9bb9b429599af896e15e17f93bd828d8917cffaff40b6107b47dfb6972b59145

Analysis

max time kernel
2699s
max time network
2630s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 08:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Firework Stars.png
Size

39KB
MD5

474e7fac5724eb07163aefc19e1f1f79
SHA1

775c689df447faeba0d2293ce892c995465f8a02
SHA256

9bb9b429599af896e15e17f93bd828d8917cffaff40b6107b47dfb6972b59145
SHA512

a0ab811f0ab42ea50c13f0215b0d48704609383c0a3afc13a5590ef2e1997e6e529ddf8302062f3244a1b19b4105ed5820ce6fb229b2ade8a26e219fcbc255bd
SSDEEP

768:gLQAgCRfQIfvUoDNLhhPS5pNyxOHngjN8o1GYoQ9sLKUjgIcEb36IuXdxHOeVlJ:3AlfQIXbDNVhqAx8ngjN8EvrUjbwjf9

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c8374000000000200000000001066000000010000200000004aeae48db9820f29bd1072efce7314d4e3104acb5b8f832e8354d2c802b32753000000000e8000000002000020000000847358e0a15236f99660e33c4fed4f5f10e9a2c508180e561f7806c5a10c9b3e2000000094493777a9b57bbfdc8bf0f841e1671f4cfa606a5c09e147cb5bc649e454112c4000000025599ae58f20517a9438dfe1f8cfbae0c96184e196a44f5a1343394290a7130e0ad2be2b2786e667920a4a313675a2bd57bfacdf638ee516f787f20e2c157587	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2E9C8715-1ED2-11EF-A084-FE55E2F65CCF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "33"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "50154953"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\ContinuousBrowsing\Enabled = "0"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "55"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\ContinuousBrowsing	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "33"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109855"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Privacy	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "157"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408a0ff9deb2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109855"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExit = "0"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "55"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7CCA48E0-1ED2-11EF-A084-FE55E2F65CCF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "157"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "157"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "33"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "50154953"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "104998733"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "https://discord.gg/invite/beluga"	rundll32.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615799476383765"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	vlc.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{25F3BCF8-C384-48CD-826F-614A268123DF}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	vlc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 6c00310000000000a8589d5510004f4e454e4f547e310000540009000400efbea8589d55a858a4552e000000442902000000010000000000000000000000000000006c2966004f006e0065004e006f007400650020004e006f007400650062006f006f006b007300000018000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "3"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	vlc.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3836	WINWORD.EXE
3836	WINWORD.EXE
4856	vlc.exe
3924	vlc.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
6080	chrome.exe
6080	chrome.exe
3960	msedge.exe
3960	msedge.exe
4216	chrome.exe
4216	chrome.exe
3180	chrome.exe
3180	chrome.exe
2248	msedge.exe
2248	msedge.exe
3740	msedge.exe
3740	msedge.exe
5636	identity_helper.exe
5636	identity_helper.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
5964	chrome.exe
5964	chrome.exe
2668	chrome.exe
2668	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5932	DataExchangeHost.exe
4856	vlc.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe
5964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
4608	SystemSettingsAdminFlows.exe
2524	SystemSettingsAdminFlows.exe
6020	SystemSettingsAdminFlows.exe
3836	WINWORD.EXE
3836	WINWORD.EXE
3836	WINWORD.EXE
3836	WINWORD.EXE
3836	WINWORD.EXE
3836	WINWORD.EXE
3836	WINWORD.EXE
4492	iexplore.exe
4492	iexplore.exe
548	IEXPLORE.EXE
548	IEXPLORE.EXE
368	IEXPLORE.EXE
368	IEXPLORE.EXE
368	IEXPLORE.EXE
368	IEXPLORE.EXE
224	iexplore.exe
224	iexplore.exe
3504	IEXPLORE.EXE
3504	IEXPLORE.EXE
4856	vlc.exe
4856	vlc.exe
4856	vlc.exe
4856	vlc.exe
4556	firefox.exe
4556	firefox.exe
4556	firefox.exe
4556	firefox.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3924	vlc.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
3436	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5028	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe
5424	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4464	4852	chrome.exe	118
PID 4852 wrote to memory of 4464	4852	chrome.exe	118
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 5036	4852	chrome.exe	119
PID 4852 wrote to memory of 4924	4852	chrome.exe	120
PID 4852 wrote to memory of 4924	4852	chrome.exe	120
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121
PID 4852 wrote to memory of 860	4852	chrome.exe	121

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Firework Stars.png"
1⤵
PID:4316

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
1⤵
- Suspicious use of SetWindowsHookEx
PID:4608

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
1⤵
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9bc16ab58,0x7ff9bc16ab68,0x7ff9bc16ab78
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4608 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,12297477749634412808,11227043786368515146,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6080
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3400
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6e018ae48,0x7ff6e018ae58,0x7ff6e018ae68
    3⤵
    PID:3952

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4816

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of SetWindowsHookEx
PID:6020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:904

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0fa668a7h2d11h4eebh9f77hc5dfafb453e2
1⤵
PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9b86546f8,0x7ff9b8654708,0x7ff9b8654718
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17709878949558940805,12606397447764670570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,17709878949558940805,12606397447764670570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,17709878949558940805,12606397447764670570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:1108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1716
- C:\Windows\system32\dashost.exe
  dashost.exe {a8060054-54fb-4ba3-aa24a764d8cdfae8}
  2⤵
  PID:692
- C:\Windows\system32\dashost.exe
  dashost.exe {a01b0a41-a6e6-4b05-9fdb9da9bfda401b}
  2⤵
  PID:876
- C:\Windows\system32\dashost.exe
  dashost.exe {5d4c3c83-ab94-4e01-84eb423207321a88}
  2⤵
  PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bc16ab58,0x7ff9bc16ab68,0x7ff9bc16ab78
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:2
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4504 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4376 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4328 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4540 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4576 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3304 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3280 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3096 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3196 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3108 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4916 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5544 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4576 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5744 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2276 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5484 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5584 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5336 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5128 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6140 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5548 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4440 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4648 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2584 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5336 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5892 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5564 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5364 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6028 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3084 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3112 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5564 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6004 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5820 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3280 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5424 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5564 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5948 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5132 --field-trial-handle=1964,i,5774220145966931159,6340994132655799111,131072 /prefetch:1
  2⤵
  PID:3160

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5384

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3828

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4492 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4492 CREDAT:82946 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:368

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:224 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3504

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1956

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\inetcpl.cpl ,
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b86546f8,0x7ff9b8654708,0x7ff9b8654718
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18200387061258085332,120656847046264440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.0.1199022398\112591355" -parentBuildID 20230214051806 -prefsHandle 1780 -prefMapHandle 1772 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {622d2e66-eb86-4c0e-b3bd-8551d4aede5f} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 1852 14e0be2cd58 gpu
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.1.413962699\1312836951" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {540e000e-2d95-4c66-be83-aed2991e449f} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 2420 14e0c275858 socket
    3⤵
    - Checks processor information in registry
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.2.419904003\855264224" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {474427f9-e105-4c63-a26a-3dd82404a836} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 2980 14e0ec10558 tab
    3⤵
    PID:2496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.3.1263972018\872920845" -childID 2 -isForBrowser -prefsHandle 4184 -prefMapHandle 4180 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ed8a99-dce5-438b-90d3-a7cdebff09db} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 4196 14e11389f58 tab
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.4.702620969\1287704423" -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5148 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66ecc580-4060-4370-9db4-f60417a21971} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 5160 14e12fe8558 tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.5.111854464\442296319" -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee015f53-c786-4958-b567-9f1deee94b06} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 5388 14e12fe8858 tab
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4556.6.1971375283\1628842861" -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5504 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40acbdf4-c359-4379-9b11-8f55d1d15ffe} 4556 "\\.\pipe\gecko-crash-server-pipe.4556" 5580 14e12fe9758 tab
    3⤵
    PID:5408

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1632
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=25747BB79EE6D01EC21F300F6B0D8996 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5448
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=512FBA2FB3D1BD3C3920F9F63A7CE7A3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=512FBA2FB3D1BD3C3920F9F63A7CE7A3 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=60F3EF5AD63104FAE1EFF9A48C91FFE6 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3436
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5176
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D76F2B7BCD57B7D6FA9E27F5EA72E65D --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=427E7AEBC66B005CB68EEF90927C237C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=427E7AEBC66B005CB68EEF90927C237C --renderer-client-id=2 --mojo-platform-channel-handle=1696 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=26F7400646B845B37B226D72BDF29AE2 --mojo-platform-channel-handle=2408 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8F8E8CCD62DD5162BCE0C7042E447742 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1476
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=74325B97906BC3D6C974B49BE0677653 --mojo-platform-channel-handle=1980 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=948D96E0303C13D717E58540273AA994 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=948D96E0303C13D717E58540273AA994 --renderer-client-id=8 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AC043487B17BD9C4CF84033B7B9DA070 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AC043487B17BD9C4CF84033B7B9DA070 --renderer-client-id=10 --mojo-platform-channel-handle=2624 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4984

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3924

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\663d55fd0a654297813ee6f7f369a194 /t 5492 /p 3436
1⤵
PID:4796

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5028
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FBACD719A03D80003AC88ABAEA596A31 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FBACD719A03D80003AC88ABAEA596A31 --renderer-client-id=2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4FA638A7C59976EFB3126002FD22E73 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=63E8A83F9C448DAB0F967727E8D01257 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C265A7B830BC7413484B354C4AB9D75 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1632
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B71D15A8C1AA803F6A8EAFF0C31B9E8D --mojo-platform-channel-handle=2532 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3108

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1235f41ece0f48c184ba5a9e200aaa81 /t 4060 /p 5028
1⤵
PID:4768

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:5424
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=368BDBAB639AC67695D26C31BBFC04A2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=368BDBAB639AC67695D26C31BBFC04A2 --renderer-client-id=2 --mojo-platform-channel-handle=1668 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1808
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0DEE503566BFDA5D68EA6550EBF53CCD --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F991AC8ABA959FC0A83929659D37FB8A --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=13F22524CCE84616CB0A0EA05F73E2F2 --mojo-platform-channel-handle=2088 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=804E9C87C30E6145928862460EB6558B --mojo-platform-channel-handle=2256 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1720
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=09BB06E1E79C3D70BDCF4DF8AE6A2C42 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=09BB06E1E79C3D70BDCF4DF8AE6A2C42 --renderer-client-id=8 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1600

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\2bed1b7b5ad6415f8f233088d222932e /t 1048 /p 5424
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bc16ab58,0x7ff9bc16ab68,0x7ff9bc16ab78
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:2
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3640 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1184 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2560 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3276 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3268 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1524 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4780 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1104 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5156 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=2024,i,5763601439728277633,10766800205310865311,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1080

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
cac922617e97b2df5114fd3b90903e9b

SHA1
1f0623a3a162e03e432f387ec1fe4902b1162e27

SHA256
e82728ef959390a930326fac82a45b769430bc67aeebc05b9aa5e1396bff906e

SHA512
b7eb2b497a0fbd1d70104a4b02b901fa68e45e73ce5b8cedb23e24b7bd2f9294f404669b0874848fcad94119bfe7d128e0fe55714c23c3d78b01b5d024632925

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7ad3d5522089f7c57fc96eeb61a61eae

SHA1
6589dfd8dd31ab63cac4a4d6ab3d933410661d12

SHA256
55e133a99400b257d987676bb21c5d307a04c3c59be3de6ac31e058319b1a167

SHA512
b9cfee7acc27908202009904b0094df8bf3f4a34dd8f57056e443b2be6cc5fedda39ea45bdc2704d8d749151b0619ecc227d2e708be38fed4a251c57ee09833e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a97c5c54d4972dfcfda39c09738cc551

SHA1
829131f378cac9e8f1137f37a04a8059f5c8e25b

SHA256
8021a40def0d8deded0cc50c42344ed09844ceb740bd6a6e12a9a38e7de714e5

SHA512
eaeac9ecf42b1e17d97baaa598809ad65978c9503c68ee4654ab3e54e94432574729bd0477244bda68635033ef08a2a06e0bf26c0d3607f580085f4b7bea2e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a21896c448c6a51dd7a5f5df542d0de2

SHA1
6d351669dde5b8a95890d28844c281349dd02e1d

SHA256
52f15494e039757707f60f08c5a81eb54e6a82992d271c69aff2d2d4ed188929

SHA512
866ec90d7d9533922ad225223a63ad1d748f26d50ff115e636feb4effc1b956ea193c72ba77c8c7918fe80026c1844e2b48ef20ec53502a99fcef0b97905bd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1dd95bc9-1a1d-44af-95cc-8e30b39ccbb1.tmp

Filesize
135KB

MD5
f5c7cd9fd354736aa4ade444a1599cce

SHA1
c0b8c8d8b13686f2ba2b7998ed435ec55bab1476

SHA256
17b10fb5b5578bc76e197829679f807ea6b449ab5d34afacd9822968b85c6b0e

SHA512
129e37f9feda6d1d442d8bfc4055f88f5a5c622ea85376b5136b6a12d64972c5dfd73bead4a48b26727d64caaa9d107615118a208d9d0fd1d249115026669732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2cd879c3b1b25f881f4b7ab71b67a095

