Malware Analysis Report

2025-01-18 01:08

Sample ID 240613-g5exksxcnh
Target IE9-Windows7-x64-enu.exe
SHA256 6ce7d7ed78170bcdfa431d3767dd25a3df2b1a09df22b13e79a7a894f6715eeb
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6ce7d7ed78170bcdfa431d3767dd25a3df2b1a09df22b13e79a7a894f6715eeb

Threat Level: Shows suspicious behavior

The file IE9-Windows7-x64-enu.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Drops file in Windows directory

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:22

Reported

2024-06-13 06:27

Platform

win11-20240508-fr

Max time kernel

171s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\IE9_main.log C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627335030744742" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3540 wrote to memory of 4140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 4140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3540 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe

"C:\Users\Admin\AppData\Local\Temp\IE9-Windows7-x64-enu.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcdf48ab58,0x7ffcdf48ab68,0x7ffcdf48ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4180 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4532 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4872 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3436 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3324 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3924 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3108 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3140 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4924 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2748 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4596 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4744 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2748 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3928 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4536 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2444 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1628 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4904 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3928 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4076 --field-trial-handle=1784,i,8931936316581749140,7168550921655839476,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\UnpublishExport.pptm" /ou ""

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\UnlockSuspend.pps" /ou ""

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PushClear.wav"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcdf48ab58,0x7ffcdf48ab68,0x7ffcdf48ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4112 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4768 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3984 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4780 --field-trial-handle=1872,i,16979664549289229053,15133458665219312843,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce83c3cb8,0x7ffce83c3cc8,0x7ffce83c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17139941716868208792,254435556498627442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
GB 2.18.66.67:443 tcp
GB 2.18.66.75:443 tcp
GB 2.18.66.75:443 tcp
GB 2.18.66.75:443 tcp
GB 2.18.66.75:443 tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp

Files

C:\Windows\Temp\IE957E4.tmp\SQMAPI.DLL

MD5 a575e8f9c79106a0b38935136938580f
SHA1 d46c4e40291f4b83a85e78fb1b627aaf86df8bfb
SHA256 c109d6310023b3f552c923676f751d9d72e9378d1579f06d4ba6d3e9941e9e1d
SHA512 b2f10eb19660ca56e6849a48eaa62cbc32785b288161b138343724ec0d29e9ddae2fac6f902d1ab8516dc348b3267e7f5770b78fec4d9f83483d145e45d02a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2a972d3394d4a89710274c271d71ce81
SHA1 caba3f9794aa434271f7429845f797a4f11d70e2
SHA256 f45ff233884e8a736479f827b425ca60c54320b5f5afb454d9d5daf8ab19bdda
SHA512 acdbfd7be111a90ee624d3842b1e63ebe00e8b977d9a361bcb678bfe905fd7e011dd8e58df6bc6125c3f61ddfeeedc1247ed6a3452680446f325563e2d6c46e9

\??\pipe\crashpad_3540_OFBOHICZGYBWOKDF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 563dca004deb545f4393953e0f3ccfad
SHA1 694b1fe2f101890b5ed01f7fa6adda45066467e8
SHA256 789b5beb7056eb8738beaeae84c6d40bd6ba86c2bb3d5b7cdf08a8bac488203b
SHA512 0d04062363bd21250d4d0b2f15c3693c0c1feda469ef21fd884e6a8c121791cf8321a55350b52e48b46a8f98ab20c980d275afea606f225a6acb4fe6d15de89f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fabffa5107a646f6a01c3c0c6215c45
SHA1 d934fbdd04da53d167966cc05569f7879e5993e9
SHA256 ef1694b97f34ffe07a59c75eb2adbc5b584204c3aec5ea4442eb0b78873ba889
SHA512 906b4159f423fe6ddc843bd3c39c6e4f1b43aa9e378c4df6a39454eb7a19ee4a268d4e5ab0bef1beaf6f6dde6af7f793d3390985e8c283d5bcccd885333f0d60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e5781f198091ae22c66adcb23dba7c5
SHA1 22ae237eb578e4ed355426ddb1844f3028bfd389
SHA256 0020f73ed679153141a3f481de67d685acda8ba7e205e3e99314c51cbe86df8d
SHA512 c49dd192c3c30dc0a897cc6257927c969e530be42952371472e66a69c7197dde7b505bca77a0655f1c190cb7187625d304c095c691770343ef7d5f89f75058c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8d798099e5a395ebeefc59c467be4144
SHA1 ce128971c07cd73ddbc11e3d949035a05414ebde
SHA256 b76806b57cc0678847b99aab091e332982035fb4944f02a410e95cb12df4628a
SHA512 6efe95b601441ea4f91fc58eea04cabed216e46857e1ce5e9a1e38fa4d1316537289b2f46d393403f594dd22072c160ddbcb04baec46a9237c84afb9d4be5b1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58821c.TMP

