8.8:53 251.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 uncertaintyrestsju.shop udp
US 172.67.150.170:443 uncertaintyrestsju.shop tcp
US 8.8.8.8:53 museumtespaceorsp.shop udp
US 172.67.184.107:443 museumtespaceorsp.shop tcp
US 8.8.8.8:53 buttockdecarderwiso.shop udp
US 188.114.96.2:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 170.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 107.184.67.172.in-addr.arpa udp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 104.21.62.60:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 femininiespywageg.shop udp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 8.8.8.8:53 employhabragaomlsp.shop udp
US 172.67.203.218:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 60.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 63.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
US 172.67.131.36:443 stalfbaclcalorieeis.shop tcp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 172.67.197.146:443 civilianurinedtsraov.shop tcp
US 8.8.8.8:53 218.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 36.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 roomabolishsnifftwk.shop udp
US 172.67.146.92:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 146.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 92.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_4428_ANPDILOKAIFPKHQT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a936c513f88c48b7d2027ebf0fe80eb
SHA1 9d4cfe7776e8f91b6ceaf2f8e2408e5e21020080
SHA256 7780ceae0d36784a933c4427165c6571050b2681fafd7f7081c769964510bb93
SHA512 c872c9bf6f2742f330077d71c60c73aff7056f7f6399edce516f0f2e3e410385ecabc4536d97a7998ca92d78bf6d578021afd006ed33a76ae022ae8bceb55818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 67dd50e60512b6f79aa543d2d8ede01c
SHA1 0c12f1d6a6410dbba8e50df590ffb8467e07191e
SHA256 5138ea317d91e395e45f4b124b83e7738341e3c905ddb84483b6aa05052ce497
SHA512 856d885ff2fd7beec6cf6921bbd1064f77958d3ff205d37df0b1653bd31fe053b761cc94228df7500eb40951a68521230117d6c683ee481cc2e7ab37d48137e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 14a6ff8bf36fe8d85b28c936b625e78c
SHA1 75c0e98338787bde6721b5f69797492e7cb07c4a
SHA256 35e38f8a7f12d56a70f7e643ba1a217eeb63a40f01a711f5143104734c54b335
SHA512 bca54e8460a1965749ee34796ba6279524af9d6c5260b11b9b8993f4c12c63a75109e92c21b38c327780aeeb7f7d1949d3eb1b95d40524227ed5d7f18c1c492c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9946c28dc83c1b728bd335551802b097
SHA1 898bef0eadbd0968efb189b77c57e0137fe3cd42
SHA256 6b393706a69422eb55537ba4a464b735110d9ddc4e33fb4674affcbff73db112
SHA512 b762a4950bd4b471c45f6e82bef3c6e0d5ba2b9f29d96245426a796921a4099f236178730392fb1998cd157446ff4655088c67300ba3b9138a7f76f6404b49fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1f6f49f7caad06d5a6f52b2d4e16e5b9
SHA1 21279afe7dec574d11a3e377e7279d55219fa58d
SHA256 0cbf77b52df338fcc5835772a605ba8d201cee6823062d3e80d13bfc0f5f02c0
SHA512 18d416cb30bacd6d670c2c58226b07c05a8a528b40c80b031e9a8a2769d882e9bbc95bf4be7b5f7b30f7e110d54ed186225183b974f10735824448d877e1b354

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 34104d32bf61785def52c3dd2582c71d
SHA1 fe7aaa53d64ae9213b0346ea75cc068e7a62544c
SHA256 6f1aa9d443eea7d9d74646eb815f2378ec84d20654f7707df48a766c8df56679
SHA512 19c50103da6423b80f13a809697d813071381d840b9124712fb4f4e5551ea0cceaf6ff7399c03b872d6baf5cf69f7ba67586b33c3f562bdaf8afac494612852f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57511d.TMP

