Malware Analysis Report

2024-10-10 07:27

Sample ID 240613-rv9z3sxbkr
Target 4_pillars_record_-_for_SMHW.docx
SHA256 b238f21e7e200ac3c5d608d97ddaa480e5de534adf5282619529f9ef9d38adaf
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b238f21e7e200ac3c5d608d97ddaa480e5de534adf5282619529f9ef9d38adaf

Threat Level: Shows suspicious behavior

The file 4_pillars_record_-_for_SMHW.docx was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:32

Reported

2024-06-13 14:34

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\4_pillars_record_-_for_SMHW.docx" /o ""

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup (1).exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627627365787376" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{EC502486-817A-4853-BE89-856FF9BB82A3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3532 wrote to memory of 864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 1664 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3532 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\4_pillars_record_-_for_SMHW.docx" /o ""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8c5eab58,0x7ffd8c5eab68,0x7ffd8c5eab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2736 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3584,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4832 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4900 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3468 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3472 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5236 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5288 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3516 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5712 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5864 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe

"C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x490 0x308

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5112 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5424 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5372 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4148 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5228 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4060 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2500 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3468 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5456 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5052 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup (1).exe

"C:\Users\Admin\Downloads\SteamSetup (1).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1860,i,1589848886232151251,5356819270870586983,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
BE 88.221.83.248:443 www.bing.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 248.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
NL 23.62.61.184:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 2.22.144.9:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 184.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 9.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 samperson.itch.io udp
US 45.79.115.66:443 samperson.itch.io tcp
US 45.79.115.66:443 samperson.itch.io tcp
US 8.8.8.8:53 static.itch.io udp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 img.itch.zone udp
US 8.8.8.8:53 i.ytimg.com udp
US 172.67.69.99:443 static.itch.io tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 45.79.115.66:443 samperson.itch.io tcp
US 45.79.115.66:443 samperson.itch.io tcp
BE 2.17.107.200:443 img.itch.zone tcp
BE 2.17.107.200:443 img.itch.zone tcp
BE 2.17.107.200:443 img.itch.zone tcp
BE 2.17.107.200:443 img.itch.zone tcp
US 45.79.115.66:443 samperson.itch.io tcp
BE 2.17.107.200:443 img.itch.zone tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 45.79.115.66:443 samperson.itch.io tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 99.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 js.stripe.com udp
FR 18.244.28.50:443 js.stripe.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 m.stripe.network udp
US 151.101.128.176:443 m.stripe.network tcp
US 8.8.8.8:53 50.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 176.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 34.210.222.73:443 m.stripe.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.222.210.34.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 45.79.115.66:443 samperson.itch.io tcp
US 8.8.8.8:53 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com udp
US 104.18.8.90:443 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 itch.io udp
US 45.79.115.66:443 itch.io tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 90.8.18.104.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.3:443 id.google.com tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.200.189.125:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
BE 2.17.107.147:443 shared.akamai.steamstatic.com tcp
US 8.8.8.8:53 steamcommunity.com udp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 125.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 184.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 147.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 162.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 clan.akamai.steamstatic.com udp
BE 2.17.107.210:443 clan.akamai.steamstatic.com tcp
BE 2.17.107.184:443 store.akamai.steamstatic.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 210.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
BE 104.68.92.92:443 api.steampowered.com tcp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
BE 2.17.107.210:443 clan.akamai.steamstatic.com tcp
BE 2.17.107.210:443 clan.akamai.steamstatic.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 e2c7.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com tcp
N/A 127.0.0.1:27060 tcp
IN 34.131.78.121:443 e2c7.gcp.gvt2.com tcp
IN 34.131.78.121:443 e2c7.gcp.gvt2.com tcp
US 8.8.8.8:53 121.78.131.34.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 23.200.189.125:443 store.steampowered.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c54.gcp.gvt2.com udp
US 35.219.153.27:443 e2c54.gcp.gvt2.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
BE 2.17.107.162:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 64.233.181.94:443 beacons2.gvt2.com tcp
US 64.233.181.94:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 27.153.219.35.in-addr.arpa udp
US 8.8.8.8:53 94.181.233.64.in-addr.arpa udp
US 8.8.8.8:53 help.steampowered.com udp
BE 104.68.92.92:443 help.steampowered.com tcp

