e64e7f9a8ac57ab663e80db5f529150e85cdfb2e31e40b6a7d11597504841733

Analysis

max time kernel
837s
max time network
1014s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 21:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

file01.ps1
Size

33KB
MD5

e642c5873cacc23d7f6e6b90ab27d2da
SHA1

bfa20491ff128faeb8955eef9fcb711c0d54b0c4
SHA256

e64e7f9a8ac57ab663e80db5f529150e85cdfb2e31e40b6a7d11597504841733
SHA512

5acb8e36422bb9df085001f59633110bccf037bff5b69a27c44a1becf3f62410c39d04756bc0d697f6f6b1190c4ee358c54b059ee7f1c204db18db21309a2242
SSDEEP

384:OzPfXPbxFqTy/rThUYp/L4Gh/im/GtJ2Klb6o+5VxIBAftppOKyyPfvkU67GypZC:qfbxIT1fhaVp8CeHad

Score

7^/10

bootkit execution persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

Sulfoxide.exeSulfoxide.exeSulfoxide.exeSulfoxide.exeMonoxidex64.exe眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe

pid	process
8100	Sulfoxide.exe
4740	Sulfoxide.exe
2940	Sulfoxide.exe
1064	Sulfoxide.exe
6880	Monoxidex64.exe
6688	眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe

description ioc process

File opened for modification \??\PhysicalDrive0 眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

4968 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe

pid	process
4968	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610605408255922"	chrome.exe

Modifies registry class 33 IoCs

Processes:

chrome.exe眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exechrome.exeOpenWith.exeOpenWith.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c403db30d697da01083bf5bcda97da016c44841724aeda0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

powershell.exechrome.exechrome.exe

pid process

4968 powershell.exe
4968 powershell.exe
3220 chrome.exe
3220 chrome.exe
4372 chrome.exe
4372 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

7824 OpenWith.exe

pid	process
4968	powershell.exe
4968	powershell.exe
3220	chrome.exe
3220	chrome.exe
4372	chrome.exe
4372	chrome.exe

pid	process
7824	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4968	powershell.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zG.exe7zG.exe7zG.exe7zG.exe7zG.exe

pid	process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
1920	7zG.exe
3636	7zG.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
1712	7zG.exe
2036	7zG.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
1680	7zG.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

chrome.exeOpenWith.exeMonoxidex64.exe眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exeOpenWith.exe

pid	process
8056	chrome.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
7824	OpenWith.exe
6880	Monoxidex64.exe
6688	眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
6688	眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
1736	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3220 wrote to memory of 4048	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 4048	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 896	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 5112	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 5112	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe
PID 3220 wrote to memory of 3092	3220	chrome.exe	chrome.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file01.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb30fab58,0x7ffeb30fab68,0x7ffeb30fab78
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:2
2⤵
PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:3092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1664 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4416 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4344 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4796 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3308 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4840 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4872 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5452 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5596 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5740 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5376 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6156 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6312 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6476 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6636 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6796 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6988 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7164 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7552 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7404 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7688 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7736 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7884 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7924 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7932 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8348 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7744 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8800 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9064 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9024 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9052 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9340 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9412 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9724 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9864 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9900 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10244 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10292 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10388 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10816 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10796 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10788 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10776 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10768 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10532 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11000 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11148 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11172 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11188 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12488 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12664 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12000 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12332 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12316 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5000 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11368 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5456 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7920 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10860 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8072 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11156 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11364 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:8140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4792 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:6364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10796 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4960 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8152 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=4408 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11424 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=13044 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=12920 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:1
2⤵
PID:7936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:7044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10804 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:8012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12896 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1912,i,7511559183358908025,14677455411080987931,131072 /prefetch:8
2⤵
PID:7904

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2856

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\solaris.7z_archive\" -spe -an -ai#7zMap24167:106:7zEvent26794
1⤵
- Suspicious use of FindShellTrayWindow
PID:1920

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\solaris.7z_archive\" -spe -an -ai#7zMap6439:106:7zEvent31528
1⤵
- Suspicious use of FindShellTrayWindow
PID:3636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sulfoxide 1.4\" -spe -an -ai#7zMap15645:86:7zEvent27899
1⤵
- Suspicious use of FindShellTrayWindow
PID:1712

C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe
"C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe"
1⤵
- Executes dropped EXE
PID:8100

C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe
"C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe"
1⤵
- Executes dropped EXE
PID:4740

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide\" -spe -an -ai#7zMap21402:108:7zEvent20759
1⤵
- Suspicious use of FindShellTrayWindow
PID:2036

C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe
"C:\Users\Admin\Downloads\Sulfoxide 1.4\Sulfoxide.exe"
1⤵
- Executes dropped EXE
PID:2940

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sulfoxide\" -spe -an -ai#7zMap4491:78:7zEvent31687
1⤵
- Suspicious use of FindShellTrayWindow
PID:1680

C:\Users\Admin\Downloads\Sulfoxide\Sulfoxide.exe
"C:\Users\Admin\Downloads\Sulfoxide\Sulfoxide.exe"
1⤵
- Executes dropped EXE
PID:1064

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Monoxide\" -spe -an -ai#7zMap24340:76:7zEvent27178
1⤵
PID:5680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7824

C:\Users\Admin\Downloads\Monoxide\Monoxidex64.exe
"C:\Users\Admin\Downloads\Monoxide\Monoxidex64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6880

C:\Users\Admin\AppData\Local\Temp\眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
"C:\Users\Admin\AppData\Local\Temp\眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe"
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6688

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ba.txt
3⤵
PID:2908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ext.txt
3⤵
PID:7064

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\hy.txt
3⤵
PID:4776

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\lij.txt
3⤵
PID:3476

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ne.txt
3⤵
PID:1480

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\th.txt
3⤵
PID:2004

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
3⤵
PID:5368

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"
3⤵
PID:60

C:\Program Files\Java\jdk-1.8\bin\jhat.exe
"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"
3⤵
PID:2332

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"
3⤵
PID:1136

C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe
"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"
3⤵
PID:7736

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt
3⤵
PID:6336

C:\Program Files\Java\jre-1.8\bin\kinit.exe
"C:\Program Files\Java\jre-1.8\bin\kinit.exe"
3⤵
PID:7692

C:\Program Files\Java\jre-1.8\bin\policytool.exe
"C:\Program Files\Java\jre-1.8\bin\policytool.exe"
3⤵
PID:6332

C:\Program Files\Java\jre-1.8\bin\servertool.exe
"C:\Program Files\Java\jre-1.8\bin\servertool.exe"
3⤵
PID:5956

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt
3⤵
PID:8112

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf
3⤵
PID:3988

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe
"C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"
3⤵
PID:2412

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi"
3⤵
PID:3536

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INF
3⤵
PID:816

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INF
3⤵
PID:1404

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.INF
3⤵
PID:6892

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF
3⤵
PID:4848

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\platform.ini
3⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.videolan.org//doc/
3⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
4⤵
PID:6416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
4⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
4⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
4⤵
PID:7408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4140 /prefetch:8
4⤵
PID:6988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
4⤵
PID:7096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
4⤵
PID:7660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
4⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
4⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
4⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
4⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
4⤵
PID:7316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
4⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
4⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
4⤵
PID:6380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
4⤵
PID:6896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
4⤵
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
4⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
4⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
4⤵
PID:7540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
4⤵
PID:8528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
4⤵
PID:8624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
4⤵
PID:8884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
4⤵
PID:8984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
4⤵
PID:9212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
4⤵
PID:8880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
4⤵
PID:10172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
4⤵
PID:9632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12806450957375541258,7776290665205632593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7644 /prefetch:2
4⤵
PID:11060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html
3⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:4316

C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe"
3⤵
PID:7312

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:4636

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe"
3⤵
PID:5336

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ThirdPartyNotices.txt
3⤵
PID:6348

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\accessibilitychecker\styles.css
3⤵
PID:1748

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:2216

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\webviewCore.min.js"
3⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-white\Error.svg
3⤵
PID:6592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:1284