SHA1
e8c477526bb5bdddd659fdd44606060d83e703ad

SHA256
d15ec0b42a1305238584533da0ddd5ec2959a76896cabc74599185af8af9e92a

SHA512
95c25065ecb23b375e233d554beb9c5fb61d877f6b5586155d5b5931d270cedfd4508a8fde3dfee5073af2215b256d7cffde9f77923d41909d4168d9bc61123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\582ee833-63d5-4402-8434-0bfedb7a4f2c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b46524b29a68f81041e9655a1ee930ca

SHA1
03b85876d3e6accc72489f7b4b307846088d8c99

SHA256
5c0551b9e0c8a56377e350d7231d415c4c416f9d727b4ad376001ff454e8a76d

SHA512
bb423fe84cad37a1c8c286e419eeb2cc30fc71f5d9482a9f06ccdb95a17a1075ed991695948f602c92d339668bf5a223d4f1f42cd84e3f7d30935506f980e665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7c9cf3786d13d8fafc3c8708622c0b9e

SHA1
a9b56dcfbc0fa7e1f1d3362ccb65c157971c8b06

SHA256
3057bdcd97eae5a4d0cd1cb0aa30232d81631aa05f1ff6064f4e8c458a759b9a

SHA512
81a77429ee48140dfd073f78c7cab2088238b6ef827183e7f77dfa067d360c33453ebbd904e53f52ef35f80431b4ca93111acd0ec166550605e3fd0fe69d00e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
eb257d1a0c12895c17a156a20c0bc9a9

SHA1
a5b7481494805df773f8c95afce81c18240f2bff

SHA256
f01a8bb36c70c1697c1bbc372e8a857acf23e41f5d08dbcca679364cb43cc996

SHA512
781d9417d5f059b5603158894c7b18d00c9c253adb379f91b1f73446002702cb0ff7f92f04cb2381cdf9f28971060a29113f64775b8b845640308cb470700bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
7e69a63a05e4a4e5e1e6d67ea1b9b061

SHA1
0de6d3091a564df22f4a1b1801135ba5169ef61b

SHA256
cc274349b75f037d3a94828ac2feda74b2123dcf3c1fb516ccaf469031b86cb0

SHA512
db6ca226770c27e10d05230a7150451e3692c56b205e8bd940c0ef0e416d887fd6fe505b7030a93b079524f1b79d6b61239540f9c5a284b2cd355513e4d0498b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
148d2fe5878b9af8fcb2d40a20e9d996

SHA1
2678cc76e1583c61bc4676f26cdca721862c682f

SHA256
58b439282b24d96e81338a5ad2d55fb96d37ea584d7d56d6e00989f0498a6c2c

SHA512
dff6d4f08514457b4e9b870358b4a73ff2e3adbb32e4165df53e0429a37c384b97414317a725ddfdbb63df68ed1ffeb991ab0051071f8db557cb73452bfbf3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
33d2dcc9ccf87d6ed728ab0c46235369

SHA1
249e080a07601d8537b242546067229f49a4aca1

SHA256
a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c

SHA512
754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
65KB

MD5
f8619200f0d1afb8b8e4ea777cdd4fc7

SHA1
2524e496004de84145afae1c9672050f32840069

SHA256
15d3f95149b773a875367b0a633f749c9740b695d1cc6a90c2196f3437fbd7c5

SHA512
049db5236bade14d714519bad6e84761734609c896a225a3d3eab88ae015bc9bff10913aad4982f3c926480a6e8523f1f7f6224f3d30ec70eaf04e6c146a4f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
91KB

MD5
95bd51dd1595f27e3af3c910fd2c00b8

SHA1
9288307825a3908233387f394c6d0c20b9c693f7

SHA256
3ca78aecfd2583afc6914f67b07955bd067e1f2d09fe2209a66141806c445079

SHA512
6b29a8baa6186f0c79dcb2256a3dbcfe24b67d84f0e688d136a432d3aab0f2a7cf3bcc405e9e72a79adbeb70c10f60f510fe2c5aec89288f2beddab18be2b191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
134KB

MD5
387ed93f42803b1ec6697e3b57fbcef0

SHA1
2ea8a5bfbf99144bd0ebaebe60ac35406a8b613e

SHA256
982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587

SHA512
7c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
69KB

MD5
c356a0c771a0209d3482777edfc10768

SHA1
1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08

SHA256
32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad

SHA512
561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
327KB

MD5
5af1f5628c0ed3c017578c350ec2cb48

SHA1
7d22949f9b3937c3919c8bb3b44b6bea8b674fd7

SHA256
596c529a81532d6a7764277a52a4b4a85bda462c92581b46445d109e8d6fec4b

SHA512
ffab1edf8783494db98ebe740a69ca7810ce2fa49c3caa4ad1c439c00c27dd0d282f5a68769e372f1246999e8eff6814937bd130918fe4ad08a63d9c166b9119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
133KB

MD5
fe6ca7642fe53df5378b1b31cfe5be6b

SHA1
10c0912cd94d7e2efb3ffd3578bb7def26df2f6a

SHA256
9c24b4941e6363576cebd2fada6864ffae9a8c9dc9b7f8992b8d618a24556d83

SHA512
4a36ea9ad25ccded9f5f01e7638837ddea06ff4d9517c5aa13a41c6e92364fee5c2256ea050925b3b5324356a7ef3a8e14b71124614b9db6bb13325807df4ac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
252KB

MD5
785a7032129bcf6b976d287ca9e51e11

SHA1
5e27c0512c88e78d75caaae734251408603fb8d6

SHA256
b2935a4c2ea00a25592a9925961c1d32a709be74ca1de571f56b9e05c865c2cd

SHA512
11613a3cf2a68e8980df8932159f8fa782cb29ccaafc0e747f32395737e90eeebac26bf892b82f47a4a097860ae70115997e8b69c33a2408d9f51833b63e5793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
164KB

MD5
4d556c2cc10f8727638e49463b7d2a89

SHA1
257179478e9f824988c329ac72563c9aaf7bf60b

SHA256
ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb

SHA512
3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
223KB

MD5
a06dcd12ab1eab766d22c22b772435e1

SHA1
de36891470ceaa364c65e9e31998aa1f1a0d4b03

SHA256
eccc0756122ada1ed0f4f7df11d6445e980c44de3e6cd961271c821a669623ee

SHA512
3998d3656f3e4e68a0507b51a6aab8251602dbd439839729eadc55e352c35ad81c1da0bd8cafd82dcf74ede5d7daaee47e1f37dcc6f6b308f5d1e355850f7b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
42KB

MD5
8f1f73a6bbe39bdf9491f7672b28db4a

SHA1
17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79

SHA256
fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b

SHA512
ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
46KB

MD5
f871dd44ae8c9e11c5c85c961f8b2ab1

SHA1
7618910822a0f2639b405e3c0b13faff0431140a

SHA256
2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec

SHA512
3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
19KB

MD5
0f0c9989cbb18447d2f5d954c20ed99f

SHA1
9ad0fd560c0c478c67cc8f118e363b3a1d1cdb5a

SHA256
a43a9e5bbd2d8a8aed070df3b2c799afe064312d6f248c4a498a67c0f9a02720

SHA512
ad6a2c60d3e5aab48497169e380d0fa50d7a0fd2bfa0a07313d880afaafd2ff2be7521864ab7ec661866b1ee4309467ef2733a24dba7e0facde8d190739d9fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
96KB

MD5
faa475d077f88260d6796a46fd5656ae

SHA1
92900a3395076a8021aba31fc975fdcef4bc60a6

SHA256
e84fdb3d44a150998bf6846bc5519a66a97eb1e1462f3b92a9bfa997079025ba

SHA512
98cd54d3022b9f11f9819c729d20df829345ba930f5399308f8bb4b810bb9b7db739c4f7eed33bcb294823661ec1217096f457159bd1fde54b10b75253d90bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
802KB

MD5
6ee227a16635fe5604b7b0522a40e0e3

SHA1
6382205c91495f6b93c2dc9e161715131219f978

SHA256
bf550c9aae5091c935890dd13c70d1acd00702693670afdf9516c10586901936

SHA512
ea68dc914ad394f0c35513359f6c52e11b0829a903f3398036d6b166d129d71678ed6f0acf26334ae6fba2674a5b52979a77a7a041ea6cb2d9da5656d186d685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
32KB

MD5
0ca678222114585bc701a81128e81da5

SHA1
7153ab703cebe63231f07951ee322af357b30d0c

SHA256
d9899ffd6d9533dd3c0c34f02c7ec9f36c0463e0b9386185b0fd0fc5a6247997

SHA512
173f744c73f5dc6578dde2a593a0b66688b9c90e2ae066fcbc75f8c080378cfb4c863047cc36785250e788bf08b77efaaef02b56c1a4a8874fef8654b16c4f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
27KB

MD5
97f07e182259f3e5f7cf67865bb1d8f0

SHA1
78c49303cb2a9121087a45770389ca1da03cbcdf

SHA256
c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c

SHA512
10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30232bedc8b09c1e_0

Filesize
2KB

MD5
962ff79ac040e666013ecf306b37024a

SHA1
fa07c496e27228c0784979dea63e6c4397b5f399

SHA256
b2173b887bb24e4b305404439dfb50338a180dbbc1a35e89e6ca5165577657ef

SHA512
8403bae9ea322cd9537f6c64272baf85baf9ac6916ca3657a223bac2e498511373c7fdb83b0875e2326f73ec684242d0f48949df431c8e6281e026a7d0344820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3f53680f7630e8e8_0

Filesize
347B

MD5
9bb95dce1f02deb1a5ed66dee8532e5b

SHA1
cbbaa4121cdf14d840b8e68bda0f1178307820fd

SHA256
7104689bfd83387e536c9aa3d3ef5e72b281dffe52f953756e912cce101a1d71

SHA512
69ae0778945e4278eb878e78bc6666f18593c3d1d377341fceb19efbf941a602b647685b9d9c4e45de13a85c261951d9635974bac6c14032e8bda0500aa4833b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\57a231e305958ce1_0

Filesize
3KB

MD5
f85962d7dc896790dd053d5b51ee52a5

SHA1
c03e60ce83a4c44505a36288a86e7c8713de9528

SHA256
344b370a735f8136be7567d719c7aaa54b528089d9be665df336d643eb36c75d

SHA512
bae0ef6d052d864478ee40a3656666555fae75784b04b4dbd7f6c19da7fddbf68fe27a9e6dd5aa63dbfd314d49bae801b0770371b892ec1b15288770f11d14df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7ba30aca248bd876_0

Filesize
1.5MB

MD5
c6ffd01dd5c301c39c7055a1da0622ae

SHA1
41d5399bee1a2ea22d009bc2d897ed7e10c12412

SHA256
ef208f04232a18e32836c31fd823f8c694c058162710f78547f9fc67a510b344

SHA512
a0e72d6895dddfbf409da253fe2f19b573911450afa01ccfd5788c2a9c74062a481e9e3d310dc8b1a86b386c8363ceef302d453949e9f0a7be33821837480f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9634f909069f31f6_0

Filesize
231KB

MD5
5dc05af193cb2f5d5fed421adc6ce5d5

SHA1
767d70576c650b7fb0e772b75507f565fee356d1

SHA256
3e40d0b1f89d224c65ab1f61fcada271683bc4622962cb37c9cf2520bc60ff0a

SHA512
3adc748c03433f4cada3b501aa821186a94699d168ca80c763abfeef222a1c137801d20b7492205b3f83e162ec2d5576e1f1d0f76891baa82b7515558c19ef59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99b9e7e72a41e71e_0

Filesize
280B

MD5
05f213470f8c08695e7fc5ebaac0f35c

SHA1
b0f7b0ced0c9eef00550916efc155540439229b5

SHA256
c7cfb35064fb1fb0e7c2cce3a483bade401b69c32bdb655edaa8fe8d37f3bc7d

SHA512
3e48112b4721efa36931548baa479fc3cb39bb18342a2dc49a43cb122ad5dff7f8e631c6304e15ddb48378b34f4f044b1da8c8b26c40cca30fdd00152203caf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c11332e43a7193e2_0

Filesize
19KB

MD5
5cd86d7f1179c2939ad96c63bddd87f7

SHA1
a092d4268f0b4fbe0e0a89825bc4fa3e460886db

SHA256
8af2f734b2494a503b7a68b3653b62e59b1d229c65acf4c41c6fb50261d99405

SHA512
1c0a6c25f4300bf4aeb0fadc34ab66d11ceeff34d4e94fc66a9a294b22f435ae8b3c8f9519198704a56df82d628e04269e42c9f20c83aff8187da3f6afc14e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
2cf07fd26d40a3d0505748f315c103a3

SHA1
8da4e9e8e0bd09d9e515379f5618e182b370f7f4

SHA256
100c85e76b8b2e0a9b9cf2ef323772fdad1649270e9738809d8f4522edd075aa

SHA512
0a065c93fcb87670e219c45ca5adee0f6b0a3a5f6b9bdd1b04709972dfb696186f2306bd5f61394fd36f83a54a62d9581e4c456caa3b2f814fdc53b90ee711e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aedd5407e8e1d1c64740bc0b64b14548

SHA1
9d70fd9357875279711f31ea8ad670389193e401

SHA256
94e99cae1e83757221001b22a1787cd90333d80ab0f4c3e2ecfd47beef855ced

SHA512
63566a829b86596de623ee6146068db4e712bf4e2114740000db90ff95e424fd797e93d5382eadd080bcbdedf2bf15bb9f7c94bbd50a22a97931142a7195cad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dc75ffd6b0aab44b797361c8f25c5793