Files

memory/404-2-0x00007FFD71950000-0x00007FFD71960000-memory.dmp

memory/404-3-0x00007FFD71950000-0x00007FFD71960000-memory.dmp

memory/404-4-0x00007FFD71950000-0x00007FFD71960000-memory.dmp

memory/404-1-0x00007FFD71950000-0x00007FFD71960000-memory.dmp

memory/404-0-0x00007FFD71950000-0x00007FFD71960000-memory.dmp

memory/404-5-0x00007FFDB196D000-0x00007FFDB196E000-memory.dmp

memory/404-6-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-7-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-8-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-9-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-12-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-11-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-10-0x00007FFD6F240000-0x00007FFD6F250000-memory.dmp

memory/404-13-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-15-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-16-0x00007FFD6F240000-0x00007FFD6F250000-memory.dmp

memory/404-17-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-18-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-19-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-20-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-22-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-21-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-14-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

\??\pipe\crashpad_3532_URAYDBMPZXHELQYT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6487a65b-5ec2-41a4-8b64-8cfc91a5313d.tmp

MD5 aaf51f1680c3708bd8e88c0d18fbb1dc
SHA1 467a83d932c407f3333216280ae91b355226a09b
SHA256 1cec3811bf1cc794bc1b24d3a5d65920fd0d5b4876591342888b085a40dcd72f
SHA512 8a741b91da897410b143a6887b79e3818626e2ef3613ea7afb6d6b22f1e73d3ec969f5099f6887b16ff924a661ad8d32a759167bb677cfc9bd7a38a7eba39ac7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a603416321309d2c81121ee19970566
SHA1 d74fa8fe9dbda1009daf3ee4b843361ba6a31e79
SHA256 6f58eaa57d46d15819db900381301d0cf0846d383d0b1da993726ce3601ef6ce
SHA512 f7e58a0e17637faab67e612b743bcb25b7e84fca56f9b8002d651824f72d7d326610d65d73dcf87519e0e14f93c13bf756cb62fca5ff76e0ba541f346c5fda35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\30e7d2ca-9c65-497c-b137-34ae3f4d291a.tmp

MD5 51a178c6a59f2012795397013e6c642b
SHA1 a3591b266ee0412d754cec28a57230e9462ddf63
SHA256 3b923f12c6352846bd1c0c149708da7c0c718b9da33cb54070df7246a47abd0b
SHA512 7fd6acd668c5d66cc227621294a389cc5311a7314c6198ac619aea61a562e85c10f806b8ab33e4087a783fe02f3d49114d056f4f384c5f4af87d70b0364a3bd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9bd6d75b88957b0c026aa31b9a11754c
SHA1 3e574e49887c48cf01de3e68ec63b1613c54ed25
SHA256 ea7604504f5ee769dc1d784343e1c31cf298abf72e8ac3357ff527324f26d3a1
SHA512 59161c93e4221c413f2d50e588a551d2c4df37da1256a49240e2d256cbf429c0f9e11e39c4260e754043939fa57ef4624fe8ffdedf1370174ae5f0f34c291c41

C:\Users\Admin\AppData\Local\Temp\TCD2C8D.tmp\sist02.xsl

MD5 f883b260a8d67082ea895c14bf56dd56
SHA1 7954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256 ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512 d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe584476.TMP

MD5 08f022a6ddf6e76937154611640acb59
SHA1 a4c74ba9eafa6e8a3eec8bc227e6efacc7f9a268
SHA256 776fa428aa5b1769cc1f278267c1dbb891cee26d252fcaef7b08c66336686746
SHA512 e6374d38d620160a99dcc7356f22af0fbbe99ba92c543516a1a250b9ed4bc5291b479b332138ed985a21cbe3b3119fce0b294225a5352f5a764b36f2f4ec4f3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5ee67bfc3f2fa71c0b4244fadd6e7a4
SHA1 41d5618e3c58fa27f38b5dae16097bba269093dc
SHA256 09895330f9cb12b589117680c97e200509579da3d9a002dc675e90c86dea1bdb
SHA512 466c9ccc7703a5d5b4bef19a77454c85d3fadb49b17d5df91ea56fc234924cd3a1da63b3d7b8b758e2941e05306e62d26644049c33d3f4aa0aa9e90acf696974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4fbefb9bd806c3cc04d7df81e949ffd
SHA1 eb975c2b4acb59373968c71cc6dc8c8a79a67e24
SHA256 22cdfc90c11e219f57ed3321003530d76d58aa97e0b81c3bf068a1d80ef138eb
SHA512 ea6d9d12eb99b595f62ac7fb5eb404b93072555adb1aa6130830fb6727919dd8748fd951c4682fea041f1a70ac653afc7528232ced8571252c3e1df8b379a54d

memory/404-737-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-738-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

memory/404-739-0x00007FFDB18D0000-0x00007FFDB1AC5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c603fb78b1ad28e9f24cdb52356089bd
SHA1 ccfda9ffb105841251b2eb2a7fc19af26f917686
SHA256 d61ddcd906c9244d4d74d695ed1395d9eab47baf264e14b894f37295e41c8d90
SHA512 f481ebdd603586606c9e1b9e1bd55d254e5343569f839bc220d30c822a273ced4655be92099831a9bd00468ab1428c4e35b3ecc6c4b3c15a582b6cf81cd4a768