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\offlineStrings.js"
3⤵
PID:6992

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Be.Tests.ps1"
3⤵
PID:7264

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeOfType.ps1"
3⤵
PID:1800

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestResults.ps1"
3⤵
PID:5912

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js"
3⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\export.svg
3⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_18.svg
3⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_partialselected-default_18.svg
3⤵
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:7180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-hover_32.svg
3⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg
3⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_replace_signer_18.svg
3⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:7016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\acrobat_parcel_generic_32.svg
3⤵
PID:7804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg
3⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x94,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluDCFilesEmpty_180x180.svg
3⤵
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:7948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\virgo-new-folder.svg
3⤵
PID:6480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:7676

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\ui-strings.js"
3⤵
PID:2276

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ui-strings.js"
3⤵
PID:5792

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\ui-strings.js"
3⤵
PID:1924

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ui-strings.js"
3⤵
PID:4032

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js"
3⤵
PID:7112

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\ui-strings.js"
3⤵
PID:7376

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\ui-strings.js"
3⤵
PID:6788

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ui-strings.js"
3⤵
PID:7380

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\ui-strings.js"
3⤵
PID:1624

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\ui-strings.js"
3⤵
PID:4196

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\ui-strings.js"
3⤵
PID:1408

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\createpdfupsell-app-selector.js"
3⤵
PID:6472

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\ui-strings.js"
3⤵
PID:6160

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js"
3⤵
PID:516

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\ui-strings.js"
3⤵
PID:7004

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\ui-strings.js"
3⤵
PID:6052

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css
3⤵
PID:6640

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ui-strings.js"
3⤵
PID:1984

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js"
3⤵
PID:5888

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ui-strings.js"
3⤵
PID:7360

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\ui-strings.js"
3⤵
PID:7176

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js"
3⤵
PID:7660

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ui-strings.js"
3⤵
PID:7332

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\ui-strings.js"
3⤵
PID:7536

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ui-strings.js"
3⤵
PID:8232

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ui-strings.js"
3⤵
PID:8312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\af_get.svg
3⤵
PID:8348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:8372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ar_get.svg
3⤵
PID:8380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:8428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg
3⤵
PID:8704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:8748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\PlayStore_icon.svg
3⤵
PID:8792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:8808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pt_get.svg
3⤵
PID:9004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0xf8,0xf4,0x100,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:9084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\th_get.svg
3⤵
PID:9140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:9156

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\ui-strings.js"
3⤵
PID:8304

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js"
3⤵
PID:8728

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\ui-strings.js"
3⤵
PID:9284

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ui-strings.js"
3⤵
PID:9344

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\pages-app-tool-view.js"
3⤵
PID:9412

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\plugin.js"
3⤵
PID:9480

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ui-strings.js"
3⤵
PID:9524

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js"
3⤵
PID:9588

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\selector.js"
3⤵
PID:9612

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ui-strings.js"
3⤵
PID:9664

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ui-strings.js"
3⤵
PID:9696

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js"
3⤵
PID:9764

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js"
3⤵
PID:9832

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\plugin.js"
3⤵
PID:9868

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\ui-strings.js"
3⤵
PID:9912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_radio_unselected_18.svg
3⤵
PID:9964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:9980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_selected_18.svg
3⤵
PID:10064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb38346f8,0x7ffeb3834708,0x7ffeb3834718
4⤵
PID:10080

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-ae\ui-strings.js"
3⤵
PID:10140

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\ui-strings.js"
3⤵
PID:10184

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ui-strings.js"
3⤵
PID:9828

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ui-strings.js"
3⤵
PID:6696

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\pt-br\ui-strings.js"
3⤵
PID:10060

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT
3⤵
PID:10096

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt
3⤵
PID:8188

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91015\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91015\javaw.exe"
3⤵
PID:10408

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1"
3⤵
PID:10980

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\fr-FR\PackageManagementDscUtilities.strings.psd1"
3⤵
PID:10804

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\MSFT_PackageManagement.strings.psd1"
3⤵
PID:11112

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Exist.ps1"
3⤵
PID:10576

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
3⤵
PID:10892

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
3⤵
PID:5176

C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe"
3⤵
PID:11212

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
3⤵
PID:5472

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=556 -burn.filehandle.self=564
4⤵
PID:5240

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\ProgramData\Package Cache\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}v64.8.8795\dotnet-runtime-8.0.2-win-x64.msi"
3⤵
PID:10688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x320
1⤵
PID:7032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5344

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8188

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:6724

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding CE01038E12116D9DCEF2D7BC5E195931 C
2⤵
PID:10908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8148

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10848

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11080

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {DFFACDC5-679F-4156-8947-C5C76BC0B67F} /I {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} /X 0x401
2⤵
PID:4100

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53c910d4-6b3f-48a9-81de-d80a48f579a2.tmp
Filesize
9KB

MD5
b9c35e454c30721cef75a7c19fe74bb7

SHA1
ebbf6d7a794c1d8dec52285ce665eb12fd599c60

SHA256
59bb4e4cfc1328931a25b16691c57b57bb8a93c14b9b12a05c62eaa8d0c8b093

SHA512
c779fb75f1a0cf4a7d96e4b83c62749f907ce5ba9d31391475fe1cf7da0ea9445061634d4b508a70fe20172c7b02aebf70fd95fd9d270710a32b7caa26c5de7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
326KB

MD5
a6243d10d97bc67d012ac4c75df96e8a

SHA1
497de5b8965b6626db2e6a6f5016079b6ea2ad18

SHA256
6d8ea3b79091eb1b759a6e465cde76332a6d7fbf4a310d4eab3fb97ffdbd0fea

SHA512
d219dbf6bc0bdfa8053698c37482ec8c5be41ffd9a3eb9eb87913ef873c33098d40304dd2152cebc18abd76eb393f3ab59fc66d362ff96c017386f03b7d01cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
133KB

MD5
b77ff3bf6045c89eb8d8f6fc40fa8f7a

SHA1
65c66cb5b1568ee5386d24666bbcd7d4c33ee7dd

SHA256
57bc54e796df450a3991ac30f610ad7876632cdb4274fc363e0869b1ef89add0

SHA512
bfc92c52b4d5bbbeebf74523e849450f28762cfd7a51b0dc0188e90b296b8a7732c4072f40a655e0afa90f2feff05fd1b6a553ad7ff08caceba57cda36c31020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
46KB

MD5
b4e4c40ba1b021933f86142b1010c253

SHA1
8901690b1040e46b360f7b39ecb9f9e342bd20af

SHA256
a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae

SHA512
452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
19KB

MD5
16c0a2c82dc0ab50f23123f7ecb11f51

SHA1
fbaef7794f352126af25aedaa99f1bc22d131f71

SHA256
5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d

SHA512
0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
95KB

MD5
0f978383950b924d31b77aad56c0ae79

SHA1
4481f7635c1cf3d98c542542d0106cfe498446e1

SHA256
afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77

SHA512
b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
800KB

MD5
f941c2c08f149ec278a55f7db3bdfee7

SHA1
24b15cb166be8be824361ba53180cdb1d292af9e

SHA256
0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0

SHA512
64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
32KB

MD5
94fd864eff41d2466c55e3d0d47e92c7

SHA1
2c8ab5e8d1ac7f09af3c09de7575f8ad55706094

SHA256
b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248

SHA512
4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049
Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
2KB

MD5
72cbfdd6fb43aeaf882c8f8f67fa2f1d

SHA1
8b9b56cc254f838a4f986a74570dfdd07b9c97d7

SHA256
9c3c09769a802cbd94d18b915c2f449234a60a962f592cec5adf7e044603ab1c

SHA512
96e43386f83434e3643cd2b1236e3cfd4210a6d7bb91d49168d260b6bcd00aaac64f80701370c0706882a4b584c5cbe8da43d9871e07add4be7aa8b0ca6cd853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
7e919688d9eae81daabe6a441d9556c0

