Analysis Overview
Threat Level: Known bad
The file http://windows.com was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
Modifies Installed Components in the registry
Drops startup file
Enumerates connected drives
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer start page
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer Protected Mode
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Uses Volume Shadow Copy WMI provider
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:18
Reported
2024-06-14 02:01
Platform
win7-20240508-en
Max time kernel
1529s
Max time network
2431s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\Explorer.EXE | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "Pre.Standley" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "Stand.AD8imn" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Windows\Explorer.EXE | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Contacts\desktop.ini | C:\Program Files (x86)\Windows Mail\WinMail.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1002\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Desktop\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Favorites\Links for United States\desktop.ini | C:\Windows\System32\mctadmin.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Links\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Favorites\Links for United States\desktop.ini | C:\Windows\System32\mctadmin.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Downloads\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Contacts\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File created | C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini | C:\Program Files\Windows Mail\WinMail.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Links\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1001\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Downloads\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Saved Games\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Downloads\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Users\Pre.Standley\Searches\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\unregmp2.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Links\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Contacts\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Saved Games\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Saved Games\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Desktop\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\unregmp2.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Favorites\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.AD8imn\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\Favorites\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\Explorer.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\mstsc.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\mstsc.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Control Panel\Desktop\Wallpaper = "C:\\Users\\Pre.Standley\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.AD8imn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.AD8imn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Control Panel\Desktop\Wallpaper = "C:\\Users\\Pre.Standley\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\Signup\TMP4352$.TMP | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.DAT | C:\Windows\System32\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.INI | C:\Windows\System32\rundll32.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\Signup\TMP4352$.TMP | C:\Windows\System32\ie4uinit.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Windows\ehome\ehshell.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\rundll32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Explorer.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Explorer.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\ehome\ehshell.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\ehome\ehshell.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\ehome\ehshell.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Explorer.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Explorer.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Windows\ehome\ehshell.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Explorer.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Explorer.EXE | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\runonce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Explorer.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Explorer.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
Modifies Internet Explorer Protected Mode
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" | C:\Windows\System32\ie4uinit.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\12 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\17\IEPropFontName = "Tunga" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_ToolBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\32\IEPropFontName = "Segoe UI Symbol" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\OperationalData = "1" | C:\Windows\helppane.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\39\IEFixedFontName = "Mongolian Baiti" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\4\IEFixedFontName = "Courier New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\20\IEPropFontName = "DokChampa" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\OperationalData = "5" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\MAO Settings | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Desktop | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\14\IEFixedFontName = "Kalinga" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\New Windows\PopupMgr = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\30 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\31 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\32\IEPropFontName = "Segoe UI Symbol" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\13\IEPropFontName = "Shruti" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Save_Session_History_On_Exit = "no" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\19\IEFixedFontName = "Cordia New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\23 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate = 60d96025fbbdda01 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\19 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\PageSetup | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\28\IEFixedFontName = "Euphemia" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\14 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_URLToolBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Settings\Background Color = "192,192,192" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\3 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\15 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\24 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Zoom | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\6\IEFixedFontName = "Courier New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Windows\helppane.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\11 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\3 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\30 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\29\IEFixedFontName = "Plantagenet Cherokee" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\38 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\6 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\36 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\SOFTWARE\Microsoft\Internet Explorer\Main | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\SOFTWARE\Microsoft\Internet Explorer\Security | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\27 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\16 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\8\IEFixedFontName = "Courier New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Settings\Anchor Color = "0,0,255" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\14\IEFixedFontName = "Kalinga" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Cache_Update_Frequency = "Once_Per_Session" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Show_ToolBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\System32\mctadmin.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" | C:\Windows\System32\ie4uinit.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 9e0000001a00eebbfe23000010000aab12216ac8fe4fa3680de96e47012e00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbea7722a3ffa99db4da5a8c604edf61d6b8207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-mpg | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.m2t\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shellex\ContextMenuHandlers\PlayTo | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1 | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/vnd.dlna.mpeg-tts\CLSID = "{cd3afa9b-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.m2ts | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mpa\OpenWithProgIds\WMP11.AssocFile.MPEG = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mod | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867} | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-mpeg2a\Extension = ".mpeg" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wax | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wmx | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-ms-wm\CLSID = "{cd3afa92-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wm | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.m4a\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.wvx | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000ce586d0c1100557365727300600008000400efbeee3a851ace586d0c2a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/3gpp\Extension = ".3gp" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867} | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP.AudioCD\Shell\Play\Command | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mod\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.MOD\MP2.Last = "Custom" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2\OpenWithProgIds\WMP11.AssocFile.MP3 = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/mp3\CLSID = "{cd3afa76-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.m4a | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "19" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mts | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.aac\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.midi\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202020202020202 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.M2T\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5200310000000000ce58700c102057696e646f7773003c0008000400efbece586d0cce58700c2a0000000ee00100000004000000000000000000000000000000570069006e0064006f0077007300000016000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\0\NodeSlot = "27" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP.AudioCD | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mp4v | C:\Windows\System32\unregmp2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\ehome\ehshell.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3016 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2316 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2512 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1456 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files (x86)\Windows Mail\WinMail.exe
"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -UserConfig
C:\Windows\System32\ie4uinit.exe
C:\Windows\System32\ie4uinit.exe -ClearIconCache
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Windows\System32\bsgne1.exe
"C:\Windows\System32\bsgne1.exe"
C:\Program Files\Windows Sidebar\sidebar.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\runonce.exe /Run6432
C:\Windows\System32\mctadmin.exe
"C:\Windows\System32\mctadmin.exe"
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{A2D8CFE7-7BA4-4BAD-B86B-851376B59134}
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\ehome\ehshell.exe
"C:\Windows\ehome\ehshell.exe"
C:\Windows\eHome\ehExtHost.exe
"C:\Windows\eHome\ehExtHost.exe" 2220 b6a8a75d-2c95-4e59-b369-3456d2d7831f 3 False False False