SHA1
9e1457dcab49ab61ed0aeabc7823748e2457f06b

SHA256
6da961d8f7689934d36351c5b0787fa669ffe0460cc4862651e895e6c3295637

SHA512
fcf7ab7554aca06806be7cf5a37104a59b35133846d0de1c4b68493c29acbbb9da4ad3f095781aa1e00935877d32918b46535e890318b36e6af0f8317582e7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d9839e24a5dac86a9d7f405f9d5c2e08

SHA1
cbcc602dec7c015487ddc609390ccadab3426ef9

SHA256
ca81eeba05f36ae49f7b52d86b12be60d1f5015b01cb9d709f5dfb00042c3801

SHA512
3280093962ddc2c51f6a074e6dd0df056b0cfd2c57cfa6bf8ebbeeea75f630e4aa3ad7ed53b65e64f91fd222c3aff545ec14b9256c83054753dc993495e311fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
60120fd596989deaf0208511d76a790a

SHA1
447591b543545361b9227c607a0e924b883d58c6

SHA256
cb988890652e0d35951f6ee56f996cac35f2af4a5b607e591a1f798889a2a993

SHA512
c7ef5b62eeb33e554dd41860623560857cadce4931c30e49ab072dce75900318ef0851a67e57c55259bb7eb59adfd96034c027701ecdcc82b93fe45399fc3b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
257cb8d13fb31acc0c0eae0e7d639481

SHA1
f16f5ab940b4797b14eeaf490cf889d594383f1c

SHA256
15af4063ca1b23c56dcb428380850b3984b9fa2b26e84107f82dbee5114790d5

SHA512
501209cf601826bac9dc77bbe30432278c1995a03b751701ad5f0968886d2f234109ac03b2713a09429b5364ae7b56918572b824972f219c80d7c4e1ad5c1bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
205c54ba16cbf2f6a164b092ef588f52

SHA1
3a2ad1024f94733d6c5fe08263643212dbb4a9e3

SHA256
c76aa3d7491214d981bfa2a55f3553d06b42e7f8c384fe08b77b2b0ce65e35d6

SHA512
affa3444a95a67b679b5eba615c3c70e7531877daa933afc94639b90dbfe0ae74ce9700cd37f92cf9b9b3687961d649edadc5ab015d11183d0760a50dfa64dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ef32e832bfd46420bde87871a1135e3e

SHA1
3c8a0e2c00fe4e8ab178720e5cec50b15f2bb210

SHA256
c2142feb49868ecd08dbfc31de1dfbfd091b1e8f3a6a8f52c6d440dd72f8c357

SHA512
08c3cda4288fb5b265a5e4b92d2a397b5652aa1c07837ede30d0c89f068e3105f89390b2ef32c60ba4c97f1f608c9396b4ef6bddf029c8c09b39342fc14ecaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e51acca185bf8d803f73fc362c05f5cd

SHA1
34c7665d05775afd18ab20c3fd5623b9a5d4c118

SHA256
c89a4a61d0dd30f310296dd3100a94fcd25029ecc64537d2a264c6dd1276c3eb

SHA512
8a5d392390f829f41154ba577eddbd46e9bee2f96268a6fb055fdaaa329d4c2ad9d16505936f87219a17113b3c4e4d52fee5817a78ea2de1b7f793f9c1da7906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8acb4c34ed759617c47665d684d04391

SHA1
bb5730c10c95a3272089603e54c4b642771b8f22

SHA256
046dcfdaebb77da279646705d3a13fd3ef18f741dd243bfaaeb9d1d14acc8063

SHA512
2f56e87d5e4b782bc00666f3bc4ac30d9452a98f762f1829fbad6937e0d6526ca90fdbb7e31aa788ae6ea15f6bac310f3591ca51389857ad5299eb2596660bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
54c7a86d472ea10dc84c0d2a4cf9feb6

SHA1
885a6aa3f715dfc20e95af8e1a9107c7a9645fde

SHA256
54003e727b608da0ab71ec2d09bd66588d7df844708aa516b2c494536ac18761

SHA512
095dbd96368db6b81e4c54cd7c98647e36eb594d38062345cfbeef7e05fed40552f5e9070ceb9cfd8ccbb9ca60fdca71760aa1458b1acf639ad387684835ed3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
edca606119e564571833e69bf0dbc16b

SHA1
f9b403d92163c4cd9f6d813e8346b8f19269b54e

SHA256
88fa76029c3141ccf9a3fa1139600d0a84764405e9033b48462ba0a3af4a6f62

SHA512
510b0f0d15f52d98a86ff33385f5cc646752b81e304869dd268f807c0bd75a87394b9961be5ad31586c67e45eaf68cebd468d77cdf5933d0d0faac0beaf4a8dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
58KB

MD5
707e92027f1b3a4b37c6f515d3207c7c

SHA1
afb4e73257b59473d8eb187150981bca06571233

SHA256
b631571ce958eccd26611f1d26cd3ced85a6cd9e7654d86832f9aa4c26e1a96b

SHA512
bef1cb34d20da61e70e4dff547b88352e0583b9476f3dd3ada5fa2a6142a38eaf8c2f150b9d0ecefd052277f322b17e865b777de84910bad8dece5b7a0625e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
02e35ec7bd945a9423cf0c5e3415f049

SHA1
52426350d5f9e3366d5c8304ee8e7dda9d0bb3fd

SHA256
c5c03b2b98bb857495ea6cb4337f2f82f7af977b179a74d3771ae768ee5c5f4e

SHA512
8c0b311dbdf7feebf70e3421d9511b90620401cb980bbd0a592028db758a5fe17fe6758d7a4e05f4902b7b3f1df48ef6b6e99cc91c1448df0ec858e69cecf1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
5c3d14c8e90a9008dea1fb371e281f45

SHA1
56b8c4d2156d6325f48dfd9dcc7d902e1780f304

SHA256
edb35e8e02d6b872fdf5318d76cc3ee2f0fcbe7207ff0886e852f854843c1268

SHA512
466878b4090d70747e6e741e11ae4b5e9b25f32d2c8df73fb6311845c1e16034558fd462b80781b16e537d24d53a00100063259b4a7335019bff6b12ef3f0078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe630e1f.TMP

Filesize
349B

MD5
9a07b6aeeff1a144c80556b10b31481c

SHA1
1ccd9bc854825521f1f037e6875a9b3e325db1ef

SHA256
06257abe0e48c5c2007fa32e54b62c0ecba883b9c1204bd27e2fba13174eab23

SHA512
7499382ccaa91f9bed737da604387c83c0c61658eea16834a20e3a6987feeb259075252347595fb6e71262482a91ff29c940c35ab84f39895dd47da435b9a61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
44e1b327a140a1f7be7e6ff8fecd61b0

SHA1
6f58078a57cf152238d9c74008528ccfe058d432

SHA256
66baa43b32184678fb66defb06878d4750fb3487f32694da7418d7daacff4355

SHA512
37961efa160a515f34951d08b590948712f8e5faf7e22b473ab4e523632fe17443befaeacbd339b32aec153b5902010a609a16dc20755a7ee07bc8d857a485b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
d28e18c19d8c49fdf9c03bdc4511ff02

SHA1
3bd2a3b04987c78b0615150a90fde5e9fe2dde23

SHA256
1dc1e94af9d4127ed2354b16c9d846c9dca15549a0b99e9d36b826d00faddd1c

SHA512
77d693496ea3166f6e0ec538cfbd65f05e9f6b56701d0d63fc0108f5ee165cec9a3276d1358e7399344178977591afebd9c7d3b3fb345103de8a1b0a88568507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f0ed120ed76aeb622c76a9e609bd861e

SHA1
d16c947b8303eb0988f6c56248b8130f97f2729d

SHA256
30e1651fcce9ba0d44755830e7ec153889e525c28a001cdca78505a006783ca7

SHA512
5f7a035e262363c7ab430546e63ec902d0d06a325082b7e9b3cf1a05c666eec41ffe8189bf7cd3cdc4d372b376bd622be582a501c3991d2f15b14dfd8f86aab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3ae99dc4f9480c352461aab214349d6f

SHA1
c46f659b83f0ad5fd7791cd5e8f249ccecf19cb5

SHA256
e8ec363a6ee88ea76d44cf66e329ee3eb4812c79d6d860dfca0bbc35644c398c

SHA512
d562944544c56c562644f3e8ccb869ce68eb3a46871607e35b62f5c7d2e84b839c64e4fe391625cd2a93289e7849f0828acd389ddfec08804428b5de26c27b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
8f8db14c71388668d9fb980e98b4bfc2

SHA1
5afcda1f8d938d420ab6458793498d327ff8d17e

SHA256
204d2e0987468e736ec36a11a1a94e360c80eeccffe955e3abd7c1c0e669d5a7

SHA512
0afbc87a9683b0af3bb6be38b1819ab73e0d60c421151024580ca26ea07736005010540b909171679ece03bb1c3e259ec7dd2b1b5fe4d9e2a5d828e7bb356eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
02353184bb9888d7cce2ad37908402db

SHA1
a4fa3c24ace147d71ae52e2f34a50e3568fd5822

SHA256
a46aa867de1521d6d0aa719d36522a8f9f1a24ddd519a46e428eb6e79bb562e4

SHA512
b673af9633ce9318b28ec7a757d9cd2b49d27acdeb1070cf3db5d6a0f4b95ecf51643b22e18b6724646aa45818c6f0a87e0bf5a366172743462f133ae41528aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
df9540b59c331a8ea09f0aec54753b5f

SHA1
2d05edba7704abb5a69d695ecaa94cb3bffbf19d

SHA256
49cc96b20d8ed78e15d7c462cd4393b955c33ed6ad94c66c75fab81d99ccb75a

SHA512
dbf0ffe8840cb289b543489c2ba2a8796cf5d4b6903e9ecfaad75b668f6de6abf07d8209706055ee9a4aa64630f9a02bf7665c6db5143f56cc86abe64f5baa15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0904feaf5fbd00cbbffdfe50aa524907

SHA1
98efa1da0370dc230a3938da43b57c7b177d0455

SHA256
a512b6a0e0813efd5fe79c77973f9a0d4ef0abf761b22f4565b6f049231fb184

SHA512
2e7d2336642847717f1ee135a92f41b599c0e13307de8e29ecc40c7f59ee4c6c8f259eb3819ae2eb4d254558f2ea02a0252b310c4812f8db86ce8143082cc8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
664e25457edfd487f7bc51f8b9be3e2b

SHA1
b3859acbcec2218bceec7d31e55281b7c68edef0

SHA256
ac1bfd15dcda02639d25b80c14d7ea697a7e5bd4bab1b9a85ab71554e19f9824

SHA512
a132c73091f4b14f3c1bb0d3d9f88ce4e4d1a22572d3b374aa003f8a737e51429f113eb4775e90e9923ae9401dc0c483bed0fa6af6e4ae9bc590baca4be86f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
3a1da2af4cbbc5b99c2648efd4c308b2

SHA1
b03076cd06409f83d36f76ede85baabda85216e8

SHA256
195edebddbfa35223dd82c39a32a561bf5878fcc9df2e13fce852f5113f61e99

SHA512
f5039a3b5c99993b32530e5d7dce7490c4248f097ab90e83c36b83709df6053bbca143bf8a8a99e868b8cd6bff709fed87f5b8e91bae204995d652dd146f83b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
30b336f8a32dcb4bd031877a8c4c9814

SHA1
ec8f4d89e6d10030e583ce887d46137506a5dfa9

SHA256
44efa0d485be33fbe446e8bc2b1537c9c968e66cca87c306a7eddf064301b626

SHA512
82b09a973e05aac9da7ccdaee7a95fa0c3bb512ea08c7e161ca34a4eaa9abbbdd6c21c5f8ecead61cb281a69f1868565d432d2b71c0e457c4938fad783fc5138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cc8c51835f4c8dd94783bf97eee23711

SHA1
1727ed8c8afa786793222e072065147b2539324c

SHA256
da4018d46eeb4ea10bc164a9bb68c15fd8c1ddc1a9e046f635792c075482a9d6

SHA512
c2e44b3207a6ac1d939b725e466b87595fbcf6cd1badeea6941e3b4a2999938ceb8b73da656d94272dccfb89d75b9e47f259fc5bab20581733f74e8ca00be1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
49af4af9bcd992192e887089d302ae1a

SHA1
02b0d3efffed82f9655e55038962bd1b955cebac

SHA256
fa47b1bb038b98b5f01f5c0c25bba476383e2d81a8555782191b77b21dc2afaf

SHA512
aeb5d85a3f8ebab2fac59bab928a374d9f7884768b121807bebaee15eb3f4ab0993954eb043ed19fd83139f02b3a9ef956e08b9a6b816c79a804f28f4eb5c946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f539f6a249dd34d5b8833cec1d3d8fd0

SHA1
fff2fc96f50f0d56ef767979f0154f62f7393462

SHA256
a86d452c316069c6efa0acc14e17f4eaaea1f7fba90e53a66f06b4092f1b1189

SHA512
4cde2147284ebf5d8833d1b776dc63b661ee1dc51c8ea46f20e7feed1eb5b5875c04e100e816ab60e47aad5e91b43a51c4dd2719740d55c1461dca2ebd85b64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b1032ac864d6d2de326f37d719f6c019