SHA1
688b0396fd0f24fbfd2a17554d2827cc80092f14

SHA256
c6eecfe62a5f08fdccee03b3a4514067845411a9b78a7ab8c4570d6e72402593

SHA512
a14d007d80f6f6c7c29f5323c9fbcab865e00295eb8b2a28c69e1e722d0d71fb5666c1b64d310ac7c5cb64f08eb8c4d78f78d7bee5a73048c4756febd0776938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ae1a031b0d2eceb45a439dc6d979ad77

SHA1
d49d8a0ad3b1ada50d6974b8d16eb4ec74ef2c45

SHA256
4ae108cbefc88ea03a46e5445c70df0d876ff598801e9145d2188164b8a74648

SHA512
e0217741d7f40620e5eeef46b372d8af855a902308c4b5a6ecc519290dc629f0321fe5f9526e3b44d78864d388543f937d6b72e48808460c3f54bbd75fdf4be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
229eec0e619d96c129a1f699c2b9fac9

SHA1
1dbe90acb1ad1d518d81297042369b7001949225

SHA256
d81c59b0df31477231863277ed0dca40c2c1a6225e0c1bab411a40ecde850a8a

SHA512
f2022c0f83dbeafdd999e7fcaf50d9825460d4c37ba7b742a6ba65891c48f2c6b07f6631c9a6021c606bb892ea3136a03f8a840feca97e7965124ed1aeaf5ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
f333dc45226b75a20893ee512d0e0b42

SHA1
646cc93889c8c8f02a85d695dc3a07d1de3180d6

SHA256
20bb6e43336227c75bf7f405961dcd745c53a8cbf7514af7ebebcff193c12aac

SHA512
8e56d564edb39a55c22c8aeff52f35627c491d80ecd545fcc20ab0e3d13e1cba798f528b3a80e1ac2c8502923dcacdf4d14afc4166d76eea5383c3588b676ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e748175f4843717773b47d945edca911

SHA1
61b47c843e42f74439b27bfecc158c912c1983f6

SHA256
f53d83b23fef7cfd72b2a4b99d95413c0b17ab07400bf6c9dafc1f4bca1bf963

SHA512
a83353d419241f6f7ceb3ef6c0564a2fee09610545c91a5318a45b60c44bbcaf81237fd119aeae944a1ce051d5d1c06053c89719d5da0578f075925385c4eaf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_malware-history.fandom.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.fandom.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize
65KB

MD5
85d85859aea2db584c6e7c6188000191

SHA1
eb712c4c66bd9542d1485e5ce03fa2cd8ea9d414

SHA256
7651714c911d49cd21c697ce20d00bf804ba6c9179e88383be3929d83755facc

SHA512
f27f2a507916ace615d1d4e68e69ebbfa1d60e8afb84508cbc703554c11980a51d605549c5e0e6ad891feee30892f455db1db799d449640c0e8b1fca3a9b37c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
392B

MD5
39051f4537c47a7e11bd30fec0d7e538

SHA1
0a59bc0dbf60fe1a39d3ddf1381ba3f7be783bec

SHA256
62dffd4372076c40a5954eaa8c054fa4073bbb3b3247261519d6e9461686ed36

SHA512
cc071f8539d1e906ae36572fdcffc4fd53931f863cd66e5364ca07be14747fa8740560406d9057a239974175799c02c38401d8b788f225dd05f6e8b56f86b6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5f0568.TMP
Filesize
351B

MD5
78b811a8cc80222a2604c95c2a0c96f7

SHA1
d927a85be5549b00782f727f3f4d29a5846975bb

SHA256
076ca480a013f8c2a14da8f41cb4138e529e4e5a4e69573a072d55b5f165a085

SHA512
7b8f4233d689fe56bdf42a64086950d9184bd12cceaa6a81a4a04c3952ebe212018d8521f1a1a65676a15616392bab4dcd6f4692caf4f6d50f41df203507f314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
ecdee2ed4436bae32a44c55e41e2fa05

SHA1
28b13e6f6f60001c93332c833819a2c7dc430cc4

SHA256
b53fc837be0beed4a592aa4092ab21aa14999c29a70be996dd3480c8e2df4ef3

SHA512
6852f39b485a017bf143f0ba9ff47e3d8269d44a6bce8a621d4f55bfe080f51505e2390be877b20801a2a7c6cd84d1ee5d37ddf0812b8b8ee16f6ea28f35fafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
f187fa67261df7c85d51a1fb131140ed

SHA1
4bd4e674072735d31b263d602fc8cc075cc21759

SHA256
f49c2e97b11397914af93ce945303eb1558eacbb77ebd3f4aa2ce3ee5e66c9a7

SHA512
0c93f889aaf42cd26f140120b54e87edb89b235c5806eaa002f9bbb81145455370fe8ff9fceb5e1f097d3093e1e08fcc282fb7dab1572eba30f84c5137c23b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
48154f1855e918c2b540241ad5dd6d83

SHA1
86e60f60e8084a4ba48bbdf2f67e01ef9e74205c

SHA256
932c9f772be84f017b2481fc0afa49fe93fca39f4cd98aadad07285613d25ba5

SHA512
59b10e500fb6f8f478ccd945c57a835d3dd38fabdb78d0df48b7ff74af930adc5dc24097d8db8aea229920e375f656adfcccb48b0b12ed96ab8e0944231ac9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
27a972d37693e7fcca57f16211c44656

SHA1
daa9a9553ec08927aed441e49ea0f4f23f433884

SHA256
c64af5e60244eaa5c8649bce0262987e0e72917e687ab4c141fba41dca28a5c9

SHA512
d6f63062de1912a7b25d73684c709e05283a5892ecc0822c5fbc80db414a5f0e1449a4036eb24dd227acbb49cd9a5f0d2a61afbec18b8b19871e6d7672400e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9379d5497a0fc54ed9038f1d6084ba5a

SHA1
d112276d99b8d859b3b947cf099ecac1fb0a878f

SHA256
1748a709bf7a799207bcc280cc12d9341824afb4a0903eda04447937300e0e42

SHA512
4f8cd8723e578f7ae9809338164247e05d01710930d374bfd60b2b2192eb1b149eb5b0d8c5c931c582e98868be36edca798973f2d8f1f8221bb695620652c052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
22KB

MD5
9caf9cae005c2fab0e4cac9e4e7be768

SHA1
0c7c78b28d118cc02b3a3078ce463417df229781

SHA256
21d9f6c13ebdde434a1f798f2428b58f537fb2b71c6dbe6c027bfbfa8486ab20

SHA512
cbd86c77a05239d518ceb1da883c4c179f5e407a12ce319b2cbaeed3e78af6971cb0930182bd3d7b84c6bb06bdff1b1046c7bce5fcb80025520d8c6e07c868ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d52bd8264e2c94c41052ec3e094ca541

SHA1
a34dc7703db3c073ab6c06c462df6d6e4937b5be

SHA256
03abed96a53a9e36d81b7e147ac3c8063ac0db496d72b5049f8c2fd2e7a4fb79

SHA512
3aac0564b1c5e24bc526a8755a4318f31b3fd6f229f3d906018b2691916efc78e024e68f4742100398b267b47c637ca868d437028350ddc07f8c7d9254c116c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
f2b90a0334a6e7aa5c79aba97f51bd12

SHA1
52ade73e01ac67d52c44f132389887705d36d600

SHA256
02972acc3ef1c0aadff47419eea7fa7a4ae61045dcb8c343365305c69066bfef

SHA512
678762f4fb5ea1c168e1742bcbe6a729eee1345b12dc33b8676cc69f7159a173910541a3427638a1d209e95aae55e7866af46a8bd7c73244ba8f83230c344895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
22KB

MD5
c257176b20153d5bcffab6c009848b95

SHA1
1078eaccfc25dfbe9e611ddf58fe02e5a38702a9

SHA256
c26fe9328d866cbefb1aeaf46e86fafe3e944c7c0eda4ae179436bc19273d04a

SHA512
1b3c7ca72b811f7906fbdb9a712753a8cbc4a93786951a1659639cc50704e889501db040c7542fbfe95aadcadf918af75b452092277b1e252917b98297ba8343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
23KB