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2068 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2076 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2264 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2348 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1260 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1464 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3692 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\deployment.properties
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=57426&Ext=properties
C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\deployment.properties
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files (x86)\Windows Mail\WinMail.exe
"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -UserConfig
C:\Windows\System32\ie4uinit.exe
C:\Windows\System32\ie4uinit.exe -ClearIconCache
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Windows\System32\bsgne1.exe
"C:\Windows\System32\bsgne1.exe"
C:\Program Files\Windows Sidebar\sidebar.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\runonce.exe /Run6432
C:\Windows\System32\mctadmin.exe
"C:\Windows\System32\mctadmin.exe"
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2084 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2088 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2416 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2472 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1404 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4420 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4272 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2136 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2380 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4200 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1284 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
C:\Windows\system32\mstsc.exe
"C:\Windows\system32\mstsc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2796 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1416 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2900 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1108 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1584 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1364 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3284 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3296 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3560 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2876 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3548 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3520 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2084 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8
C:\Windows\system32\msdt.exe
-modal 1704394 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\STAND~1.AD8\AppData\Local\Temp\NDF76E5.tmp -ep NetworkDiagnosticsWeb
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" /name Microsoft.Troubleshooting /page "resultPage?keywords=+;NetworkDiagnostics"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2480 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x600
C:\Windows\System32\msra.exe
"C:\Windows\System32\msra.exe" -novice
C:\Windows\System32\RAServer.exe
C:\Windows\System32\RAServer.exe -Embedding
C:\Windows\SysWOW64\fixmapi.exe
C:\Windows\SysWOW64\fixmapi.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2084 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3596 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2292 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Windows\system32\msdt.exe
-modal 1704394 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\STAND~1.AD8\AppData\Local\Temp\NDF698E.tmp -ep NetworkDiagnosticsWeb
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" /name Microsoft.Troubleshooting /page "resultPage?keywords=+;NetworkDiagnostics"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1728 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rstrui.exe
"C:\Windows\system32\rstrui.exe"
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1068 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D8" "0000000000000390"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | windows.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.8.8:53 | windows.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
Files
\??\pipe\crashpad_2084_AYOMOTQTJJLDJSHN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ea98efe56c047d52380e8545880f6da |
| SHA1 | f60548696d0f5592c1f45fd310ca47212737c385 |
| SHA256 | 000567dc9736be3c6d819adf5ac38d071d1491e98c26400fc7e2530b508223ca |
| SHA512 | b0d8a833c8f988f0f656ef3dfff82d74900b01fa2f52bbedb6382c14ad61b87e339d8f5497cbdc57b0c2f1e4738b88616b31c5899ad0abec391cf22d22032f42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72a6741b1e99141148917fb61ca57b7a |
| SHA1 | fa5bf3fa2bdd3cbe305bbdf07ecf47f20c786e32 |
| SHA256 | d40210f7295d3b4939621c8ae848bc1e0aae9141af9d675385e875fb604db97a |
| SHA512 | e3cdc2e32f7d26de0ad3d3a033338e62501e267e3969d28c75b45d7bf56fccc9c04c7c56383061c6834db8d9c5b040df534a211da025cb79accd22516c9ecbe8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\83745a46-2dbb-4bb8-b380-9bf577d9d6ea.tmp
| MD5 | 90c72899628173a5dd0b2613c22573dd |
| SHA1 | 102e1a1832a00cd5941a3308145e87b05fdd0147 |
| SHA256 | e2521ce3f9b9f964db43fdd65cb5edb3626042e66c5741b1ee3e722cc952296d |
| SHA512 | 5d7e4de8a8b236c8979fdfe27f11f79ab18487ffcf4865e2c56638ae4a76028ac966ee9ceec67536fb6a7f4290070f20f0662b8d8a68c6ed249321b12ebac58a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 674214e2bce7f2bd3014b9333b93c0ae |
| SHA1 | 7d8d227d14c301f101b7c04b70b75eb72df41179 |
| SHA256 | 66f702937f2f9ca3ff4d434ce31dedc4492fd4da7c2773d97819e68ba9757e1a |
| SHA512 | a29bd72bf8024bd9943767f4933e64113a36ee84533e7de4c4c73a89a524f5519170a89c1f779291c67c9e8b6e5584ab253c7fcb66ac60d362742af50a178e0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48a647cfa57602ae5a6bf964ecbd0960 |
| SHA1 | a336464f70de08c34415c24d93e8447a9ad6012b |
| SHA256 | ccc26a50b1f52b575baf129c619e647b279da8f7c76eb472c0e09d5d978f37c9 |
| SHA512 | 6917b0f4114549e2871f3ed08360638dd69dad8a3052d607b4601b40e1576f1e4b4b860db580646d10c48488eb96300f319b379e2efd7e2f379176921de72f3b |
F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1001\desktop.ini
| MD5 | a526b9e7c716b3489d8cc062fbce4005 |
| SHA1 | 2df502a944ff721241be20a9e449d2acd07e0312 |
| SHA256 | e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066 |
| SHA512 | d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88 |
C:\Users\Stand.AD8imn\Contacts\Stand.AD8imn.contact
| MD5 | 26f4437699eec930437ee41727ff9fd8 |
| SHA1 | 93c10066e58fad956c077d81186a0eeb02fc1416 |
| SHA256 | 94e2c7897cf6dc5a582c89d91e8b99ffb8f7244cadd31bc1ba7b2bd95cad9107 |
| SHA512 | 9709fcc005e49607de54588784b1beb350dbb2ce1ef4b91f375a78edd3e9961f4d1b672d0147e20509574e556e58dec6354f1842c4a0b8270207c27def11f293 |
memory/2260-204-0x0000000002100000-0x0000000002110000-memory.dmp
memory/2260-210-0x0000000002200000-0x0000000002210000-memory.dmp
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | b32a27d48a2a6a96e60c68386a12e241 |
| SHA1 | 86b03a35ef73ecc58d144734d5e7082ed4f73e77 |
| SHA256 | 1bd6d42744612e926f38a8bb4c723f031d030907b32755ec369bd5b5b26b4bfb |
| SHA512 | 0d23f0f3e838b7d0482010ce10cf4e4e4edd34b54a6c0ba30e53a47151a088cdce3d20c1eb617c454eb54e5dcbd1eb54603fb3c39a5c27dceb013576d74e18c1 |
memory/2260-223-0x0000000002490000-0x0000000002491000-memory.dmp
memory/2260-225-0x0000000002470000-0x0000000002472000-memory.dmp
memory/2260-228-0x0000000002470000-0x0000000002472000-memory.dmp
memory/2260-236-0x0000000002DD0000-0x0000000002DD2000-memory.dmp
memory/2260-238-0x00000000029C0000-0x00000000029C2000-memory.dmp
memory/2260-246-0x00000000029C0000-0x00000000029C2000-memory.dmp
memory/2260-301-0x0000000003030000-0x0000000003032000-memory.dmp
memory/2260-302-0x0000000003020000-0x0000000003021000-memory.dmp
memory/2260-305-0x0000000002460000-0x0000000002461000-memory.dmp
memory/2260-309-0x00000000023B0000-0x00000000023B2000-memory.dmp
memory/2260-311-0x0000000002390000-0x0000000002391000-memory.dmp
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Stand.AD8imn\Contacts\desktop.ini
| MD5 | eefa7f76ff11a5ec21bb777b798ac46c |
| SHA1 | 2e7a65ea8427d13a92ea159a5b8859ff99d2a836 |
| SHA256 | 840b46ed74821b5b61ca9ddc51a91cfe9151d11a494c89f183fadc02a78ac8ae |
| SHA512 | 111301e33c0b33c154ffff274db5eb167de0ddb4e769cab9a2d9fcd2882e6192053149abbcb00d17ae5f7661bafecc1111aff2025c89d07b247633bbccb0e3ef |
C:\Users\Stand.AD8imn\Videos\desktop.ini
| MD5 | 50a956778107a4272aae83c86ece77cb |
| SHA1 | 10bce7ea45077c0baab055e0602eef787dba735e |
| SHA256 | b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978 |
| SHA512 | d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a |
C:\Users\Stand.AD8imn\Pictures\desktop.ini
| MD5 | 29eae335b77f438e05594d86a6ca22ff |
| SHA1 | d62ccc830c249de6b6532381b4c16a5f17f95d89 |
| SHA256 | 88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4 |
| SHA512 | 5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17 |
C:\Users\Stand.AD8imn\Desktop\desktop.ini
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Stand.AD8imn\Favorites\desktop.ini
| MD5 | 881dfac93652edb0a8228029ba92d0f5 |
| SHA1 | 5b317253a63fecb167bf07befa05c5ed09c4ccea |
| SHA256 | a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464 |
| SHA512 | 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
| MD5 | a2d31a04bc38eeac22fca3e30508ba47 |
| SHA1 | 9b7c7a42c831fcd77e77ade6d3d6f033f76893d2 |
| SHA256 | 8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531 |
| SHA512 | ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | 17d5d0735deaa1fb4b41a7c406763c0a |
| SHA1 | 584e4be752bb0f1f01e1088000fdb80f88c6cae0 |
| SHA256 | 768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed |
| SHA512 | a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3 |
C:\Users\Stand.AD8imn\Documents\desktop.ini
| MD5 | c0d27ce20981388b3609d9d0cecbded3 |
| SHA1 | 314359c10e05a88a3e39029b4664272489bee81b |
| SHA256 | 830a97fd09125e179c34f2da404dd7bf1da80329e33c639c2fde7ae705d62015 |
| SHA512 | 635365e3a1c5752f2dc09a0675a24b283eb6186db8a1ac8ec31b1c6ab1c3a4b943c437027707802cbd40df636de4c76c2a848f3a9ea34bfe5940e5795b17a199 |
C:\Users\Stand.AD8imn\Desktop\desktop.ini
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 3b3abe1b1bcdaec49ca61f0d2a09fcfc |
| SHA1 | a11e0c0bceb75eb0d95120ddbc63a4e3a1462a9e |
| SHA256 | 0596cdd7ff821ca21a18c5881a249b1fac78eb06d6102bca2fca7d0f87c987c4 |
| SHA512 | 65fe8e3a2609bef14d2442de7c66b75cbc2fa4813f64fd36118cf6ab1a909698a995cb54fafcfffb970b924a9ae817369df2bc403dc2bf804041ab9d84070689 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 764bcd12f24f7fa8fa5887f720a19179 |
| SHA1 | 5c8348269c4161726f49fe257f0bf1d9179489dd |
| SHA256 | d3cdda5c91a4998c77a697056ab5b3f23f44483de31714d3a069e4a67055c518 |
| SHA512 | 581d7c9076f036482ea5b116fbc179e402f2264239c1f118af3fc9c2914eb23583b770f3d9e6f8d03c9017ee24a3d88873d547bb0d200017de72121c41dec160 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | d2eaa2dc97271fd8c2d310aa1faee790 |
| SHA1 | c20a7eff224d9b8d6d7cd196c8982e164b525845 |
| SHA256 | d494ca30b8c811a4819bd6d0a423c284e8e45f3bbcf2fcc63161d3f0a170de43 |
| SHA512 | d4fa2bb7b06005cde3b87ceb557af6e44a92c43d7bcebebe19a675b0e0e2ceeb9fe260ec73756c403eeeb587bd77f61d914ff60e31ff0787a5aa4d8351d17c74 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
| MD5 | 7f1698bab066b764a314a589d338daae |
| SHA1 | 524abe4db03afef220a2cc96bf0428fd1b704342 |
| SHA256 | cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76 |
| SHA512 | 4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
| MD5 | 548b310fbc7a26d0b9da3a9f2d604a0c |
| SHA1 | 1e20c38b721dff06faa8aa69a69e616c228736c1 |
| SHA256 | be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac |
| SHA512 | fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1 |
C:\Users\Stand.AD8imn\Documents\desktop.ini
| MD5 | ecf88f261853fe08d58e2e903220da14 |
| SHA1 | f72807a9e081906654ae196605e681d5938a2e6c |
| SHA256 | cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 |
| SHA512 | 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 0ff56a4620c3221ff64ec61a3a0d3033 |
| SHA1 | 3a45320be12b585dcdc5ab2af5ea1455b2c919a1 |
| SHA256 | 0b0a65accca705494739d03b6c2ea769c78cd0eee996bc95b0c6ebc0941f4b1a |
| SHA512 | 962a340efeb6d18c85e5872997eebb83374e114be088689690ba438f0db8e2e4df6c24713a35cfaec518f58d5322cf9617638ea55ff279a9d161c4fdf9af74f6 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 0e033158de3bd134b8bbca7b709ba0ee |