MD5 aa229b676acacb47d3a885b5e9657cf8
SHA1 4a537c40c873f0fb93a78eb45e86c7e8270031ae
SHA256 8d5cb9c36a7e7ab910b86adf1f1b0f2fc8bac9d20cb65c90aeb02a94c2c9bf35
SHA512 dbca120ddcc7d856ea7b9b333dd04a6598a543da8a002e1e5b3285f56a99963ad52febc04a64b8c1d173555a406e561bba76cda5c1de099a0bb758aedb793be8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 134a96a23e4424856300185ce27d2632
SHA1 44205aa852193fec31dffea08a9840441cab2c04
SHA256 d3527f843e0796cc598536b3f2c47ca844890af73ed661094eec7b9aac648da8
SHA512 1581c1a920efda4eb900cff36025564e664c80bc77c2f7fda2be30b06c804f81360b9c1a6e8a084e6b6bb85f702b0a8f5cf1081419d6229b58195071275f160b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 51d52f40d6aeb0e2627df8c46672462f
SHA1 099a1dca903c0a23ab041417395ea9f81be5c9dd
SHA256 ec7e6abe44210a37c9795b6cdd8711a9683dd6b3a516d8700cbd742446356593
SHA512 f3a4ddf367a4cd6570f8e72878196fd3d0e7971737f9b62c4db8389ce0bd83d88cf6324a80a99592c87008f11ebab935cd58f19c09af5d3c2b329dde55ed3d29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 68ecc330b3176cea9036622ea3ef52de
SHA1 8e9f2b2943f8b0d913e17da477ca5fbebe9e7ac4
SHA256 9ade7c1de85ac91a82cc30866f0ad7655bb440aef65f7a0a0321b62281ba9df3
SHA512 d73b6efadfa35698ac93ef92023f36f767ec112c36838e8b54642579cd5a6637badf0a8d3345b4ecbe42fc2566e8f9305ff54e8541bf3f99d714230fb06d0047

memory/1088-215-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/1088-217-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/1088-216-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/1088-218-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/1088-219-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/1088-220-0x00007FFCAB9B0000-0x00007FFCAB9C0000-memory.dmp

memory/1088-221-0x00007FFCAB9B0000-0x00007FFCAB9C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 add56ec49f8f478e84a934606effef1c
SHA1 1262ae87ef755e40752740df90d21352d5fc81ec
SHA256 22e509cf2b7202fc6b04c3d9a1b137477f11471d58a48c1f9514f89450217327
SHA512 c095f193d221696f3b087c3f224a559ad0efe4852a5392c8a3ab03f80183beec2a8327892aa481c85f1bf8165b76a029555f250e0dd5f396c823feacff4c06f1

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

MD5 c56ff60fbd601e84edd5a0ff1010d584
SHA1 342abb130dabeacde1d8ced806d67a3aef00a749
SHA256 200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c
SHA512 acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

MD5 e4e83f8123e9740b8aa3c3dfa77c1c04
SHA1 5281eae96efde7b0e16a1d977f005f0d3bd7aad0
SHA256 6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31
SHA512 bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

MD5 f1b59332b953b3c99b3c95a44249c0d2
SHA1 1b16a2ca32bf8481e18ff8b7365229b598908991
SHA256 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA512 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 4566d1d70073cd75fe35acb78ff9d082
SHA1 f602ecc057a3c19aa07671b34b4fdd662aa033cc
SHA256 fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0
SHA512 b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

MD5 e44e79672259306a0aa6ebebdb9c663d
SHA1 84b7aff75a70a7c0b5963596edd3086b28beb5af
SHA256 9bf3a6fd56a0d38154dd541fe657b0d3ecbe22d7c8f705c140abd44a4704786c
SHA512 c40dd014edf0df5a81529c3918376e94f318cb87db7a2504500f1dd1c21e8e6e602c75c802ab1e6b2d618fa01cd999756480b639219ac834a119ccda88e25418