MD5 e7231e4b57f636c8dcf8a5eadb3283ae
SHA1 b162ea152426ff12a89b703e23a6bdaa3373d2cd
SHA256 94ae30cc9cb466889de110b925f5048794071afeed651da87714265df912cca3
SHA512 8e05ca5a21efbd2fae18520c115ce062dd2643d8ddea8d57be5944abb716af4723900466ad9b7b785b4b29790c58ae6a3bb1c606fbd370e6624c27198dd7e626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c769faf374b4e83750885596dd8ecc9
SHA1 d937556d705eca6b217d9795e833703abdf359d8
SHA256 15952e2e207f5d0a6f30c13ab0632e16fff656461f307e778c51212c295b2afc
SHA512 8f0b962fe285395c387a9de195777cceac854824eb3f28d459c19fe2e922a07ade31cea6dac1572d0dd4647294e57f3e4f28e89e476697a2632bdce0397e0038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e4400aa81051513d22af33f93c4bfc5
SHA1 2d8d5bd68cefde99129d0135050ee27aaa787a8d
SHA256 a4abbf484d9886ee0ffbf322ea723b57f6d7e45abec5cf5e23237788fc5f18ae
SHA512 d204e2abb3c978b86327bccf0b05be24c59b905a0f1bf2165dd51bf145dda477d332c84bc3df5cea292b12c95c6c7eb3d6812378d017f006312fb99479d159b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dc016e32-841c-443f-9d8f-e8232c44d244\index-dir\the-real-index~RFe57513d.TMP

MD5 2daa3286b450f0994755a75b54386d3d
SHA1 6c736eb3693ffc1db893f613a7c2264852e2b764
SHA256 5888b738de4cbd25d41f29759bdc05bf3bebfa32d6114f611c8df0800e51e927
SHA512 8220215d9b57758b72bdd6cd27d8b0b581a1aca0eea294393d87eec208d09a8cb46ac7444194f77803448a92766d61957a70da61677838f73752dce91f012f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e210e97f25791bfef61114955ae4256
SHA1 6f5bf1973ce2c911429cafda165001d67585a7f5
SHA256 284234a8a2c96e84c3a9afcc988a5ad5e50d974ccdcc0c15650f1dd7566a91d4
SHA512 e202eb7ef2cbf5c0d5e942b5d25511da8251d6327f392495abd6f6f12e4ddae27637ba768dee6d1241c0e31caf6d6dcb7d1c0f9577a603345e60d0fef88cb7c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dc016e32-841c-443f-9d8f-e8232c44d244\index-dir\the-real-index

MD5 0cdd1d38d4bec2fd08dbaadedb8c0cc8
SHA1 b978efca9e0d3a332a6a99ba8a19dd360d1bf679
SHA256 ec7527961eece2aec3bffdd6141bfca1273c7ecd2ed3ef9909e7837683add713
SHA512 769a0b6c0446189ea28e18781761524a70237edde6512f1b1a3b999cff5200f8276de34450ade548da640cfa4266ce2ae005793b4517a89d2f6283351ccad085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c24733472523603809f5280d0d2f6f4b
SHA1 823e56cdf0836b41f3496594cff7f0d2162fc85b
SHA256 6ea959d93aea253b7cdde29ff51af668b0e70d951fde3b45a259fe94ab6db7d5
SHA512 c2880c4a4eb61e16a70b96378178a28655f431f01cbf0632969a09c766e3a42df22336020f24e0cd353bb34fea0e52d2577e01af695a7d052ccb8462bb7c8558

memory/3596-346-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-347-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-348-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-358-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-357-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-356-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-355-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-354-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-353-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