| SHA1 | 67f65eb34c95e4d960761a5cbed52780db33d29d |
| SHA256 | 240d5234b56f7c2fd33f25bca181efb28f42dc706e1f2c42adfe69a6c1c2d89c |
| SHA512 | 9282f9b076dad455aff3c6bfd694f5c2de243958c49888e084520283b76300f64b805e4927130c61ae47b123080c4561d3636d5b79f54c5604296b0e0cabb64f |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 1dbd62d9ebaf6a5b1910e1fff9a93af8 |
| SHA1 | 2f21121d421b961be2c2b3cdf655f8f3793f9b37 |
| SHA256 | db978bdd1c77cc3bfe96dd3c8cffcbaeda882d499a72bd633d00c38ea4869eac |
| SHA512 | e392a2d64f163f03ba279da3ef604c44b8acd85dd90a15b1017a5f5d001c44950e9ecb259df1bf2c1afc860e53aac2cee16012ff1f595d4411940349a700a56e |
C:\Users\Stand.AD8imn\Saved Games\desktop.ini
| MD5 | dfb9f6037a6bc86b5aa6f224854a0cd2 |
| SHA1 | 499f866cccbb413ffd5b18f380d00c0529797f22 |
| SHA256 | 58047327df3fbbec7e816bd18057b9d0317f682c384eabb7e9a9d3e634502260 |
| SHA512 | ea0dd50925937d1aecaa0a43b7d9d508e3bf1bba1fc4cc8645e3244aedae77fa50499655e6dfd72cad5d2c14d1fee47c35ccbf2df19c11a7466664989cbafa6d |
C:\Users\Stand.AD8imn\Links\desktop.ini
| MD5 | 98470d9bd7fba55a0c303065f9c4f9be |
| SHA1 | 5303b190e29ba48332f7c90a832ef08af5a1953d |
| SHA256 | 3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72 |
| SHA512 | 134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c |
C:\Users\Stand.AD8imn\Links\desktop.ini
| MD5 | 92adc8410cd8cb1d0481e2adbb62c7dd |
| SHA1 | bac1444ebe0bac748966f3bee84ee11e151a4810 |
| SHA256 | 4a3d7ccddac5c1b437fb687e90589015b9b9ae7708ea35eed9917d1190f65694 |
| SHA512 | d7c3a5df50b28e336ff24f828cdf225554d199d3c2a857e2a7baa1f2bc1fee21944733edee52bd665ebaee999f5668d03497e9bfe88d58d380b74e6046ec5d62 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 453249f95d75eb5e450eb91fa755e1c8 |
| SHA1 | 3e200e187e8cd21d3d1976ea0f7356626254de18 |
| SHA256 | 01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a |
| SHA512 | 6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c |
C:\Users\STAND~1.AD8\AppData\Local\Temp\RGIF058.tmp
| MD5 | 3006752a2bcfeda0f75d551ea656b2ef |
| SHA1 | b7198fc772be6d6261ed4e76aca3998e8f7a7bdb |
| SHA256 | dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a |
| SHA512 | 3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\RGIF166.tmp
| MD5 | a828b8c496779bdb61fce06ba0d57c39 |
| SHA1 | 2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda |
| SHA256 | c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d |
| SHA512 | effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea |
C:\Users\Stand.AD8imn\Favorites\Links\Web Slice Gallery.url
| MD5 | 873c8643cbbfb8ff63731bc25ac9b18c |
| SHA1 | 043cbc1b31b9988d8041c3d01f71ce3393911f69 |
| SHA256 | c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466 |
| SHA512 | 356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\wwwF474.tmp
| MD5 | ad93eaac4ac4a095f8828f14790c1f8c |
| SHA1 | f84f24c4ca9d04485a0005770e3ef1ca30eede55 |
| SHA256 | 729111c923821a7ad0bb23d1a1dea03edbf503cd8b732e2d7eb36cf88eaa0cac |
| SHA512 | f561b98836233849c016227a3366fcf8449db662f21aecd4bd45eb988f6316212685ce7ce6e0461fb2604f664ed03a7847a237800d3cdca8ba23a41a49f68769 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\wwwF473.tmp
| MD5 | c2858b664c882dcce6042c40041f6108 |
| SHA1 | 52eeaa0c7b9d17a8f56217f2ac912ba8fdc5041a |
| SHA256 | b4a6fb97b5e3f87bcd9fae49a9174e3f5b230a37767d7a70bf33d151702eff91 |
| SHA512 | 51522e67f426ba96495be5e7f8346e6bb32233a59810df2a3712ecd754a2b5d54d0049c8ea374bd4d20629500c3f68f40e4845f6bb236d6cca7d00da589b2260 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
| MD5 | da288dceaafd7c97f1b09c594eac7868 |
| SHA1 | b433a6157cc21fc3258495928cd0ef4b487f99d3 |
| SHA256 | 6ea9f8468c76aa511a5b3cfc36fb212b86e7abd377f147042d2f25572bf206a2 |
| SHA512 | 9af8cb65ed6a46d4b3d673cea40809719772a7aaf4a165598dc850cd65afb6b156af1948aab80487404bb502a34bc2cce15c502c6526df2427756e2338626062 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
| MD5 | a130188a10172945af780c73e3040182 |
| SHA1 | 8f83c67d325cad56a9b3f5d5e30488a3fb8c07a0 |
| SHA256 | f2e40edf4bf31387a6b35838813cc72ed72ff20f54b7c90b605d4ab06056f3f0 |
| SHA512 | 0e83e043c625f8483434e8e6b331963291f512bb6f68ae71a445974765931a2da555b9b96056b360afd79cab34b1d51e34b8525c8d8dcffa4f868a19545456fa |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.chk
| MD5 | 542f1d7161b529967a42632b9091c03d |
| SHA1 | 4e9f6251c5f1168c5789eeecc22e9ce80499fb33 |
| SHA256 | 19bee46ee2b30f7cba9d70766fadb8bad63e69d971ecfbf678db192807acb803 |
| SHA512 | a727cedeb65e87995b5a690cbd0df1bc47fe0be07ac060eabc03de3f8f8d20d47ff4cace0ae94343f27e6602d08d6947b084fe6dacc143292f1e545164b0fa20 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | 885806bcccee03a7a0193389120c431e |
| SHA1 | 5c9509cd7a92f83fb2cf1685d3ce599c7b0ce8c0 |
| SHA256 | 4cd42b33c175a770403fa2e317fce129f176f58b02a86b30cce7a992e4f12e66 |
| SHA512 | 53cc0c833b7f1bcbfa4decd3730a09b98c0935ac60fe197d2d02d98011f25f80ebb1cc9cf0fcad42b359193399847c32c2dc6856e3c4e127215fdc864d60f9d9 |
memory/2232-784-0x0000000002220000-0x0000000002222000-memory.dmp
memory/2232-787-0x00000000024F0000-0x00000000024F1000-memory.dmp
memory/2232-794-0x00000000021B0000-0x00000000021B2000-memory.dmp
memory/2232-796-0x0000000002030000-0x0000000002031000-memory.dmp
C:\Users\STAND~1.AD8\AppData\Local\Temp\wmsetup.log
| MD5 | dd96ceef2d27f5b36a10cd8e80afdc3e |
| SHA1 | 0ee8087714669419e435911f3ce688c50358d4e1 |
| SHA256 | 3b2b98d1028297ec498d1cf7b0c38e759b996b76a2ab3eafbf47cea5fff95712 |
| SHA512 | 3429410c6268b78d77cc20f27c1fb58cba694ce20f8738cb709fb14d5e4dc2167fd5c8015ef64e9bce013ea45342de29ec08521447cc435ed8de8558e2a4d3a5 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
| MD5 | e35b278cc62d7ef0fe9cd521a7bdb50c |
| SHA1 | 4a3df9a02558307ace8ca13eee8cde55d084b097 |
| SHA256 | 9fa24e81c8585d81db693eb7feddd85e63005ffce1794baa54943a58c80e4bcf |
| SHA512 | 28254806d3a591e4fd1278ff9c5551bacdd740860cdfdd0be04dc0b319ca655b4fe1fe8ff102711bcf386ec164c314ee8a648debb8f28cb47907ef8f3a5e6a63 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | ca90d62fc0b7221d2712c6709eb79b5e |
| SHA1 | a36272268e643feb2ac0b42138e6d730b569c9fb |
| SHA256 | a6707c15f9e5c388b42eaa94048fe86abc73c394f121b80e7cde5a37aa1297c5 |
| SHA512 | ca73bd1368ea3280910f93b3f3ad94e5c58e96dbbf5b79388df8999ef79adef3cd93a824cc9d26d586b4c1c2e2411013837f12331b16e0dd6257b64d2aab390d |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
| MD5 | e6768fafd2d9443dc8e7a87440a1ed61 |
| SHA1 | d52b02c327911c5febf4f5e3ae2e7b313f29b264 |
| SHA256 | 994903ced9d6d471393ca1b03d564d4c4efa93657d61e4f1e26c27a7f132aade |
| SHA512 | 5924976bb1a6dea4cea7e75f02407c107cca7e71729058a034dedb965230103473a28f0785b0110689586ec0519b63523a0fbb1263162ac7272ea4d533b4e7ad |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | 46a4eca2a791d84afecfd9f129a567df |
| SHA1 | 004f2926d9377cc23c5b68ce26907435b8539643 |
| SHA256 | 06b6d34db7e9ebecc07e0b53fedb2a9bc2d4563b1d2037b7630fbc002942baf7 |
| SHA512 | dbeecf882210add0dd4ac57f75ccdf6a9604c3308e92f70747313f89a7f9c590f4e1cdd507e53ee37e0a1b7e437320dc6ec1299d406ef34ddd67dfd900fddd98 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | e4e50dfa455b2cbe356dffdf7aa1fcaf |
| SHA1 | c58be9d954b5e2dd0e5efa23a0a3d95ab8119205 |
| SHA256 | 9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927 |
| SHA512 | bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
| MD5 | e5949745a2e4a5b8c85d0cd17984da70 |
| SHA1 | 84f83cd8f164d133f183c0ab0923aed3f02be8ad |
| SHA256 | 1ed4737feae715a268a353c62e7a1db49dfe52f1505162e7519fcef1c2c7451c |
| SHA512 | a8b64d6ba3b5bc58ed258fbdc260b0ad8d1aadb8aa9d7d8627b7d007e881dc65b4671df9ff70bcd0f2a70e23737747028eeb58135354e4753d6c459c52e4aadc |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | f8d71466936113f41c023c7c3408842a |
| SHA1 | e04b617d0e6eec4f11bf0c6016243d5f33bc5e7c |
| SHA256 | 56aedf3963cd67d243dc500ae85d0ee81dc7c9399831cb937ae4420af25e612e |
| SHA512 | d39a3101cbaeaf85cd2a7ede76cd154d3f4454510dda7cd7ad47bbb87876f5ebcbfb511a9640f6b3ef1f04854a2d7a89eabc9e8f56de798844f7e306ef2c1c82 |
C:\Users\Stand.AD8imn\Contacts\desktop.ini
| MD5 | 449f2e76e519890a212814d96ce67d64 |
| SHA1 | a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd |
| SHA256 | 48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7 |
| SHA512 | c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738 |
C:\Users\Stand.AD8imn\Music\desktop.ini
| MD5 | 06e8f7e6ddd666dbd323f7d9210f91ae |
| SHA1 | 883ae527ee83ed9346cd82c33dfc0eb97298dc14 |
| SHA256 | 8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68 |
| SHA512 | f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 2a2a49f7170ac60dfdfc928cfb368529 |
| SHA1 | 0ee24dcb80a21b28afb40fcde3d04949421cecf5 |
| SHA256 | 2e8a9ec95107b4d32fad2b50166bd8c0cce9a144eaeae27fdd585d54b1e39f91 |
| SHA512 | df387e1d950c730ebe7c1c631aaac14aaf39f4b0888c83dcea3dba97d2bf24270e5e2f00b44930828d21b52bd9ebb75caecdd584a63b453bebc5e17a973b4705 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
| MD5 | f107d0270e21a2fe91099fdc15918d44 |
| SHA1 | dabc2f24f4a4e90053743166e5c4175dcf2b2d2d |
| SHA256 | eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8 |
| SHA512 | b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c |
C:\Users\Stand.AD8imn\Searches\desktop.ini
| MD5 | 089d48a11bff0df720f1079f5dc58a83 |
| SHA1 | 88f1c647378b5b22ebadb465dc80fcfd9e7b97c9 |
| SHA256 | a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17 |
| SHA512 | f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8 |
C:\Users\Stand.AD8imn\Downloads\desktop.ini
| MD5 | 3a37312509712d4e12d27240137ff377 |
| SHA1 | 30ced927e23b584725cf16351394175a6d2a9577 |
| SHA256 | b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3 |
| SHA512 | dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05 |
C:\Users\Stand.AD8imn\Links\RecentPlaces.lnk
| MD5 | 0025c3a7d7c4e90e58332958b00d83c4 |
| SHA1 | 01dd4fdb260f66923004acb5a874111a9d14da38 |
| SHA256 | 36db348143da1b5c16b9074940e85761950ee30b533b7ca75924f2f4ef6b253b |
| SHA512 | b5631c94bad794541d16f2fa3a02018f4b34b680b63a9f3b6a3da4329216567a7ba9ceb8d4bd18165b0e55142f42e039f160ec675c0946237c276de1a6e642c4 |
C:\Users\Stand.AD8imn\Searches\Everywhere.search-ms
| MD5 | 0fa26b6c98419b5e7c00efffb5835612 |
| SHA1 | d904d6683a548b03950d94da33cdfccbb55a9bc7 |
| SHA256 | 4094d158e3b0581ba433a46d0dce62f99d8c0fd1b50bb4d0517ddc0a4a1fde24 |
| SHA512 | b80a6f2382f99ca75f3545375e30353ed4ccd93f1185f6a15dbe03d47056dad3feea652e09440774872f5cba5ef0db9c023c45e44a839827a4b40e60df9fd042 |
C:\Users\Stand.AD8imn\Searches\Indexed Locations.search-ms
| MD5 | b6acbeb59959aa5412a7565423ea7bab |
| SHA1 | 4905f02dbef69c830b807a32e9a4b6206bd01dc6 |
| SHA256 | 99653a38c445ae1d4c373ee672339fd47fd098e0d0ada5f0be70e3b2bf711d38 |
| SHA512 | 0058aa67ae9060cb708e34cb2e12cea851505694e328fd0aa6deba99f205afaffdf86af8119c65ada5a3c9b1f8b94923baa6454c2d5ab46a21257d145f9a8162 |
C:\Users\Stand.AD8imn\Saved Games\desktop.ini
| MD5 | b441cf59b5a64f74ac3bed45be9fadfc |
| SHA1 | 3da72a52e451a26ca9a35611fa8716044a7c0bbc |
| SHA256 | e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311 |
| SHA512 | fdc26609a674d36f5307fa3f1c212da1f87a5c4cd463d861ce1bd2e614533f07d943510abed0c2edeb07a55f1dccff37db7e1f5456705372d5da8e12d83f0bb3 |
C:\Users\Stand.AD8imn\Links\desktop.ini
| MD5 | de8858093993987d123060097a2bad66 |
| SHA1 | 0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5 |
| SHA256 | 4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec |
| SHA512 | fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 8866b2dc43a4890f0fad2c39299a087b |
| SHA1 | 7aa2233ea5aaaa73fd59f01dc8c1ec44db0c06ff |
| SHA256 | a02d8f96a741d7ca652261be954e8ac5a8a7449a1ca3a4540a53926f8972d0c3 |
| SHA512 | 3dd85303eb1e88da49a8291865c629e05c27a5b059079e8589e30112c73de8e8a3311e9d4373acf50fc209798a480cbbd54ae14e08f5418bd7252c7a88ca47f8 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | e75d6936d08db26f19930c9ea947bc37 |
| SHA1 | a60246a2a6ceff60238278fd8ad2a255f955513e |
| SHA256 | c00a97a203bc186745d804ae70b1af61fc0b96ccee01a73f21ba38b6230ed1f4 |
| SHA512 | 12843f25c461b499e9fd386439aabdb6706dbf61879fc753506f220390bc73b59f4d90bb84ec656d772cb408d47e53e5c4e69202ff2bdbe21de6bdb325fe5545 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\chrome_installer.log
| MD5 | 9759cfe8e13a29b2fab0b9456deb7c59 |
| SHA1 | 238d6e6d2f53698be9f96a668720300fe8749cca |
| SHA256 | dfcec99b44afae44c001582d41e6d6cd7ee11eda8935deea9ed3bf8df2b4d918 |
| SHA512 | 1f62e4b3f0b7d9b9f4f3a70bc9885a6847f2c6281987b432c6790e61a5cec56f312f35b4760f09d62bfb1c1fb84db3182a5b828915228ce758943abb1739197a |
C:\Windows\TEMP\Crashpad\settings.dat