C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

MD5 497d3ae0db512e15d26bc7fb42d25943
SHA1 a28c38595b04b73121f997acbb34beb2f165be64
SHA256 9af4a82b4c4b6263e27aae536bc750588d7d36cf736bd949b2ce753634e84511
SHA512 54bb22f2082a93aa588e901bcb00d20cab47aa214a27424b620c10b4fcd80d20128a2780b40b3b8785108aa571fba71bcc17376d952fd5876f4ff574fc7a246f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 bf91a122dbf8f276f9aa709d8b2d49f4
SHA1 94a9125ae768f011b409aeea39db31542c017ac3
SHA256 fd2572beca83b212d9aec7109b6ab7857d4ce84bdd2839bf9443dcf9d08dcb07
SHA512 5d70056a3d5be122daaa3a306763b89c7ccd6c1ddea67ba3c728952dd9dc58f73f09153c7ee429753a21cf81e4026cf12378ca3b91e906d063d87718047a1730

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 b25c024358985149ba44101adcf4d75a
SHA1 f29b074d4d81ac403611dac9d4e5e4e659803652
SHA256 79f0666f77c4fc4295a89ab5dfc8ecdf8dac0c44a847c892d0b78aad85f8126b
SHA512 e61992ca5496acbd85934bd47e8701a03dffb4988f5f0dac635c3e81211d50f36623737f89bc17d3dcf8afb6abbf543f923d336344c7544e8b0ed50ce8c87178

memory/4076-300-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/4076-302-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/4076-301-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

memory/4076-299-0x00007FFCAE550000-0x00007FFCAE560000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

MD5 c0389569a781d1fe0c8a451d78284ac0
SHA1 fbc5dbaca17eb82c8ecda1a96e77e6b0db31df9f
SHA256 9d4cb7335ad386ed3f1629e5764c24fc95680f528c62d0ccb4069d0d7e77393b
SHA512 40c6c962ce16700728b62bb176997f67a7cb9cbcb96032f788c4623ac16d85dc02d74eea0b1a31c8e36fd1cf4fbe3f2ee4d8ef6e28d0a2d79252baf88ecf85de

memory/380-316-0x00007FFCAB9B0000-0x00007FFCAB9C0000-memory.dmp

memory/380-317-0x00007FFCAB9B0000-0x00007FFCAB9C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db

MD5 f138a66469c10d5761c6cbb36f2163c3
SHA1 eea136206474280549586923b7a4a3c6d5db1e25
SHA256 c712d6c7a60f170a0c6c5ec768d962c58b1f59a2d417e98c7c528a037c427ab6
SHA512 9d25f943b6137dd2981ee75d57baf3a9e0ee27eea2df19591d580f02ec8520d837b8e419a8b1eb7197614a3c6d8793c56ebc848c38295ada23c31273daa302d9

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal

MD5 70b3d980ab840acf572f7447d71d0091
SHA1 34a13df0956a0be92086f5a186229a626398c7f7
SHA256 f68344d605d5285cfeb2e61cf308c089ee6e5c8382dc6fad7c245a3c54705f16
SHA512 22634600fa6f3d9357ed7c6ff07c2f0a631150859358192ed547ec7528cc5adc8ff440a3ceb0baf495a8d4c60335f067b9f8303803fb07c5b503d6d945245e13