MD5
a0e5a3de196d788c966d8314a9d5a7e5

SHA1
bb7feed8f92603bdfa260d3a2eb8339a223b158b

SHA256
ed5a167fee8604880daaceb420aa6494ee10cfc52425afbbd7ce0e3afd116d61

SHA512
4b14528aa67a86a8164a31a542ecb60c50656d3bd45aa5f71c05727393ec80ab70e078c3ca03157a12298b01492165b9711a87437321c8c19dc017bc633f80c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0ce555488e04e2fd4f42687c457aa833

SHA1
e9dbb663bdc97044bb787b595dd5e38b24a77b2e

SHA256
7b64fa7abed8aadc91d1e737161b3c99003749ffffc1a268ec807e4b90eed24b

SHA512
ec7ebac665373c2d93351ba8ee8adc21df4658b4261f737b39f42e4f5db6e9e23bb3c271870d1dcacdb335368094cfe3cc73a40a5f3adf3c3e63cfe08d0adaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
268643ab6d12d503ed54d2ecde407e1b

SHA1
7a6cffd2f5627f5ea72813b0d775b045386b6599

SHA256
d2e8528fe68c0809ebd791ec8a8b30069a443983a3b04245e32c87585386e77a

SHA512
254d8951b8921a46aba122a650ff7666a966ffb48a574974719cf55d5261659b12fa84506ef859518d87057ad31c59a2b908d9200fd53a717805003f6ee37592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
a5460d7a98f306fe54b757985f053aad

SHA1
eef1e5fa985e973e4bbea2866925ae4851601114

SHA256
001524d596d55d450680c0c0225025d3df5713aeb593e939ad936309647e74b4

SHA512
b3a380a90deaa05c342d04961e96a5069b93e4743e44642e4d33f8ea93ccf19dc56350b68ea641fd4b820c031e3b521800cec05d08658ca579048101239a0ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c8a20188f4961047cc22fd4343580491

SHA1
a7cb9024520c7c7e3685a6add3eab56c85ae3c68

SHA256
8bd85dd18eb63af5b41cd7ce43bed7cfb955328b78c369512a2d7bd357454933

SHA512
4c18f7ca8217437e19988c9674fd4a276643fb7cd434006a35b2b89d5200ab12a83cf56c42986c5ef850c26614a73ec66c15f9a66ad072a880e8f683b83275f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
9d1668b99a695ee9bdb04e9276da5673

SHA1
4a6c676135c461a37736839ccfe20ba2f63c8fa5

SHA256
046c618e0d0e312338300afe18b59caf6b605a914da2fd6c60a909184cbb41ac

SHA512
66aa641e6dc3fc522f4656d7bf844d04e2a25a0a142ba19d051b723569ed1949a748bb5c03efe4c67448412585e28cef0905541af11aa5de0e7ea3d34f977feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c864b3b214b5416f99242fa3f06ad17f

SHA1
cd4d64b9acbe3092b334e345f83e6f49b32281ed

SHA256
b9373ca856b324e4b8b0305223fa3abf05ae29f2dec879b2436fbd8dbaed0ce5

SHA512
1548c10243f604aed6ba14b3389378f2f2cfa3458faf62c95f6b5487568a79f13c41262397802aeab8751024021dfd413b72837a73f20fd59fb32f20682a91dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b228606606870df58ed260b9b2e40ed8

SHA1
ae8b3db53e3741d15dabe3ee6b0a1a364d65f5ee

SHA256
f25e56ed409ee664f67368312b923f2f9cc20d3dda8282c8b0ecf7ad99673039

SHA512
ca79c6e642563d2f55c257a8368104da74a4db8d7bef4bf72d4e062d410c82f41d6384b669353e9a8188604e4ff3954dbe3b63f71e2908f4f26de9d5ba424c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
c2763ec5eaab5099349ea86be36138c2

SHA1
34f7ebf2cca4df30132eeffa2b333618c45ab2f3

SHA256
f864130dd549097d4b9876795998272261754b1e77e32c54353487aa502a54ac

SHA512
80078232d252f1c3721cb623ca20cbbda4eb23846d0305b917be1facffc37052a5f84fdf144d89ff9fb4bafb95ca5632d47ac5ab95eb96a63aa565daf2c924e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
77a648eb673ff6ccb223a10d7df4ebc8

SHA1
c683b896d79ee9822d9b8652cf241419e68a53cd

SHA256
a1c1f74c3af4725d334a0a7ed5dd22d131874558097f6785aa222e27eada1657

SHA512
b394d2bd624408e5e6308f58f2535be2e62d864e2a1edb43e3932628bf5831f454f9112f31192a100a94f16799714614bf42f77b149f5e0f4adff7542ea79431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
69ad3aadf0e1ba85a45b1495a6c37e5b

SHA1
0b12957bbb683d685cacd7183c73654a7ebb6a36

SHA256
63cfe5fc117c5e0a54b82113f9eee61bf6a965a74561507ad4b2d533e240554a

SHA512
5393b1e688bcfbbe130cb329c5d5fb189895fc54237c65701bcd6a2d9ce09d6e43ca9822c5e341cceb0733d10511198cf7d2e1c46727e18909be34a97c9e75de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
8cbae0ab2d915f532f361297b44959a5

SHA1
a34383ec4d7ca00fa02c611b4e8ff97ac1887a8c

SHA256
480b98ba9218f96dc4ceb52f3700df64956d6757f184de5464a00542cdaef386

SHA512
5fee7f6f5bb8e995e5c8b8ed3811f0b91285638f285b6ba4b556ecc840a81d47072b1fd368d56f8d3782bf6fed9d8ef71461c8fbf376519fa54687902a73dcf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
860B

MD5
606cffe60216ee27e40b3ebdbe67349d

SHA1
626f9e6087f31ad3f44e7a7f150766fc47da0a6b

SHA256
7341f51a9d74ae98d548c988ea4037be9ae6a838745e60b8665343c48f3a2035

SHA512
3d1ef18d313c707b26a60c4892cdf8de2129fb351e29102bef3179c81bdce0e2f6baca6b1975d9bbce5cf4a8461e34fdcd809d1a793cef73b8e6f3d9a74c8e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
66bfeee3d490b91f28c67a5a241c7bfc

SHA1
166c97346478b47cba485f0e582baa2ccc8f7aeb

SHA256
0ca0c1d09a283900613f0897bd6a9bc17c75a866cc1cdb414b3b8618796cc362

SHA512
bf08af3fea2795cc65e0d73b114ea858899d2a0779871c0d7be2d10b5c871847489dee190b1aa502e297c5efc05cbd12d66c23aef8eea9451fcf35fb57171b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
c79fa3541b2a5cd8a2ddb34992467365

SHA1
351c53d86de484a9f51ae265761ca74b0e2fb267

SHA256
31867d0f2d0c171927113815f54e6813853098562bc9a3af94ec29483d69b244

SHA512
0967de7d20eca5e969f8c4616fc9c31345c7ac28a55b4e375a562b975bbaacbf0877c1bceef7df213e1a2693ab836193ab56a77a028ded71a000bcb30902b79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
9bf5c04b70a98d2b50ebcd2783d956f1

SHA1
301ce7a648e8d100eb9a8a107f01b00788af7f99

SHA256
2c7c8361285081b5926897314af08c3e80ac2ee1b0db3842504a31d7b622d0f6

SHA512
b29011f445f8bc1430d749d047fecccb0b5b4ff3f1bc6c5f09c02bc667eafb7433eac84079809ca945e41fd714a9faa4a003bf03868faf1abce59769e371ec26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ae0ddf5d2b96943eb0f109aa1ef6922f