memory/3596-352-0x0000025BE50D0000-0x0000025BE50D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fc4642953a2befc3609da68939206a26
SHA1 1f2bd91db091ce4cc75200914ee98dacbd5db977
SHA256 7846c013fe34268bab0829888e660bbb7cd94a84f37f787245383efc52ffbcad
SHA512 9be793181738e196164593e4bfb0017002836720ba41627409ed8224cfc3d87a8effb2ce3f18bf01489e53b60056b564c6dacceb91a9ad6ee71d6a35eeedd44c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bf56073e586ccfc941d4f9fcb3faa2e2
SHA1 52e10761ad2ee0fc69d50c9400f3862efa53723d
SHA256 9ad26c5ef2a1d01d962ff7afe559703cc2221b0f8b8a811c6627592068b9ae2a
SHA512 ea0887208d037c11664c1b27cfff9a98cad2a6fc94b6deea7d14363f7159c6e8cc8f59edd025012cfba8af5e8288b0bc067777696442fdda6bd616cfcdbcd96c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb036eb98127921d0de159daaca258e9
SHA1 6d3c6f07f6cb3eedeaf68be55b70064309e8dacb
SHA256 a29827a714ca1da5d698d344bf8502075ffd938baceb60dc3190c8d0cb734830
SHA512 4d4c6805fcd511c97ca3922b561445d1e4da4dde8807d61dd4a3b9f3eb63a6d1b7f25dee66b9ed9fe82305cf9a035d423dd4e20cfa3a93fde0d044a45c807b78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e77396da7348df8a8bca5448b77a8f0b
SHA1 ca7703ac9bad00a51443ec739eed45be3f83b4ec
SHA256 482faabd48413e483894afdb0461db419b7a8f37ffcf2128d385a7830634f807
SHA512 169068d83b08b090e70c5e82ac2919e92afef8b434e2eeb37404544601100bd05c8d11eb1231eec2edea44f2d09d3ee4b0b83307a332b1409dc7b6b20fa357e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bb693cc6e31c1364ae96c25312fd9990
SHA1 e28c3416a4a33ec730d49c77d01ac4ade63a0431
SHA256 e41ee351fb8c6adb4d2f2ca0fbd32b5c2535cee0f7f6c21ea74444238e3148bd
SHA512 02d3a6b3c62613b4d46192e714e72666ffabf2d0030b3cc3299211181f1eb97d6f0bb4efc97ac806e16be49742fb907ea254ca5773f7441a3fdbc737bf58bd6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7884d3fb144ef346341983e2a462b29c
SHA1 744e5ec752b7838f62ac33d55a1814ae7abcbec1
SHA256 9269941413e185fe390d74fc79d4d6aa3328bf503a9a854bac2bfe060289d08f
SHA512 0a05cbbb87cd7feaad8afa9ec35f09a6377c87d56bab714ecfb95147ba1c95a32207e7d2dd067082f0944f5f46611bbad60cecb72b83921336bf4ec09cb8cb42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 66f10245cfff83491723d4c088c82bc1
SHA1 b3d7e31649b848ad5e0b6f4680f0afed7f2c52e0
SHA256 a9e448b5fdbbdf3ae8a6130a46ad79971ebbf83e24cdff9ccf4eef232650309c
SHA512 08c888f2a4beee4f9a54c1efc47d6aa39a6bbae626b2db9a61fbad60b09c7f6b5e8729ceac05d0ad44553e240ebe4628b6a67977eb75c1d510fed210a9ace0fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588066.TMP

MD5 3bf4b5ec54a78617cea68dd88bf9f309
SHA1 cbbccd7e00a3524e95555a880b73bd8acff0e932
SHA256 06c22e07c501158a4a01a50b44fbb3b5cc814821b141c8c74ff611f7d3e04d21
SHA512 e5cfe059b664371bf951e3d900f3929a2a2dcbe9928700b3a109f58adfa321742fbf2f91c37dde32fecb801ee7e207783baf2e965f22635b09036a200380f618