| MD5 | 2c0677db8ed1d55a71627f9f2152a106 |
| SHA1 | 05f464c9dce4cfc6e8c08ce1c4a1617830b61581 |
| SHA256 | 4390d6b043d1978e5182caefbc0fa7c5a3e2139c16cb793260dd9f2e4cd02b95 |
| SHA512 | 9449b1bdcaef809e06a66e8b4a86f9ab424fc160eb201aafb0232dc2d8d2d64d3679f617f480f82445b21f660b3922d8af95bc218a3d2da02743dec9c1164869 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\8388416a-d746-435e-a28d-931cdbabef31.tmp
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini
| MD5 | 3a33faac6513738fd86f43dff8989882 |
| SHA1 | afd4390e6b63c40e55ca08d27661a23d657b01a2 |
| SHA256 | 21a4315cbae2b0e8db633e86c344171da86f115bcbbb745680ff6f577668c910 |
| SHA512 | 8d7a47cba6b4d0da36151221c373625b67e44354b7cde41b5c3657e73a843b22a0a5b0bf92a4cbc32eac70b8292d674821085acf92bb58b94ea4542458c94b57 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
| MD5 | f07e949580702976dfc9157b47f9aa94 |
| SHA1 | a59847ca4fa92d6a655e20d771c901333627959d |
| SHA256 | 1c5d4a316975c5fb8c1897b89d4b487e9cdf57ec78019980d5d138c993362dfa |
| SHA512 | c60a25a9ad0a779ee52198259697e2f42496524315a7df819280b590974e0f34da7abb9b352f3189eb6fe1b6cfda607fbab4e1de68c3237df2d20a53216fffdc |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 1c61dc21f9b83172d65be1e94b79026f |
| SHA1 | 7324473ddda64b87c299bf6e3b9e9aff53f7fd74 |
| SHA256 | 8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b |
| SHA512 | 9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
| MD5 | 47b2e1c4ddd5fa161f4e7314222d7a29 |
| SHA1 | f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4 |
| SHA256 | 20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772 |
| SHA512 | 07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | e5a8eb64419f6d85a1b7aed2152616c2 |
| SHA1 | f5d94f8953bb235e35fccec0ea4f14ba69443081 |
| SHA256 | 5266b08d0c1bf229ec5eafdb6dae2a4849b6b394694d34033453cf8a379725a7 |
| SHA512 | 7c304bc842c81d3b5cff745d34b038a2a867063c65e502f4155439ba0642e8b0643f9b7254f74e85d5b150c134836b9e398a0dcb192550d97dfd431c3d93f1f6 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
| MD5 | e0fd7e6b4853592ac9ac73df9d83783f |
| SHA1 | 2834e77dfa1269ddad948b87d88887e84179594a |
| SHA256 | feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122 |
| SHA512 | 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55 |
C:\Users\Stand.AD8imn\Favorites\Links for United States\desktop.ini
| MD5 | 87a61a68c2db9b094112d4f4290fb795 |
| SHA1 | 1b5e6ec32415d010e5311caea31df96b0294fb65 |
| SHA256 | e25a84c6e593a5bd6592eca920fbc126d3e96c8d80f2bb0b17a36e40ed42c1db |
| SHA512 | 148411b6bd6133b17c3d192594338180846df638b9fd6bef7ddeb13c3858b3eab91940102349f2827ec69111adf7e506f4340b395928672180715798b4238919 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
| MD5 | 155c21b99db3eeaaff736021f18f844f |
| SHA1 | a60759f48e144b4faaecf3f0119877622b8d6853 |
| SHA256 | 8011a613780bf3a4fe17b54929898bff4a1d448492cdefc13255b43a44eebb2f |
| SHA512 | 1aaf4bc3de091698e526ce26a1cdf611b49e921e6dc1b510c19457f32051b008f9582afc1030da06a364e883540df58827ff034291372989cb203a8d88ac24ca |
memory/2640-1244-0x0000000005A80000-0x0000000005A90000-memory.dmp
C:\Users\STAND~1.AD8\AppData\Local\Temp\Stand.bmp
| MD5 | 04a78f9f8b915c7149502a4abfec6b9d |
| SHA1 | 9374fe8327482c8389232081c9566dccebe3061f |
| SHA256 | 9355309156e6d6f3b8678c2e4f1b3fcf2dc43feb7de40ed417589e44bd783b4c |
| SHA512 | 6954fcabe1b3bbf4ad96760a127a92a8ad3ccb0efe0d286183e272a816d7fb1f27a27c5dbecda510474c99320bc4debf1a91bc60249e69ebc61745b06177d61f |
C:\Users\STAND~1.AD8\AppData\Local\Temp\Guest.bmp
| MD5 | b0de08b6aada24cdd3458113d175f1a7 |
| SHA1 | 225797b52f320b3efb2643c55fe55ab3a5618ae9 |
| SHA256 | 40015814487b93a8372f33284d45586739a4a1e9d2b7961ab8c6d4d9561d10cb |
| SHA512 | fd59488e0223f49d66bb3ca7a70e74b7ca2052769f78790aee0682e0306f6e9421d28ab9a34487bd8934571cccb6798c98040b25934dfe1f0a13c7ca490ecbe2 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\Pre.bmp
| MD5 | 42eeed7bcd378c9e99452016e6785155 |
| SHA1 | 6a08f39ad64f4b35347deecb28bd54db0af49b88 |
| SHA256 | 45d6d1332a5a413ec92664df20dc17d3dfe2f9e1975b9942c8f1a648b3f0581d |
| SHA512 | f6689c5ec289b482ef6f3f8baf480c80cc237753d8e4ecaaa405e13322c7c7e5222274b5de342728b8c3dcfbf2b2b624bf3b734b8eb009e5213d2dfc53a5ca64 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\Administrator.bmp
| MD5 | 343fa15c150a516b20cc9f787cfd530e |
| SHA1 | 369e8ac39d762e531d961c58b8c5dc84d19ba989 |
| SHA256 | d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524 |
| SHA512 | 7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
| MD5 | 29448277add7648ce4d4bd5211424ba1 |
| SHA1 | 67905416cea58c1dcf7a64daedf120358d2b8ec5 |
| SHA256 | d5eb3cef58d1e7e1c5eadde64dad5e13344bb339f1d7e0fc43f9bf29241e70ea |
| SHA512 | 7ac0d1e4c14cb484c8cea8cd04777fd2f7bf4b51220769331633dc79bd38644f1fb2abd1750455239fc857d3d5cb64bfd80d2377468f89e46315d92063ac9dba |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 34a11a6e7becc407b452dba57b7ff258 |
| SHA1 | 4a1c7e9a79ac357778d9c7d7c19feefc3a736605 |
| SHA256 | 4c32c2a35310013bc4d8f7125781fefeb86966beb06afa7d48f74d30f45eff9e |
| SHA512 | 0db31c84d6eb061f40bf5721a06659c8dcf693430abe467be0f4abbc46a770246e2c011bc880c3d8deb4f97bb7b4a2af0085fd208f35c896a099d628cdedf308 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Center.lnk
| MD5 | 1c60a0683d76441007268d283982ac76 |
| SHA1 | 98cdfb02624f982aea06c7a4e30ce9f0d48579eb |
| SHA256 | 827c70850763c9f50cea4b5307ec0e8f929acc336f5ae210afee6217cb7ab6ea |
| SHA512 | 406384a96988ae4d4458a60b7e029e587aa1de9c1671077df14779b238992e6d09c693bab871576a3e86f01429f2cf988bb90d14f8229b79d788881e7b7ae1fa |
memory/2220-1768-0x000000001E130000-0x000000001E738000-memory.dmp
memory/2220-1769-0x000000001E740000-0x000000001E8C4000-memory.dmp
memory/2220-1770-0x000000001EFA0000-0x000000001F03E000-memory.dmp
memory/2220-1771-0x000000001F040000-0x000000001F0F8000-memory.dmp
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 1d1f6758c25efb8475471b422b633c93 |
| SHA1 | b468a84c3141f9b4e7ec25339cb6c0a600f1e195 |
| SHA256 | 1382e91d2509517af8e407d44cc88fda41e2898eba72e183b04ac7a0627e09b2 |
| SHA512 | fb7a74b001741cfc6e9c187f9deabb0243a8d5e0e3bd1287ba887889001489a06a73fffb290697bd0e228df7330f041aa6b7f700d90e606aab0d56951ade6e18 |
C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | d5d527cf87044d5616a47f66e7f2d235 |
| SHA1 | 5a320cbc8d99513ef20404ada59e596c5e1c471f |
| SHA256 | a38b037020a93e62c3e0d1091c2c30e59b13acf93c8b3a73b9768072d2281fe8 |
| SHA512 | 76ee214b3f17b5251e2f9d5a41ee387e31e61bf13723a83fe296c60acc10c2f53d882ab4df0cff044834a5ac5228bf329beeaa0355e3f14a4db1f78141a9208c |
memory/400-1826-0x00000000022A0000-0x0000000002300000-memory.dmp
memory/2220-1910-0x000000001FEA0000-0x000000001FED7000-memory.dmp
memory/2220-1912-0x000000001D1B0000-0x000000001D1BA000-memory.dmp
memory/2220-1911-0x000000001D1B0000-0x000000001D1BA000-memory.dmp
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\1154d974-ae79-4000-9c00-a7a84be1914f.tmp
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\bea5f475-3abf-4233-9a55-19104c1c2a75.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I26LJTF.log
| MD5 | 5b11be88d4dce6a268358b655e136d98 |
| SHA1 | aeba3892ec99d57e9cf4bc9dcdbb1795acc553cb |
| SHA256 | fa8de29f149256af9ba4dc29c403d57c32dea1cd425e352c65b1acaff32e19b4 |
| SHA512 | 721f0547cc261a036195320560d9e0ee91c521f294286e846d7fdb18976b910225ce53c2a3a8efdf18cf5041c45e8188c5bf7b41745c6e4e77cdebc335b9fa3f |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I54P9GW.log
| MD5 | 7b3ce71ae2938935a0c5d06891b5f77e |
| SHA1 | a98c5ff183a9f39f78a227b7b589577be2764618 |
| SHA256 | 47ec413216b212d5d13972905105d97784a47a5b26e473d883fafb8c81be7a1e |
| SHA512 | be107be2cba785c8093c62464c72b70496f76435e5fb8deb2f7eaa8b35e7cf54471e78859495c1d83d55ecbe14735e31e41c05ad731dd17f7c2ea242c1591d03 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IBV3A2H.log
| MD5 | 60e6f079df71209cd91d63d1bb2302c4 |
| SHA1 | c1819850d927fb5f6587dc8620c5096dd3c80446 |
| SHA256 | a5dcb3c5328995523254f20f0cf3184261b642f342593ae05b5a15813863dd2c |
| SHA512 | d3a063935fe91395d8250cc1e6b6a551bb0e1acc7e19b187a09dbc81469494aad337f9bda7d5ac688c35871d7f7916569a4049eb5fbc8e7ecf847137efb5e352 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I4898NY.html
| MD5 | 89ed7c8882cf92fe631c3d742bea1e4f |
| SHA1 | 5e468623c01002ece7ccecd3ab9c3f52d863f0f9 |
| SHA256 | 4d6b49a6f20d305eb851b1d73815ec79d15da8bfa91d1b00ad6d329bd2bc67bf |
| SHA512 | 4eac060f87869b8921a7ea9ab50ab67794bab28ddc1bcc13f38ea4a3510bfcc54dfdc964a0fad07af8dc0cddfa85e90b5db2daf32a0ada329b64de464fb297d9 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I2CHOVS.log
| MD5 | 573a7a49494597a99e9b69598053431c |
| SHA1 | 478008db90692115fc21aefaf8f125bd95170d4d |
| SHA256 | e842cdf81ff7165cb1e6a64fd600f0bf2420325414599e57c319be0183c3925f |
| SHA512 | ec1d06a691f12de5ccbe66c6cd63373ebe6a4dd20bd0946ab790da846d4b47b6457ae58a49c4f92a48be1860306014671698cc00d84142a8c9882ed55d79cf6b |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IDPUB1R.log
| MD5 | 75ebf20b5f377e35221626a798c3f321 |
| SHA1 | dd6e7e6f9a7f68d80549a148f63c0eee44ce254d |
| SHA256 | 660467357d7252206c9bbf087ee0f81b276d5dc44ec26684f5b5680c42908391 |
| SHA512 | 742c598704f19742315a83eb8c476c391c8c323bb6958b10930b4bafdc045c44eac00de8fa6877db31fcfc0f5014adc0491b1fca59745d3fe1de89b7fe1d492a |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IDSYEI1.log
| MD5 | 99bb2a637afb5eaecf9a56aba7b206db |
| SHA1 | 5d613e63a970cf80baf09d3c4131d5a1b2c87f3e |
| SHA256 | 583181604e068d6c204356ec489c21a766f811be26c4f1020c941e07feff86ca |
| SHA512 | 47f4ff87ad3c7f78a438d5718e753094388f483fe2dc498d58b3c1eca8600edb882430f34a03dda9a41b5dbbf676e897a9a8c1c3229ed6aebbf6b5d55a4a1826 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IHCWHL0.txt
| MD5 | fd37f2936fd8e824a8be5d38dea64f58 |
| SHA1 | 3aa4221cb249817a5894be896b23e573507d4a1d |
| SHA256 | 411e8d50f2d7022c9a9e8c32dd20c0d4ad6b7be5fb80851dadf6f77e98b97474 |
| SHA512 | 16893ac002d3d9066dcc103659b29627e297dd3c95cd070a6930500d2f0314cdd3726fcf2ffaeb68177024fa626e481ad1b97c2a5dc8d8df4739d53a521b20fc |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IN3YMEI.log
| MD5 | 3f75218d2cb96f5bda64a87d5caa5fbb |
| SHA1 | 8a7cad5b22244acdadfbec3540624df7df6ddaa5 |
| SHA256 | 9a7f264f8f9f4ca01e4375de9abac2770b5b5230153398c643dc298346a9e1f5 |
| SHA512 | a2845803c4f0641442076f3432363d761c7527524d4004ef94be07a8f6e270c5adb9e454df725fb88c1c2007557ec0590df707db96da44901b0ddff1d3a19444 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$ISJJYIH.log
| MD5 | e63d8a2f0a8ecac69aa69e61a1d1acbb |
| SHA1 | b3e03b2d2a63e902f773ebae9626e25b4c44a957 |
| SHA256 | 4101eac8075b207ee61941e2c687fa6dd7974ebaf5a6a8758c4ce9d40c0e13a2 |
| SHA512 | 30c70f76f15ef7e208535f7ed0559c314a523b3f797d3fcf372c8fadb39ea54e2084919051931b16bc3bf439d7a7214b78393d33d66f0aaeb7d7761530a8c12b |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$ISOGB7R.log
| MD5 | debbba1545db130581480b49db7bd388 |
| SHA1 | c9f1dd82cbba955537d7b2f3fcfa15c287526e9d |
| SHA256 | ccd5dcaab8f1e74fe0ec5cf5f466a3e703b1233ea81373593b8286e68540a00a |
| SHA512 | 364972a15430b49d60342a28d88078ca729dc89f29c2dd07b92bead00a777aa76fd1eada6d9b51f7cd446b56c959870c2efa4e60002ce5cb282c6a01bf4c7e1a |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IT6N220.log
| MD5 | 3bd659a95cb140aa1ea5d39b11971214 |
| SHA1 | 59875831ce8cf8b29b5e9a3bd5c90bd37edca0d3 |
| SHA256 | af837bb370e6846f4350318e754e4c48ef4f0927b00d4beb6e5bed8a8e1cb475 |
| SHA512 | 6ee33a6356dc8304f6415a1c77bb192cd8de352abf2e22667a6286748e34812d2e003e107ae96fb87109b7420184967ef139c4bb262e2e1436052adac88252ea |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IVUY7Z7.html
| MD5 | 71f0ee0f1d918fde32b36b9342b9fd14 |
| SHA1 | f04973f57408005bd745d2584493579e56b0c6f2 |
| SHA256 | fe0abc568018307ade6633a5158ce90ff80b46cf4571af78883412c542411ac3 |
| SHA512 | 131f2646c41a236b8b44e541533dd15a2a56b0e226f72b44626e4df6990ef3675cb8a3c8047f810e34438239d3f02c4be882970fd8e5a864fcdbfc0863003b33 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IZMBDMC.txt
| MD5 | 807c70d901a5f2084e69c5e8db42655a |
| SHA1 | bcf2faf248d0c291e7d94c1e23bb96ea7acff27b |
| SHA256 | 708eee20299b419a16bd01c4bfdc90c792ab5e831a0f6e045c77afacf28cb4a0 |
| SHA512 | 8adce8b8091ac8a6160962421e80456c57f330b8ff7ab2d012222a5c44e16a5be3e6987fca05edf778d3bc87beb35302506b2ab26c617aaee423ee11aa769571 |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IZ321SH.log
| MD5 | eab637437c9b884fbfa06d21051fd648 |
| SHA1 | 18971133db7965cdb9595ccb9a3b94f27df1f490 |
| SHA256 | ec833e7b798939edf4d66474554cd38cbc808e3515e82362650d040bb66b9bc5 |