SHA1
b5c310bcaa6513a56950960acaf20a50b440fce8

SHA256
070da9b3da5da8e3d7431ac184ec2d78d0df8a6bf2dcd5da8c5a235cc4fb3388

SHA512
9c01fc0eb2de24fe7f10c069a1dc2224d79f544b04b20d17f329cf49789108d13ad36bfb4298b14a8ee58acf35f9e80f67f26bd54738effcfe88649b726f67d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
24ad8dc80a34337fa5f76c06ba1f1d4b

SHA1
5335d363c748769c329352c97c2d6c270271566a

SHA256
decaf1d4c071353146d560a26bfd6301ff2451b31e7f926dfe13ab4951cac823

SHA512
357bd8b539669cf53829de87813896844e530d9b60e08fe2fcdd412ac6b31e87098fb7951bc0f54a3889307b3b83df8b7a449b52188f33eba92f844261e960c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c0ff6d223b3b5c807aaf0ed0313aa22a

SHA1
283b988633958f18e8eeea03cddc2221dd63141d

SHA256
5bd37fa6dec015cb246c346102101e9fc1b48589ad060051c1afe3276677e390

SHA512
74679cbf06655809c02e73734370e8af021e5e9e68c9d57bead95218d99e39db4a9e185ee7c3c7cb46d698ec7d67f45b5d1bd0694b92a2330904ed4543f70308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df21da74e47962b3ceb7403bc94ae042

SHA1
d107c0b0b6915b1ed2b0d5befecc6db8e8dd3764

SHA256
023afc624aebf65024090b03e80217e73a75d5f8c9d3f2beb09ec626d2d0c924

SHA512
463518b5f50271884f7cdf0ec05ca708a4592ac8d36452b539aa74ec2dfee72079867a1bd64478b90753ff85cacd71ba6bb7a71f7ee4149e8dc44fa001b19f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16ef7476868aeb0b4be1307ccba9286f

SHA1
b5dca430cb4fbe418db1d7ff7d897e65bfebecc4

SHA256
5bafff149e133fbdcf29d56f79ed7bc5bd0a80b8029c806a9eb2e641aad4061b

SHA512
237c761cb7fe49be94e5d1087062a945d88a468185bc112890f4547ad277e576d0d5cd76bc9f04a6c8d28b8512dc37b02aef6e4e086ad2d5271219c7f9195d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
604030e4f0d0ff0c0f0607456746d431

SHA1
317da7d407e0cffd42accefc58196bca50da2788

SHA256
e60f065ccde46f38292565febfe17c5f5f6133d714b42ad89daf51011474b3eb

SHA512
01fa49afa22b220faafd1b6147ca587e4ef0780f3dad5220663b0987f33a8b7a7287e6be9346029ddfa369ca39045f406181767b3b57c6adf95ee49489c8d992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2495e51b9b477a898cf2f9137b97bac3

SHA1
56641efbee69d7ca0a546360e655dfe7b6270265

SHA256
af7aaed674dbe55563cfe139ce64899c5a3bb5281af2768e11c181334cd48341

SHA512
fb3bbdd60af72c9a5d0356394a03a68836fa866f1570eb555082dda2e89e84223ab7a60034b01dc9e24649427fff01e0d14abb9554e75db7a95ccc1117d119e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c4d4b33e20dd4995094236c765439e2

SHA1
18a83b945d1589e0166898bd8b315c942288d184

SHA256
354afcf567e668b88f073da19848d36391a5cda83792975c25ae6ec3dea8f435

SHA512
def23e040218355ef759d1274c06e7521b7e43651b28c380aa31593a2bad6f33f112bbd6ff8510454abfbbc4d2fd28db3d64d75359a4f4b9b1b0ec7b3f9052af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1caeab375d1fbb7e10ecb54c24c512a

SHA1
b6bed8eb2e54c43907824df23df442dc28493a0b

SHA256
62d81a4248c4f133b868b86fe329138ca4647d9ec47c0b624c375705e7637710

SHA512
cc80b0bd6168e8bed1414566cf111d6a08d1811adf67d79d7711300449104f1a8637b29b89d38f4cc92745c1f806079f81f2ab26db71dc4de4a16da538d47f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
55a6eb2381beced6a5e618131edf6991

SHA1
2f8ebcc222d38393344d0b505cb2035fb207aabd

SHA256
9d719185eaff6212f8cbb10f5b84808f978dd39b681f0f4a3245c88c3d1f450e

SHA512
8a8128e6d7386181eb5cfec9261070c4e40598e6e84068eadca5b4c25ca2e0202ebb43d828506c3182121cb656d2118607cc5f6560ca15fd8764af07b141bad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
47c519ceaf21d72af2be45c65ed4a4cc

SHA1
eee202ece11f6098cff8fa3df8cb177c2dba1e47

SHA256
d8fab5ac120ae5a971fa4bb65c6f79b56f9d0112d63dc0e8642046d032103d6d

SHA512
ccdc54767a35620c31171297db9c6549af13688d0d02fc6a90b7e0cbbda493b5674b56f722d796f06ea50ace7f4c0490413e45d112a5c4719130992b1807071f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
38f8aeb82a81749f0f4e283ad01b9e47

SHA1
6d082b114bf740dfb72168ccf883e875e9bfbdc0

SHA256
a1144a34aff2f4a822878f88bf02b58c0a2c848338a0baee08a2b92086b3a238

SHA512
7e8dfe1808f56dd025df5068a30fe2c4006bffebf967a6a005acc3f11e7ddb70625c24cc6279ef311c137a7678a953b5b7515d96701e65e8bf18458f8720781f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b4dc4b2ec7e9ae42a9b645306f53ba7

SHA1
8730d4abb0d523acb41543b7fada286806f6b60c

SHA256
8a704ecdcdca4c7831dfa3357202563f9fe059f83b40e1cc54cb07afe12d197b

SHA512
f320ddfc87fa60562e5111771af3f3b9aeb56ab383c237b7696554635c1c390e6793cdbdd841ca47058e420ff0e3dc40f54c7e1ad38fd145aa585ff2fa379c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c56b1f438cea4bbb5b9f00bc7bfc697c

SHA1
83d29c3fac77003aac5dcf19585abad6719f2ea1

SHA256
d6cfb2ae28a7cced61351d0818b7e097bcda3ba5172b9f27bf6e78ab25adbe1a

SHA512
3743993de6b4801ec2c228d52cb5af34be349d9ad8f0a2b712cd886426ba72960f9b7d3a9096b5ea5dbf4a00c25f0505412b8c43c240147e3fa613f5ff3a4890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
beb08830933677e9790519e17c6543d3

SHA1
44d3e2db616ea649c2d8c90e2daf4ed9c2d39516

SHA256
e4252d033969755529ff4eaf612c6047e1fe48947584e18f13cfc19dab6c75c1

SHA512
b674ad85f440e76dcc16896b75da7f92558e32e8672207dd0cdd300e5e9a5b5a8a3bea80c0dd4f50203dbc61245e02986f2637d76b89d83f02fa4ec3278d163c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a4c1d3444854ff9b2815375cb586c3e9

SHA1
6491fd22138e7f307f0b71858ca051bdd9406712

SHA256
435291b8a773759a106a1f5cb14ee0744fa270cd5d61f2327dc93dc056e76a65

SHA512
9d12e11ca471e9e83a8e00f364fc1db18ae59fc76d6a022743b055be666222557accd36ee87789b1e73ec43d72da5fc97fd8c94b47ce81397a54801a93f1e2bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
30101aaee5cab8808767fb3d0d228679

SHA1
2b9e034530b052aebd2cc63964ccb9a962e22f22

SHA256
f67a68e319c12cc862d69770ab55485d92e3d1295823231fe6ac8decf3cf8721

SHA512
9280f157861fb9ef4a7304e39d9f403afbc0790fb08b063cdfd8770e526990538c6e954995df4d06021cd30dd7eb2aca8801ce86e8802eaa58d4db0129c9fecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb3c6c21527ad1fb8d7f6ab6b55f2783

SHA1
47ebb90bdd01dbec29f5b30c34cf2a16a0d04454

SHA256
50d8dc42cbc23520bc8a8aacdff48d24eb78a64c2d47bedfe4713d555880656e

SHA512
fa5cd164b1a5b1bee280ad6141d44a8699eea11eaeb87dd090dd4a05593d8f6d2a5717a8a37e2fd28470dd49e652b911d6dd7e49fd5d9bdbbf98d8071d7e654a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c208798d91d60e49f41ae7c56e4cb356

SHA1
9931bba03b19edee08d83e84e14a43ae34632f92

SHA256
7001a5070ccc37ab52e443411baf508c6f552314f847ab58ef163c1cf3bdb6d1

SHA512
a4e61d2358497c72b43d34ae1b04dd4cf8938a43630202e1d7c5d5ad27684be6f25d5af464332de7533a510268aa066c4309bd4f11d01e2e7ad16549e42461f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6151fe07e09071afe5728e9cd441ac5e

SHA1
7dd5a6dd5673a1a55baae90a02b49c0511a4c70f

SHA256
8a620063d002aea5ca88c977243b6c351a99cfddb18670badb01e78b5fcc1971

SHA512
1438587d4cb27454f9ad506e89714f09d5d3440b58d7b60475e34f92d6c45346a80fcb4165cc27fbebd06642547023b3de1ceaebf3e7da1935e137ca793fedc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f3c394dcee592eb27c518faaeb4f34ff

SHA1
39be355f1cdfd588fcae31bdbe4dbc675ad5f0a4

SHA256
2b201f1cd445ebac695f25fbde98416a8e8c1b7be77e4d6875691eb14baa2ec7

SHA512
f11bab696268b22182fa6d1f9ceba5219644d489b64456b8592951b955f14167eae94a52339c3bfad8ebf3ac1191e249f6ac9ab2b725f5d284911989a8184562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e43bcf7c80f0d7bc17f83c9ab21f65fc

SHA1
b1f5b7fe3d719887c99bc77979e006d9b7a1c114

SHA256
74f4dc15ecc91efe1fed19faf9fb2abe87d793f61c2609a7a872a9135cb0e2b5

SHA512
a9758596a15509fb1623a6c22136b117fef604ad83ed7aab169237b5e0536251a246a41ef6bff67dd03bc44c99ce48bdb9c00e5b53862cf377eb3443482f86fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a046dcf866eaccd2ea99097c1ed517cc

SHA1
3f1fd063f53ea76e1b7787bdee3f0762e49a2002

SHA256
255707008f938731e2b8844bdda05fb0cad71d3b169949c2da8e6710ea8eb034

SHA512
a3c79e9ab4416b2f6c724302e41ac0c106aa564328379f768356b62fc5c6677208109a42c272b6c1f376c9c29ff22dc63e4eee74335fc0123ecb2f03a9037593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78f19f0ebbb48922abcd0889b3366df4

SHA1
99529d7e794a36e14e49d69139ad076e3a493197

SHA256
96153d1cbeb9344ee2e937a517a3b56436e123bc10a371e57caa10412b7a11aa

SHA512
9e4681439362ed6d192770910bf7fb9e074329f3978dffab0c8265e3ba4e498e1c71fd8a74b74a30213e36cbced40a83d90f2774f070cc679e878e2130946b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f66624bd5a9ff1b8bf005aa9c0793b48

SHA1
409c19c5f9064c70d2551a32dfd4218348a481a6

SHA256
121f870a26de27dda6fd0ec3c1278b315ae13acacbb57f88fd58d9cae2906e7b

SHA512
7509585583a765e3ee274cce7d94846885a603adfcf8d6102ad09a998dd9c78a3d2adbdd23bbe2060b909b2ee40e309281fa02ed7dc081cd5bef721e274a7e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e7f4601384b31c8d3ae4266241de5dbe

SHA1
178d919f71de7c5d9116c7f01b5cc1a0859334c7

SHA256
5505043515bda615b8a65fd9f28569c2807a7103abfd2351e12f937c51c8fa0c

SHA512
7b3affad581661df397721edfb287273320e13900061298dcac3f772d367f3620ac7c81a3c8fcf84c6b9e98fd915979931c4c1bab574a2345e3fe1d1e9aa7970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
33f1940c2f3cfc67db6398f7a731ee32

SHA1
db75569d6091bdad9544982fe430ae75cc0300fe

SHA256
8b3e54053611a5f822a65fd49c65e45ab87fcdab3c81ff86bd7894c47b502e4f

SHA512
f02aaad70a7669182b573e4e9bb71929967122cbb0a2a701dc81bc737c5abf862b480d573a5f14553b3c3064ef87ac18f6b39722cdac572b80127b5fea79a0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80199882fc76ff508458786b41b73588

SHA1
6f8f3d10a0dd5eb49beff072149b6ff72938f242

SHA256
b18dbb70846f84c41e88ce29af77a34a3b5dfd5119bc870000a5f20f239d38f0

SHA512
ec04cb9a83aca16c0b303469bf26ad375b60ccb78cb7467a2f69a202469fea13a145c609c46736f5c59b1ed54925972742b9b337a71d71295f38ce0e2e162ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bb976b1261e645b011acdc487475ecef

SHA1
940b1f293d8e3613ce863970b9beec49adccfe75

SHA256
5f197199f2d4b2def076bb5c7891ada9f4c740f411c351dfb3dd6b0a5f9baf25

SHA512
475651e02d7017c5671fb4fb51ad3be23090d0468de8f47d6f452b1861aaf4ab950a5c19296bca2ed5def68fadec91aab9b748ccd9e818c01b6e04a5c9017d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d9d62d0a1ade9d6131b8b8b1608621e