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240521091239.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d52ae63afd3dc24f3f298cdcfe45fd8
SHA1 5b20a11d163d90109827926a20d73e10e77c4e6b
SHA256 4ce7f9bb42f8f4dde6963f811fd740a39fd3f611172950e1aaf55f50ee1b3f58
SHA512 7db4639c88bf73e6d76d34eb81a2a702a4c309e592333681eb42d0dd4e44ea1106ddfa87044fea8f9f349eec851c9aa3466a0410e76d853325fc2f88a18b6b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bf28b66f653dc94432619b76e1174a94
SHA1 7eddb7cb1f356f6f1a25ca630be1db0120e6535c
SHA256 4f62d94568454d413142ec7bbd6bb576d58fe73e002025ea79f080805b081915
SHA512 16ba6fcea53ddc480c58d32e5fc03fb1d53c5699bffef10f0f54f77d9a640ae2ef8eff1c2fae45541502944f355ff75bd26e6c317bd08c393f3bc27583f4c1fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 24c0fa49740a056421813923f87dc577
SHA1 aead9221c59dcc697d777323834f54dfd434299c
SHA256 78d58a074a6a4856d46027f4ed30fbb88d4e111019e8e977b036f2655e9f2258
SHA512 2874bc1e8a74e54eb40604f8c308050f359987061430076a42791fb02945db01c8d86965cccf99ac244364c911e181724ebd8b357d4f4583fa4710155c5cfa5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac7295fbe622670c292e6accf9e4ede0
SHA1 afcf68d6495c6ce8530235cfd625259b144c4ec9
SHA256 f90de02a9633ced342d118becbb7a437ea78b2d795500c02ee77f4e21c1573eb
SHA512 5ae50378f5e5f097e0de4b9a84698f119a8a9451a4bc22b355911f0c0e37ece2b3a241855fe4bbfa7dfc1348dbcd44e48e5b60ba1d953449868333de110014df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 0f2b395cc63db1bd8a5d093e558cbdd1
SHA1 833d0657cb836d456c251473ed16dfb7d25e6ebe
SHA256 f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d
SHA512 e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 13c12dd8035a11f88f36de3b9dc964a4
SHA1 25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6
SHA256 f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171
SHA512 7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 a5bb3bb3eda1301f6ac876a49d4b2f62
SHA1 1786309cdc2fb5c1d29cdac00dbdf13711f19f3a
SHA256 316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35
SHA512 f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 8da8f594510ea8a49c0cdca09fa89aac
SHA1 ef53c97574f8f31b785d179aaac65f5a2355d405
SHA256 0390a6ee7f795b5cb37da672d8864fa56c09fc2df9787b17b17cdf22e3f05c7b
SHA512 559cd341f9e5c108a82fa98cc08855cef83d35847fd3eaa3d4f0944a44cbe030350632303af714656e2e06ffff91be8565586efd679f06dcd828809d77cb7bd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7826bc2f0227b627198424728b80af5
SHA1 ee4db50fa3df8d35d4bb9e852205f361a459145d
SHA256 90f570a6637834841ecbc215fddafcfede5b357a1cfe7fa1a194423e850972c4
SHA512 0e72592a0918487d1919d6f5d37d641d6c45455d896892b3234f024413b62a13aa164b6acaee047ae0c18192ad61cf1e86f2de00c99af3a42fb0762279b4dbd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29b2a1b173b5bf5d3b0d3e4a4a4025a6
SHA1 b8ae5907c198fe4f618ec3cb593943e4d74e01c3
SHA256 a7968c7e62d9a6d356ed71ad66403c7e5e8c9c6ab4a463a0c281f27ea0be6b0d
SHA512 9b1d96818c72db35f9ac5cb9de8e80d30f97537ac4d27d501020de94166b9bdcdb46472d8d2f81c5f76f3138e747c88119bf962a9fbdaa94d3102228c4edbb54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5934d9ac38a3b4709cab0e83448afb9a
SHA1 9c6314192fedf3230b516ce730bf6f41c36b9916
SHA256 47d32aa0f96af5b4e5210e5b676e26978238f288147bdc080c507fdfe151536a
SHA512 8a6e17cb53dc58027af6fda8e93cd2a3fe40c5ae51db56b91530e0faf498a1c57e8ab6e96eefff33913cb0d80245d9c00ed49725bad740c651276148af8abc6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f1afe98746a35839e1a033ff6e37e3b4
SHA1 a12360c110f6adab69e699a39a4cc841aedb1a39
SHA256 fc95f3157d6b757911d65f19863ea6f9e90cae717219643dbdbfbdefef137460
SHA512 16861173cb8d5b9f38a8153292f4053571fbfb21cf367d230844112bc87ac09c3938d6276dcb343873d3a5ebed7df608b24c81f739d938c9f5583818672cad04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 54660e796697411f86f2a1ddad25bd9f
SHA1 bf1972f97eee702633c3d61b5384cbbf7a1d55df
SHA256 96a77036abd053da2c03151ada470765deb41e45ffecbb9bbd965d5fcbdc15a0
SHA512 b1609b8e78418ced3cf4b3858d11b50022d275255bd7392e4e140884711af00e9a0d3b5572c8988d715b3afd81ede48db7d401b246de114f5a8db87a2544794b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 418cd71f2399813071c1da481342662c
SHA1 4b84a0d41c6d0aa7b45d04620a5f1d6b27a6de51
SHA256 6f95d9f0b376a0319cfb0c5e6477fc36ea36e41ef9f0dfda3f40b6924162fe2c
SHA512 a745956f687548a8a108b7ed0c4b2dee3c2dea5d43a214848370fd2dbc902951a4330703bdcc135e388611007ccccb752d6f9c850218af5d99d248a9f49eee2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 6b528d140a964a09d3ebb5c32cd1e63a
SHA1 45a066db0228ee8d5a9514352dc6c7366c192833
SHA256 f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208
SHA512 d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 69df180bb4202300ebb00bd373d91eff
SHA1 70b99ebb575e0b387b02e9e73b31ef26cfd94662
SHA256 56da7eb804d8eb2415a598a2acec8f57045b885f3bb0ae39b28624e4032d4d6b
SHA512 eee24b136348f67bfec68c7c75dd278d2cf63fa4721582345d33f601f0494beed143a7c4e3e90c2f615ddba26bf314f15eada60194be15a1f19716068f2c3dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 0b1dfab8142eadfeffb0a3efd0067e64
SHA1 219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c
SHA256 8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954
SHA512 6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e48b37d276a960f97dd45fef4f7a1ab2
SHA1 326723beda86b194f32a70b9dd073ea60fbbc6f5
SHA256 cfc929e77263d5c5379f0d0a3a761a2b06555a9ced552e9e45243e69be3758f8
SHA512 bb96e7843682659c472e02800b7cb110afb1b02a3fdea8d16cce325636e9809481a73cff4c95dd58c54522cdab8fadfc8e0327449994a1223d13eb8d65453da7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d4a453d7e8a46398bb10abb7e526aeee
SHA1 139b7a2deb0bd2b54e299f56ca6c02697ec189ff
SHA256 484e1ecfe3aa96db307e3599f307334c845bcb11ae95511c96b8ed683b8eedb5
SHA512 3b71aa4e3b724e11c686c5bdfa4f0a2075fdceb47999904a727ba4d47a1e79e33db2be75b349fd5e55374e2fb52ab0adc6919c98024569c713977c33b8e2a7c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e188aa04b997765f3903d949748bf2bc
SHA1 8361cf7d9c7c81ae09e8264932da56955059e7b3
SHA256 1bbe9446fda0282f5814cce76db8c0db450e52a805351de021726ed55ea3b714
SHA512 139c8c1a45b92a8bee72683be0a91b46715fd5fb0e09f00299446c8c5d1e3c75bab7d5e99dbe363b95457e5b569ae49d2165042116e23010542dfb9fedf1b367