memory/4872-349-0x00007FFCDF140000-0x00007FFCDF174000-memory.dmp

memory/4872-348-0x00007FF724370000-0x00007FF724468000-memory.dmp

memory/4872-350-0x00007FFCC6E50000-0x00007FFCC7106000-memory.dmp

memory/4872-351-0x00007FFCC0370000-0x00007FFCC1420000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 d9a49a7d6d5ca840cf0f0e937007e278
SHA1 90197e483cc1bf8970cb6012997b1968f43d8e78
SHA256 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876
SHA512 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 00f5c4a9a141cc379bc9a130bebdc3a8
SHA1 0effb629afca971619e6dd31c10e6c33f4fc39cb
SHA256 9bb958b97dafec04a3d58740e47a6cb7749791128234a3cb758d08ed3a557572
SHA512 c8c4e44a5db48076f1bc51dd9aa4b7ab0cb26b9f58d26c8b9aa91afccd7ca76f4863f7416a9b85eb2ca6508ec5240f38a9a2f940907a359ed8b0957632568135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 023d944db448313fbe79b772ed17f810
SHA1 ce2dcaaa035d25d942d7acfc99d51da84fcc1946
SHA256 52bb40fe1dfea70c890ca03c018f00179d7ed491567562c94ac5bdad99ddc58e
SHA512 0cfec5084f828c20dca586d1f0c724e4be6c928ab02105d8d9c437d326638355a1455bbfbac71cfbc694a055597cc59fd55cee068d2097ca22b048a19c63c69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 5cbb7fbaf35acb5214d55951c6e37529
SHA1 3b51d88032dad23740946196160f2194fe44dfef
SHA256 a39079ca010e74c397922b46628bffb8161f77735c04566e833004e3a0b0103e
SHA512 596bff0b328f6253f1315041b881f0984510967d885d34ab7e083b82d974537e535a3640057d5d373a06b24a618efce2d3b7a1cbc8909a104988b7626fa43f30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362733543538685