SHA1
1d30c7417454a0631d4209c46f5da77c5f7808cf

SHA256
b1085fa91ac13b89e30d51d22b8a42b556d17419f49fc900111c3f24b490668b

SHA512
5ac701141a1d58218318f754e2a0743c19df44a0304ae7d4332f5bc2265faaa17adbecb7ddefbf33ea98cd3a15a812b20cf9089a7fffb394aa150af6f569aaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
14d15a7ca4a03af2be0fde66c5440768

SHA1
2c96f8648667176b27fcc5a42d35b4e6c74896b5

SHA256
0240133d828c758b60ead7f793f1bfbc61d27e85483d178a5d06398e53a3d746

SHA512
c5eab4a0ddc87327dfff3bfbf10b4d9ce6df49eeb8a15025e67c53a1cb342eab243c695877436a7a3cff3b5d4f3ac940039571ed6e6007d8ce1d7bdf274aa53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c48d7caf326ca749fefcdbc3b4afafb

SHA1
1ea11d554e718a4a5224ee350a246073e8413750

SHA256
9c901458fd31773282b6e408e6e4f95154ff747091adde45427830eaa4f17547

SHA512
921c5130c3b9ca5e812de7ad77a1b40a0a1aa4b99c166d6b1ad23e53b1c2cca705b2f8d4743dd6232ee2adb001895e34533a897b9a4328f3a3ff3452452b495b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed94f06e0c47d1d04d39569875ea4077

SHA1
bb1b183d74f1bc52d92accf42fd5cf8c07f2cc54

SHA256
f730c19d9765eb3682b37f462878b2c7e6df0803c9b9a850977fe421c566cffa

SHA512
d3a8e979ea3308ed17a593dc6eb7b7651bf20fbe6ecf7a50b627de157033237ec6233f3b2f40c3d0e6c3d49ab9ad4dfd2fdd5986796d02a390f063faa1e30a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
287add515013de67f9e6fe25ca1eda2e

SHA1
5b7f8771f61b115df04831949cff9e0599c07a64

SHA256
003f304a933e98ca80238eb47e7aa2f79158ea1be456beaacf934c42b7842421

SHA512
52bb45288f788717bc02d867615256754aa6efc5b627a59327385c9d644c1876c88b2433b12a0b3e6ddc38e99673e8baa71d5bda8bf5bca876fa5b3c5c9b88da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28e1ec474ae63d7a45222f10a6a1792c

SHA1
fb151d32982cb4a47ba92a108c3fbcb359113421

SHA256
8ae16d8ba8fd4321a03a6b3df64a211d4fcbd1c7992f4750eb412eccc453e899

SHA512
7c2c2a6aec962390e4c6e916022c2ff800180404d451e423e1a639f34c80c12d4381ecace8ab449371b5722f5d6ac1835aca80db163cec924d5d85b350e48231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8e66dc62cff0f41e7641222f9da0c12

SHA1
1ffb02486f91d88003db4b2ddde6d8f2eae9ed21

SHA256
4bde537f4dd73fbcde85cdeb57869f236c0d5476aefdb8d5134d40ee3c3703e7

SHA512
aa558ed1c45d78b5c46f4bbab8ede675919c9c7d1733c93b4e98486af32c7917dedd5fb60c56ce2fafee0382ca15ed8ad3dbc2d84556c0d74834722d8a7d1593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
062b249fde1150af855b972032edaadf

SHA1
08077700ec80999db2140cb6fa54e68e8518e488

SHA256
2f168f2ba4c911db5eee275b0ec8022f979a2d9b245786ffada627f54be288e6

SHA512
bbd17c2cf6d1bb1f9332f82a2efb2e24936f4f0f9bb4e02ddd7ebab89057472e8d8909a7c280d9dc7b6bb0ed4ed7f47c554d60156ae42bb315f65b1f786160e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
17f34a41a95b67af8dc11a2bbb8f196f

SHA1
db24193d2a7f8f1a9405b30089b4c5e027ec6707

SHA256
c6a9f0afb33e3796d824bf11fe4ed570c55178be9489268ae2d46edc127e712a

SHA512
7878e12c0deb2024faac438e541e117766ac5c94315ac019e34b055bfe0f37c2733b50919ddaf2db229975bfb0006ebf02aa608044d7caec64ad6affb7af8573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
34d4dbd7d6825da4ca4fbd993ca565b4

SHA1
6b06083cde77bd7beff057d09f1fec118b7a852d

SHA256
cea1aa5a3354ffffd390275077acca8549356ed7cefc7a6763e3047234893b5d

SHA512
2d707f9f309ee2e308469fadb286a50740c6dc4bce5fd0174f1fb777aba846ed3197408a4a132af88fcc7836efcad567cc6a822a07bd25a7a680357215f96b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c750f816ecfb9072beab4aa8310b6cd

SHA1
bf689b428ddb3c87c7619d997dc6f39608a9f08b

SHA256
64c43e221b3acc9ca74a40fa098e6600e6c6953db923ff53b0592e23010ed7b8

SHA512
8dd5ee340a99adf4ef806bde18bfdf2e0a3f88753e8339951ee2adcfb24523223711ee4cdb20c8d4576e311e3ef554210d2763cb7266281874240ce60f25dbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
559357f36e3657b8b0ae367dbe9fd849

SHA1
767bd2b4b39ffeebfe359d35667a3e7890fb2cc0

SHA256
633a58be3cc25e4cd38814f1892f6c3829fba0812da4767e8a834da6937f820e

SHA512
5c772477b7de3cdd17529f03a207aa5642a51c1a1b2a57b2c7875c678b8e14305e608e89e8579c4e10b2774aab4ddebf753a482dbb0faddb72667d2e28aa7ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b6961312e7b8f9f6344d538e0a5eac13

SHA1
aa4472ec7a9871efb309507b58ff4eb3438dec78

SHA256
f07184d8b6428dfea64791532b1b979e996f758ec5caeb84c8d0ab3eb3f9e5ef

SHA512
f97127a1e1c635089358e9fd71ab8c8757e9ba53814c4886bdd416c2f99f36ea38d088617cb4688f8b7c7745e732fe230244d651f375cbd39ec82487113b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
40a6e2dece8884f76305bd3e87af724f

SHA1
1e86d16d3f54cf83a0d1e83a1bf6964891d296dc

SHA256
4581f26e65b9685a07c3affe40c1bf26dfa9ab7ff993cf94aad40f5138d48094

SHA512
b5ef3ada086a639f69dbbe0b3ab75e7e416f4839e4b238d8f4711eb34e4b4a7f90c76239f9fa9eb2bfb766c1ad0bd21496282a762cbad8e6100d40a314996699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a34b39777af79e375ccbd1ea72d988e7

SHA1
a11d6bd0357497cf33279e0df0a1bd98635c5b51

SHA256
1c7278c63eba6eb799b333f4d452fb09506aed89a94bb3f8609957f3615bb983

SHA512
432d69feef44b517853a6b79405618570fa5c6dd12a0ff68580035118f446db8ba0d57db5f2178cd6ec80267c65a5d06e2e6dd484b50026adbb026c83716ee8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
22914c4c68419149e9e009e93ffe06cf

SHA1
3e25232f83f2c9a2f4fa4285934b157d52fbe531

SHA256
e06523e2b9e09408b982c789716bcff9ba6e6111d757c150c6877667553c2620

SHA512
0c47f6b596c5477a47c8a5372a66bf247b22e6a42f586552fb75da907230f0dc26d5c9c54740aae2a78981a254f5bb29c0e0be63b4f40838692cc1db6b0ce6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c5442f39992a99728e10bd7dcf816363

SHA1
54a431dd1fcb81d393f9fefbd10285d208dcdfc3

SHA256
fd862904a049e9f5ce6e26ef5e9c8cec90f9c587c81eba1efa823565fe6de3e8

SHA512
8ee4d17597d4534d4d3c86d0eb7f74ea68689604e44074bfa4102a2e70b168e0aa1d23a3b8bd71fe1591dd0d505bd5546bb811fecd18ebf4cd739838ce04d5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
34b42f4cfe908bbccdc794003afa39db

SHA1
b1557542fbd6242fc24717f0c0e3295bcf72b886

SHA256
6cbed624cddb9334a56753548aea63521e2ecd9476d96dd6ef7ddc8c4e317dbb

SHA512
0f485b5a2edda2482fbd572d453df8c0f68ad8c7ff9c56c03796981bfacdabe20bb96aa317ef2af9727c12c5fc60159ef34d45ea200f39cc859bb66e8b2955c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
8472a8312199bb022989347d954a167e

SHA1
c90886743964ef6d9400b1acb7ad06cd544708cb

SHA256
7856d75fc50e27496739532208ec2857d43c55c345f0908987f2e8960e61f524

SHA512
c85d3202d1e3e45eb461916ac42ef29c4bf9236d95dc92101cee8b25472be7730483c1143f7e222b770e4c4b8ee0d7900082d89776b07bcac8984bb696eb65ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
71e8b749ad0754c966f9f0fa365c51a3

SHA1
ca0fc5d1722ea256ac6098c9991e52ad2c690687

SHA256
9f2320739cd15444343388a298a87e216e3cc11de9544053fe75d055f23f4eac

SHA512
2288ddb62310358364609ac49dc391d8d986c52ee1922a6e40c2ac9df8b501a95798d544e23dabd29d60fe8420d558426b1a226d91058e0e4e223e72a2b32de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
15ab58126c2a54e8ce4d2e2a24146a75

SHA1
1684936a8bcaec0fddcfc427ad155df08cd3b6c8

SHA256
97aabf77948d2a0e4c6569160e458b8968ff1aa5d0558c1eef7091eb556b2ecb

SHA512
b86c6ecccae7ac643ef1e46bb8971e6f110d853fd694536c2f6c75703c099c3e04facd5030540e02473559eb7e27a47ba6afa21f43fe786482deba2ef64147db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5fc5d9.TMP

Filesize
120B

MD5
edb7a27b5e0312432505bef28da8383b

SHA1
601ad1c6a52068fa6423a9d084cd8d12f48cdd00

SHA256
1d1fba3cb996054788c58327281221b5f61efe0d764a736acf792a654c1db7a3

SHA512
3610e75fa162b1cfe5990b8dc7df7c82b5d4f6186d9d49e036809e2ff27afa6df2fb4cb525fa642f89cc80f3adab2a846003e280c2b29b953f4d36acd4f62373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
eef30c70752b32adb5ba83f0aa807bdd

SHA1
8ef3badb0c6da39f7c755747a68d3e642bf81210

SHA256
407f166953f111c08c44dd60af95be5b83dfa0e887a747982c11291f93c393c8

SHA512
cc2b2210e49c204edbe14ecb3bbce6e6f91e76dab2134afb4911de2d4d64df3d1611a6613d14bf7971557814f82b864b8e211980c08004c2313ab9532d32f16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2b944c7d49c7bf3d3136f7ab494c7c91

SHA1
915e5f59befc33061af9ac4448833fea2aaf521e

SHA256
54abf4dec27d2ab36742bc5f8e9b9b30d8e29e55655b7b7a5810c3ef195040f9

SHA512
c252e48df87ba651760d46e74d799b7d5082ef47ea10164b505dbd43ea1950f2ef1fe20e35e9f7293b08244e1ad4168a27613c016dc396c8063946001b081624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
965387c92135ef212d9898d0236931a0

SHA1
a25a09c50456025c130f082e49acc883a6f446b5

SHA256
7e3770f1f84fbafa74a548cf5bcdc7a381fa9979ad3825bbd08d77c7785a09a6

SHA512
9d11ab8e5d4f503e89317388a1293d9848d7e2fb2194f6285df94d793c716f2df33c4e99e992c64e7acbb831aab7e1b446d790ea56296e72ecc994b06d5dab19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
e54141d6bbe8fc1710eb36430342aad3

SHA1
2b3f5128df8c468a54cb93596f827a3e2fc9d236

SHA256
0f075d0f44609b45b6241d154591d7bf97de26013867dd2e5b4421d61813ca1d

SHA512
4c02d6a52c8cf896cd429aecf673ef0fe947bee91f2ee768569aae2203c09c973bb2a0fe2b877873798b86ea665b1d6997d5fa46b161337fd9b514ce03166217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
08431f1d53b53d9685c9a238fe96bf91

SHA1
48d1b1ca0ec137a36d95b15f9097a883df1c49a4

SHA256
a9fc0311cf4014c165473aeeb06144ef12d7195beb54a2c137a3e8b13c90a405

SHA512
d2d8abf35f8a072682eb0abf03bf1c51bfd20e7c2e57a6d10dc9a6e809ad07ce6072dc7c76e4f4a79bdd5e312a915acd0a089ae86a3ffbd49f1923b1a1aaf650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
b9b9c9a246a6413a908d9d86280f932e

SHA1
b1bb8a593124ba88be0407ee8b41e2b7cb8f4467

SHA256
839d05a6cd7800f2fc872635e487161d90720702ab206bcbe5b636c1c3b1c36c

SHA512
10fcbedab585ede589e1a740354c64a1f07f0d5c9ec63a91786c709e88ccbfe6716be3dead93bc9b94db21d0308fa06807dd190e8051cd6fe9d93036511040ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
fb4a0c803e29b16f4588ea17022ca8d3

SHA1
79e6fcc86303b88f11ec92d1be001f1ee3f0e44c

SHA256
821febea4f5c1767c656e8bd01d965b10d41e3c9666700ee4699a43d3fbe5691

SHA512
22f46b77ac7871c6d35c4af2da3ed4ae7484bfe70f9de6dd13e9555ec4f042cdbbec31132d16bc0ce62c75686a2eba705566a5ee07c7fe7131e8278e8775360d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
72f7f8080ef14a29a6fb8ebb24577aea