| SHA512 | aea11da740f18951c6fecc13401e14f6998c541a90e450bc344d776857f7669cb8c87fc9bf94d7df993d66fba644f25e75e948305865eef267fa1bbd4ef7521f |
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IW1QSDN.log
| MD5 | cf5eca72bfb9c9dee762125adf618062 |
| SHA1 | a2e330176ce0a46caafc17358300a49640d31a9b |
| SHA256 | b49c4dcfd4fdb818be1adf172b6c53cdb012659d01bd0fadc24b916e81e6c9e8 |
| SHA512 | 9fc6a5b81600d46cfd54218e2eed5a2a71d6e2257f7d5dcbc0afe11a61fa22ee51cf9567c3ee5e101be4c652485dad28ebc96f66aca99777adaae9de60ddaf1e |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a99eaaef45af6554840e5835c5ff0c5 |
| SHA1 | 038056db9b1de75b5b62d18b70988df796473f6d |
| SHA256 | 62057226781c609df5552a0dfa4fe1ff64e9481d1dcabb3a5d10f75acadb6d44 |
| SHA512 | 12819f13393d6ff25c914472239663f7eefc7266f3cf218007a68432e31fac813dd22b806a3da055635a9b3780c5422f6c2fbb53d1bd41050ee32ca9ceead665 |
C:\Users\Stand.AD8imn\Links\Recycle Bin.lnk
| MD5 | e91e2e19d333d2869ecd4e84dadce0b1 |
| SHA1 | 4cc8f4571869f83e2c0ebfac3dd17f0c51654bd6 |
| SHA256 | 1bae20e282456a5df55249f23d3c89430ed079c5e0f25d16976128f303db9e61 |
| SHA512 | b540108474cd92140d824e7aedc50b24fc30bcd9d5a87ac9c5f6af11b1079d518006c1942a156da093f3e27481cb5182d60118c4e984f099a38cff68fbb59867 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9e7da8fb9d230455d982a3522eb4724 |
| SHA1 | fa12784840f2f4383e6dc85bea3e91bd63913dc2 |
| SHA256 | f17f60d7a4945503a0b9e195bb2769fac1f0874c98b840d76489038594f5a36d |
| SHA512 | 72af07be7e9d849b6be1659280db8c8eb1f2286c32452cafc5e9bf07e950643fe5cb5c6534d3626a49025bb60d6361729f930fc001d029cc378c02f20dff3cc8 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\~DF587BC2F51F8B51AC.TMP
| MD5 | 06faad94968f11733baeec5bd6b23d74 |
| SHA1 | 9cca4624febae0f5636c2ca004fc8021187ba5b4 |
| SHA256 | dbc6dac83e56ed27c5fdb118230e51065bd5908e092d134dee49fe6a07bdd190 |
| SHA512 | 7ec156302a6d6abf5daa694edaecbc5442b47a105382df23528db251499c9d052b77e90df59ceae58a7ee2a193b0fc92fcacab82ce9aca802a46d508f1d79363 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | decf319c4fa9bb526ac9a0c30af4db41 |
| SHA1 | cf129efa4179767d58dc95660bdbcc9555840729 |
| SHA256 | 2c4e9ae541e8dfab90306b3f10885619dc4d473d28aeddd98e9117d0dc47b44d |
| SHA512 | 6bb431ef91e518933ff2e03731388cb19b887092a2fafebd97fefafde29f80a600137db5ed656d57ee56fde221e6089817ca6cce12a2017c39d66c5700809249 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a61f29d8e8e7f3a23dbcb6ac1b55817d |
| SHA1 | 4dac5f76c2c1586008ee2a5cbb899cb88b5f5407 |
| SHA256 | 4d0d04ec94e2094c4a4dc1e067fae2c11fd26c7856498602103520e00154b968 |
| SHA512 | 7c9e7527cfc31c0af5a8bfb3f75bbc7f98ec3a20f32ea88217200526237f5de5b83f5c068afde04783be3029db967b345a142f2fae9a84f50fbb78728cf6cd32 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
| MD5 | b623140136560adaf3786e262c01676f |
| SHA1 | 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d |
| SHA256 | ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140 |
| SHA512 | 68528a7eb0efd59bed8e77edbee80ec654ec3b8f58a82b1c8ce594dcd3aba07af28268aa83f161837f63ff4278068238aa294e0b5649a688db5a483314df6700 |
C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
| MD5 | 2034995f0bbaa16db835b462eb78152a |
| SHA1 | ce19b1a236f95307067d4979f8dd96c70d69c18a |
| SHA256 | 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799 |
| SHA512 | 3427f74d944eaaf5a3e1dd22dc566c718be58e4ceb53ba414c72bca974136cac2f1cd8d0a2a0377ce3918c3f83b2480fffbd9088be135fe0fe48c5a499fa6759 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cbd5676e351865cbbc0438e92f8e9ce5 |
| SHA1 | ccf66bde5c88f9f2ff4f6066e92299a53539b3b3 |
| SHA256 | 4f40294b2347c908c2d0662dd874006fa8a7c5cfe06c19ba9c00f1ad7304c3b4 |
| SHA512 | d35d34864ef8757f83408734c4a25cb7ce6c5822a78ba692a944cf65412432263a37af3fc162795a1bd162e551e43cf519c4eb0fea148a5313f87e920a3d2549 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | 745efd84b67d4bcfc0cc24c5fa06c239 |
| SHA1 | 6c49140c3d7828414b182f3655606d078322bd51 |
| SHA256 | 59d8d36394c57da4debb118948b31dce0affe3b9795c46bc41c58a9fada7f4a2 |
| SHA512 | 863c93d64b86076c4445f0699c765c23b5f9bbff8dea4cd1c0dc174f31de1e45577080172f4e405c1de894253a6bf26d8681f291c9f4a4a39287fe39ceebede3 |
memory/3888-2854-0x0000000002280000-0x0000000002281000-memory.dmp
memory/3888-2856-0x0000000002280000-0x0000000002282000-memory.dmp
memory/3888-2859-0x0000000002280000-0x0000000002282000-memory.dmp
memory/3888-2869-0x0000000002660000-0x0000000002662000-memory.dmp
memory/3888-2921-0x0000000002640000-0x0000000002642000-memory.dmp
memory/3888-2931-0x0000000002640000-0x0000000002642000-memory.dmp
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\04_Music_played_in_the_last_month.wpl
| MD5 | f8d3a4cacf055f5ec5c62218ea50d290 |
| SHA1 | 974474ce3fe345d8015863bd6ea7242ba118532b |
| SHA256 | 201f2170812cf8041964c4d3c5ef539d96adeba6a68b69ecaed0affe3ae8e25f |
| SHA512 | ac32cbeb05fae672047705679043aecf9b56314baa09c2d3abb7eac655710d7cb2c967ea1772767e366bb502e8ad6de375302f51ca62a76d962ee539b45bfc21 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\03_Music_rated_at_4_or_5_stars.wpl
| MD5 | 6d791b697af46d6777182af7f18c2955 |
| SHA1 | d73e8b5f4ee646c1c4ab6d23f3cb3394cb833ca8 |
| SHA256 | 4825eb90140f6b2f4f7ed0df66b24e10ff5d0da70af53ea495fd30b3aa791870 |
| SHA512 | 268cf327a9f471d547ad1dae47833cf6d722c08f9cbf5e7867a422282ce52dc320340ded93473a598903bfee9bf6a1a3393779468dbeb27d3390dbd59e6d20ba |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\02_Music_added_in_the_last_month.wpl
| MD5 | 907bfc98ce854ae312127c952d8be0f2 |
| SHA1 | 02defe8c5f9cc85742e45ba55e4fcfe326fd960c |
| SHA256 | c475dc7423c2ad60f25adaac754cd8b68b57ff04f26ecef78f3e5961b986a324 |
| SHA512 | db4045f992bad6ad660769a22345c5e0d965ae521d6828d612b15f0163622c629992c313a41bc9e381f9b0f098117eef840d33100af4c6a3634eb0013a7fe1c7 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\01_Music_auto_rated_at_5_stars.wpl
| MD5 | 3094088e14afdc15d7427b093b8b7b17 |
| SHA1 | ed10bf7cf3df61ba95f45dca39042473efe07197 |
| SHA256 | b2b5080d83a1853fbec424e6b179b784c57716600e1b58dd8b2c5fee0e098fe5 |
| SHA512 | 50cc06540177f4d9c5ae4d458f16ad725410388fbb36109e09a47b08c5dd6fca1a764858c5259c5cb781f8962cfc81226d79c5877f5cddfc47b84dbdd5966f45 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\08_Video_rated_at_4_or_5_stars.wpl
| MD5 | a3787a42b81fce0e448976ad158edd93 |
| SHA1 | 45ff275c0c32eab1f0b56e8b61e8ead18cfd1675 |
| SHA256 | 94bc17ac59bde92fbca00fcc69aed68fcbfe2c1754dd45f4810765f5fdf774ff |
| SHA512 | b36ca10f580ec9d455fb57149bce1897fe48fda6023b2fb55b6b4b80a91f1754311b91edd72c13103e0da9ed90b696c28d6904ea91984ade69ed50791f4065ae |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\07_TV_recorded_in_the_last_week.wpl
| MD5 | b9987b1f9df6d0afc01558b907e62a16 |
| SHA1 | ef202d5d6f90b37c71cb757f3babb0857ce54d86 |
| SHA256 | 0892efdb8459d81d4c5e1085239734d9910b9c6a1debd7189cf385141f0b19d1 |
| SHA512 | 6bc86075632c3e56ffe1d371f4178299e93e014f5c5c83dfdca2dc9efd1155633409c79ec87cfe2afd4374b83771ae56a3eb7fac00f83921b433cb49216037f9 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\06_Pictures_rated_4_or_5_stars.wpl
| MD5 | 0a8a40ca87323dc16893194b00c7fe77 |
| SHA1 | b88a42a85053e0a7483e331b66ba5a40a6290e10 |
| SHA256 | 9aa433bed2e090cc6904f1c24d5a7b5a1ed6d8f71a997e661b886c69383fd53e |
| SHA512 | 5932f09106d622054e6d624221d754ff471e3f37d9f585ed23db7f7327fe1e2f624b22a8f7f2827b607fdb9a30683b8f20c48a39cd35a57ad5cb78467af2c20e |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\05_Pictures_taken_in_the_last_month.wpl
| MD5 | 821d2be672f05514127c117cef460c6e |
| SHA1 | 1c75f314e7658a3dcdcad315e301f2bae6d47b31 |
| SHA256 | 3abdb6cbd88ad1557054ece3f10dd1a8494ed32f423b3cf8321b18decc489474 |
| SHA512 | 146d6293173b80ffe3721ae6e61293cc1d838e8a72713be8b859ce33c69ef753408057be9ce15a78d573e253548ee674ca3fea77efa3d330ce8c8a50f8a8a988 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\12_All_Video.wpl
| MD5 | 372d0beebea5460409a6a1c53ac52a18 |
| SHA1 | 1b5a925e00f9a4cc3a18feb8f74a2e39ef11eeb6 |
| SHA256 | 5b8b62b35e5dd8a46ccccaf3fc3743be9e0965d24cbcd20da2681065eeb37ef3 |
| SHA512 | efb412e3a17f4eab84fb9f99b9e420d18e23610a9a66bcd7298c3ba68fd24abe0c1f2e58faa411e059788d34f4cede45f9e25c6578d13faefb8ee79acd50f2e0 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\11_All_Pictures.wpl
| MD5 | 74294ef495559ed32731f19096d70312 |
| SHA1 | fdc6cc849270016d2a382d7d0daabf44a4556cd9 |
| SHA256 | db34d82f2cd23e6e55a64e12d2a0a9c27ac2ded156483238f22a336ca6825110 |
| SHA512 | b068d903b83945f146abd4cf384da99af608643c62b647ea65db33c3b0e0face4727a74be3210a9c6469bbc403d1f5c59d92cbd57722737e992b0e4f5e66662a |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\10_All_Music.wpl
| MD5 | 51aeed11707741118e0706c1259df22e |
| SHA1 | 6434e915b018c6d15898fe0a4d006bbe3e1edb60 |
| SHA256 | ec286113e5ad77ac34063589a137a6dc4b4cab8845cd9c5386519983fa3b48f0 |
| SHA512 | a674487f9cabe1fb2809cd98958dce696f7f066d3738bfb30317201ed804df3c72f2d24d6f9c0832cf446c8a965e21f3ea50aada1c69860a12340d6eca88e942 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\09_Music_played_the_most.wpl
| MD5 | 467e71aa2fd951eb0a1af3d6bb8378e8 |
| SHA1 | fb654c0b2663d4fa5fd0f1658097d936dd0429ed |
| SHA256 | a54bc2cad63ced4fd9ff2a3a094a26e264e8a5ce8139193896d13236f494e2ee |
| SHA512 | f9242a4925b910f4a114652967a6e2f49444a3f0d9f35402fef28cc8d39c58720930084112baf92eb6716af541fd76e3803ccc1e742cec07f1d4fb6abc13a42c |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 696bffbc8cd1ad6400f10220607837c6 |
| SHA1 | 4f7aa526dcfe9b2931d58e3730d68aec56ba8c15 |
| SHA256 | 5ccaea1aa0a029d4c535f919ff30467be23ffc8f4c20c213a29e1b7da74407a7 |
| SHA512 | 7552a73d36c23f85df32dca367d9719dc699ce6823d55f03fa11e27ed1becc80b5e8842ca9e102cda1fcddc508149349f5ed939e7596ff04820a1139f0799363 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 83586e9e97aa4d4b59cf65ba760fd856 |
| SHA1 | 3b7ec2aafa03a06b105eff377cc55a80e4f804d4 |
| SHA256 | 27a94d523d82db7ecbd6d843f3172997ea6ac8d442e46e4a268d18c9c8144c08 |
| SHA512 | de4e19a8fdec56af0be69ee1034e490c5a35638f85fc9ad4f3629542e5a095f6d70e6e05670e14ddc92214517767a1ffcd58f94dd18e4abf9d9eafc86018789d |
C:\Users\Pre.Standley\Searches\desktop.ini
| MD5 | 8e11566270550c575d6d2c695c5a4b1f |
| SHA1 | ae9645fad2107b5899f354c9144a4dfc33b66f9e |
| SHA256 | 1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704 |
| SHA512 | a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | aa4238553d2ed26c73021359686b1cb2 |
| SHA1 | e14f8be45c0fa3a445420d9865132c3fc5281fa1 |
| SHA256 | 9f795de97f11345ba27e33a1d576a1f526f7d129e658257c11629bd7a5e23886 |
| SHA512 | c4bff8763338af4cae951a22a468ce0ab0c3a808d3717719a90f338997de839dde038b5c86af810a16dd94c71ab29b055564ab43b49d5a5b6c87a2aee8aeed78 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | 9e6b2f975ec89de34f5b19ea5dc0d3dc |
| SHA1 | 9f8f6aca92cb7b1c16fbadf1322fbb4f055d027a |
| SHA256 | c0d938044c54e36ab0d3455cff73639ff7ea5749e3f1ea7d58c9d77d84aeee09 |
| SHA512 | 26b0815d9137d8deb0e0232e2c4003d390d2772224eca309ad462d345870f29aac297e332d2883ab5b0f57626de8eb13398200704d955d5f003bb9eef887e8cf |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 5547a64ee3681b1fca07111e73dcc51a |
| SHA1 | 0b16a54ccb7c0284df649594e006ca96e07ac296 |
| SHA256 | c6a3db953cc63f23aa5ff66de5fc6b483f6a1106cf1f77cbd73617b2c4340e0e |
| SHA512 | 21a6b9b2c578ea8d0bfb22c1b37b0dde47395ec958fa5c73eafeb8b865080db132e565c7e8ce2ab1d2e934f414e23b820f3ff3571a7d737453f3ace76d11cc25 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 4f92139cd322a396d7e0d25e5d151301 |
| SHA1 | 67f94e2990106d9481e78ae08356d7a4ec1737d1 |
| SHA256 | f47afaacc544f681170b9d6ec201dd92d2a166966da9ea1274675b1a9d6c4b96 |
| SHA512 | cf135d6a55e5744b905d2ab65d7d021133c353161a431a1026055632f0988e5760c7f0b334d17f3dd3ef1d98320efd207c36db1948adc00d2fa6035a172498dd |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | e53ad243452bf96451697a9edba59d10 |
| SHA1 | f631e442362409247fce2acc12f1d6fce4abf294 |
| SHA256 | 3c2164139c9fa4d5b6a209c3006789183f91b2ca0e998137aa65e100aab2e93e |
| SHA512 | 5a95baf9b2f922490eaaa2831985e1ad7e0481c0f16df84feccf5aad95aa222ce4334c55ded691d7314bdec94e24a2c7f1a234ddd214c4408c3be1335e1789cc |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 7e40f5e4b5efd5dda70bf756a98ac8d4 |
| SHA1 | 838770370b9a7c2a44520e1496a52b03ce260629 |
| SHA256 | 3a20029b5abed0cb1a6de9d1addbb2cb3ad5648fddcb5b4cb9e4a66dc3a90263 |
| SHA512 | 240a1b362d6bf82d0e8cc5e4c9614e04e3526ce44a15e8215a48c5147152694090b132bce1aba728305afcc0284b8369caf12c908178e0399bd44ddced7396f2 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 9f4ca8113775c9f98333a0239bb7cfe1 |