MD5 a114aaf1bf5176d0dcd6d757e409f537
SHA1 e15172eace30c0583214a88ff3b48aee4d611f51
SHA256 1d921f0da57c8c2110567d47219767f5aef27a755d8545654e3c515c846abd8a
SHA512 27e69d2e2ee8598d7d3d98c3f4cebe7b571a405be83a56c751785efe89d27ed913e49fdcac1ffff6c5bf7d7eab67895d1b10ff4b0b45f1d8d68fd6c3ff1c50d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 7105b6d9be994f1a5582aab5b6ffe8f3
SHA1 caab430fca5066349fd77693b320dceeb1cd5b7b
SHA256 c01767366c30e84f627aaddc16a1afa8361806f026538b052cd06725830aac6d
SHA512 de94d5d8f0571d61f5d95afbb29ec4c4d9299ea55b35ea3b77cd6db056fe9fcef3735e5bc4b4f5ce35305f276e56126f71a319dcc9fbc0b78054cbd0ab21f15d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 a8a94ff7009918da829c1dab2998d881
SHA1 61a751677368527bdf0655e6f0be04a5306d4a3c
SHA256 c4df28a571daf67e8b1b15fc41bd95391ef31110a6c93429d6c11d491c300944
SHA512 07d9570da77e72d2d95267f51bb624eb00cda71501c11208a4a02cb9254399f201fbdca1e4c9f7ef418affcfcc79fd6e6f3dfd601689f25a3e925d5463e74b65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 2851f513ea6c2b528a3f0adf7d255e4f
SHA1 0d295b34129bde677270c45d97de50dbc24b33c9
SHA256 786d5c254e9b8b04f1e51fe96eb260baa4728f39d96b38892a599339e64700a4
SHA512 533eb68ed03aab9b418c311303c647759ac681238f5ed28b7310df0f3af8201194dba35c5cc71da4d9556bc5375d468933352351d12468b2404798cd27b02a46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 5f9b15be2a266e1b4504ba08dd933f26
SHA1 8a7c6722db1cbdd75d6521ed33d652d5f04d78f7
SHA256 fb6a5e650b3989702aba9dce03a457999ad5e906e0b3c468461edaee15c6236a
SHA512 b2c09da0698463b1543dcb02fb98b3947a7bd9d1c94dcd97d7327e10cfe3b1e8cd1f8da6c3f033df6f5653e69eaeb2d00e19c7f838a914393af6ef52e2414455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 f42427d8b0b1fa40c51320b15e7cde62
SHA1 c7c79a0f1f7375d3537a638662f5fd3d6a5610fc
SHA256 f486c82c6311a55853ae1e9389258f3ec7e0f8f377c7335aff3232883e0fc421
SHA512 cf41092fb79462f5f140adc9d5f2abd2372ba7a956617f2bc8f16fdc3d79e7c350ace24f77c10c14a69a5d060aeb014af0d4859c9be30418c32355e7acfff18d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b9b9c41c928b6efac4629c8df6e2b54
SHA1 7452e03baa1cc189768a4aa3dc8e53ac53d9198b
SHA256 e904ea90a4d817ad094ed37704bea249a920c0e3cbba15d7d63bc77c73d45622
SHA512 b6ea53f0f317b79ebea34625076df10d6a35913fb8facf9dec0b49d937c4cb85a49be73869e01172d0081dc2e577901f6fbb646aff7b7419d5c1af4d20a3dfd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60bd474655330005de98218962f54bfa
SHA1 208eb4b3adea9513f3e11ad8e0045e0c9f9f2c8c
SHA256 ef82592d75cbc725ca47d1c8a3a43124645d344ead8b89f2465b01c4ed3bb1c0
SHA512 e52042d9fbb2d03842376b1faf3d41024a5407a338c41ea34e52e075545428e2007137ca018ca47dd694ee70e5ba28401db8d6ca96bd3d13dcda6fac8dab85a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 355b4cd080f0eddccfb1aabefc627e43
SHA1 945ee8154f46115dc768110614d6ccf8c023f7d0
SHA256 844e369b57b8e2fce4d82ff8a3a27e7b7bda3a7e7a2ed5d7ed8c57daa3955b8b
SHA512 adb47960abc17f8fde40b7bccd24e1622c7e7ea28988d7a52b4b34c0ffbfa35cae2c381222c9a18aac2b54633436ac29a3b823f98a87f1fd527f855a74a1846f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 80440bcf950c03c16c619189eddc7605
SHA1 13021774da834b375443040a726055e6a1873c6c
SHA256 3f7c36e0c3e72b3a23937d64322b658cf669c31b642d2d5157b7709130997278
SHA512 44575551a9d6d15c7bf9387f2f259ba413671561faad5657c04843a394e5292aee9715027d53ccbaa5032744bc8520b51abeaf85bf1a05c8718f32b44084887b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab6c66550f28e36e3570ca3268d450b6
SHA1 a5885af327e812308812636aa7cd578217d3ab16
SHA256 e2f982426150887a42a0d648210beb7e5cd6fa2c6ad5e51cf433d1b4568eaad0
SHA512 f1754b48ddaaa19d0e6775d1498cfaa10db1e274d1b6828468b6126005ac9bf3261af952f0f836182625127d77d7ca70ba418af053a224c2b898bc169b295113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA1 3f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256 d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA512 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d56e8f308a28ac4183257a7950ab5c89
SHA1 044969c58cef041a073c2d132fa66ccc1ee553fe
SHA256 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512 fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\28f6424b-d12b-4e71-a22f-dca8891af33f.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0042792c99cff9681ecf8dbae731af5
SHA1 de301e582b29172c165e58ee42f74618ecdaa2da
SHA256 37af0f64f7c6735336d26cb1d6ab2811a210e5537ed85146a1e6fdbc3c0ff2b9
SHA512 106a83fb3e78fb71e61cb34148b5ecd701c4990693b30d2ad84f381e671c151388b69ef2e8a94705117002f1f7adc501d4d0b3541f3e8a34cd5730d8a5e9d0f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e89c332fc23d734f5881b12ec2a5f2f
SHA1 c299d29569e3a94117b9b635ed3daef5fbf7d731
SHA256 08745953148727a7a7841269ada120ce6d9783582a0501149233c22ab437a201
SHA512 0fa93145eefcb200c9dc0983040b75318db4d03034c75331bc0a2b9c553696256b0298247845b209edee29f2ab6a38a2c96d75b428743f2cb3c33b5c25b98b9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e323ffc9bc4a589b512e696991f94326
SHA1 3df210c27ce85f742497ae107b9c2a6ef2ce069e
SHA256 2feaa096c45a2fee39d4f93d2947dad2d25cffc029b8dbcd910ce2ec60a24c82
SHA512 01d6afb0b4676bb6b25da1bacb81ff82b4c841429055bb2dc441c6238baeedeae961c89c1d72614cd344ae7d2547223872143188b03916ae5df49e5d1056a5f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a32523bb9dbb51d37f9f5e07b32058da
SHA1 edfbfc8c5822c450df71a14bb1bfdbfc1c622789
SHA256 432e6cc413cb45320914770000c79cf12e3d3797ca8c76cd44edb0b1c02cdf7c
SHA512 2da39fd8a71e3baa7d74a71cb54b8b73f5ad34e78bf02b7ece070a5bcfee6172e83e26a2c13a55a6e9f69a28e917d3919d1e9937351ca5d365b3abf4d5ff1856