SHA1
7a20e7842da397b8ee95ae9b5241750d8554c817

SHA256
ecf2bf8045857cdbe930c561631c7414a7abdb5d02a7a27c59f9d775407dd509

SHA512
75a78dbfc8f90be0e4e3e6f92d5427978b28d4c1d6aa2e680e59a5f612e901409430a57af48dfca87d72a8d76054656056cfd3025ade2b5c3854cb5107f90f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
5a769f8a15ec6636315a7526fe1111c6

SHA1
52309ca0f6168a0ad315295a49575ff03990b8cd

SHA256
6a7aa6b2f64285d79df9cfd030b20b90023c72758e5c525f27bab7cffe47ee38

SHA512
bbfcf72f7da1190eb356c464bea1fd4241de07491a35123accea3aa67097d3f940316dee6206f27a41ca98e25815610e8ddffa8e4c4843a5695be785183e996c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
ae949b11016b62b2782a8591c74f4eb3

SHA1
8996a0272097d0ca8237ac71105d889de9064eb7

SHA256
ad8eb2c1d188c733e050de803ef4d488563821eeb35c71aad59ef15368613843

SHA512
28bf0844ec76465982870083d9c5237c0dabd4c691f32c89b78bba9e85fe036364da04c4e75bfd62a853b317acf5a9ce4fd06a236c5c9ccf4775cb8311243b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
127557504eaa7f0eb008610299c42bc5

SHA1
71be98a587c4b4a2ef6e6162e0dd322113906500

SHA256
7836fcebe903041c93bbde6b754d62678be5747cc474a280b92b37812b7af32d

SHA512
4ea95450481cdbd974035ce17c54314e3201916e7d58d71a21abc5c52a11293771ac4f8ac075ce1c0cfa183af0b070419be28517a7817474bff95da405f48cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
fdff16f026d60e777a4b2437bc8e409f

SHA1
425840fc09b1e4f9d6d902341926a698b9d69ea4

SHA256
dda57875a98d006fcea7b137df2efbc89aafa3932ac369bc80663c4183ddcf07

SHA512
3ad21bffa54c72d815f1592f8ece646fc5eb1cd2c2ac383c35092bb5ccf67e7566aa6f0d20e7948d9c78af420a6413e8909b480dab8b6a9764c8547b4fec2642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
6ea415b918097091e971a3621874120c

SHA1
64a4ed858d0d08d98355b90565da2724d2f5c5d8

SHA256
7f1c95f50919196d1365d3567657c41f75bd6f514c68ab544183d52b170e4505

SHA512
0eb616cef8d679e0683cfb8ce2a5f33bfba8bb28c9eb812450da9da40f662c04c32195c5480d02ab35ac03b15ee34b48be637acc8ac94afbb55204e7e2593573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
8f9772fa0954c28e59506855a9f53b83

SHA1
1b6a6058075f5ade4ebf4404e618df8c1c22b155

SHA256
39870b481ac62b4528b4aa6cbd0d060d73741c7c73edb618193eda1cd3503b08

SHA512
ebcb54be6d6d5128f12c27d51298834854f0b46c97f70354b3f4b46531f82496614abcf52347eaa04b62b6aa74e93304230cc55b25f80cb495e1533e599cc2fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
a3c5a0e5cc769377babeaeb953cd8d70

SHA1
6fb0876414531a58816c4e46963b418ff6e97ff2

SHA256
27b1a1fd2f61549a768746a4f3cf8dc3ddcb5b564353f31f0a2ce9db3fa50cfe

SHA512
b640b84372ad77f94f9976c23d469ec4b292b3ef1f051b7d3f99f2354191da3529709070699f106286c88392ee7183f8f7d0cd73fb62ade0527b7f04c2d175f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
3375c17ede478d65ff15d2d9ab0a4798

SHA1
e7e299d4290f897a10d8590a9dff9686e1e68f5e

SHA256
fc3cdd9b01542273dd851eb8b6f9755f1d771f45615a80c4b7d5bafeec257d56

SHA512
8945c06a2e63dee74595a834e3a4afb893f9b3cbb3e8269ffcebc0dc0ccfbdb32543bc5352d68e033ac35a819f9b0e2bff3f5dad606a06e5e7a7385b1cd54d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
0c04aefec049ca0f6483cb954799f61f

SHA1
ac9ca117336be53516988c72477be66a54ad7cfb

SHA256
df76366535ef47fdc523726dead91fa70375b40286d6439c2a1f463355345586

SHA512
81058510946992cb040249904be0a4b57562deb67823bba5b73b5262ebea7bcfab59681e2ffa613fc5958552e48dd761105fb13b676c87a2a30586f68f0353e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
de363faba4b3e94435ab66e5b7dbf6b3

SHA1
d7588d54960c6825e792bed587952122b2c468d8

SHA256
7ef389af916b3a8045f17b84c305f9569473fa3f37b6ecd20a0630f1dd1ef7f6

SHA512
252fd01d084ee7e952513831f411db8cf86e36873f6fa12b03aafb9cc9c56936176d28b529a2650fc4c36a3dc9a13b7a3a865dfaf4e68eabb19fa138b9796ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
34b7f2c5232f5a89869125934024dd32

SHA1
93555f8144914ea5157e1cae8e57874258cfe056

SHA256
8dcae5740b8dae5c3e3d6c0c7553a4b365e77ee9793d62d8d817af813fd87712

SHA512
9c5a676c4605ccbe8866fc112dc0cc6f972f642030a30a1982573611fbf8021856f80904867a86894eb9a5e862550c1d066bdd58ae58002ebb57ece8abfaae08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
10d8ab7643a5ef369fafa3a11f376a41

SHA1
8c0c0daae15d0d3de3bf15e45cedff66ce29448e

SHA256
18240fd7d91e360d52231d450b66d984d26640a3a3a643b2c18b0dadb68f1429

SHA512
25be0a6f23e9383e7a237e10851553492389a91cb620aeb87f2ca1f55d3da9bba60117d180eb81ea0b1fce13e4ace276163259e789a4c1c7fd4f0755f2b2897e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
833c2eb9ca03ea63d17c6c72336e95ee

SHA1
d9aa415a47d21d972d7b60f6c4fd1853bcde0891

SHA256
2dc84e52880c80435ebdfa652ee20c6d9b661498efc0bfc76a70e21ef17a79f4

SHA512
e3bbb7b58cff0f427740079827ace97f890fd5cc64ac836ab98fed9cfa464be7bc61732a32062545431766cc53d18a0dbe81a4bb96548b9513088982eb7c14f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
133b060957a6f8f5c33af86195c50d05

SHA1
5109c67b2e4662ca054c42bbf53d4925656f5319

SHA256
1172c2ed0e96eec104e23030d6a90a921f1807e3829c914c9f790f32fdd78fa8

SHA512
dac0fb9f1b36b0e9e56c265bb0be926ba20e52e0e8ed46da5bc40441ec046f0ea4a4adb3c0a049fa9851f46da7e1583ee4192b91d84babe3283ac5dd52d49f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
766911732170adac25b6dc817aa26e8f

SHA1
ceb8a67ccb2c9827d7ea8ee102289b06e21a51a9

SHA256
7081e927a3bebdc60a9927cd48d1b7bae31793e70f4914d8dd8e948f88df6fb7

SHA512
dc57572a3b59c2ee5398e22062e4a260c8be022a2d144fc350628ac00ed33b0778583a22e4b84fd4dae6177b2fab39e1eda936d21fe66c1de5e497c03a855c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
6a0b2147f1cb1c85d1263c7b113bfd8a

SHA1
3598973d920564ad4ab5e6ef1a7621d12c11e1d1

SHA256
14b2c4e3c39c5585f9460899a4be170aaa01eb5a39acf629312285f3619e5393

SHA512
85aec8162916d2bcb2009269f7e83bfdf432f4e3dbe9e86edc0d7983945a5121ad7f6ae05f63f2dbb5edf26c90d58dc3182d84e6f7e2bbeca0922dadb779594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
422B

MD5
9412d25f9d646345c43974fd94902e4f

SHA1
f562de2085b2d28a90ef5c46a119eaf5775d9b21

SHA256
4456902fb6bc68a8820a4835bdcf7feb68b9c5dde3a6d4836ff641d2eb95a2d4

SHA512
f5d514ebf635e2685408d843a0bc8e2dae3ce705333a37a080154ebc523bdefb4226735736467a78c97a56a5d0caef988da3843ac03e65b2eb87b5576aa2e3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca214f8138d7a5106a4dd96716fa2bce

SHA1
5d89ffc3ee1b1b14366d017170f3f0462d9fc12e

SHA256
3ab8f6aa8f1af12859ab95920c86a90a2d96a7d03a1b3c23fc26632b9122d96a

SHA512
f63659f8b2cc554fd1a3b95166c8e8c1ad2d4dc76f8bf8b522f5e57587fd2b95f0f373b7fd201b317185f62eb2921a5eda0c234afd2bcdf882628f12681021a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b61a39f9d1b773e8d8e643017f614ec

SHA1
68f1ae5685a4b57d9619cad34910c9b6c3e698af

SHA256
1b7fe7931ec055ae51e8562b0db058eaf455ff03ba67045b6192c0ac86c549b6

SHA512
6e91e2a9c27a000214d18d9c92fd73824fa3e61df2e7d5cd4239e10050035960af3d2d3a42d20767389991de258ca7ca28aac48b915c855c23ac81cb4129d490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66261855a1675bd05aaf9c3ae8b1f892

SHA1
1d6c2c8d7be5a85b2fef1d7d6f923ed649c7232b

SHA256
c06887c05c3adae69d5191ce8b931f624aa6e041e8e97f64c2e71eb1b6ae4007

SHA512
f69fd84a0e5f28ac27ad750cb0655f313dfa945c19bb1700df7c23c87686b4f769b5ba694ec0f2eb810908453367618e8a43a77af0a104a856b15884c6839894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf6cdb23e989ce6f76d4c4676bbdde89

SHA1
60a59d3e9dea017a7a41f86dab817477434306bc

SHA256
b58e6fc61b120f5eac1c0a10814758ae0560f680bcf02da517628872b8250a00

SHA512
cb29c06b8247b2552e44ce1e5fd34e4a80b4482a6f813d474018e15ac737a5abd50b048808c04045667d8f62e99db6430e1254fb22dfc93136e75a0523657521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5945f1768ccae766f6cd910a67da9e82

SHA1
447a11112319839e52362d0a8b0859896740663d

SHA256
2552e11b6147c2aabe97fe86d657ef1ef4c3ca5f12f59ec2f6be8d163f8ffec9

SHA512
1ef6031f23ceb6b09d585ad835183d89d5e47abbfb153113e5f3e12882ca0506e1432a7abce55e42838700bc019de2a6e74ce2ba7fdb66147268c26aa1c27faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cf2ad1faa78478e79f90327ef7ea890

SHA1
f2329b605b1acc41f8fbfe1971f48d7ba97bd973

SHA256
390ad724faf25f5f7536059f69c49a8a7bd8508dfaf5b019c68e3eefb889a091

SHA512
001e706e511b07ee10037038fd66820f0b2cd361de7d48579792c19a9c20e00e8156e7eab99fc4b6f9ad8579b360f2dc7d0925b2ccf8e5423dea0ffc908848f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d671022a46daba3a367fcee7d6a7e29d

SHA1
cfbdd7f229ae850f1fc7731629e2478cddb383c8

SHA256
30c159cf7947e973dc7dde1be0e416849f203d5c18a27acd2dff2f32d60a962d

SHA512
9d4f77d9a37399e6374537bf04111930215fdf5463ab7adfc6037d205a6dd963ee76d964fc8a9c8d27c825fee8d60bc38c4cc065cf00b787713423024596d24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2be1d058d353ad0b7d92d8134d72fd16

SHA1
deed7f61040e397c2583e25a84287f81183c5926

SHA256
a930b5f9d98920f182eb0c911071e6b947ecf8cfba41d2e0819839f061538cad

SHA512
244ae730259aea965dedfc0e0562e3592d3eb180b5cd2f6ee789bb673a4ef17f2e9eb7d0251b557f9242dd2d032cd636ba4f4fa5e2e0cc8052d00d0f4628de7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1796dd9edf6d397893c53f076bdb57b3

SHA1
3e5511d48726d8bbe8bf8db3eaecd19ffbd3b69b

SHA256
b3b863841a2e85de6a8aa6f104a76f66ec7f3b493cf5308fd54b779ad040af28

SHA512
8eea00987f342676162d8ac1355810637a4ab6450b3932b04c88a38fe4a50892430cf9c40bcfb139f5ac17b999a6658a95d920a05611079d12f207d2553f4c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7VP2KTWB\www.msn[1].xml

Filesize
127B

MD5
a5cdc5e5d0154704dfef7c1e63eb9801

SHA1
c653a2643f21c378e36976f280fbe0acba88a40f

SHA256
db7dfd6531cdf65871a12bc0987f8c206c7132f035a8220a9e52d96e536e1116

SHA512
b576a7ac5a0e2417fb5c5f4e5595133c6dd859418ba65dc0e2b13ac063411dd3e343a3d6386a12e13a97d80ea52f7a0fb14998db98df8f451b989a32c01f5360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\14C9846F-06F4-469F-99A5-DE223E85CC51