| SHA1 | 626691d19c8c42521d8b8b59aaf2cf22d6bf8f74 |
| SHA256 | e6e6f12cf10aaad9238756a4e61cc5591c9afea573533fc99a7f8e09723b53a2 |
| SHA512 | 8ef5bdfc4c6d9cf46b146a516d723a8e3235a3fe734968a16be8b7d237a6bfdab19fab0e95f519b95a4e9bf6a6f3287211b5b2210e15e93763649bc4a8a46053 |
C:\Users\Pre.Standley\Links\desktop.ini
| MD5 | 97c4b6a49508c908cb2fa8f9ac7b65da |
| SHA1 | ee42026822a3b88cb3d3fc72fa9f2825c84935b1 |
| SHA256 | 6c75a78a339ab546b553a0aaa90756da9dbbc2b14a7fa75ae5f13cc210bba7e7 |
| SHA512 | 44af3c2f4c5cce0fc1458da56ca3f4016c26fd8160cff329c93e26657de88fb7087b08a0bf495e3d9badf1810d8f58639be2dddab17620fae5bcbc2e65739e06 |
C:\Users\Pre.Standley\Favorites\Links\desktop.ini
| MD5 | 3c106f431417240da12fd827323b7724 |
| SHA1 | 2345cc77576f666b812b55ea7420b8d2c4d2a0b5 |
| SHA256 | e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57 |
| SHA512 | c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | b910201e7aea5b086abbfc332909af31 |
| SHA1 | fdf001ca6a52051822adbcf014da83b3816c8034 |
| SHA256 | 7ea97620e90ecd448a74f739c10c6058994eec486e30bbb8c3685a9305f9b6eb |
| SHA512 | c2c9037f1fc01b0379f814fea5af97d9ff554d058c164fe63d972850a0a12f8ce80f079da28a544d5b1c07b227925102e6f69222ed78c48d310be551991d0dc1 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 3462727d7e81cce7a72e44ad99110109 |
| SHA1 | 88d324247231ec97bff28ab6f88e1b03d0576436 |
| SHA256 | 46efd7c9dabdd00d18280995f43c8ec07735a9929c232deef1aa784bdc6512e8 |
| SHA512 | d7f8e3fdf61f22112e6916236350b2fb4cd6d0b69c7d63db8ad7962495cccbfebab8426dce5c8044eb76295d44e0c9d8291129f16ee3832ecde9f4d08eb22c33 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 99c37f36c039087efe547adf00e10eb8 |
| SHA1 | 7c1bfcd399038fac154e7caa45ab51dca2ac43fb |
| SHA256 | b2310c993ed4206f0d98c469a06f6ff5f67ba7d2a6405f1179611126b97aad73 |
| SHA512 | 82eef5daf28f96bb2dc45d9624e5c5e35acdd9013f4ad66935f286e414226e7b0f89d43263a1889a02f4035337484fdb620d473fd71a1ca04f071b5f0deecaca |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 3ea6f6ec92c2213e20321d55c71ad133 |
| SHA1 | e8396417d0c2bebb3ced3a3b0c2bf10cf9abc9e9 |
| SHA256 | 3100a03da5172caf7605c0bb9c6651c8889f34b07da419dc2483f679ed9d2ad3 |
| SHA512 | fd715a5a3c8055fd1b25cc2f6b0995a808f344586bddac565f60de7530eeff91afdc454c73509aa43fc7af713c9dc096f3f6082e43cb8aefae7ff831987cdb5f |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | 4c2f9b919cfd469b9ef0aaacb27ed171 |
| SHA1 | 262b336b55a05416def415d566d6e74da033b494 |
| SHA256 | ecaa13a75ba23e710dc883bdb38e8bf099f5745cc31bd748bbffb3f3f6c5d9e8 |
| SHA512 | 77ba305d5ef8c268ab3eed87d26218c1ed89239d8ac26ec3b33445e230c6e182af677409285faf3e86772761f68f1823ad2b845e56618659eaefd49a64471401 |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
| MD5 | 85559ce338e76533bcf451b82c00d3f0 |
| SHA1 | 88fd791a6cab337b743cfff739ddebed5a8c9541 |
| SHA256 | 6196d00887f31c026ac3ec78db93d9db6007ada3fa4ce8b5d55323147b80cccf |
| SHA512 | 0b4db1c595a1855b521ea777fef8eb3af0978226f176f43036a31dd4aad0ade09c47b6f9342c8a2ed2a664d03fc1527ba032873a317dd0974e9ffb963392740a |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
| MD5 | 293d0749e077e1c5301aa0d29b298282 |
| SHA1 | e9cfd05e52151d805df5bbecad9b29499238cc88 |
| SHA256 | 8948efa8ade41b396cbf43debba72a28467fd3a1221b61f16496920e28da0742 |
| SHA512 | c887dca722069b4de0adcd1739f77f02dd59ee794b9f412ddec6a75dfbffb4bdd7366a6c58def56ee2c6eedab633b8374672093ec4954d75bfc758b0d0e16e2a |
C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 9a1b13fd914dd7054b83bc1760c99ab8 |
| SHA1 | 340c37602b11cd3cb9ae681d09bfc4c81f733742 |
| SHA256 | 7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3 |
| SHA512 | 50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e |
C:\Users\Pre.Standley\Favorites\Links for United States\desktop.ini
| MD5 | 43732b12dc5e0c37046900fa2a1f0df8 |
| SHA1 | dcaaf6b16847f4ff66788aa1416c137e62361d0f |
| SHA256 | e8e187d06caeb619b7a60d6fd4d1f4e9d70f5a232b02826ce3ebef56246f942b |
| SHA512 | 578126bec9b73a8d55da85f4f9fd8d91b21c1b25314c706cfbd5efee5a869e85514423f0d437709c9888dc98fdd9f9778444430419d3316113d2b13540a458ed |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | 2d969131bccec01149620521aab5d9d2 |
| SHA1 | ef8864ea141862fbae6eb25c0c62b34f5398c304 |
| SHA256 | 63b9a95398fa607bdbd5187b15ffd20aa6fb3055cf6eb524cdbc9450ef5675cb |
| SHA512 | edb7139066dba40bfb2f0aedb48d7103eb54de28e4a5c61a1e200a3430782f04eebd1ca26a693a616444782d5c1966fe40dacb3180900cc0c80a81b0a53c41d3 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec4f0005cec346322e4404c44f3573be |
| SHA1 | 850061f3d8c0e21b98ccec657c114b63c4fb8810 |
| SHA256 | 59b0209af2ccbf27d4604fb7221310f5da7f4a53f0aee37c8f8e3271e4d0466b |
| SHA512 | ca795e38e3ed0596b5028776003810442c646463b5f5105cf6f8ecbd7bb26826c56b20affa569102df415ec15040bee47334e01f21912cfb4191d2d7f9d1434c |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\656b78d7-ead3-4c04-8316-1a79af36e4d7.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 259e7ed5fb3c6c90533b963da5b2fc1b |
| SHA1 | df90eabda434ca50828abb039b4f80b7f051ec77 |
| SHA256 | 35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09 |
| SHA512 | 9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\128.png
| MD5 | c6f3d94588346615faa141b70e4bce44 |
| SHA1 | ecce935bb311d64192fbb7910129db09ce12f468 |
| SHA256 | 750673fc54ee0d9dda821205fafa3720a3561bcb483b9df809d6dc8746623c4d |
| SHA512 | 1d4c1c950949a9c3ff2e921c0316f71627e2357f7863756e5d6d5176c0c17de4ec710a430e7304e540610c25f84519dedd5c376def7d1dc3b5e2191afa51047d |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\96.png
| MD5 | 307d23d2a906b85e8e38afeef14a0458 |
| SHA1 | 5d139384052b0fc7e5aba4ebd02d83201cff427e |
| SHA256 | ba3a848ab615dfa22460ae9aec5e1f10065741f98c263acae4de40a20bf109c1 |
| SHA512 | a4ee732edfd8111b13c0517ed08477f21563e4831fa9ea8eb49c1d3745cbb80bbfb17c2a257d1a55672548690bc881fe54867943233e1efaeef06557ada87d80 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\64.png
| MD5 | e1aacbd5738f07d59cb91506431d5878 |
| SHA1 | 976b28b7e3ab8b13aaea8d36d9a0ee7e1e4f2993 |
| SHA256 | c743612af3eb143cd7bfdd48ec59ba6b7358a5622fd948f31a9b753fddc9da4a |
| SHA512 | f9328bcfb38c84785541e2d17855f5260bb9f6d8a6999c0f8c5d15aebc15e653b1736b7093d1c51d17b3b4bbac764b67a90cb7a1c6ceb945d9098ef702f90131 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\48.png
| MD5 | f66423edd82a48b8b9af4a91806e2ac1 |
| SHA1 | 228bf95c3433780facf4bc4b6a09c6a3abbb6b6c |
| SHA256 | ab4eecdad514547afc5fc2847ee34c5d3c16e44067b8629b1a6e506d6333253a |
| SHA512 | 4ce4e2009fd71b93fcc194fea5be5933d8b90d80cf997b79c3cb477e325ab284c148e1a9e17fbe034f3499fba734984d010143b8f727ec67146ed614953111d8 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\32.png
| MD5 | 5d7f01d87cf03ea2349c7aa61f44a8ad |
| SHA1 | 3b1819d2711806dafb4dc690796a39d62752c34a |
| SHA256 | 709faf4aa39e22c3f77f5ec580be7d0e227506d3cc2d0b892e66d6fc5c27822c |
| SHA512 | 6e149adcb9eed2b00827dbca072cf9457dc8e68de532720b570e06264e131afe226ec8fb78156c140a075998a1da260e7ce737677039e5d9497ab8f69ab5dc62 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\256.png
| MD5 | 525662b7a7a0f1c15afd03d2b3c57dbe |
| SHA1 | 0d695745426ca1e4f4ab4047d123647eb0849842 |
| SHA256 | d28e89165e82e1efe90c497c78fc0d98e4f01d53a72e19cc427a53b50c619960 |
| SHA512 | 323bb51285a84b08fdc714e5fb324f195adbe378f78cc80c6014fbf58be3eac0079674cb246eeb75479999a06885c4624503bd3d85a5b4605f0eea906660e131 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\192.png
| MD5 | fd3484b8494ca05eb1926ff2e7877d07 |
| SHA1 | 34750785dcf3cebd587a9bb137c2fe7b985646ee |
| SHA256 | a4254e19218b9ca7caf216b77d3929ea5dfa4883ffaff4ed9cdc74a0c6e92051 |
| SHA512 | 0feea07cc952b511e45cfeae3d269a3750aad80b7bd69c6195ab351bb1723c03318d377f1dcd529794c581a801e9b6ff7ac28124f236700115f5a1ae8bfe003b |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png
| MD5 | c2041f6fef10364434abcc7e198eec0f |
| SHA1 | 38d2ed3af17e64f96f21df12c5c444138489da48 |
| SHA256 | dae8a0a9c81dd21b5b593cd90968507f5eabb85f7912135143da60ea62d3ee9f |
| SHA512 | 821fe3091cc3de86c642e771f606af9fe0d34f626ead5811dd136ac427475bce69893bfc11f7db5beb1bba7f74cbc49ba3bef01dbe793f9b507f343a80f7d901 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png
| MD5 | 2208a92644dcb1f39eb0eb2a6cd5627e |
| SHA1 | 92b1bb3f52841272dd5103058d10b8938d82f582 |
| SHA256 | 1a087dddaed584b9df580672ff112d538b02a3005862ba2a38147c498a5f4c01 |
| SHA512 | f155b86f9a3806e7e204fded36c722b69f94e778b3d12684b2b5dd2ca649b02bbca24e6ec01f27e864e8004139e800cb1f7f098c9dd380363a90e686e617d90a |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png
| MD5 | 7ccd89bd73287c34e2f93232b5794397 |
| SHA1 | f67272153f3beb99df55c2d321b394bd855df693 |
| SHA256 | afc439984c9fb4c04101cbb7d3f72b2b123ac30d788ab58271d2f1db14ae36d4 |
| SHA512 | 1cc7ea3206112916750018a3aa0c90e73ba80d4e5f8652102cd9467ac68c86b99b4584e8f850dd21e9dad454c3230b3661b05f696bbf35aeff6d29951d582b47 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png
| MD5 | 920e94dfc0a5448e1da40d06aa873d5f |
| SHA1 | b88fd200e5f7771b897528a4e869ead72144fca0 |
| SHA256 | c10d2f537e072336c10afa11b9621b25d0d600ff04d12d1070dab942bdfae62a |
| SHA512 | c893a6d711249d5b546553813d5ec21dd7c8db0bf144a7f2bc47c3a4ff00615708f679f499452ce68e1bae3cb9098593c519a3055e207c86d571079f05bff4e0 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d902463a7aab276d57b9a20da044f8f |
| SHA1 | febb2db3c34e8d8a98955ffbbca5470faf9600f3 |
| SHA256 | 183e5e9682a607724aa8e97bea5f9c372a829bc5f934b464010e68774bb25e7b |
| SHA512 | 8bcf79272b648e3bf01d9d086de196c7097b7608db52235ad253add4c541ca3de5001adcd0361187e6a6ae0f24fd9be7157e3c148b384d8763122fbf96c41d8b |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e6f38588cb57d8a64e1c9fbadb9f5cd |
| SHA1 | 7d17dc38baa157d9af0c952cf71777f3ceedcfbd |
| SHA256 | ac6be5f2c0a032ba8c02992e8167f24d740b52eeb84ab1c957c9524f8735c82d |
| SHA512 | e354e58a3b96b3556a14fba9660b37b47ba5970fd38d1f865f232622b27010752e29bfda9193e90adea3b43636f059c999bd000087d8fdd545e2ca80a3879ff0 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 5004c9f1f14d4c680e8bbf0857b8aef7 |
| SHA1 | 2cabc33641483f34e0e764dc4f4dbed963971b5b |
| SHA256 | bdee6afd5a8ed067875ad67ed57d5de253a25ed8b2b2f8672a1e54ed11ba1c3d |
| SHA512 | 9df4d194dfcd0b9a4710d34d6cabbe91c227a0d7eaed260e19b26c30c58cc5dbf7983dc8c960c440e4a6999017aeb55b5fdf3acb3c176d88c85b01e6baaa0319 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c6f09465a8669c160c36c58635ccc941 |
| SHA1 | df9248525501bf1296d02874049a216c39d4daa1 |
| SHA256 | 4d05ab2363b0b7a105555075914de6239102ead53eb3c42eeb4db12d31ded75b |
| SHA512 | 8d762bef00086b62a1e17c9cf6f4cdfad614edc312e9963583df5d5a0ba8e982ca94d633f16ecc7736e369eb016f4347348e43cb42d2371a21a3fd1752623f3b |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\83d95128-c177-447a-a15b-ec17f9aaa867.tmp
| MD5 | 3124381bed9bfd5d8e7315068f9d74da |
| SHA1 | b0ccd3c02444b8edeaab2ae46f8781ad0db28432 |
| SHA256 | 10de454ce84f75ed92fe7ae05855d79c020c9adba814e792606a3a19f2f15106 |
| SHA512 | b1e0add2ff62efe46b9425cbedd51e2f54e9befb3e59647beeb519ec3b47e0efbb313b031ee1bc3e8619ed50520e33cc36b3b5f34e957258450d4bedc1e0aa70 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\91658b3a-3a92-450e-90c8-230b4e155595.tmp
| MD5 | 4e459ff607de729d2c5ba795e9dc401b |
| SHA1 | c0bdceb895af2fa7d3ab54af673dac3bf8a233de |
| SHA256 | 6f39e7a7070a515bb566a50f9daa20ab51051b13dca8b962554e5b9318793998 |
| SHA512 | c459f4064c955689298360e08ade2fa68c2729b700a0b155b4b671f5cc7f59aea09ebd43b7f51f74c7147e7eb1d40b64c81a25c8cd8c060f7ddca99fffc021c6 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf850cdd.TMP
| MD5 | f1ea659a02e5330dbbea9664b29656f7 |
| SHA1 | 162fd1461f3c96c8a8377d03c36f9b393ca59579 |
| SHA256 | a51c52a54876860f3ba032e08c0004149128296823a9594a555d58e8abce4e98 |
| SHA512 | 650ada18217ca36ee3a18336444d5fcd551d9baef83c160f86dd2addd9ce32237655e091a37d554c6545ba048a1e4ff4d1d6219936f551eb9c17a1b7cce29aef |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
| MD5 | ae08a2f7fbf44ad3cb6cbc529df8b1dd |
| SHA1 | bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6 |
| SHA256 | 8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f |
| SHA512 | 4ba54d565403b82b8c293acc2da5a4c6bbbe5278ea9449720b18901f58a68c3e91c494d763a3de4f3c295bad5685156552c2979453a8765e0b994c28f378f089 |
C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
| MD5 | 3e9c4eaba2c54dfe525197d54dc10532 |
| SHA1 | 4b71d8970e657835ebceee5ec79faea2c1422fbe |
| SHA256 | 05da3daa836dc6ed72144dff35f8d90396b4d524dc35ef8d8cd01d86855be858 |