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cce6dd6cf12f794c64af69870ad55251
SHA1 c9339c3c0a31eeb94a124ced85c468bc83829a53
SHA256 6af59721a0e3d3ab0d99e5aa8c7d49ab6394c0b9ea293e752f99db80c8b75b70
SHA512 5fd515dd474723581b3a1f0732a030dc63dfbed628a06b0c3a281336be1342a4b4fd0c11a134c9f8f7106a2dfac39ef906ff25d7eb6a60a934c5af296ede05c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7903febbfc441328dee8f80c9fd28d69
SHA1 24698d175182d90af6a15e079cbf0eb694cd6553
SHA256 d2f711f519336cc7fcf4430a3f55a338be664cd865e7d36ecfaa203530cd4f4b
SHA512 ef09556988d5307d93b7e9006a87745e2cb3beccdf515e09ae8eabd375cb08c68b01e38bb3c479b7a1165d7f961e9a131ad8c5fd0e4def8e73c21908f378dbfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 002236ef6559b29927616f29635cf621
SHA1 b73f161a2307fc0c87528dcc6155d889a7688323
SHA256 7542c57bcc08f9f0af131e17de2abc2b16e5aae8d57d5c60d899d8edeb3a61be
SHA512 8059d4eb1a2071410d394b8562d5a0f48885bd632d324b13c6a54beaf915fa4b581d25a33a35b1757c78a3c078557b09e4e49a922655758afb4327a97829eada

memory/2312-1211-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1210-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1209-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/2312-1221-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1220-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1219-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1218-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1217-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

memory/2312-1216-0x0000021EC80F0000-0x0000021EC80F1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bff943196b30a3894b6476c8fdc1fbb0
SHA1 07e3cd2ac559fe928b94a019149bf702e002f7e1
SHA256 74ead947b863f7e2fbc90e06b2ebe3c0cff64eb7864dd05bcd2a799f6984b73c
SHA512 b44675decdd1cad7ec2dae7dd6e95ae44ef65ac4039a3da13ec4be1864acbdbb0f970310eeafb787e3a2baafb02f75b5760eb46c256e3558e3b875b83545c417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 30afe5b100298c63126982673e63dfe0
SHA1 543efb91c35ac5a9c8ed98ad383b14047a400970
SHA256 5ea55786f1ab77365fec1adbce02ca90c44a93f8620a288ab53254af774f5ac4
SHA512 98b9267a63ed0ae2afdd168e48edae44e78710f8cfa79676f65a450f3a10136fd144fa3d9f38ee3b5327ba084640af200a8335e8f695f1f6fd9c1ca99d37124d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 842f5766ed5b381523e9b6c5f1a7e863
SHA1 f21db6df35b6f57e5462f1029b00b819cecedd87
SHA256 a102e09f37e2f764b5edaf9fbd644a8df59c563d9bd2f35f88367e4fe457279e
SHA512 5153fd346d323430829ebf203ad59bc5f48d2f2f534cd2842d42e624e11aaedf8d83f59c6b27c37b95e4de65d8ed3002e0f82b11e6bf4d083d8b1e51c2273502