SHA1
ab9be1bb02533b9e3ed020855af0a4d5740a39e9

SHA256
18ed81241e464453330a9768946071e44b1ed5dc018e3ff6717dd51114a34271

SHA512
748009535aa2cb8656ead69c236ee2711f29a579052a839c840c311e383ced08de2ef1515d25dd3e33ed0b166df2b1eb7445e5f019ca3d8aa1c742a433445ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
f73eb69ccc3ae116dde41932375d1bdc

SHA1
2a0236095079063f67a6221c5ccf83b386d9966d

SHA256
2472e6f0ae512f2cbb911652e0e20190ac1adfbe7dcb6f61420d459441aab8ba

SHA512
fa1e46927cc6a314ae42af456fd037bb9116a547ac11d9b7de1a142b882e572ab7da32b67c100a1fd4cdf80a690d96f865953825741e99933862558bd3706fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
d38c31217c5ce285b95069b84683b4ac

SHA1
06d5478a2eac3ec952ab44b8a27c45b4209286c7

SHA256
da35df511984788f299117989bde4e9fbc72e0e437ddd6ca84dbfcc3263296df

SHA512
0b4ddb4915063e8d7f9923ed0c02763dfa081b0c03d76880b939278130e7bc5c46cfca448dba332228e8b18361ce984bbf31499d15287e0f1f1ffe6f8bcb99a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
e066cc56681f868307b3008743ac2dda

SHA1
c996266704e77b3d9bcfa3cfce8f1297ff0863bc

SHA256
44f87683cbbbda6272d05b29f8ce140f0e004a2afc6ed047d3bc9d10e3556d2f

SHA512
49552cd5f7e318e6d074c199b796486bd3d7dd6a861901e3177fc8d04889afdb7da882e47f79a26fc20f73f959db8a65cd90ff0f8c45c544faece151944e6714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
0a30881d168e877439258114c7dc74a3

SHA1
246bfe246dd212ed919953822c22c8a2e9e1d8cc

SHA256
4871ee307101198f12017ac19443997dee309f16b383f159db8d4d7ee2447c28

SHA512
de877a11ccb21b5e17479aa4030f7fede47f7409cc40f2c37c7fdef31b9a26f59fc259210b014ae4ab327616da9177df9c47fa8915bae9bd38f5b1912afcf3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bd0304ccffd7ed68d558cfd238dad5c7

SHA1
41e8d017f39d38be4144e44425d05b28992dcf15

SHA256
bb366cbb8c1d1aed19edbccd0323dc3f1e70500757954f2dfaca31055c81c068

SHA512
2d2c4c18d2d07cbb8140b8a713c11c0fabee0c13d2f4c7c392acb1e3c201dc4a122d9d391e24329e083c636df598a16d151f551a019aad78b3e48565e4be8743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
786650e2bf2917a0985da96490ac8ae1

SHA1
dc48062a919039775b5b1d5cf428981f812795e0

SHA256
2ef4a4cce94aadad3c492ad5650bae9c50452dd69f4ef17f1d9b2985c8f2a965

SHA512
eba1bd36be7e6604d6336e9ad92a2ba32536c40dc701267ccd5eeeb4d4a6bf82634f092060f2e3ac78662fbd0ff3cf38c2e42a4411fad98be7c2a255c93b1cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6b0f8fe9a4f39ea147f7baa75aa954c0

SHA1
5a93c6b22a6e182439ae0f3b8449fc1393c6236b

SHA256
dce1627d977759c3bc4685b33a4f7d6bf0806086dcefd9b96e8966549cae67f3

SHA512
e7a4fcad4351f7d1d3a68b7b53f93d500d0071470cb3033b9086eae52202d63beae51997ad12252a9da2ff2bbc2d22823fd1235788046a51c94565ab8145e14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f39081e4ebd22a9ac8339a2fca7cf591

SHA1
827da1cbb2e2ba0bab88f28db9911de9846ff265

SHA256
77231413d8ca8206dbf31386ae7b32a02354b1377cade0e3bb10b32781cc301c

SHA512
e468d4cfe846ed3b7e56066910421a6079456eeb290fce991fad3ae72ae79c20c7256684c3a9ffbb8d53dab59be142ddf8100885ce4f7e6eaa852a28d7f76998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
db3ef428aa9e2e90741e2c5b50d4dc96

SHA1
e1b7e79a837c4af2ebce55f3e3bd4a5bf118bf18

SHA256
ed28773333cdec1a5bd0c4d572d2a7f8c1c1873cc638fcc792c4c60e9d5f15bb

SHA512
9a72d0c1f4d390c7ae55f4d07e3c2e47e7f72da9a02faed5bf94e2cd86d667805b65be9d360a775ffece9c84bc03d7bc3db67a2ddb2a124b294b3a2acdd52304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b33c1f29d685f0e45584d13cb6512b64

SHA1
4aba78a76dde3bfaead7aa3b3d93620ffea16780

SHA256
ff4f09941f8d915c06f2991547850e9c57cbee0f88b226fc661570f8b362a711

SHA512
334a20cd202f2443a086968f3f38e0c1e7db82cdb6840f555e3a6eed427664e22a468241b405141f0fc5b4de1acc99e575a4ab55ba0dfad763f286e1f44f44fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0106524b0ca721d251187c942f5fa517

SHA1
0b16dce5f73a1aada8763db48929f7b4aef46ad0

SHA256
e5b76f4025af21476383e5ef0b27cb1d3ba3a4d8d094c2b36d6825ab4e6c28a3

SHA512
a0f90f5e631850b2f22855adedc13138610758a2d4c3f45d385865c9133e9bbd0cbb131fb219350f747fcfddeb28a9259f76917f42adad81f7afe5f2c08db606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
94ee96b09a455b6f58dc340a4a86c41d

SHA1
d1abcc7aded13588f2b4d894bceb3c225d13a321

SHA256
80efedde3563d622091711c7f9630a4e4270274cadeabb21e3744a8521990183

SHA512
56602730629a890c366e19ee7d1be913dc9d071fb1cbc9705d8754ff7ec7ac66339a14b5af87e738047b98a8820e2f3219d680706297f9c6c8e8fad568580110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
140e3f9ab79c2f94ad05c4ae7569ffdf

SHA1
e169c39ebc591d31b83960269f263f9bac98c5d3

SHA256
cac73e64264c59791886c21bc6910f7edac07cf2950a57ff38f5ef8849d980e0

SHA512
db9ae7bee339336f52eda6f249b7d9b830189e7dde59f29426cba0a26ca91199b54ea051a2bc2f54fbe2f5a6404177f39b5ce73a6da62bbed9f83a6eb4c1dfb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e817148e1a7e45164c00faa4a9cd42de

SHA1
60e825bf836acd9c7e272c8bfa4a8266b1905690

SHA256
5ea673f012727f0c54cd9097980451f9aafa66cc25a66515b73850df89e3a6aa

SHA512
6530da476aa05b3f5c325d803e90f5ed968332e3ce51583216549c36964de4d73245e60269b3bea873d31283b5ca6625fa527b707cc600f61ac6df6bffa9f2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3b892a3cd2182ca4ab84906fe789f5dc

SHA1
d03458e887627faf25e663d6f969612d2617fa56

SHA256
eacba079fb83f93319daac693b4a7e3935d11a873359ce5d7ada10239b58955a

SHA512
c0839b76ef0ff883160fbcccfcb77ba7d18571a4bf54735c4cf2cca378a4e6f7370af2944573269d18d22675174e93a7ffcb646e51d0cd93b45c02c20f9483d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
aa38d0f86415cc3031936d547ba04072

SHA1
cc82c8ea046fa864597cf23a8e1659e93077f72a

SHA256
bd5ae00509f528c7cefe2586ce14028a6ff93c45ce165e80b7b86c4c72a91093

SHA512
f7f8c697ad612945ec06ba2107afd5ef00064ebded6fb2d036c1ed8db244a60d12e45914ec11711cb6e4750e1bd3881530da2110050f41a10b66209d616192f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4c73ea3e9ccad0c4756e0c9362973231