Filesize
1KB

MD5
85ad173999ed440af6120f3b4fd436fa

SHA1
eebe3bae40b0c82db581b905e2a4c4a90055c9b3

SHA256
2fb3e7ca57b5ec8657ff2b909c74dee246e7ed2b30abd60dec96fc4fb88bd165

SHA512
3c506252a27bc4a3d718fc2ad89036850ee3c9d5fd79966fc5e28debe1844d96e8d2777e160e8537034129fd8109dff027bf5eb4a082c99d0db93730ec31427e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\16237840-94D3-4014-89F3-77229F7F1AB9

Filesize
397B

MD5
2f82426450332b558a61ae9ca551abd9

SHA1
abdbf8f8bdd7572bcdefbd1e0b7da8d3cf17144d

SHA256
57d6315a8f1f11aaa111a9956ddd0d560f791f757c379ed77bbb5a1b5b577f52

SHA512
dbc43dab6cbde98647c5a88cd508a1528ef79c030286cf82cb4cb03c4af81930ad1c3b2644ead9eceea27cd5772324f42a51f04f1693102254567205a6abf0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
cbcd7f67ca5680e39a2d968e0f323472

SHA1
07d01d4c8ba29cb98da793f9779990f259d2af51

SHA256
39619ce5de4ac19e69cbb0071bd200d95a550fdce9c096fc920ee235d7cefa0e

SHA512
191252cbb8ba298f87da876da8e15d2a165305e6a9b3d9101e7c254623a9f6c824a4663a11c930acc1a6eae6c4cde447e4477784e6ccdb2d40a9beb80991b279

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD8978.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\acrocef_low\61b7b1af-443e-4265-ab63-e59d0e7eb66a.tmp

Filesize
404KB

MD5
21c3dd2c30b5eefe898f133515496337

SHA1
4c9ef61b5eaa356918f3e09f5e9110e3c78ddd2e

SHA256
1359a07be2f8b4e6afb0d11ec64f2eab448a068ec2cfcfcd8344b7d07d8d4576

SHA512
5470f3c5446f34d5c506426786d6c2687e8472061e8563e8a342e935bb4142f2035fca8dac41628e4b3755f1976e1f9e11c3f057a1f0e58349ac20081a70d6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6A8316AA669D6071.TMP

Filesize
16KB

MD5
9ffcf967410609eab508f254e7ca6aa2

SHA1
061671a355104728137c16cdec077b7312545f36

SHA256
a3ec8754d1131e7e3f9e35a5ea52257b5cae7686f3f4355da048ac16f4a30e98

SHA512
11d215e25afe2eb70c54c54c6b4e3125382c842324889ffc15e1b9f0e333c04473e9a8eed6fbda0c09478693811ef46efe97a16d08209ef00496b98afd6b6973

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
158a64c18dbf145d5602348e1103e804

SHA1
3e7da5860f890f5837ca126bd31e140f72cc4641

SHA256
e1f82cdebac1b143170d0f3c76bc8ae6953d2f580304e414fedb98fd99cda443

SHA512
2d345222a5f16ab38623330203bd24fac94eaf00e23f383c0b5573ae7338b46a4b2d50738327d4f7d83b38099ed40aa58d8c486b5484965cc22bca2103d49b46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
ab2163d0f3dfe8371267d5ab78437b76

SHA1
c579984a2b9caa3b3f823bc2220970f5a69cf5e4

SHA256
e04ea61456db821bb25c52f7f24b601af7bed84843e168db84be7fadea1d0f8e

SHA512
4766f6ba9e9e65b0a2890e10422d3de91e984035857b0300c892768c871df4403d20ceb10c4e66416d7ff06b46eb2e1ac72e94defbbd7f15f29faa560f73ac1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
3993795dc060025ed3ae7fed150634a9

SHA1
98c41892b5be5a0916572115141eebfca14ef291

SHA256
1dd788448d4655d5991765427e0b222365b7d1d7451233b4dece860c74c05ff0

SHA512
df25b367d9f35151a7336a4d62c7b80d6e29fdab9205b14d70cb4b46f5d82465112af3316403c1427d453db16297c032564a923693f774008f0b7c500ffe5899

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
1d5fa22c16f309bcca4e7d882c1b7b1c

SHA1
de73ef04d115f0549b128e55dfda66ddc3eada72

SHA256
ae91b310a28194ee28e43ca8d7087cb6fea16f257968235ea2d0b249fc1ea95d

SHA512
a1e042d7dcee5087f72478067fad05dbdfdfef3a1d53cf48deb8c5538d5754b6dcf40ff5784667600875f1233746944e3609ca8f5d5e1fa731e088e4f3b48dbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
3ef9288d6aa4dfe4fac041d32e324a53

SHA1
deec9fc85c8d2d5424087a70d819154fe90f8b33

SHA256
2e4d4eb2541a54e16796bfaf2426c61d8919802addf2f4441369ff92a22827fb

SHA512
d3d1f52d6982257205c833e15089502150924c315c1269d08301c315caf06a1ff2405c93e39bb5b34ea5c4cc73381b39c198ff6b88c2b11a2ee6edb4e1d475e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
0b3d0efc5fb1ddde8db95b93268d4852

SHA1
f78927cf552d09d31db566ab6561f13cae5f6eaf

SHA256
8e510dd0c5b3d70b7c37d138173835f6a6a6a802c756ae3c44ec5e8b09c4482d

SHA512
107fb3e239ce05018b72af9125d3ff0803a97a195d4caf6f03b6d8b5d3b050dd2f333789ad566d87734d0f992140205b85a6fe8afacf9a92e878642dd7f52ac3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
04a335d41efc30a87c20a0dc4e3cc477

SHA1
d0549f5b50e6ad4d4e8ebac8710d419247f0e25d

SHA256
44b5ab42b7fa030df078bbd5c2cca8ff0b452d909538b97a1146c259b3ef4ca1

SHA512
a7649e47d45d33cf45e4d8bd4e603d46088f474062d77db24e8f5099ccc549cf63a4793ee6bf45728e394569b89a79a77fbe3b19b7abb4c3917cac3a67bdfc22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
79011efd7c583227f5b1e24f040b3b82

SHA1
b755dc13a97564b933bb6d4a184fc9f3e3a0cc53

SHA256
7702bdaea04531f9a46ce8bea30c23c1278081f3fc46144527d4d020e45bf3cf

SHA512
f449a27b9719a8e5cb12e32e90a644b4769ce27dd1c8903f18b1e61e651c13455f5e1b84ad753cb261b84be64578d095f1b585171424dbe8136b888ac3760ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6103f6ae92666d942a349300eea3244d

SHA1
c2ebe0cc09e0045c181f07a53dea5a029daf9e83

SHA256
edbeaf30b1a92e9d4efdf2f7dfc38cf0e775af0ddba5cd767ecb75221d685821

SHA512
f2319e76e0844ffa3f2fd0d10766af8a94c851fd5d535ef809aebb623c6713099b65411c2ba56fcc25d717e9e40eb31c4f0d4f2dee8be2acdad9d01226d436c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js

Filesize
7KB

MD5
185c1bc40790dea6daf6324c897baed5

SHA1
4774d9a345859e66460deb7aa271932e4425b9bf

SHA256
5d7438cfe37f410263ae86690d38aafdc29d85943b95c95c2aa7f4543ac4cb40

SHA512
5b04d44eb1b37a464ecf2fc420e98bdbd99f424e314caebfc1aa6069e7475203615d57542f756cdec4ad710311da0fba0ba1ec3776d7cfc4b74e351ff4f54cfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js

Filesize
6KB

MD5
28bc19dc593bb2fa8fa473a6e7ca388d

SHA1
f8df46218830d4b61e23d818b6368df7d33cdd6d

SHA256
c6f904af0971904726b0c2bd454e11d1b4678c2da6a7d357436e075c09f90498

SHA512
769ace74397ba23ed56e7659e42994de3301f7274e4e4b79c16002ea1fd7f30cb3176c7a06aad17c319ee7f88bf834f668a771536c98668fe4e85b805f12fbde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3b82ae6d70811bb61d275d49546cb9c3

SHA1
b7cfd994602983bdf98a862610b1aa70eed545ec

SHA256
7107b7c2abaca6fc975b5313b89e6ae7c085cd153450b1d26ca48532719731b4

SHA512
1a15b74a40536d4778fb521d103bed2587c8c011b74b8fab24e49fb3fee8590cd3415f133ba04250374ff933629edafd8381cd5d3bbb64a05cce823bbe353337

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore.jsonlz4

Filesize
913B

MD5
4b2f2a180c486b323e4eb6d3ba741593

SHA1
cc0f81629ce587cec0f1673b938eaf4ed46f4367

SHA256
422ee4d939647b3eee53fcfdf88b8685c9c432f7fe5dc5f5f5b3e7f48595f427

SHA512
4faea5255c071e7faceea9a479019dcafe0d246730bdc7a9a905779a4017fa770d9155ea30e64c9c01b2eb1ecfe2716883fa4c0d59e1eb870b81075a4689dc7e

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp3924

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\Desktop\AddExpand.xml

Filesize
863KB

MD5
6117cbd24ec3d536a0683ceed9788fce

SHA1
46b8b9bbaea9877c8e78d922f2d4a787bc6538cd

SHA256
50d68015756dc54ebbd85ea48f8cd7cc7f3c02d460690d151839b29ad4a0decb

SHA512
f05f85ac55a0b9cfb8c96ad0795706872f5182245f88520a6e7127671392f32b7993d033f69fd71892f1a29aafdb9157f7acae3e63a067d35ea67718fe74dfec

Download Submit
C:\Users\Admin\Desktop\AddSync.midi

Filesize
834KB

MD5
c686b610575ac34e1c06580637c48ce8

SHA1
ddbe6a4ccbf7708c6e025b1309224bbb684cdc8d

SHA256
3015ebe217ad5bfd214e2456506b6e603c10a0cde9a53ce5dd01e3df2294c2cb

SHA512
63de5764b48088562789aeb01a06fff48ddedac28bfca97c8783c7b01596b6705431fafa75e5fefcec54fe7e190af80a98518a43c776b42fec81d456a05f30b5

Download Submit
C:\Users\Admin\Desktop\CompareCheckpoint.iso

Filesize
805KB

MD5
75c8c2b5ad7d826b3968e2822ed4e5c1

SHA1
6eb0dc025bedc12df283892cbe3d68a4ddeb221c

SHA256
60bce89f236c14a1da7a06a5b229db17572895b74a666ac6e855a58c159fb87a

SHA512
13d00fd649996edb531be7817e174d7eded31aafa17526e98240474609632cddf6e7cdc593c6af79cf2b89b54abadb9fe908a02722190b312274c55ae26e76c4

Download Submit
C:\Users\Admin\Desktop\CompareReset.ppsx

Filesize
690KB

MD5
6216e264b5214349e000c31cb2a026c0

SHA1
d5e9801c51c3f32aa833b341627372ed5f98ff5d

SHA256
563ed08e894cffb65bdea5e8d32f157bed3b827afa020b9d6b44338c911fd93c

SHA512
91fd9f63aebe0b58457176bc132a1244c13a3085ae70c4f64f1d33b97e4f23042de22048b7b006194685a4780220598eea18a1afe10ac780f2ce134b1c3528f9

Download Submit
C:\Users\Admin\Desktop\CompareStart.midi

Filesize
1007KB

MD5
53b0ee62c046a5797acef15f896842a3

SHA1
2ce620b69d96077930ac54f7ba7f1a7a3221ad17

SHA256
a519a2052d78673279db264b492b7363753543a3be9bc8e7728e8fe10c596dd8

SHA512
529be268a16782de4d8c7aaf769d825303f65f9c2fa82c9413f69d9d742d506e36b1edee9e2d45ea0e3c11c2a0f985990ac7bca9a3c011c5e4c275b9ae404dce

Download Submit
C:\Users\Admin\Desktop\ConvertToRequest.xlsx

Filesize
431KB

MD5
0a182d9138060a3ec9598d429db0b994

SHA1
e57ecd28668d8d56a3fd542b3ccfd81a87f8bb05

SHA256
dfd22a21d4d5d1a16ecac2984abc2b2a695af94f364cbb4de622b1aba29c299a

SHA512
19c7fb1d82933d0555250eee05209e3cc4bd12433f5b4aabb6ad875448682e5d6c60964d0b2b19627aa8c267c1c3b39e186cefa0c1ae6c28191088e51e0d4100

Download Submit
C:\Users\Admin\Desktop\EditProtect.ini

Filesize
546KB

MD5
c5e1cb8aff270af61c0f6392c475e02b

SHA1
b3d84e4ddb08a9c4734b3df6f92e31050f915fca

SHA256
dc50bb55f3dd1d5df6aa28682c4d0aa6af5f9a88ab5568a2072528c5ee3d08a4

SHA512
f200bb70f6b098d4af329d9978d0bf861ac2768d7ca68b9d4f809a8b7d4d716721397bbb4356f605edb80718d2c17397e9cc88f12e5941d52bc6abf2b44dcfcb

Download Submit
C:\Users\Admin\Desktop\EnableCompress.pub

Filesize
777KB

MD5
b2a0d2b4ce1d6e4a3eb9e7f6dae3eaee

SHA1
f2a355239e6da6bf37ca45eb0e39ebdb3f540ede

SHA256
e79f1e05930b174eb0653f13fac0ac1811529ac4767599a6abfc18c2581c0b6d

SHA512
b04f046f37a1776f2b33d8637cd3eada831ed68b337a0c259b89a66575c61b57d43be855905202bcd901875601cd74662746b6d00a4728e9ab6c4fc8cf08ca20