C:\Users\Admin\Downloads\Desktop Goose v0.31.zip.crdownload

MD5 eaad0961b52b14d9a323f092ef307d8a
SHA1 feb3aedf16432b063ff93c90623a865a1fd5214a
SHA256 e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6
SHA512 fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 925c01bb6c49594cb87fdb98a12a9b6d
SHA1 fec50585a084fb695b1a17b97e5d38695e7e783e
SHA256 fee4945e13303724c05edf1ada7dfb11b81cbd985c758247b4f052dc9567cc50
SHA512 a0d5b7c7091efca7df2854c4809b4ed424c500abfebadc1ac0962348991d62a66599c6504c8d59fbdd16d24e5485142fc289be64d08932ec20e7add3ee34d77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 112133177ccf42a670a5e5eed689b5a1
SHA1 5ffbb53e72af69b7ec33f7b27733f85dc5766b8a
SHA256 69c4ca2ca12dd34e8da4215a12a31c12591f6173b1a1a964b83eb405c6362410
SHA512 6fb1fa97b1798cba7cb7efa01f057117966b16d2e76857538907ff3a09fba78950a933b6c079922b280bb85ad6946c252914458765108ea59667eddee76b366a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 81a9f88e082056e22e284c08c72d897d
SHA1 6456fb924ff2cdaba79c67f2512cb04b8ee0c0f8
SHA256 fd3973f3370d5f5fe2a0b03baa29d31f52cc30985bb2b58db9ecc26a4434c487
SHA512 c40ecdf6d406e27d32980f4128e4a0e7bcb6df6c50ca3b1b56200a7263d13aed538ccdd1a094d857d1a9998b9d1103672d57092c116655051a78c503f0373d44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c128.TMP

MD5 81ae34655ae06415c62cabd976682d79
SHA1 88e840d9aad17692dcd9322bdafaf8cd247e553b
SHA256 f00d55d6865a6fadd3ac25f8beeaa3f7803df149408ce88329f0766eb72611fd
SHA512 318749d8bfbdc8248af663d2d06d983385eed1a217add0d5439824e173790677af3750918e6d88e64f68522cc8bcd5a462d86105fcdc1950fbff0cf62b7ec8f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8dd16a3d807e659d5921b7d86314e7e9
SHA1 1ea286b1c7f1745b9bd9d3177be45ebda7805f3e
SHA256 9788b19ea4ee2ae69ff2ad88344dc39e408ba82a6a572c0f676266debdffa02a
SHA512 713220a0eb1534e03c7882542783eb95423605312c3f77c4b5f57d01bdc549b3a613e7c0f8dbc686b7ace0a897f08edccd7db3ec03a8d3a1bf00fb7ffe250458

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e0f7d0ce8e3b2ae1d3de76c28b2c3dd
SHA1 baf36cf50d61cdb921d3a70aaa71f69c716a38d4
SHA256 85be7e04395138adc3d14d0f0b20a46d8797c51f3032194ae8d230fbca59a85e
SHA512 a29c16df139db1429c4c1f0766424fdb259f34cbe170af5e9e24e6e788e110d8d882b7b3a5031aaa6d682b22de0af7cac6cca8100d06105d3daf5ea9307eb4a8