SHA1
a0048069ea9ea44abcaf9641a9f86107a4513650

SHA256
f2803bf1b5c3b9606c7d178b6605d26cba2753caaba95a5253ecf5e711af2730

SHA512
55e82c4d7a9ddfc4c28232cfd28206fc7fdbaefdd93b1126a85a8453355823507d62eb1249a9574f03ffaceaedd6dbad68fb74a6c002db2e71ecd2fba6e59181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2c39c36834306024fa5849306dbf2e21

SHA1
90b388202540420accad3dc99bc92684dff11b65

SHA256
5ab1b9beb0d9ca2e628bdfb852cbe431ad6b0f0255c693c041b89b5a9cb28fda

SHA512
7187164714c01997189d68122b70dfb0248ce2f337b7cbbee7d7d0abe84a9cf248e05dc2dddfc7ac559ec813c748a3e6e76d00d8537394ec7528e83add2cb75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e8bd56bba7997e37cf1db69f531941ad

SHA1
9976ccb932471d4a5e5ed824c30e7d1e5765dd53

SHA256
98104d0305ad784490b48fecb5a026af7ee0d0c4e175352c0b9014ee4648045e

SHA512
842a0a147d047bdc309a3b2be40c95f95fc698860f18f0081db4766151d59af932080a3d74291b0b5b05b2c6f9b129cff12473666719e809325a145717521da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
8cc91ad9d29be0a0e562c8f7538a0f7f

SHA1
02a6b737b89be3b5781a5bd0b146e564b693e119

SHA256
561a954e388d04cf52a335dd8cf90142fb23cfdf2922fd236c3b9e0f056656a2

SHA512
6d8c681f3e701df9f88559f27c21bf129fe3778396bc3d566c43699ee91371e96cdb0ed487d852829fe693e0a37cb21867c9c645514a7d04d127274a88bef4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3605e92ed404fec4bb30d9974032975d

SHA1
1d65a54b3361ab5837db56f7eea22cb59a6490b4

SHA256
44e268c894200152c6397f09021bea06af4dc90c448daa363d69f4bca1e59377

SHA512
9720b901836ee8511a2ab4968a740160e3284edcc3d17eae701944891dd65c227581ea9eb116c4250a784a26cd707a02b5a3d553ee84f40c234afc56a447242e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
36e3c7b5f973a9ecdbce9a5b18639b80

SHA1
7fa29c193e0da7081eec38feff6b5f24fcdb04e0

SHA256
9f1431e63af534ef989e1726f53958b1018336cf183b95aa5ba90ffb8d120944

SHA512
2d05328e72503bea1488d67024b8f5de39bbd9e62883fe6c40fd699c30770bc0995d151d4955f570d21125f51a20fd7ac6fcc0a912b25fcf251bbe8a578a8634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8d2fec9bfad2d06d5072303eea56cbc6

SHA1
bb60fff2b89214df8a517fe837afc4bcc10c77f5

SHA256
882af46e28d98260233fc730a4607747e085e5b97189a5b2d6d7e66e8ba11cb1

SHA512
8af5d071130464c5752be989aed112780f67b315b5320a84ae0d3d0d701b339d8ade0fbfe33fc802a07b0566c33995fda40e790fe451233bfd450f46655332e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
8a5de536f3ec68feb7add634dae85ec4

SHA1
bfd127275865a294c183455a8f08263fd4cad6dd

SHA256
3ac20c2b3cd904d0a2b9a12e0f569a856c02a00408154e5474ebcaf5b9e960e8

SHA512
cd6ec44ab276b1398c98a60a183a9a8616afb7be49220175da51575d3eb20bc8097a1426f9d8d9c59c50cf0028da975b53e7a0b2b31c5f281ebd99342bb38171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
88a28fb001cd757a927af480a256a12c

SHA1
70553da535a80b8cd8adcb7afc9676f36c91bc82

SHA256
8d3219f1f201aa3f79f90bc56c2c764c3e905ee2a999525bc3142c151e58a1aa

SHA512
de0baa668e5904206cb9fc0c5a64e82bc4386df189fc9f275fec7694f2c74fd6999308be2165b98dd4a2d36c5ea03c2361a81c3a469ff5d1e55fa6575d115e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
2a1f8eae9a9d84e9da1635ab105c0475

SHA1
1317293f0430c8743263a68d1330a8bae7b3168e

SHA256
798b655b423a710daf8d0c59e7c10b50c5d416d80e393bd912da9fd1cd8c3c9a

SHA512
ea61734196525ac141b2aee94e74aeca46d24a2ad798b523c1e47349c97ffc7ca2d99b834494c77bc682fcc012dde1b5c4ec0a90258ef5185202cdf7101980c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
6221c41ad3bc023a839ec9322fd569bc

SHA1
d41fba3d96e47e1684c5a198b801098359e05f26

SHA256
f8d96618a3c539e009f45f2645d3caae7fc0d6f3bba67c0b16dab889ac3bb5d3

SHA512
1a78f24b3b5fabca02e350d72d911faf5bc846a2e9bdc6289fd0b95f84bd60b627977c66b27dd34738639b2ff53c3d38dfe3cc865252cbfd0bcf57d59801a147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
d7a8c201b953bcc6a6212b71f65757ad

SHA1
7d804199f86fcb11a697109875483cccb9c86f98

SHA256
72f747c23d19fad834d205e9b14211d0d5384cfa240d251de333332e1f98fc36

SHA512
b5c1a825c7b0f9123842a57301db1c8be1ee92639095f4d63917f261fe2b7faffdf45b02c94d86f6593b9a989a8b97ddf1ec4f3083054aeecf597b6e8f13c6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b2a29.TMP
Filesize
120B

MD5
1d1a50149cdb292a790e585e147a3fa2

SHA1
646aa1980a1c190cc4f1009ff2fcc9cb8ac9fbd9

SHA256
9494010a97955084445cd28fe46c561e96f39b5e539957fe9b9959fbea864f70

SHA512
306d4dc3a3bd75047d5f7be153c35163654b756f49993720a11dd3e710988e53562d9fcfe7d79c29e83296f532ce66c27cbf11170d51ffbde8b07e6dddba0c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f8289939-9a5e-4ab1-ac74-cd78891a6bd6.tmp
Filesize
9KB

MD5
6519b265c26a85af5021ec384f9986ca

SHA1
5d652f3672861ec59c5c49b10e74b40bb29fa395

SHA256
c60951822ae8e666ef1de2c1dc789a58445f0f3d2e84aa314c0fe387ce57a624

SHA512
8111e5854f2fc239324dfc4d0079ba72d0b1e654b0dfd5714bac66827f0838edc5e650b0b61d12b425c83bba2773b088ae7ea65ac274d8f4150ebf0ba5fe9272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
767dca750b34dad0cd3a844342f7aa5d

SHA1
85e85b3ba7aeb801f01d189cb4fd30a3793e5b3a

SHA256
ea31495e35378a1c68b6c28597d7f142aa95e0b0109efc518854015c166433e0

SHA512
7674538f39d1f637197f556e649510ec9629a58a2802c452b88307770720ec54ade3567af516d6be4da6c5bc43343489d294ce2b059ee43cf7413f95c0aa35f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
f0a565e0b56097d0aa1dd307c3d96f87

SHA1
79e9ff014aa7eb0031cc1d9c16946f522a2bfc58

SHA256
a0307f5220c87eefd4039b6a676b94c478634a95377a4f8436493b6b46428c9d

SHA512
ba9f7f7c92714faa238fc896a93f11883958ec34344493d7a65a6e90dc15b22df3faf7d82eb965a10cafb9ed45987609e4080173f2b5b4be30cb2e68dd5a8d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
9e2b8d80cffeb9040812ab8006d62757

SHA1
d26b21bbb32da55b42772f35fb26607f5014c333

SHA256
4de287c5e47ba2dd75c5b5f67373ed6aa6c0268ce23f3a9902eca41e19158509

SHA512
791c4e2502761cb485647062c1ec47a9cea57632a32321b39a31f239f45fd61718d3d85d56443f28acc6c56e3ceb672799749c4c0f1d745267f687dc4b8c4e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
f6f5c9daf4a7b04b6a2e8a72e86c3fca