| SHA512 | d6c71d6d749ee3599216208ae7bb0dbb45153cec956c447756c826b06dee139df0903e18400cc73d143164a6e766e29ac7e6f6aed9b2f865b5bcf55caf2f5177 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/4912-4537-0x000007FEF45B0000-0x000007FEF45EA000-memory.dmp
memory/3716-4541-0x000007FEF5C60000-0x000007FEF5CAC000-memory.dmp
memory/3716-4542-0x000007FEF5C60000-0x000007FEF5CAC000-memory.dmp
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\256.png
| MD5 | ac7f83649fa4d03a36f5d909a9cc05b5 |
| SHA1 | 9411b6b69757a02e57cda1279ea8205917e535a7 |
| SHA256 | 6ada7b08dbce9801650d9e3b0842e047ffb1aedec1a4b1c56ba06eeb8e66fc6b |
| SHA512 | af09444463a821bfdbcc98261b37822d97ade437d9d808723d4c3443244d519091740d4dee409d055b8681c2a3a11296660e0869637b3fdceab6ed52f2809b5a |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\192.png
| MD5 | 5f308e01c182249f162e32b18b274112 |
| SHA1 | 4f74336920d0c8ec4fc1a63e6ba78f7efb8180b6 |
| SHA256 | 240ee0e962a4329405eab7ada9a77dc17f82c9ea5a7d79c5092e2f9c72a0e700 |
| SHA512 | 62233924d9f5e68dee4f39926a8962761e700b5494dea5bdecbc5ac1e82620c1e49200c68034319c4c3b1e7d4eaf136a2f0c05a9840437246db798faf14e3f05 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\128.png
| MD5 | 6aea2921a6305cf1942f9260e1db6f5b |
| SHA1 | dd3fe876dc860e7aa4a931bc2e1eb8013788de57 |
| SHA256 | 89337b497089c0fea3a2770ed9361578031734ba384085596de3010c35b37f37 |
| SHA512 | 45f69b92378afb4c0507518aa0607a82b8289584a6f04ffaa27b853b6c0ece1ab77729ce54f530025012725be43884f4fe497fbecd18c4bb27b39a793164da3d |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\96.png
| MD5 | 593f28bc1d122233a577c5487b20d7dd |
| SHA1 | 77d92c7c79f584506ae756969af791aa99a850c8 |
| SHA256 | 32e7e09770c7d1eef87e5e701c15f3c1a61b4bfd41130a58f510ad8126d38d92 |
| SHA512 | 774d5e94f39676d1e802f80b1ef0a6bdc07d884338e4bf40e18c68b6542d673416d82b0e97a0c010a26af095f9d3ff092e81d5299eb0d68a070d19b2dea2436a |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\64.png
| MD5 | 18b6d2de0ec107ec9b500c1c258306e7 |
| SHA1 | 26e81b7593e560ed0cc9b58ca727c35e50594e8d |
| SHA256 | 60c65d8856391992a0b398ad230f5b45af821167e5391c3a985daf0d43f97ebf |
| SHA512 | b455b50032dc46e7ea6a70f43d936ec61a564f563fa2c3f20afaada2860c1d621d4b6aa1e0d885a75d1bdd33b71d2b717c501c75300d04177e85645b03d1ff05 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\48.png
| MD5 | 8bf1d6b1e669240ff3b6ef6d12e4b940 |
| SHA1 | 83a57f47da34d26f657d53836ce1d8f5957f83de |
| SHA256 | aa5ee3ab59c750e036086154b959d17b6f9613c5ae38b23ad19f8f8968e5a688 |
| SHA512 | 928193182a9bcc83e31f1719dcaf3aabc04ab20d39df42985ab5664c48bbc44037f4956e816f2763503efeb7d43a26b10f6d02d23b9b5452b49b42c651ec2a6e |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\53ad861c-2451-4f15-b41f-f342b1d6821a.tmp
| MD5 | 1f412c795dcf668033da9d3fc0464e00 |
| SHA1 | 34fa5e7b9d6621aa0b7e59929da744a05b0c9c44 |
| SHA256 | eb73ac8be3071a6da7a750eecb26d5e1ec23f48b7531f85da717faf87866ecf0 |
| SHA512 | e8e8627e0aac91ffeabf30bebd8af308fd49cc26f2a8385264d3f36449af04309ad474b8bdd2914b908d31082abedc80322f7083ece57513c4888c12660cdf0d |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ddf64b49331bbab1fff554f9ab20d1b |
| SHA1 | 9558094e202c2f4eb259af123bc9bc1cc8e613c4 |
| SHA256 | 6c2358310f9c6ab77e4f353c181c76451e922f0febfd18e0356f4d0255efa2d1 |
| SHA512 | ea46845739a40ac167c4fc9d53f93b633f5afedf45a119f895d47c753274d6c1af820ed2f8ffc425a6b1a4e93aa28ae6e459cafd7bf6d306443990085652549a |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd75287c932e858579c8d2cce3d7fb44 |
| SHA1 | 08d14b00472a5e185401e15f155fa91edef8c748 |
| SHA256 | 67dbd193eac425b3cd7a7ec9624990a54d9ac09a974ca4faec37093731126eec |
| SHA512 | 490b08a5cc5474be8ed92efbf18740b03f4d4e72217192acfb0f46e7d325aa25bb4a1a18eb4590a0ecfb775583b51dcc1127d376c7e86a5d3bea5c9a2c8f4360 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a43d0f70593312304ecc97d7b650fc98 |
| SHA1 | 0f906f955792c3e42693838ae08bbb57f11ce398 |
| SHA256 | a293038f6190147399b4bc56bee5b58f90461e65abd4e826fc22c409f4081c9a |
| SHA512 | 3b85175ecfc69276b5d1b35f71208fb77a419956a104620d90129b285e1d5aea2faac1a9ae2218eaead12afa830d26e86272a3dff2835507f245dc50018e2d02 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\e1a284d4-bcca-4e3a-956b-11f9fe8fd0ca.tmp
| MD5 | e20f36dbfac8c31dee76ffd6fed0e42b |
| SHA1 | f6447b3d0e95a2f95d58e8ba0eb626a149317559 |
| SHA256 | cb2321d8262cd3f9e1d52a50bc88d419bb81aa3e09dd12494cd20a2d0e38e443 |
| SHA512 | a6540789a0dfa5503e084e33851f0bdea1a0cb39dec70d8f2ae7ba2458d6a610da889aa7cf2376ff73b10e7fb2a2f6f7ccc10a896890cbd91a530373d7ab46d9 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\13033ff2-d454-4316-80e9-05438102a985.tmp
| MD5 | ad5a74704aa0cf727b4007aec0415975 |
| SHA1 | 50115226faa24e8f2578d9f58914e7814d81bbd4 |
| SHA256 | 4d8e350ed1cdbd763ac29691def87254c6d1364270668ef313fb284da4d90c69 |
| SHA512 | 760f4c6c16e0abe4bbcf4332e2bf72a5a0acfbb227bdca3dc3e346251e2df825d71b73a9d6d23235c580e8cd6fe9196ebadc3f99a4665b18ec0969dfefa4dfb9 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fcac0968a7d46aad8f2ef8766b62dfb0 |
| SHA1 | 54e3d04403826c16df062798891648ddf8d7899b |
| SHA256 | 58dd93f1b3205d65f440a224d49c2207325aa7bf0d773a8ba8abcf8d3ee27464 |
| SHA512 | 1b8e8c851b967efd98324c3ed9ae0a23000a331e4e190cf09ab8294b04e7f128911170170c7eecd72585236cfa9fef9f165202a25745f2af67ecf1317bd1ad20 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Network\742a4c1b-8616-487a-830f-ecbd9ed52fb0.tmp
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81d876a236b4020424b21064764c94b5 |
| SHA1 | 94d01e70ccd82b995e7a4f8739433236406c0c4d |
| SHA256 | 6b4fb700fec5181c402ddf71b9990b549d496481b75a09a8e760167801f98c38 |
| SHA512 | b72930bac1667d62624153277508e68f5382496a5bc8b865a6847a9603f983721925d8c428559bd42ae568e2b5b26ed2d48691079bf2c1633a05458b5b702d86 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 1bd9f6902c4cb44a2eef9b3ba017f2bc |
| SHA1 | 66bcb83a138c96f3056216e34a3f7cdebcbef3b1 |
| SHA256 | a9cf8adbb385b51b8af6036f850d9c5553084802920399f5a2dcf38e5ee28d17 |
| SHA512 | 86b4fc4d7a70da25bde4f28f469524e2bfa2592fb1f998132301d6ec76675914e0354a9c2a7d3ab8481babe0c32f79e47557f8b1215349e8bf1d921cbfccaa98 |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0b5e7e3ed4f939e05c4aa63e1bec40ea |
| SHA1 | 214ec9c8f900e857ef9ddf6579ae8fc98af676a6 |
| SHA256 | 50cc704e0498a6788ec8c9e9a28e9888041c56f5216fe7bfb991e125bab7b8d6 |
| SHA512 | 22bab677832f1c31734700ec5bb98bc0a1147b8d81167518aef7ede77396ef66dca43625e252243e8e6280e3e721f7c9e060f507cb50b607cc5aae5a7bf7baf0 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\256.png
| MD5 | 85cd049264557366bfd65ae85baab695 |
| SHA1 | f7c529ec76638b7432c8e262c3dc6545b6de6765 |
| SHA256 | 1541079472cb100b3c71edcc44f2fee3116c0e3e6f206043d7ee385ef1c34ca3 |
| SHA512 | a4aaef7d71a6c2b028ecf8f159e521646bd4e238c329b932018b09918f4c368b7ece8926d8dcc74da42b51cf16859777a830256bbad91a1d66d8a9d70c9e0588 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\48.png
| MD5 | e1206a489acb3ac0a19c7f2280ad0a47 |
| SHA1 | 13c937c50f252a4ade646abcfe4f71df512887f8 |
| SHA256 | ef09acc7cf4ece630e590602d86872c63750dfdcf48f7d113af69d947640b54e |
| SHA512 | d22eafa9c0b01dfc243845156302a89fefdb6eab08d3d656106c6998b5e02a2661a333014dade4ef44130459f8d09cf599ee10e8b436285feadba7f0be17aacf |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\64.png
| MD5 | dd988bc871bd79b8a5f247c7afc80cf3 |
| SHA1 | f3bb7d242b53dc4b8962b0fe3d4deaa22f303148 |
| SHA256 | bbd03726471e930e28251dc57d6d7df7de21ce6fe23771bfeea87b6da297de2e |
| SHA512 | 8ee3723211e5c85ee9e56becb69e49098694f130a0347f736507e3b8b463d5a17dd1a607f1bf3ea81c52e171cebde29e369fa91d7e6da7426df6f0c6ff0a0595 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\96.png
| MD5 | 5bc097407f0124c78c63657d6dfcf840 |
| SHA1 | e313152c04b2fa4c4aee76a6137df92796b11ca3 |
| SHA256 | d05d45f8aa3cf82924f11c6f31ced4ca01ecb3d9d9895213af0672436c57dc46 |
| SHA512 | d057736c4f62443741ba3339aeef4a99198168b346b23f7195fe41f5a27b352d854dc873a2b9f3ddca4ef6aa5e636d9cab3552c7f0cf266cab045bd71a917b3f |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\192.png
| MD5 | 7f52b05a141a277b58ea837f32b12cfd |
| SHA1 | a0dceaf6dabafc56297deb082003d32cd667b44f |
| SHA256 | 47c2123c41419004e1172d183d270a1274f1b59c0d33b8dbc516a9b8dc280305 |
| SHA512 | 999d6c84ac7f4314dbfce74858b3a7dc45171ac7b50b8ff714994b8e7ea2e45d497b8f108ffa96972ce9f837307de395a5ed2df3393b78044ac60cf569ff5448 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\128.png
| MD5 | 9f7165e53ce1f7f109be240a7145d96d |
| SHA1 | 08df18922492fe799f75912a100d00f4fb9ed4c4 |
| SHA256 | 7ace7af33ecddb14b0e5870d9c5be28f0218d106f33fb505154d089a5055e9e9 |
| SHA512 | 8fed74e748736b36a9ff33340120a85f722651a877b5404ae79eb650b31885d37b43d8102cfd9eeda4033dbf463d324533ced3bb2418e95fa0662291652db448 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\192.png
| MD5 | e0950ddb520548b796f7ecb6851dace6 |
| SHA1 | 0fd82cb8605edbe0f6ac6ecbce1f59845e9739ed |
| SHA256 | 3fc98bf86d164168fa88a4d21db0d2c7e40773948246a6f6edc249d79b7a0d5c |
| SHA512 | 62aee7b920e4a9e0f8ea39c2ced1d95462e54051ec86f30d8eecd3e603535375a5eac86edea7fd17955a1adfcd4aecae86b5c092cab0daa93e0284cef5d92731 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\256.png
| MD5 | d91940c5f899a1f1fc57f8beb45e3c00 |
| SHA1 | 43c5aa19a315606bdc8e007aa83880de3bfc3f29 |
| SHA256 | c101ecfc5ec54cf8923dafdae19b02f9283b34244b9d41393fa41f4f99f5b9b1 |
| SHA512 | 1b8ea4612e09d9a4fa9183e7965f6a6fdfe455ac58a58e2d0d194b6bc15f5377f2dbd8b9936b7feb9b523fe3713e4630b7a95ca4c863abb4fbd094e93fadb644 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\128.png
| MD5 | 997bba6d21b9d4855b204bb7121dd188 |
| SHA1 | 3ac41824188d7d819f3d50d59b432002bfdd6c0f |
| SHA256 | 1bb4c715f87c6f5d2a50adb0fe28b11d4042127f32c456f1b3cbd458f718892b |
| SHA512 | 176ea67ae4db539e86fb5ebcd0a5a320db02a0a10031853fedc004213f376137f7bf4412c505427a3437c80f29c79033b419e5b83f1195c4e003b59f4c9342fd |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\96.png
| MD5 | 327fd48ff88a5e34be72836f3a9fcf00 |
| SHA1 | 8325470fdcec337324724e958e80b68fe6182592 |
| SHA256 | b102d83705786261eb82f39f40330e402064a79c03371f3a85dd6b32b60fd2ac |
| SHA512 | ceb9accacc9f9610f58cc2a2fa48b891120c770e9144e94a8c65fbf6fdf57c2db9ed119b9fb76b259f41bb4cf45835c0da0c502d032de6389bb55ddc2ff1904e |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\64.png
| MD5 | 7ee1f93efa5f62510bd807b90f078761 |
| SHA1 | 033e79344f685d2272a4e28d948b3f41ee1be9d0 |
| SHA256 | 14e4e7bdd6d5384300a44656a8860721c011d39adfe6b2fa66695b527f11b261 |
| SHA512 | 647994c66ff30c5f494882e19d14fc8c34975dd5f48129be0950dee9ae4421f5e4123301f9f14094e78bb2ac8bb44478293aa362c4ceb5d879724c11e7727469 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\48.png
| MD5 | 57c87ac81a3236b86ff49775e44ba9a6 |
| SHA1 | e0a6c49916d0818811f80203a3bfa16541e847a3 |
| SHA256 | b09fba2edea17e4eaafa7eb4ef1178d4d1f251abc0fce1e26a3a132f8c4151ba |
| SHA512 | 5479b7564cdc6128f22a70128772985296db1e0a4d461cb894b1eb519b15f2a6116f8c8f11e08f5001b84e78ff16e03c72b41ddf85688d2db96fb14f2d098cd3 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\128.png
| MD5 | 970c928086a086a39486a503723f2f23 |
| SHA1 | 82ba4fcbc08c05f7adb70f95f613dabf75342ce0 |
| SHA256 | 2eb825fd977c21bc39e6f4e03f2070d45c712326dc37c3c8896472a111f792b5 |
| SHA512 | 9e3dc5ee2db558a77516de038f7bc33f190c0d09186d8b6d268d25448d363d2e7ad9e5b487a7b9ba958c2ab0e9c415fc1d98108ac34d18de0de4923b5835f959 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\96.png
| MD5 | e99f1ca5f029edbace7431d93b862bda |
| SHA1 | 4b88f5779911127df450a239f4a815d8a8b68a22 |
| SHA256 | c31478ea6f741ffac59b61ad7884690df87a622a473deea794fb9ee380e43863 |
| SHA512 | 605cb52463de3ebc6d52adab0ec5e33def8f597ec69d1cc3a78c36663431e2d8bdd3337e4f0303c4996f9ba3f9ec710dc230648c3cda383aeac2d26ce0fca616 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\64.png
| MD5 | 7b84cc9446f405769986e0ea0e0088e3 |
| SHA1 | 416a63f3e90a358f98114f3d913b13d242abc535 |
| SHA256 | 378bc9c1a0ddc0ece84277ab0258ceff76e973fdda016cfe9a828e901c2b9286 |
| SHA512 | 6b78066f829c8ccf3ef8254d6c55e72308bd639a981eca6d96434e68b8e3b9ca22e98f814bfbb24ebec55ce7f063b5f3e12e29208c142c852250ce1e82d6b3bb |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\48.png
| MD5 | cd2cccc611815e835ee9f9cea818d214 |
| SHA1 | 4052e8bc79e03918bfe4879a98644ad02e099074 |
| SHA256 | acda6e58b5d8b9c3949a09f7594eb7ab05c27138c4a58a44f73844696830d7ac |
| SHA512 | 38ccfbdde06db81b66798555f883e9fa921db5f9983a45b29cbd96e6a7c9d13401af6c911a38e010da0da9027622e29b35413a35ac98170d112b04358bf96cc0 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\192.png
| MD5 | 9c122ac4e6b9faaf25e5fefc5cca8032 |