memory/1332-946-0x00000000003E0000-0x000000000041E000-memory.dmp

memory/1332-947-0x0000000004E20000-0x0000000004EB2000-memory.dmp

memory/1332-948-0x0000000005470000-0x0000000005A14000-memory.dmp

memory/1332-949-0x0000000004DD0000-0x0000000004DDA000-memory.dmp

memory/1332-950-0x0000000005430000-0x000000000543A000-memory.dmp

memory/1332-951-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-952-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-954-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-953-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-955-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-956-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-957-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-959-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-958-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-960-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-961-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-962-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-964-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-963-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-965-0x0000000007580000-0x0000000007590000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 858f57d35e49ae711b1c141cb33a3440
SHA1 7f11a20091469d05bd9ece37bceaa29aae90a7b6
SHA256 6acdb6379e991b4660bce6f7380115d56a787ef240bf361a6e2d8b2f68955ff9
SHA512 a3bda61c2bb37a9a6fa84d08f2ec1ce0ee713e94e8eb7f205bea7b2de4af0aa52e636f8166d3a1ff1e87c9d5619280cc74612b1d99657572c6db814b0ffac31f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 676ee370b46f9c61bd223fe61722f60a
SHA1 c9ee885a06c01db1da9fddc0b0db8309cb8bf2e4
SHA256 3c97a085ac18c987c3fe96d01f4b8b18ddd8c78a5bf51671ea264fcea0b9e319
SHA512 29298c091e4d3e26a8347645a016847cf2416645e90144439fe8c1be27f1d19c7cb174e81cc19900cbe24a4d8f462ebda83475a7ee49d4073992036d51e321c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3eba05d07596fc1d7b2516ee03e1b8bc
SHA1 7149ff2930cbcc3f81234c0f544341cadf9576b8
SHA256 9216893273a2185c65a9d347664ec0130594c302af5978788586a5835351a197
SHA512 7e453b8e4f5baae1dae7031d2b1881bb391bf2cf2e489f95ab50866e82cecc974c86f43b5ca5c2c3fa3290220666451603763eb8d9e4b5c516a6c18f5ccf1651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58ae690b1f10a9d7a95b12c2cc98c099
SHA1 537bdb799bb457849988b954bc04dbf994576606
SHA256 6142320e504cfd4f90e3563aec5b3426fcdb01fe6b3b1bf0e3954d7953733734
SHA512 3034bbaa4444e6c590a06273f8c7ca2dbacd0f323c7fed19bbf60fff091acabca2306103d0898ee1435ed7d065c820da8a2c89dbede4e381f25fbb498073ec86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1062e31c8a07c65b5a93e115499d3962
SHA1 c61e8849dc3136ec0712c99dcaed6536693f0d3a
SHA256 b03661b794cc95872cdc1951b134ee231001553bff471abf3cb74f26d3844ebe
SHA512 c0e1ef0f4bd16c0dd2c053e48a24e39fca52faa64dd4d1d718adbec2e30d9596abce70949306f9de394050c7f39ddaf38f31a3a5d19217039cf79b910f5f293d

memory/1332-1255-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1258-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1257-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1256-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1259-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1260-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1264-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1263-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1262-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1261-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1265-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1269-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1268-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1267-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1266-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1275-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1276-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1278-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1277-0x0000000007580000-0x0000000007590000-memory.dmp

memory/1332-1279-0x0000000007580000-0x0000000007590000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e056213f0ce1b6caf03f4bec35229eb
SHA1 da4be1b419b09cd902330de7d54633b0aa11063b
SHA256 3bcd4d8e972532117e0d0fbb6ff2516ffd4005516c0a3d55b8cb0e089cc10fb2
SHA512 6fc32d1a613c9c20acf3915d42aa046534a0a16172be8d8bf285c75152734b25635eecaea481864584f810d289c682201bf6d966e46ae370582ea23c35a88523

C:\Users\Admin\Downloads\Unconfirmed 71444.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9942b324c10053e909acd1bacf05cf09
SHA1 0c674949813ad5be70052ccb74fd3a97544a10bf
SHA256 6a59888ba8cfe50d39765c6d0d09105a2ae4f52bca63d216ebe1e9030ebe4416
SHA512 3673f75c4591bc9b08f8957034eec89c7e99d318559a06b4f8a70e5d61ec451017bd461d7e734117fabc2dc4a52cb6667a5e79eb347c15bf6fd18c1212e0adbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 797fe10f55bc5ff249c8d678d6b17f1d
SHA1 d8c001a32951a01fa15b67dde6d4a4be901bae4b
SHA256 9306d0f47acccd60820e722ee784c833bee1fe128ed15585b4c54bfc6a98950d
SHA512 cdde79a60c043d4452939419dea1020400f5a9643f5c35fe90cdcca975f05c11db28818e45ebc1b554800424411e2fb5bc1556008d61da63cf58524b28e31e6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4a0e26acb6945360ec14a92960c952a
SHA1 1224275128a83297f79e63e5a41a2b1523894e06
SHA256 f34980ab6fb41135d9ee99d1b0661f985265a1a7c25f94989ee87e719f369c38
SHA512 73cf1ccfb135938cc745077f52e5cfb409b62a1aecfbf4284f1fbce33a868e3bc9ef4ee1ebd6c6d437e495908d79f304211d293b4afc685d18ccd3b94cd49dc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2dbf9bc816deb4ee05ef95fd1a92c33c
SHA1 1c2680f877a96d433c5ca285671d2b737f7c46e4
SHA256 0b0a83aa33328c06c3442ef177ae7ebae26a811f7afdc84f1f55dbf8a36a9292
SHA512 5ab54f2d4fa380bf876331bc9df31a857143f88a22f366f00ad3bd26a97cf616f47795cd1101a1f323d746403a2a1cdb958bac97198bb8d25f0adfa08053ef65

C:\Users\Admin\AppData\Local\Temp\nsp258D.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsp258D.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162