Download Submit
C:\Users\Admin\Desktop\EnterCheckpoint.xml

Filesize
1.0MB

MD5
b09e4a1d34e6a322499e4f338c364848

SHA1
3d7bf79ea607587adf76a3a1b0932f333601186f

SHA256
f55ddb5ce2fd950509ab3299605cab827244591d3d75be5043b159b6756e79b2

SHA512
8ffb3067ac561da3c82caa2e0889ffa7d6f09c1e44d8200d19ad2215a6e62ab37e410afaa1d58cf187eed888c9cb422c30b1c0d1dccd2cbcc8e87b039b46ae90

Download Submit
C:\Users\Admin\Desktop\ExportCompress.dotx

Filesize
402KB

MD5
e3ff56575ead23fa68ff8882e5356da9

SHA1
a55e96d4f711117b116f9cccf3033638e6c9de9b

SHA256
bba6172f90bbe12d32f78d62c8dac6773dd793f3875442a539af9da2fc109a47

SHA512
650b0ea8262a6c3e1b84a2b06ffe5fc5c4600576bb2f3f2917809b306562db96c2e971e5d25067b64285d4f088b2f273f60a391552d8a1d89307ea0bc463c40f

Download Submit
C:\Users\Admin\Desktop\InitializeComplete.xps

Filesize
949KB

MD5
48a0fb268b1f3e337fc0c0ff538f9099

SHA1
d10c5e6b64e021149f4b6b4edad1c10e2eb0ed7a

SHA256
7f29b1652d3058c8bd23f6bc6a84cdc916dc8248e199cf63d3455a6139221b81

SHA512
058a9f34eef0846f007c4fae15e44e15fd49fa9412e5f9779df441a5adea30d7b9cf35f18a60ec77a10a9dd082b14bfc815276da08f197ca90291bbcfdd1d007

Download Submit
C:\Users\Admin\Desktop\InstallSelect.xps

Filesize
748KB

MD5
63fa3d7cf42c938c8ef10ffa824908f2

SHA1
1d3bf327c28af36538cb8534313c48a725459156

SHA256
2e50cc6745b12c2ef802c34691be3b8e7a49823acb36fe89da187ccf33ddfd84

SHA512
8cccb664df1970169715e0b1bf22386f24a9d5fb768448ca4dc6af0a00d31521b330ec694d6adc5f2a4716306ee36845ffd26a93e94c84abbcddef19ec7d6d17

Download Submit
C:\Users\Admin\Desktop\NewGet.csv

Filesize
1.4MB

MD5
0c373a7178bffa844e5086f037eda4f5

SHA1
0ff3f25467a7c4bf134eea071c5fa05a5fa86ae3

SHA256
b39fd511b17860679d241761de7ec45ea7fa7eb9825bd0af1ec3a623f0583588

SHA512
9a80849e956c565d49eae4dcdf689d9ef11b1330974a5fc8609de55ea1161055a63326806c3618116ac293d9e959f0b325892d6f746fa82ac5d56f18495a07d9

Download Submit
C:\Users\Admin\Desktop\OptimizeRename.xml

Filesize
661KB

MD5
18f05850493ddd46fe332e45b186bddb

SHA1
5df6dfa32f5cbe7c62fa631739b54fefd4b7b78c

SHA256
eff29b9caca79c9a9f092066ab3be5f4d6b2f2ddfb6a0678d8b14214c6e6949e

SHA512
3a6850ea3eeb6da0137e5bd489aaaded70879dbb6dd3632af4f3f021e898f09fa78bcd221d262ebf5b3bcbb718b901685f895f175517a4ae5683df968586ece6

Download Submit
C:\Users\Admin\Desktop\OptimizeRepair.svg

Filesize
719KB

MD5
19700533f085fa2989d67b102ae0b8f5

SHA1
5bf171939064d492e9bc989dcd21487c2c839b22

SHA256
19994e4aa8b5970797644f841d17372532d2cc01e3797b9fc74a93c00e2b872d

SHA512
637ccfd82b7d5f5343f1238ab4973965c6baccb35a17b3f34c81786fc35d8566b1dcc448c144a375413c379c7e32a2e60a769b51a64c9afd13b38acd156bb852

Download Submit
C:\Users\Admin\Desktop\RedoSearch.xltm

Filesize
921KB

MD5
73e5bbdd2f2499bf6837940267d469c7

SHA1
08c1069fb94b5908bf0b59bec5d4ec7d92f61df2

SHA256
81b03360f0007c97e7407b65852863238b346526b1b1c9fd2aa54cc6dd6244f6

SHA512
78c6cd806e391cfb04b0e50f30fbdb2c5b98ec1ac2ea43ec482ce9d021c038350d5002a541791de189ed3f1096cadfc9cfbaa47ed353c76eafe7a1d7cf00e7c8

Download Submit
C:\Users\Admin\Desktop\RegisterRequest.rtf

Filesize
978KB

MD5
fcfd0fb03fbf67c8b3839d78d2639a09

SHA1
9a40f8802c47065545403b2d9586164fbf484949

SHA256
d7f75f27644c51ce5ab3c3fe93359e18ec987c0f6b523eb3c5a836d0296bbbc2

SHA512
9c784e2ecd21818777508785a2775017be7ecefd2cd7d2a3737c3f4eac3d7aea44fe8ce26c5c08f2001354345513c0741780c9d43fa14e507378259557174c5f

Download Submit
C:\Users\Admin\Desktop\RegisterStart.potm

Filesize
892KB

MD5
f11b0b27b7367840e4c2442c3bc8b0bc

SHA1
d7bc1c5cebb81984ae8af3f56e5dfa35e9fda614

SHA256
f5da8d7b1dc954fc5ce34e74511d16208f120eda992136c1b1178e569b523b6f

SHA512
53f4d0f8562d17dc2ac5a4baadc0c974acbe449251341a7e94e988489b8d8d8b4446d8cca299438483a269e647cdce5bf696842ed32e6dc6d5909b9083790f9d

Download Submit
C:\Users\Admin\Desktop\RenameWrite.asx

Filesize
575KB

MD5
19bfa450a28eaf170fb69b71d4118c36

SHA1
ce70fcab1495b9b3b04524788d4c9e90ed6340ff

SHA256
9e7c89b4ecfd3f4200c940326d81e7cc8f94952a1b0beb6ff6e6dd05f1ca0e17

SHA512
80838551ea37dc6c40f8090132ef9b48ed5287eb7d616cb2df50289346042075f439af1c940860d6591c3f40f63ab6aee719003c663ff99b48522610f3625b79

Download Submit
C:\Users\Admin\Desktop\RepairSet.vsdx

Filesize
518KB

MD5
136fdd08a7faed4dc1f6e5e690070558

SHA1
d85c16506194e2ac0331cb7c9d590d9dce91f714

SHA256
dd09b3fe11d05a6f1087f6d6ed2da326bc64679711a3065cb6a12c156291f7cd

SHA512
d153124b569b73156e7cbf950d8b7b7f97d87291d6a44c122606566c46393df4409c3d242cf41b62a0b7a27c1ebf752d6aeaec860dff90a48fc23b623a0a83a3

Download Submit
C:\Users\Admin\Desktop\ResetFind.mp2v

Filesize
489KB

MD5
9e5344389e82a88025a7773d9ea7b7dc

SHA1
0f36de1462fdda2e1be85bca9354cdfeaa8acc50

SHA256
133565f66169518a9cfc0e841825415a05e4d5676559005c5e9b9e4774ef8711

SHA512
1f628fe8c162045711b5078929af53bce762eef9191a28ad2286890faa055bc33b041df7f13081bbeb91d23d6183cf8675fc7c35d444f26382fad9e5e2fc9c31

Download Submit
C:\Users\Admin\Desktop\ResolveWrite.wmv

Filesize
1.0MB

MD5
8a2d7573da1f7dc07e81833bf5412606

SHA1
d3fae950a86905849ee7e9a4f8615fdd0a11486b

SHA256
28d6277d59d6a30ea6f34a2ac580ac60d47c3a4368c22fc85480608951460d77

SHA512
0d1f3b53ac4e95ebe4c17448f84c8caa40d961d4c3b7ec54d197fb96070264b1198e9b3143bf2d386bc8b39731fec6a374c328c5f3d3b347a6782ee0d8ebd776

Download Submit
C:\Users\Admin\Desktop\SplitCheckpoint.vsdx

Filesize
460KB

MD5
91b8168766a245a659b9bbc2a9a359a3

SHA1
d0d35a05c418dc790c8d347b68c379fe636d675d

SHA256
946ba37426e1166b57f0e439bc538690adc10025ed93ecbe246952d01f1adc44

SHA512
a5d98f15dfde4d1862b571ef67845ca265f6af155741d8c777366998f1504492c14dcac0ef4686494295e61f111828f07f2861545090b2286b72c1c24725fbfb

Download Submit
C:\Users\Admin\Desktop\SplitWait.cmd

Filesize
633KB

MD5
3cdd185bdfe4f6551a915ca587cf36b9

SHA1
7daf9dda61279b41a84080658c81ffe240ba32c3

SHA256
e7f4bcb339f91325b4556e26a8992aea3a7ad14269e4b5416897a78fa151c600

SHA512
17a44c68d495a2faeb54f1a3d36eab278872994df18e954e5e355df5afd3bb59cf53d54cadfdbadd7fe19410fa18daa94fe74233c915105c13d00577ad5fc3c3

Download Submit
C:\Users\Admin\Desktop\UnprotectMove.mov

Filesize
374KB

MD5
d516389b0f587024ba71083edf539329

SHA1
0831e33cc4eab7403d921861b6a80bfa7080c7c5

SHA256
3f8f3872c49b9e27c7c6b5334982b58c46f5062848cb54e32de2b357f7367479

SHA512
7e3b48ddb80cfdb6ed71f2f39259fa32f6f9397467c26be3796de10dcfb7ea7d886668b2ea40c9121eb6f56c6ac0b3f52ec0388872759471fac76170d143582d

Download Submit
C:\Users\Admin\Desktop\UnregisterMeasure.DVR

Filesize
604KB

MD5
4a5626f8d91d7d1bd8c2cef8a42feccb

SHA1
d82de839631f026ce9f22300e451dc71b3ed4a73

SHA256
96e65864f9852452d1fd96b7e50f81dfbbce2ae72ecc0a74ce16fee84e269a84

SHA512
c0591088ac9bfdf72f8030bf4ef5108bfdbc76caf23a4152997f1fd49bd278ee095040cf01c37c977839d117706c2b5be5b330c964e02343836015da23c6d395

Download Submit
memory/3836-1168-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1167-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1169-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1720-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1170-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1171-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1719-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1173-0x00007FF999600000-0x00007FF999610000-memory.dmp

Filesize
64KB

Download
memory/3836-1717-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1718-0x00007FF99B770000-0x00007FF99B780000-memory.dmp

Filesize
64KB

Download
memory/3836-1172-0x00007FF999600000-0x00007FF999610000-memory.dmp

Filesize
64KB

Download
memory/4608-30-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4608-28-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4608-31-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4608-29-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4608-27-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4608-26-0x0000018DA4F50000-0x0000018DA4F60000-memory.dmp

Filesize
64KB

Download
memory/4856-2756-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2758-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2741-0x00007FF9CCB70000-0x00007FF9CCB8D000-memory.dmp

Filesize
116KB

Download
memory/4856-2740-0x00007FF9CD260000-0x00007FF9CD277000-memory.dmp

Filesize
92KB

Download
memory/4856-2739-0x00007FF9CD280000-0x00007FF9CD291000-memory.dmp

Filesize
68KB

Download
memory/4856-2738-0x00007FF9D0950000-0x00007FF9D0967000-memory.dmp

Filesize
92KB

Download
memory/4856-2737-0x00007FF9D1770000-0x00007FF9D1788000-memory.dmp

Filesize
96KB

Download
memory/4856-2736-0x00007FF9B9630000-0x00007FF9B98E6000-memory.dmp

Filesize
2.7MB

Download
memory/4856-2744-0x00007FF9CC740000-0x00007FF9CC7A7000-memory.dmp

Filesize
412KB

Download
memory/4856-2743-0x00007FF9B38B0000-0x00007FF9B4960000-memory.dmp

Filesize
16.7MB

Download
memory/4856-2754-0x00007FF9B38B0000-0x00007FF9B4960000-memory.dmp

Filesize
16.7MB

Download
memory/4856-2734-0x00007FF77AB80000-0x00007FF77AC78000-memory.dmp

Filesize
992KB

Download
memory/4856-2762-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2757-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2761-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2742-0x00007FF9CCA60000-0x00007FF9CCA71000-memory.dmp

Filesize
68KB

Download
memory/4856-2759-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2760-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2788-0x00007FF9CC4C0000-0x00007FF9CC4D7000-memory.dmp

Filesize
92KB

Download
memory/4856-2779-0x00007FF9B9630000-0x00007FF9B98E6000-memory.dmp

Filesize
2.7MB

Download
memory/4856-2771-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2770-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2769-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2768-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2764-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2735-0x00007FF9CD8F0000-0x00007FF9CD924000-memory.dmp

Filesize
208KB

Download
memory/4856-2767-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2763-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2766-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download
memory/4856-2765-0x0000019DA2300000-0x0000019DA2310000-memory.dmp

Filesize
64KB

Download