SHA1
890914822d05e37b79f0f0e57d94bed332aaf74c

SHA256
5aa1d121669c036d4ab19357879e4074bc8ac5e35377ce7aa238e14c4fcbbf81

SHA512
0282fc83a17a378847db93f4d105fedb64ec7c913c4f6fde36d3e2312543d153f995f3a3f1eec15bda5810697c53b1a155e6a82f3cda5d82f4be39305e5d2d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
1e0a694283b4aa50006f9ee11842c03d

SHA1
13939a8b6937b771335920a70f9d6481247339c1

SHA256
49dabe099fa3d56ac6f981927e6eeb47926de7a0339b24616cdb33445083d3e0

SHA512
e7810e22c119a37d563fc430651ad78e46cb5d622102405f9f52feb1980a01b8ffa02ae5e42c0d30b354c4e3d72b52b7fe6035592013be39b6fef6ce425f73d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
6e0accff00efdb21729ca9e377316fde

SHA1
6012a1c9aca05a7d89cb610cd5a0c854531b5793

SHA256
ca101d01256c2032a770a24c726a90b0e51408c8ecd968d8e7687f367b9c9a00

SHA512
bef0f0e81c1088adec606cbaccc769fda756172631e1d53abd26a0dd2df0928cfbe3c4682126672a9637fab7e169f5104486b6166227e0075264e59aa9cb1ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
68e756f996077ad2b9e34286f87de8e6

SHA1
d903b2e7cda2d3585af80458249d6184c221b896

SHA256
a7a2fdba7fe67afe0573ab5413fcaf4b44b5c533f60aab9b7ff23c61e109864e

SHA512
a6223b61bcb5f7b56ab09c18227eaec743ff6b8c1a07757de74f9f27e607917831d432e50f7d9d9ea0b7fe1630750c11bec5d4c36ab43f99eb89b785d20300ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
fd9bade8f4951a32cb887c343ade6018

SHA1
7aee994347d8f2922aaba6883014113e11d42780

SHA256
dfbfd9820622008d3d692e067cb9601ab869cd7d174c29986c07a2857147dcd1

SHA512
2347f2ea473048ffc4505219ead461904db05d421952550494749c91a58e3a1aee1fb442a00b86c586708c8655a3f3481b665a87b6d095335f45d2c907f0e1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
fce4f75634b6a1d2353a383cdad68800

SHA1
6e884d13757490c5ba99868300567576f82e46e1

SHA256
5ff9fabc08553f363e35e499cd633ffff62d8176c8e83aa7a4f05b191e1a7d7f

SHA512
bd69a91278a359ce8af6127c23e1000c075346051307511e0f94480c28aa728c623a9a4284851c957f82e90ea5affa3d9d8238568fe4436005003a672adae072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
c163d43f4bb90361948340dc54d24f9f

SHA1
fbc5ec2943d4aec7a9406a4a991e1130d8e853b2

SHA256
85284cab839dc6c8b5f5239fc6af1464172c29a9756fb72863404b4a449e8b4d

SHA512
68a4695247a9c3fb347aeeefe44a6f9f4b6c8359d1c0d7fd6101afad77667430a2949d770f4eeb8fcdf14f4d698691390ba8592ba70e90a5bb69595243a3d6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
9ba657387d69408563f219ba9cfcc288

SHA1
a26a0da8ab6b3f0bde759a02ce5911fcb935d4db

SHA256
3e951b86cd1a7e7d5c28721139f364ca2f25b30e2aa1276dc6725a6f3d779dfa

SHA512
da32b618cacc176e86fdf1e0e3fc840a1b3e5813e59097be53144a12d0cc6ee44af4fcf83e7388831e91e745618c0504eee4cc03c9b58680625e0e1c21fd911c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59dd66.TMP
Filesize
88KB

MD5
9e5be189272ddf95f582a3d754f6049c

SHA1
dfda63723f552c096be1db70edc15ad7ce51330b

SHA256
97e668aa0d0661e491eef8130398a1d9fbf651896c3e2e2274e7bacb6fc8e969

SHA512
90b676ed0f8346211c1090bb48ecfc9b6e81472ed0d3eb80d19a94c8f5614438809e7c46399581e5a0aabebbbfe91323ad64e2232e2b2b331a030866b2d9967e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
032113dabed0ea21c45c659a95563974

SHA1
0d550dca262bdc0478f5759ba0dba8f490cb6cea

SHA256
decf85a74cf5519395f9e29b907bde1d480490bfc112aadc3c3ae33cca654f1a

SHA512
b6c5715b04f0c83ad6d89b63b903f07322e1f77e53e1cac71357370a9d2b5715b556d3d4bdba01e9698d3997ffbc3a8f7b3c9599cc6faa2cb7827c18abb912db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
585B

MD5
76d0f5a446650d1d85041f272041aa57

SHA1
10ad5f7e4ad7775a5483eea951254aeb53bb154e

SHA256
6059975c68283c60b4311eaa84eff9a72c009ae7043f52e5334863e30da2bf95

SHA512
9306c6c8bc291a88b36eec949433979286259b203f147b722271728752ec5aedcb435db172e2ec2f845dab2a4a699e621adc0c92b9d333238810c7d9c7c10b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
43043784b47037290573d5c236515490

SHA1
6cc8e1414921f37aca9533f18900d0c606931caf

SHA256
0fa8487d127af573be7a1098ae0e7b4872da4b41a8aa2b6fd7c4372311c25555

SHA512
67b39e77df8a47ff1e56a3946313a0621cb0e2b66a6709613cf1395d9dc830d6c76ab8a5a9ab1ba4b0efd815551feea1665b81f105014628b757511cf23494c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ca45b872f9c55f418e5bee88311a13b3

SHA1
ca44ad82bac7114adf08537507b2120f55494612

SHA256
61c35dced239f5bff1e4624ae39751135d364de26ca4ecd5ff1145cfab026e0d

SHA512
a274ef0daa77c22dbda491a90b7c786d3dbfcf0b1c1f27a522ba99b3ebe57d2a8aa3384065fbc0a3f2eefb3c4c4a05a711c4bfd433879899d3d7f59d8dc07070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8a5254a34798b02e5d6adfe78b40898a

SHA1
b9a92538f56a5a6dab37369c76a729e006d1e667

SHA256
0b7c33ffbe10865cab6b550d1e09a2d162c69d5204b37d55b193e7f76da9ab0e

SHA512
7a7df1fbaec2e3d5598ff60f1f05b0d835b7952609f9ba4f9e5b790eaad03556e4a3cc802965bfe36f721b5b1fc84af29f00bd3bde8a0e648b7eac8c2a60e0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7a4521b34575ca483dd2d26714b35efe

SHA1
d7413373bbe3315a894f3da79d4601858caf07a1

SHA256
08caafc33e250e216a90c1591397821ddba3f8ed0b90678aef22a29991ccd9a4

SHA512
39ad61746945b3c6741c0c4dd8c60ad80f7d4230706d7b1715a545e0d0e8ab1c4127e038adacf91854aad5be2b7f4a517c63b8a2e7be0d39adda20ddc8e5a7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
533B

MD5
7d7d13d3ee00bc01926dffe4a66161dd

SHA1
7ae31f162f8e690b732422e341b3785b1911cd38

SHA256
60788cea4b75fe89c8c895695c3ae0536927a6d59e9c4a6cc5376e4379ab8411

SHA512
b9e602f79cfc3dabb2525351dd65ca86e1435168bcb4a97d9aa1a9c2cbdc6c34031819805fca308cc3884522d5037da9cef79d593358ec2f00c413ca0daed2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
368B

MD5
0428d7770fcb79be217fd9fa6f134c09

SHA1
0f40f0f130c7a81c463df8e004f5bde861ee5ab3

SHA256
5fdbcd05fcdb602bcc9353e5e5cebe44e21b98df46c00b9e0be096deacc27f6d

SHA512
183ec9f47036f3ef960bb3e6fbef31868840bbc655e6891f9772f8d81cb97e936abc1c3cd455207a32e197330e6ce7e07101ce07f145aa9f2616d664dce7ff94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe652a48.TMP
Filesize
368B