C:\Users\Admin\Downloads\Git_softwares_v1_6_2.7z

MD5 a3d5683a7e8fb86b1a27dba5ba624fe8
SHA1 623eac7109139ab6281e6e29c11d87b1b37464d8
SHA256 cc36df79d3c1dc95209c1277c28a2cae9025a5c13b314623256cff749c6af37d
SHA512 f47af80b4b3d0cd28be1ecff37cfaef04d7c26242ba377f20c2abbefdb562f1d75ae2e95113c8ba5979de4f6deb1af1350685edc8b8bbbef6fe93ecf1a56b870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 989d7fa74bd13b729c8b371a828011b6
SHA1 ad36ff273abc04576e6932c4a03a9e5d3af285fe
SHA256 c965d327605ff8686eddbdfa1cfc0f306ea224b718d54fa3d11b5696909bec62
SHA512 4907917b641def2e009a5403e3d1ad7dac727c152a90389c6883d8c054989f0593ab8bc1c50ccaf45141a512fb1b62bca7e7eb2a45be610bb87ee090d14bd608

C:\Users\Admin\Downloads\setup-atom.exe

MD5 67491539eb84db54ed00c7556ebf455f
SHA1 7faee5d2db69d6399d6e3dabbb8dda11e2746f5f
SHA256 d75f3dec7d32ba8facb7f33d4ca39a4d9ef2286760662dd3db2aaff6830574af
SHA512 3723e7ebd65d432feb7caf29539d3a67d2bedd084ecae53c2f778d9c35b73273da1feae10f2e047f79dc40940b0e302f256c02648dd0b53bc37aaba6bcfec1b1

memory/2368-1294-0x00007FF6DEF40000-0x00007FF6E0887000-memory.dmp

memory/2008-1297-0x0000000000CF0000-0x0000000000D48000-memory.dmp

memory/2008-1299-0x0000000000CF0000-0x0000000000D48000-memory.dmp

memory/2368-1298-0x00007FF6DEF40000-0x00007FF6E0887000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8111389de51cf3b7a1cccb1f9fe82797
SHA1 0914f577d6b92ade0801fc6205977d9347236678
SHA256 45828dffc34cfdc7eee396ed7a8a1a7a86a6757f71166ec149cb99036f9efbaf
SHA512 9ff6a388fd49c0b58d72f270e09c2b9d520d67654f6c4e0eaa772f0196caec8a51d988072787e058f2d931ed0e912221898f47dec522dc5d9b86b24ec5eab5f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 ea48c33e2560afec958fe8c5396344bc
SHA1 2d83e09c5784df5c427e017cd312606df8e5bbe9
SHA256 fe6b76517c4f221c3241886d04702bb1ea480827d335ad37336cea28dd9c4df3
SHA512 3757c49932afd3eda89619a96572cf6d3f940b69d499ab83c6c14782fb320fb6e69681a33e8d9872e476cf697865f1bc358a01627ea455b3d97ecc772cf85d0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 edcfa09e7a1dab475a9203a940c416fe
SHA1 048fdcbb3200afd7dbda15b94246f6acf00f8873
SHA256 10d021116292f209c4270815c80f74c556ab826faa6b06aa57dfa339ba94f895
SHA512 ef1508851eaecca47b3200bb8874bcb16e398e06931453a3cacf32ab2fa89b3a4dfcac176006a54c43423b6a1bb00f96f2f6f58a5c8b775274693ec52a231399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 fddaf7dbdddb91037038290afe76132c
SHA1 06bbbe349407bcfe3f255476e36dae83bfd37766
SHA256 9198c07c34332636331dff3d85c36739aa080d5feb93975ea356cf4263990936
SHA512 cde416b7ede7a20438ed168a5ab5efc2fe204854474ce847a44ab51a08e7dcef662f9f86184444bff501e8ae1e263d334e5990925f9dca01e83b547227d04037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cafb37c47b0bc63f1a4aa9d823c34df4
SHA1 3376b97845602f05e3c2e2d7ac549087af8f13c2
SHA256 acb92631b2261afa7a45e50768732ef68e5f85e12753ed41aba7c115baf2e7c5
SHA512 fbde450dd248871fd031564490c96b3d984b67bc21e4827bd6442c1a3d02ce09da7409f9deadded8951f25faa385832168a03abf961f334acb656826c4eb6b81