| SHA1 | ab89119afab3a186c54b264efe405d2ab109c35c |
| SHA256 | 720f05488412b8ab3c426a459248e099e0bc560a2fd927c7ef9ddd0dd4e9a84c |
| SHA512 | be229edd61fa395b5005d015c825bb094b44f0c63c5740fb6078fd8528c7e575669d35d4966d94b6906471813cc62006e37c4a42aa95d1f5f540014e3a5e2ea0 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\256.png
| MD5 | 8056b9d1b4e3abb3d995743d12ac530f |
| SHA1 | cbee4bbbf28d889750942b15d198ff1687f127ea |
| SHA256 | 641b5659cfafbe84d9734821a1a1766156bc1e0961434e9fd26f0d6ee6f0e3d0 |
| SHA512 | 54a381cab7877f338856665059d6f9a1b3c40721d0a8b71747931c59f793a55f3f9a82d9be2057489ae14503ee2c11e36ceabb3ff2278b3dc013a76f906ee85d |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\8ea2dc36-6fb0-44e8-aed4-6bed521138f5.tmp
| MD5 | 8c83bc307630c8c33445f0e9475fd0d5 |
| SHA1 | eb0e962d5fd95c284d5adffcf7f59dfec6f2aba7 |
| SHA256 | 5a6f38ff57f0f3c1a99884de12aaaa2e3d24f0f8d9c15c910fb4fe8e8b59b6ca |
| SHA512 | 34510d10fbbf1750de8d8c7c8baf71281faed294fd2ae42624110359a2df5744abb1446a1cbd7300926d601880bb0989fd3d3b4b30b4941be870cf1eb5ad2198 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 630ac0fc45e571bc264894e252f54bbd |
| SHA1 | 7eefa7308eab4ac8c3df8105a75c1dbc2cd38442 |
| SHA256 | d47d2320eda093e3a9470b35dfed63f464190708a454f922249d998a00f13538 |
| SHA512 | db58f53a1aa57967f208154083bf6306926378f072e02b8a92da92b284395c6db269477c3e74ec23257170a6ef97ac93e5f1489921f8e9a77cbc46b78093dc01 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6758b19e220612db198d6f18fc6f0811 |
| SHA1 | a20e99b60b66794e47a0f647faa3012c02223f57 |
| SHA256 | 8a4e672803b766b47dcca114fe5bd3acee1e1a1ee43068c686f9d314f5b85d28 |
| SHA512 | 66fb48f04f1688426bd669644a804da65e19d3da8292ecc8595dcd9a5cc2202b8a7928718301aa7f55c0a47be1de83baf6cde83b6985f370590ce944c1211712 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cb3bf81ac606f70f6fb63ccf38958cf4 |
| SHA1 | ea2a1703f69e091ad8e5e01d93e8d139bf35fadf |
| SHA256 | eb77563227701c816219e8f0226c94653a40f043bfa61001f94246f96da34c57 |
| SHA512 | 975cf88ecfd1739d5ee83cfd620ce47e6aac2766ab69e3375dcecd68ec695cdf918e76d7a9f1679fe4d950ed25411e90a9ab92697eba4eb941154937b61c54bd |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\4ff9fba2-4768-41a0-a451-90eff8c5205c.tmp
| MD5 | 5c755c2c48624a947f3d381ebd2af8bd |
| SHA1 | 6cf5b4898c5e77894077fd1b72322d6e48b5a321 |
| SHA256 | 5d156b6cec4fab1dcac8e9c41a8336d54857cc19d85d136424df211ea371426b |
| SHA512 | 4566158c099a89007dbceeeb46822bf02b16efca3b3be735712c7ad3ec15243eccd7909a13b876cb5d6aabd65eb0b490046e74224656ff42d1ae58887675a953 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | d1f604157b0745a40453afb93a6caa42 |
| SHA1 | 3d5d77429b03674ebb0ba34d925ba1b09310df5e |
| SHA256 | 468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5 |
| SHA512 | 0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | df7bb62fe19574af10dd2dc0de451400 |
| SHA1 | c45f32676d9b8f9b04cc397b78dba243e5179f79 |
| SHA256 | 201f35209b348a5912133e073072d1834203ec5f6294987251a67c9bd2091a54 |
| SHA512 | 92ac56f0a7f5f151babfdc318da0481a8250217eed3ec252ea0ad7ef61f94d7e5c6e56e08e4a1777f15565f9f6f536ae6235fbd5d450c74c87c4c4f99ec63e4c |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 772bde987edca8b4ad93878d34d3845d |
| SHA1 | b0658363f9cdedab63c050dcd6448171b63db43b |
| SHA256 | 5495411522fd61cc59507d188cb1e3136ef97f5f8585783b53f37bea2d2ac348 |
| SHA512 | f11c058993098e0c0efca406bffb791ac44fa50bb5921ea6bbf3a379d5e94191617f887388802484bceaeae83e6992626822be9d6b908a48b02bbab980115e77 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ae0f4cec82421bbd684ce448bebf3746 |
| SHA1 | 20ded759dcddf7de051216c3032a5b643889a264 |
| SHA256 | 032fb79d855d894c4ea6bbf3457047921c61ea3c4df3a46457d8a73418f66633 |
| SHA512 | 359466cdbc24bd6910a9f835fff3531eb7d70686e2d626b1104bbcd197de50391fdd5a9732343d74708b893515843df47f029ca13c47ffa68f378fd22ea7301a |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c98d62b4da3a9d8a52698df6970bb239 |
| SHA1 | 0e04e1fbfdb789aed613a7b47fa411005bca5002 |
| SHA256 | abc4057d07bba56100356789c4ddb4a03dbb48eb333b05f263c3d9b1e0daf92d |
| SHA512 | d680ed042f6eea2f5dd1e738e7f1469f53b5ef7a5f5cd400f3ad4416b433f05c83c41d28f9b1f4530de6550417157feb728d01410625aa89c13ffffe4705145d |
C:\Windows\Temp\SDIAG_9db4f2f7-a75a-401f-b883-d66e1c12aec7\DiagPackage.dll
| MD5 | 4dae3266ab0bdb38766836008bf2c408 |
| SHA1 | 1748737e777752491b2a147b7e5360eda4276364 |
| SHA256 | d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a |
| SHA512 | 91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b |
C:\Windows\Temp\SDIAG_9db4f2f7-a75a-401f-b883-d66e1c12aec7\en-US\DiagPackage.dll.mui
| MD5 | 1ccc67c44ae56a3b45cc256374e75ee1 |
| SHA1 | bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f |
| SHA256 | 030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367 |
| SHA512 | b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6 |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\NetworkDiagnostics.0.debugreport.xml
| MD5 | 47bc6fc0b32c517e6223fe67364bf8bb |
| SHA1 | 8c65e05f229594f69e252dbbe5824e7049db71e8 |
| SHA256 | 744a13e5b3c10c922ce1fd133c9b82a15569099acf8f18dc505d6286ee72839d |
| SHA512 | 813f5abf04aae3e6e92e531e10996474d0e3403e74d6eacd4f0ab4db4dbc9ddb8a4bd99d7cdd7ed6c857ba0ea65da8fae175c514ac224386c94267b4fc2aacfb |
C:\Windows\Temp\SDIAG_68667f38-9242-486c-b1c9-5411fc12f13d\DiagPackage.diagpkg
| MD5 | c9fb87fa3460fae6d5d599236cfd77e2 |
| SHA1 | a5bf8241156e8a9d6f34d70d467a9b5055e087e7 |
| SHA256 | cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f |
| SHA512 | f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3 |
C:\Windows\Temp\SDIAG_68667f38-9242-486c-b1c9-5411fc12f13d\result\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\results.xml
| MD5 | 840b413cbf5e57a93deecff7e76cf260 |
| SHA1 | cdcb54b73ea2acbfaa16e9355b347c2548411026 |
| SHA256 | de5825ee63dd98ca86f86652ff81ac75380b3ac4d880ab44d8984b8bf531ffae |
| SHA512 | 2130c9f55a3b28492c698def50cf92d805ccee1334c95ca8f9f776f6ceeee91884e751fac42510088a262dd82de01dcd6aaac5186db4a97a221bd8289a72c3a1 |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\ResultReport.xml
| MD5 | df37681a43c20a083d9defa043d19cd9 |
| SHA1 | 86bb0939852e030671d0be1aab18e0568d112428 |
| SHA256 | 8ac8fafafdc979ad747b31d833e4d52da5872198f2c814d72408c5d05a42c4cc |
| SHA512 | 5573e7c8ac0152eb67cba5bf097034de3d15c1bb48af0e7e0365d96ae39fe7057bf0370197096c06450d64335489db064db0b7383e6704c5d0ddcca956fd7776 |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\NetworkDiagnostics.1.debugreport.xml
| MD5 | 949c75fb12b3e6dbf3912cc63e04b498 |
| SHA1 | f8efd633bf90c156253e9448be2e8dec1aaf8fcc |
| SHA256 | 9247206da432eabb558eec9c79b6938200905d6102d06173c1720351a4a7638b |
| SHA512 | 6a110e0146334ca9118bc9d81d67aebf1ba3f18e65918c8b31d12b46caadea46af3e0ab9de7f917419ece59818543b5efc2d95545f146462178038b683e4f002 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\PLA1176.tmp
| MD5 | b88824a601eacf12fedc97896d92cc68 |
| SHA1 | 52b49eb42f33cbc8de57a3a18041a33ee0331f4a |
| SHA256 | 277c9bcb33c861d7caa27ad120571fbea92a5b8b73752f1b472a42981b76bdba |
| SHA512 | d04ed6116a9b59b4965b557cb65217840e7ada2f474a54d0711b4532fc007d27b1a9c039098732dc9aae9bdb048dd1684e80dbe7e75828ee42a2b5a6e18b5623 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40e7b562b9811626f073c64a470fca19 |
| SHA1 | 24715d353c9bab8478baa1dc667ee9d623321499 |
| SHA256 | 880d313deeaed4bd45258e5c6b453e007ae78345cde121d0ce0ac1cbc726ab05 |
| SHA512 | e843f5e3d4009bf950903dd6e8901cbc2f1159c8c37e369deb6fd325017179b0a71b1e51b0b764b19f91e8c6d14040cd47e02027e937814dd31620aa3b532548 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\47a4eedc-ae40-44ed-bbfd-60fde2db6661.tmp
| MD5 | 938e61010381b0dfca8988ccbb851528 |
| SHA1 | 7ef20d7359c19a6c00db55e95ace0bdc680a4e7b |
| SHA256 | 3d83951bf142396c9987adee13370125eeae015178192ad3054d8e747766b6b1 |
| SHA512 | 9863ec596ffad792283cfcc8bc0fba38849aa27d2c29f4bbc58900a54211ffee5377593b039e812512eb3414c335096e5c7548d5c704c443e0e902d342bbb40f |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061402.000\NetworkDiagnostics.0.debugreport.xml
| MD5 | ec2e10a90e4a1fa8b02c0cfae85138b8 |
| SHA1 | 39dac84380b43e0f680a179d7ec3d7c3761b7e94 |
| SHA256 | 4f8d49b284e0e7795546ce11158f23149f2fbf474a03c7075198302e8aeb1b3d |
| SHA512 | e477ccb6d4f82b4fc0f33a10add1d258aa328d1cd3c741837318afb8a8c53c54e3ed9b766e5714fd1f89a97cd6bcd819e67be6cde904107f898573732fcc9e19 |
C:\Windows\Temp\SDIAG_7f64b413-8ef1-4d6d-a018-230dfa3a401e\result\ResultReport.xml
| MD5 | d10e07b37a0073f7a4e2f664e82843b3 |
| SHA1 | c4d89f5be6cd02e16e1a42b726b2d6c9ac37e470 |
| SHA256 | 8cd8d0d3545c59c0ccb844347f0cc4fae567333a8a6a727c5c307262edc9ff6b |
| SHA512 | 8b288a0bed0c90cc86c676387d17dd1ac7d6d6451c9bd718942fea1a352feea2b2c2a75aa406acd249b5438cb8b12fd4124803eb1a8574a3f15ff20e2a5521a2 |
C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061402.000\ResultReport.xml
| MD5 | d2202666ad9fad0ceec82bd867f645dc |
| SHA1 | c8632eeedafeabd414851a16775e697acad9db08 |
| SHA256 | 2b8ccafd622f95d40ae1152a2f0293757fad2048bbc6ded4df59f86d82f32a3c |
| SHA512 | 10bd87b644d2a12d5ecebd41f02349014e188df49129e778fdc8d7b72d1f131f6943c374504a5e5b20adc53e15d0c1307b35b7bd40f7bac3cc96b77946f3a117 |
C:\Users\STAND~1.AD8\AppData\Local\Temp\PLA182.tmp
| MD5 | 25025694e8337c31fe8aa821a2663c47 |
| SHA1 | a831c750a60ce0d6133d48efbb06c70e5a17aab5 |
| SHA256 | 1d355e812e22d2b5fc50a27b3c3dced1afe331503a3960d41cab3519f4de12e6 |
| SHA512 | 0e55f211ec734c938c2f01913db846ec241e2235d31c221948d0d48039954f6ce6040f8414eab679ad1a63b77365aa783a1d75e4a24de8e26544a50ba521ef8b |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f5a42e7c0bade026dd3225b5daee7ea6 |
| SHA1 | 1cd09fa25449fb4ba752f37909a0c581fafeecca |
| SHA256 | 777406d49ffe9ca997e032582e839890d9623451d4254e01a2a5172efe35e359 |
| SHA512 | 3cb8d74f6c17263ed6177cd0164803e6f8c6b6340bbe441464a5a70d55db66fb7719ca7e637b6861f614b7f9ef4c7a4748a6bd2d6d410f583daf8f53764b16ff |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1014bff1c45f0a95eef619c1e18ce2af |
| SHA1 | aabd59cec66c4ffc3aca071d0d1c051b0f815abe |
| SHA256 | 8856d40d9ccc55f4de4206d7bcf6e89f37b7ddda150065a22bbedb6698a02c6f |
| SHA512 | fedc9a85fd8f7f6c171edd5ae7554934740a9b4d4acb80305845eda1b6bbd4b06e7ac76e0d8b70ec1ddc08225f51fbfa9d607fa7219e7f5dd4e9d5c2b87240a9 |
C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60afe51004e0bbc0f296fc5e58ed5da2 |
| SHA1 | 44fd6c5af0c539a2395cb475c26f324710a89965 |
| SHA256 | 0c69d928a55b7ca64cea36343c10cae67f988e9a77cd4960dc532a1f997e35e1 |
| SHA512 | 94897a9005aeb4c8778f1c424b25bef7f140164544b1a120ec50badbecf30daec49c0e1fcd479191501cc52ee3009323de7515246324bf80fc47d4c133ac666c |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5bc1f3ceff3df8b11bc48cb0c714353 |
| SHA1 | 836f61bfcc683dcefc9beeec26f2fc8f3422f6ea |
| SHA256 | 04c2568a6ba35251a717810b7413be6adf04de8cdd322a1f1623c1df1d67f49b |
| SHA512 | 9c92901a0384eb978bd111e7c5f9beb7d6d819b7ddf1fdd820da0578fd8e31d1d95c2b23587c4799262a28c8425e72801a7f3d3fc56bfc7f9b3aca7789b48aab |
C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 42d76f1ffd5a001be1a3e8d889ad43c2 |
| SHA1 | 5b86939b798a6c0eccf8999343a511e360acb777 |
| SHA256 | b55df38b49a6803b9a9110bfac9d6986490c9d8c365671f7799432a35fb0f1f1 |
| SHA512 | 140208cfd6be11d940819cf19e8e1d89820e135e785b68a537d987099f6529fbcf98e846c8eda8ca62aadbfa39465d024b1b5c5ff0af5e6f5fcc19c5be261556 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:18
Reported
2024-06-14 01:21
Platform
win10v2004-20240508-en
Max time kernel
13s
Max time network
14s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628016928626488" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d94ab58,0x7ff97d94ab68,0x7ff97d94ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | windows.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
Files
\??\pipe\crashpad_1040_AMWCMBYHONHDCMVQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a2140c3826bde653f78c95af49c1d63e |
| SHA1 | 6731fc7b01e7cd13c07ec08015fa9be501b3c47c |
| SHA256 | 099b07fd0a2a5e24334a88eeedb9a15b887a69a50bb377c2e4a4352e9e09f289 |
| SHA512 | 2c3946bb32c278bfa7e8eff438ff0fc66b311283128271883bd8b6f3b0936c79c253721475edefdf24e0315b3f6d63166f47c7d09ec2586fa8a798f32041d6a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75fcd8312220621777735c99eec5ce06 |
| SHA1 | d952e51496bb299a94b6db810f64c7a10dbcf864 |
| SHA256 | 56c26af4b9c866e7f1f0e6e1efb10a8d8f06eee9700b98d6e4aeab116b2fa57b |
| SHA512 | 0f274621aa38b92f6fe00fd36d259e2b520c11ae7895ff6a4e1d57d85d1310453632569a0abc2b807a88dc5ad90fba99b62be8f2514582de8a811e175b5385ed |