MD5
ac3bfb04a1c2a1c30b7f7bb33ff9b1c2

SHA1
6f0ef310af1c17b681e44cdda73028f3bca8620b

SHA256
29d9dd1101831a254ebe3e689af3632715f271e43b98e9ef76a0cf9bf387d3e2

SHA512
1f28d9ced93d207ebe423acfaf2816062fefe82bc924a214b75b13f1b1c541bda0367ccaaa03e4973e4b6c3f70129435f89cbb35d7dfe645643db3326ec6e053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5c8ac326d9dad259acfeb7660db1ea96

SHA1
057eedf0440362922e038b93775033f44b4bc020

SHA256
3c1fce75bcc6e0831950cec235f35153fb58a07d552689ffe105f88cddda93fd

SHA512
4281c9487c0fc75e1680f875e0265b0e71cfcd2dbcfa5cbfe2451cf72552f5803aa9787c65dd10cdd808318753ac88e90edace67ed7085b84ce7e7c65c9ed59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_owm3nfe5.gxb.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\眯懤挦决餹詬奧覱徑芠峚餣钬鱉驼謌.exe
Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
8KB

MD5
ea4863c1b5f8b734a844d2e05d714160

SHA1
ecc0e0ed14f33b1dec5def499fb174e24b341b1a

SHA256
f31b8f95fb2f2fa127d2677fb99b34fcb5dd9433ed2db00d47a67675ff739bd0

SHA512
9400d3d338886037c0ddee601e3dbfdf0f84e4b918423bce701b4dbe0989e5e48956a61eecc3c78975810014cf80d93f845ae70a05ec455dfd388292d2374d32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
1792689c5eacd4d558268f92d50bb4ce

SHA1
5a6be44c35d19c18af5326e0296004db41c2602a

SHA256
ae40bc2e4edc74bc37a4e0135a0f3ff53f73c2f53e608e3f2249fcc5e72a540d

SHA512
65c50f54a3d36453c5ca5cae7c4f8983ad6acc0af4eca038b38024c4523e28210d9b5c105b3547178d5cea0f24f4d888a9b6eb236a3873f1d3c14bf5202db273

Download Submit
C:\Users\Admin\Downloads\solaris.7z_archive.torrent
Filesize
1KB

MD5
223c0d2a8f6e6bce03d09d4cdcccabd4

SHA1
05770b08866cfe9686492b4bba2ac9e171c75dec

SHA256
caecbdee4748021de7d1a86b3e0a2128bacd81db871ae26b37257d78a4603bac

SHA512
a0e435287e7ea4cb1876daa64886e917433cfa9fb6f6996d3e552c2bb8306101855bdb69d04fd8056c2ca0049640938a715e92bbfb211d49cc1a5281ebc01698

Download Submit
C:\Windows\Temp\{3E181845-E793-4D26-8790-AEAD8987C683}\.ba\logo.png
Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\??\pipe\crashpad_3220_TXNCFMQWAPCBJATS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4968-3-0x000001BCEFBB0000-0x000001BCEFBD2000-memory.dmp

Filesize
136KB

Download
memory/4968-11-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp

Filesize
10.8MB

Download
memory/4968-0-0x00007FFEB3963000-0x00007FFEB3965000-memory.dmp

Filesize
8KB

Download
memory/4968-12-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp

Filesize
10.8MB

Download
memory/4968-16-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp

Filesize
10.8MB

Download
memory/4968-15-0x00007FFEB3960000-0x00007FFEB4421000-memory.dmp

Filesize
10.8MB

Download
memory/11212-2123-0x0000000008550000-0x00000000088A4000-memory.dmp

Filesize
3.3MB

Download
memory/11212-2130-0x0000000007EE0000-0x0000000007EE8000-memory.dmp

Filesize
32KB

Download
memory/11212-2036-0x0000000005E30000-0x0000000006458000-memory.dmp

Filesize
6.2MB

Download
memory/11212-2037-0x0000000004BC0000-0x0000000004BCE000-memory.dmp

Filesize
56KB

Download
memory/11212-2047-0x0000000005210000-0x000000000521A000-memory.dmp

Filesize
40KB

Download
memory/11212-2049-0x0000000007230000-0x000000000727A000-memory.dmp

Filesize
296KB

Download
memory/11212-2048-0x0000000007340000-0x00000000074B8000-memory.dmp

Filesize
1.5MB

Download
memory/11212-2050-0x0000000007620000-0x0000000007774000-memory.dmp

Filesize
1.3MB

Download
memory/11212-2051-0x00000000072E0000-0x00000000072EE000-memory.dmp

Filesize
56KB

Download
memory/11212-2052-0x00000000074C0000-0x00000000074F8000-memory.dmp

Filesize
224KB

Download
memory/11212-2034-0x0000000005250000-0x00000000057F4000-memory.dmp

Filesize
5.6MB

Download
memory/11212-2108-0x00000000078F0000-0x0000000007956000-memory.dmp

Filesize
408KB

Download
memory/11212-2109-0x0000000007960000-0x00000000079C6000-memory.dmp

Filesize
408KB

Download
memory/11212-2113-0x0000000007F90000-0x0000000007F98000-memory.dmp

Filesize
32KB

Download
memory/11212-2033-0x0000000000300000-0x000000000033A000-memory.dmp

Filesize
232KB

Download
memory/11212-2124-0x0000000008950000-0x000000000896E000-memory.dmp

Filesize
120KB

Download
memory/11212-2125-0x0000000008A30000-0x0000000008A7C000-memory.dmp

Filesize
304KB

Download
memory/11212-2126-0x0000000008AF0000-0x0000000008B12000-memory.dmp

Filesize
136KB

Download
memory/11212-2127-0x0000000008E50000-0x0000000008EBE000-memory.dmp

Filesize
440KB

Download
memory/11212-2035-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/11212-2131-0x0000000008DE0000-0x0000000008DE8000-memory.dmp

Filesize
32KB

Download
memory/11212-2133-0x0000000009500000-0x0000000009526000-memory.dmp

Filesize
152KB

Download
memory/11212-2132-0x00000000095E0000-0x00000000095E8000-memory.dmp

Filesize
32KB

Download
memory/11212-2135-0x000000000CDE0000-0x000000000CDFA000-memory.dmp

Filesize
104KB

Download
memory/11212-2134-0x000000000D460000-0x000000000DADA000-memory.dmp

Filesize
6.5MB

Download
memory/11212-2137-0x000000006C410000-0x000000006C45C000-memory.dmp

Filesize
304KB

Download
memory/11212-2138-0x000000006C460000-0x000000006C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/11212-2139-0x000000000C4B0000-0x000000000C4CE000-memory.dmp

Filesize
120KB

Download
memory/11212-2140-0x000000000CE80000-0x000000000CF23000-memory.dmp

Filesize
652KB

Download
memory/11212-2136-0x000000000CE40000-0x000000000CE72000-memory.dmp

Filesize
200KB

Download
memory/11212-2142-0x000000000CF70000-0x000000000CF7A000-memory.dmp

Filesize
40KB

Download
memory/11212-2141-0x000000006C460000-0x000000006C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/11212-2143-0x000000000D050000-0x000000000D0E6000-memory.dmp

Filesize
600KB

Download
memory/11212-2144-0x000000000C4A0000-0x000000000C4B1000-memory.dmp

Filesize
68KB

Download
memory/11212-2145-0x000000000CFB0000-0x000000000CFBE000-memory.dmp

Filesize
56KB

Download
memory/11212-2146-0x000000000CFE0000-0x000000000CFF4000-memory.dmp

Filesize
80KB

Download
memory/11212-2147-0x000000000D110000-0x000000000D12A000-memory.dmp

Filesize
104KB

Download
memory/11212-2148-0x000000000D140000-0x000000000D148000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads