Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-bn6q3stbjq
Target http://windows.com
Tags
evasion persistence ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://windows.com was found to be: Known bad.

Malicious Activity Summary

evasion persistence ransomware

Modifies visibility of file extensions in Explorer

Modifies Installed Components in the registry

Drops startup file

Enumerates connected drives

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer start page

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer Protected Mode

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Uses Volume Shadow Copy WMI provider

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:18

Reported

2024-06-14 02:01

Platform

win7-20240508-en

Max time kernel

1529s

Max time network

2431s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\Explorer.EXE N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "Pre.Standley" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "Stand.AD8imn" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Windows\Explorer.EXE N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Windows\System32\regsvr32.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Contacts\desktop.ini C:\Program Files (x86)\Windows Mail\WinMail.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1002\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Desktop\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Favorites\Links for United States\desktop.ini C:\Windows\System32\mctadmin.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Links\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Favorites\Links for United States\desktop.ini C:\Windows\System32\mctadmin.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Downloads\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Contacts\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File created C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Program Files\Windows Mail\WinMail.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\Pre.Standley\Links\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1001\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Downloads\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Saved Games\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Downloads\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Users\Pre.Standley\Searches\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\unregmp2.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Links\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Contacts\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Saved Games\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Saved Games\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Desktop\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Pictures\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\unregmp2.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Favorites\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Music\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Documents\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Windows\Explorer.EXE N/A
File opened for modification C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Stand.AD8imn\Videos\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\Favorites\desktop.ini C:\Windows\System32\regsvr32.exe N/A
File opened for modification C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\System32\regsvr32.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\A: C:\Windows\Explorer.EXE N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\mstsc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Control Panel\Desktop\Wallpaper = "C:\\Users\\Pre.Standley\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.AD8imn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.AD8imn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Control Panel\Desktop\Wallpaper = "C:\\Users\\Pre.Standley\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Windows\System32\regsvr32.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.DAT C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.INI C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.DAT C:\Windows\System32\ie4uinit.exe N/A
File created C:\Program Files (x86)\Internet Explorer\Signup\TMP4352$.TMP C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.INI C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.DAT C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.INI C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.DAT C:\Windows\System32\rundll32.exe N/A
File opened for modification C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.INI C:\Windows\System32\rundll32.exe N/A
File created C:\Program Files (x86)\Internet Explorer\Signup\TMP4352$.TMP C:\Windows\System32\ie4uinit.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log C:\Windows\ehome\ehshell.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\ie4uinit.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\rundll32.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Windows\Explorer.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Windows\System32\rundll32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Explorer.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\ehome\ehshell.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\ehome\ehshell.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Windows\ehome\ehshell.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Windows\ehome\ehshell.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Explorer.EXE N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Explorer.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information C:\Windows\system32\csrss.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information C:\Windows\system32\csrss.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data C:\Windows\system32\csrss.exe N/A

Modifies Internet Explorer Protected Mode

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" C:\Windows\System32\ie4uinit.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\12 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\17\IEPropFontName = "Tunga" C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_ToolBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\32\IEPropFontName = "Segoe UI Symbol" C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\OperationalData = "1" C:\Windows\helppane.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\39\IEFixedFontName = "Mongolian Baiti" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\4\IEFixedFontName = "Courier New" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\20\IEPropFontName = "DokChampa" C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\OperationalData = "5" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\MAO Settings C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Desktop C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\14\IEFixedFontName = "Kalinga" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\New Windows\PopupMgr = "yes" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\30 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\31 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\32\IEPropFontName = "Segoe UI Symbol" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\13\IEPropFontName = "Shruti" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Save_Session_History_On_Exit = "no" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\19\IEFixedFontName = "Cordia New" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\23 C:\Windows\System32\ie4uinit.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate = 60d96025fbbdda01 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\19 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\PageSetup C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\28\IEFixedFontName = "Euphemia" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\14 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_URLToolBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Settings\Background Color = "192,192,192" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\3 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\15 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\24 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Zoom C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\6\IEFixedFontName = "Courier New" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Windows\helppane.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\11 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\3 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\30 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\29\IEFixedFontName = "Plantagenet Cherokee" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\38 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\6 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\36 C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\SOFTWARE\Microsoft\Internet Explorer\Main C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\SOFTWARE\Microsoft\Internet Explorer\Security C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\27 C:\Windows\System32\ie4uinit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\16 C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\International\Scripts\8\IEFixedFontName = "Courier New" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Settings\Anchor Color = "0,0,255" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\International\Scripts\14\IEFixedFontName = "Kalinga" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Cache_Update_Frequency = "Once_Per_Session" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Show_ToolBar = "yes" C:\Windows\System32\ie4uinit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\System32\mctadmin.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" C:\Windows\System32\ie4uinit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" C:\Windows\System32\ie4uinit.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" C:\Windows\system32\winlogon.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" C:\Windows\system32\winlogon.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" C:\Windows\system32\winlogon.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" C:\Windows\system32\winlogon.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" C:\Windows\system32\winlogon.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" C:\Windows\system32\winlogon.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" C:\Windows\system32\winlogon.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" C:\Windows\system32\winlogon.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" C:\Windows\system32\winlogon.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 9e0000001a00eebbfe23000010000aab12216ac8fe4fa3680de96e47012e00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbea7722a3ffa99db4da5a8c604edf61d6b8207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-mpg C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.m2t\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shellex\ContextMenuHandlers\PlayTo C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1 C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/vnd.dlna.mpeg-tts\CLSID = "{cd3afa9b-b84f-48f0-9393-7edc34128127}" C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.m2ts C:\Windows\System32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.mpa\OpenWithProgIds\WMP11.AssocFile.MPEG = "0" C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mod C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867} C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-mpeg2a\Extension = ".mpeg" C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wax C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wmx C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-ms-wm\CLSID = "{cd3afa92-b84f-48f0-9393-7edc34128127}" C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wm C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.m4a\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wvx C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000ce586d0c1100557365727300600008000400efbeee3a851ace586d0c2a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/3gpp\Extension = ".3gp" C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867} C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WMP.AudioCD\Shell\Play\Command C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mod\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.MOD\MP2.Last = "Custom" C:\Windows\System32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2\OpenWithProgIds\WMP11.AssocFile.MP3 = "0" C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/mp3\CLSID = "{cd3afa76-b84f-48f0-9393-7edc34128127}" C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.m4a C:\Windows\System32\unregmp2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "19" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mts C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.aac\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.midi\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202020202020202 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.M2T\OpenWithProgIds C:\Windows\System32\unregmp2.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5200310000000000ce58700c102057696e646f7773003c0008000400efbece586d0cce58700c2a0000000ee00100000004000000000000000000000000000000570069006e0064006f0077007300000016000000 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\0\0\NodeSlot = "27" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command C:\Windows\System32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WMP.AudioCD C:\Windows\System32\unregmp2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mp4v C:\Windows\System32\unregmp2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\ehome\ehshell.exe N/A
N/A N/A C:\Windows\eHome\ehExtHost.exe N/A
N/A N/A C:\Windows\eHome\ehExtHost.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\ehome\ehshell.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Windows Mail\WinMail.exe N/A
N/A N/A C:\Program Files\Windows Mail\WinMail.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 2772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2084 wrote to memory of 2536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3016 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2316 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2512 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1456 --field-trial-handle=1444,i,820157063587904407,7480600486186201792,131072 /prefetch:1

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -UserConfig

C:\Windows\System32\ie4uinit.exe

C:\Windows\System32\ie4uinit.exe -ClearIconCache

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Windows\System32\bsgne1.exe

"C:\Windows\System32\bsgne1.exe"

C:\Program Files\Windows Sidebar\sidebar.exe

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Windows\System32\mctadmin.exe

"C:\Windows\System32\mctadmin.exe"

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{A2D8CFE7-7BA4-4BAD-B86B-851376B59134}

C:\Windows\system32\gpscript.exe

gpscript.exe /RefreshSystemParam

C:\Windows\helppane.exe

C:\Windows\helppane.exe -Embedding

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\ehome\ehshell.exe

"C:\Windows\ehome\ehshell.exe"

C:\Windows\eHome\ehExtHost.exe

"C:\Windows\eHome\ehExtHost.exe" 2220 b6a8a75d-2c95-4e59-b369-3456d2d7831f 3 False False False

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2068 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2076 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2264 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2348 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1260 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1464 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3692 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1240,i,8170271065837033087,3100428268512316008,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\deployment.properties

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=57426&Ext=properties

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\deployment.properties

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\gpscript.exe

gpscript.exe /RefreshSystemParam

C:\Windows\system32\userinit.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -UserConfig

C:\Windows\System32\ie4uinit.exe

C:\Windows\System32\ie4uinit.exe -ClearIconCache

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

C:\Windows\system32\rundll32.exe

rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Windows\System32\bsgne1.exe

"C:\Windows\System32\bsgne1.exe"

C:\Program Files\Windows Sidebar\sidebar.exe

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

C:\Windows\SysWOW64\runonce.exe

C:\Windows\SysWOW64\runonce.exe /Run6432

C:\Windows\System32\mctadmin.exe

"C:\Windows\System32\mctadmin.exe"

C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2084 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2088 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2416 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2472 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1404 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x1400b7688,0x1400b7698,0x1400b76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4420 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4272 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2136 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2380 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4200 --field-trial-handle=1264,i,922868414418213050,16460163405494072590,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1284 --field-trial-handle=1236,i,9417166069367891088,10846173711857110487,131072 /prefetch:1

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe"

C:\Windows\system32\mstsc.exe

"C:\Windows\system32\mstsc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2796 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1416 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2900 --field-trial-handle=1224,i,13444226603040216795,2521303289981060491,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe"

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1108 --field-trial-handle=1196,i,14156143315228546167,10225366024701416947,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73f9758,0x7fef73f9768,0x7fef73f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1584 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1364 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3284 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3296 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3560 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2876 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3548 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3520 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2084 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:8

C:\Windows\system32\msdt.exe

-modal 1704394 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\STAND~1.AD8\AppData\Local\Temp\NDF76E5.tmp -ep NetworkDiagnosticsWeb

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\System32\control.exe

"C:\Windows\System32\control.exe" /name Microsoft.Troubleshooting /page "resultPage?keywords=+;NetworkDiagnostics"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2480 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x600

C:\Windows\System32\msra.exe

"C:\Windows\System32\msra.exe" -novice

C:\Windows\System32\RAServer.exe

C:\Windows\System32\RAServer.exe -Embedding

C:\Windows\SysWOW64\fixmapi.exe

C:\Windows\SysWOW64\fixmapi.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2084 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3596 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2292 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Windows\system32\msdt.exe

-modal 1704394 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\STAND~1.AD8\AppData\Local\Temp\NDF698E.tmp -ep NetworkDiagnosticsWeb

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\System32\control.exe

"C:\Windows\System32\control.exe" /name Microsoft.Troubleshooting /page "resultPage?keywords=+;NetworkDiagnostics"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1728 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\rstrui.exe

"C:\Windows\system32\rstrui.exe"

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1068 --field-trial-handle=1228,i,13995213551651712865,2745256576762914653,131072 /prefetch:1

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D8" "0000000000000390"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 windows.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 windows.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 windows.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 windows.com udp
US 8.8.8.8:53 windows.com udp
US 8.8.8.8:53 windows.com udp
US 8.8.8.8:53 windows.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp

Files

\??\pipe\crashpad_2084_AYOMOTQTJJLDJSHN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ea98efe56c047d52380e8545880f6da
SHA1 f60548696d0f5592c1f45fd310ca47212737c385
SHA256 000567dc9736be3c6d819adf5ac38d071d1491e98c26400fc7e2530b508223ca
SHA512 b0d8a833c8f988f0f656ef3dfff82d74900b01fa2f52bbedb6382c14ad61b87e339d8f5497cbdc57b0c2f1e4738b88616b31c5899ad0abec391cf22d22032f42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72a6741b1e99141148917fb61ca57b7a
SHA1 fa5bf3fa2bdd3cbe305bbdf07ecf47f20c786e32
SHA256 d40210f7295d3b4939621c8ae848bc1e0aae9141af9d675385e875fb604db97a
SHA512 e3cdc2e32f7d26de0ad3d3a033338e62501e267e3969d28c75b45d7bf56fccc9c04c7c56383061c6834db8d9c5b040df534a211da025cb79accd22516c9ecbe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\83745a46-2dbb-4bb8-b380-9bf577d9d6ea.tmp

MD5 90c72899628173a5dd0b2613c22573dd
SHA1 102e1a1832a00cd5941a3308145e87b05fdd0147
SHA256 e2521ce3f9b9f964db43fdd65cb5edb3626042e66c5741b1ee3e722cc952296d
SHA512 5d7e4de8a8b236c8979fdfe27f11f79ab18487ffcf4865e2c56638ae4a76028ac966ee9ceec67536fb6a7f4290070f20f0662b8d8a68c6ed249321b12ebac58a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 674214e2bce7f2bd3014b9333b93c0ae
SHA1 7d8d227d14c301f101b7c04b70b75eb72df41179
SHA256 66f702937f2f9ca3ff4d434ce31dedc4492fd4da7c2773d97819e68ba9757e1a
SHA512 a29bd72bf8024bd9943767f4933e64113a36ee84533e7de4c4c73a89a524f5519170a89c1f779291c67c9e8b6e5584ab253c7fcb66ac60d362742af50a178e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48a647cfa57602ae5a6bf964ecbd0960
SHA1 a336464f70de08c34415c24d93e8447a9ad6012b
SHA256 ccc26a50b1f52b575baf129c619e647b279da8f7c76eb472c0e09d5d978f37c9
SHA512 6917b0f4114549e2871f3ed08360638dd69dad8a3052d607b4601b40e1576f1e4b4b860db580646d10c48488eb96300f319b379e2efd7e2f379176921de72f3b

F:\$RECYCLE.BIN\S-1-5-21-2737914667-933161113-3798636211-1001\desktop.ini

MD5 a526b9e7c716b3489d8cc062fbce4005
SHA1 2df502a944ff721241be20a9e449d2acd07e0312
SHA256 e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512 d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

C:\Users\Stand.AD8imn\Contacts\Stand.AD8imn.contact

MD5 26f4437699eec930437ee41727ff9fd8
SHA1 93c10066e58fad956c077d81186a0eeb02fc1416
SHA256 94e2c7897cf6dc5a582c89d91e8b99ffb8f7244cadd31bc1ba7b2bd95cad9107
SHA512 9709fcc005e49607de54588784b1beb350dbb2ce1ef4b91f375a78edd3e9961f4d1b672d0147e20509574e556e58dec6354f1842c4a0b8270207c27def11f293

memory/2260-204-0x0000000002100000-0x0000000002110000-memory.dmp

memory/2260-210-0x0000000002200000-0x0000000002210000-memory.dmp

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 b32a27d48a2a6a96e60c68386a12e241
SHA1 86b03a35ef73ecc58d144734d5e7082ed4f73e77
SHA256 1bd6d42744612e926f38a8bb4c723f031d030907b32755ec369bd5b5b26b4bfb
SHA512 0d23f0f3e838b7d0482010ce10cf4e4e4edd34b54a6c0ba30e53a47151a088cdce3d20c1eb617c454eb54e5dcbd1eb54603fb3c39a5c27dceb013576d74e18c1

memory/2260-223-0x0000000002490000-0x0000000002491000-memory.dmp

memory/2260-225-0x0000000002470000-0x0000000002472000-memory.dmp

memory/2260-228-0x0000000002470000-0x0000000002472000-memory.dmp

memory/2260-236-0x0000000002DD0000-0x0000000002DD2000-memory.dmp

memory/2260-238-0x00000000029C0000-0x00000000029C2000-memory.dmp

memory/2260-246-0x00000000029C0000-0x00000000029C2000-memory.dmp

memory/2260-301-0x0000000003030000-0x0000000003032000-memory.dmp

memory/2260-302-0x0000000003020000-0x0000000003021000-memory.dmp

memory/2260-305-0x0000000002460000-0x0000000002461000-memory.dmp

memory/2260-309-0x00000000023B0000-0x00000000023B2000-memory.dmp

memory/2260-311-0x0000000002390000-0x0000000002391000-memory.dmp

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Stand.AD8imn\Contacts\desktop.ini

MD5 eefa7f76ff11a5ec21bb777b798ac46c
SHA1 2e7a65ea8427d13a92ea159a5b8859ff99d2a836
SHA256 840b46ed74821b5b61ca9ddc51a91cfe9151d11a494c89f183fadc02a78ac8ae
SHA512 111301e33c0b33c154ffff274db5eb167de0ddb4e769cab9a2d9fcd2882e6192053149abbcb00d17ae5f7661bafecc1111aff2025c89d07b247633bbccb0e3ef

C:\Users\Stand.AD8imn\Videos\desktop.ini

MD5 50a956778107a4272aae83c86ece77cb
SHA1 10bce7ea45077c0baab055e0602eef787dba735e
SHA256 b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978
SHA512 d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a

C:\Users\Stand.AD8imn\Pictures\desktop.ini

MD5 29eae335b77f438e05594d86a6ca22ff
SHA1 d62ccc830c249de6b6532381b4c16a5f17f95d89
SHA256 88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4
SHA512 5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

C:\Users\Stand.AD8imn\Desktop\desktop.ini

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Stand.AD8imn\Favorites\desktop.ini

MD5 881dfac93652edb0a8228029ba92d0f5
SHA1 5b317253a63fecb167bf07befa05c5ed09c4ccea
SHA256 a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
SHA512 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

MD5 a2d31a04bc38eeac22fca3e30508ba47
SHA1 9b7c7a42c831fcd77e77ade6d3d6f033f76893d2
SHA256 8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531
SHA512 ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 17d5d0735deaa1fb4b41a7c406763c0a
SHA1 584e4be752bb0f1f01e1088000fdb80f88c6cae0
SHA256 768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed
SHA512 a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3

C:\Users\Stand.AD8imn\Documents\desktop.ini

MD5 c0d27ce20981388b3609d9d0cecbded3
SHA1 314359c10e05a88a3e39029b4664272489bee81b
SHA256 830a97fd09125e179c34f2da404dd7bf1da80329e33c639c2fde7ae705d62015
SHA512 635365e3a1c5752f2dc09a0675a24b283eb6186db8a1ac8ec31b1c6ab1c3a4b943c437027707802cbd40df636de4c76c2a848f3a9ea34bfe5940e5795b17a199

C:\Users\Stand.AD8imn\Desktop\desktop.ini

MD5 9e36cc3537ee9ee1e3b10fa4e761045b
SHA1 7726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA256 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA512 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 3b3abe1b1bcdaec49ca61f0d2a09fcfc
SHA1 a11e0c0bceb75eb0d95120ddbc63a4e3a1462a9e
SHA256 0596cdd7ff821ca21a18c5881a249b1fac78eb06d6102bca2fca7d0f87c987c4
SHA512 65fe8e3a2609bef14d2442de7c66b75cbc2fa4813f64fd36118cf6ab1a909698a995cb54fafcfffb970b924a9ae817369df2bc403dc2bf804041ab9d84070689

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 764bcd12f24f7fa8fa5887f720a19179
SHA1 5c8348269c4161726f49fe257f0bf1d9179489dd
SHA256 d3cdda5c91a4998c77a697056ab5b3f23f44483de31714d3a069e4a67055c518
SHA512 581d7c9076f036482ea5b116fbc179e402f2264239c1f118af3fc9c2914eb23583b770f3d9e6f8d03c9017ee24a3d88873d547bb0d200017de72121c41dec160

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 d2eaa2dc97271fd8c2d310aa1faee790
SHA1 c20a7eff224d9b8d6d7cd196c8982e164b525845
SHA256 d494ca30b8c811a4819bd6d0a423c284e8e45f3bbcf2fcc63161d3f0a170de43
SHA512 d4fa2bb7b06005cde3b87ceb557af6e44a92c43d7bcebebe19a675b0e0e2ceeb9fe260ec73756c403eeeb587bd77f61d914ff60e31ff0787a5aa4d8351d17c74

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

MD5 7f1698bab066b764a314a589d338daae
SHA1 524abe4db03afef220a2cc96bf0428fd1b704342
SHA256 cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76
SHA512 4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

MD5 548b310fbc7a26d0b9da3a9f2d604a0c
SHA1 1e20c38b721dff06faa8aa69a69e616c228736c1
SHA256 be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac
SHA512 fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1

C:\Users\Stand.AD8imn\Documents\desktop.ini

MD5 ecf88f261853fe08d58e2e903220da14
SHA1 f72807a9e081906654ae196605e681d5938a2e6c
SHA256 cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844
SHA512 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 0ff56a4620c3221ff64ec61a3a0d3033
SHA1 3a45320be12b585dcdc5ab2af5ea1455b2c919a1
SHA256 0b0a65accca705494739d03b6c2ea769c78cd0eee996bc95b0c6ebc0941f4b1a
SHA512 962a340efeb6d18c85e5872997eebb83374e114be088689690ba438f0db8e2e4df6c24713a35cfaec518f58d5322cf9617638ea55ff279a9d161c4fdf9af74f6

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 0e033158de3bd134b8bbca7b709ba0ee
SHA1 67f65eb34c95e4d960761a5cbed52780db33d29d
SHA256 240d5234b56f7c2fd33f25bca181efb28f42dc706e1f2c42adfe69a6c1c2d89c
SHA512 9282f9b076dad455aff3c6bfd694f5c2de243958c49888e084520283b76300f64b805e4927130c61ae47b123080c4561d3636d5b79f54c5604296b0e0cabb64f

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 1dbd62d9ebaf6a5b1910e1fff9a93af8
SHA1 2f21121d421b961be2c2b3cdf655f8f3793f9b37
SHA256 db978bdd1c77cc3bfe96dd3c8cffcbaeda882d499a72bd633d00c38ea4869eac
SHA512 e392a2d64f163f03ba279da3ef604c44b8acd85dd90a15b1017a5f5d001c44950e9ecb259df1bf2c1afc860e53aac2cee16012ff1f595d4411940349a700a56e

C:\Users\Stand.AD8imn\Saved Games\desktop.ini

MD5 dfb9f6037a6bc86b5aa6f224854a0cd2
SHA1 499f866cccbb413ffd5b18f380d00c0529797f22
SHA256 58047327df3fbbec7e816bd18057b9d0317f682c384eabb7e9a9d3e634502260
SHA512 ea0dd50925937d1aecaa0a43b7d9d508e3bf1bba1fc4cc8645e3244aedae77fa50499655e6dfd72cad5d2c14d1fee47c35ccbf2df19c11a7466664989cbafa6d

C:\Users\Stand.AD8imn\Links\desktop.ini

MD5 98470d9bd7fba55a0c303065f9c4f9be
SHA1 5303b190e29ba48332f7c90a832ef08af5a1953d
SHA256 3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72
SHA512 134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c

C:\Users\Stand.AD8imn\Links\desktop.ini

MD5 92adc8410cd8cb1d0481e2adbb62c7dd
SHA1 bac1444ebe0bac748966f3bee84ee11e151a4810
SHA256 4a3d7ccddac5c1b437fb687e90589015b9b9ae7708ea35eed9917d1190f65694
SHA512 d7c3a5df50b28e336ff24f828cdf225554d199d3c2a857e2a7baa1f2bc1fee21944733edee52bd665ebaee999f5668d03497e9bfe88d58d380b74e6046ec5d62

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 453249f95d75eb5e450eb91fa755e1c8
SHA1 3e200e187e8cd21d3d1976ea0f7356626254de18
SHA256 01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a
SHA512 6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c

C:\Users\STAND~1.AD8\AppData\Local\Temp\RGIF058.tmp

MD5 3006752a2bcfeda0f75d551ea656b2ef
SHA1 b7198fc772be6d6261ed4e76aca3998e8f7a7bdb
SHA256 dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a
SHA512 3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854

C:\Users\STAND~1.AD8\AppData\Local\Temp\RGIF166.tmp

MD5 a828b8c496779bdb61fce06ba0d57c39
SHA1 2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda
SHA256 c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d
SHA512 effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

C:\Users\Stand.AD8imn\Favorites\Links\Web Slice Gallery.url

MD5 873c8643cbbfb8ff63731bc25ac9b18c
SHA1 043cbc1b31b9988d8041c3d01f71ce3393911f69
SHA256 c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466
SHA512 356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943

C:\Users\STAND~1.AD8\AppData\Local\Temp\wwwF474.tmp

MD5 ad93eaac4ac4a095f8828f14790c1f8c
SHA1 f84f24c4ca9d04485a0005770e3ef1ca30eede55
SHA256 729111c923821a7ad0bb23d1a1dea03edbf503cd8b732e2d7eb36cf88eaa0cac
SHA512 f561b98836233849c016227a3366fcf8449db662f21aecd4bd45eb988f6316212685ce7ce6e0461fb2604f664ed03a7847a237800d3cdca8ba23a41a49f68769

C:\Users\STAND~1.AD8\AppData\Local\Temp\wwwF473.tmp

MD5 c2858b664c882dcce6042c40041f6108
SHA1 52eeaa0c7b9d17a8f56217f2ac912ba8fdc5041a
SHA256 b4a6fb97b5e3f87bcd9fae49a9174e3f5b230a37767d7a70bf33d151702eff91
SHA512 51522e67f426ba96495be5e7f8346e6bb32233a59810df2a3712ecd754a2b5d54d0049c8ea374bd4d20629500c3f68f40e4845f6bb236d6cca7d00da589b2260

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

MD5 da288dceaafd7c97f1b09c594eac7868
SHA1 b433a6157cc21fc3258495928cd0ef4b487f99d3
SHA256 6ea9f8468c76aa511a5b3cfc36fb212b86e7abd377f147042d2f25572bf206a2
SHA512 9af8cb65ed6a46d4b3d673cea40809719772a7aaf4a165598dc850cd65afb6b156af1948aab80487404bb502a34bc2cce15c502c6526df2427756e2338626062

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

MD5 a130188a10172945af780c73e3040182
SHA1 8f83c67d325cad56a9b3f5d5e30488a3fb8c07a0
SHA256 f2e40edf4bf31387a6b35838813cc72ed72ff20f54b7c90b605d4ab06056f3f0
SHA512 0e83e043c625f8483434e8e6b331963291f512bb6f68ae71a445974765931a2da555b9b96056b360afd79cab34b1d51e34b8525c8d8dcffa4f868a19545456fa

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.chk

MD5 542f1d7161b529967a42632b9091c03d
SHA1 4e9f6251c5f1168c5789eeecc22e9ce80499fb33
SHA256 19bee46ee2b30f7cba9d70766fadb8bad63e69d971ecfbf678db192807acb803
SHA512 a727cedeb65e87995b5a690cbd0df1bc47fe0be07ac060eabc03de3f8f8d20d47ff4cace0ae94343f27e6602d08d6947b084fe6dacc143292f1e545164b0fa20

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 885806bcccee03a7a0193389120c431e
SHA1 5c9509cd7a92f83fb2cf1685d3ce599c7b0ce8c0
SHA256 4cd42b33c175a770403fa2e317fce129f176f58b02a86b30cce7a992e4f12e66
SHA512 53cc0c833b7f1bcbfa4decd3730a09b98c0935ac60fe197d2d02d98011f25f80ebb1cc9cf0fcad42b359193399847c32c2dc6856e3c4e127215fdc864d60f9d9

memory/2232-784-0x0000000002220000-0x0000000002222000-memory.dmp

memory/2232-787-0x00000000024F0000-0x00000000024F1000-memory.dmp

memory/2232-794-0x00000000021B0000-0x00000000021B2000-memory.dmp

memory/2232-796-0x0000000002030000-0x0000000002031000-memory.dmp

C:\Users\STAND~1.AD8\AppData\Local\Temp\wmsetup.log

MD5 dd96ceef2d27f5b36a10cd8e80afdc3e
SHA1 0ee8087714669419e435911f3ce688c50358d4e1
SHA256 3b2b98d1028297ec498d1cf7b0c38e759b996b76a2ab3eafbf47cea5fff95712
SHA512 3429410c6268b78d77cc20f27c1fb58cba694ce20f8738cb709fb14d5e4dc2167fd5c8015ef64e9bce013ea45342de29ec08521447cc435ed8de8558e2a4d3a5

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb

MD5 e35b278cc62d7ef0fe9cd521a7bdb50c
SHA1 4a3df9a02558307ace8ca13eee8cde55d084b097
SHA256 9fa24e81c8585d81db693eb7feddd85e63005ffce1794baa54943a58c80e4bcf
SHA512 28254806d3a591e4fd1278ff9c5551bacdd740860cdfdd0be04dc0b319ca655b4fe1fe8ff102711bcf386ec164c314ee8a648debb8f28cb47907ef8f3a5e6a63

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

MD5 ca90d62fc0b7221d2712c6709eb79b5e
SHA1 a36272268e643feb2ac0b42138e6d730b569c9fb
SHA256 a6707c15f9e5c388b42eaa94048fe86abc73c394f121b80e7cde5a37aa1297c5
SHA512 ca73bd1368ea3280910f93b3f3ad94e5c58e96dbbf5b79388df8999ef79adef3cd93a824cc9d26d586b4c1c2e2411013837f12331b16e0dd6257b64d2aab390d

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

MD5 e6768fafd2d9443dc8e7a87440a1ed61
SHA1 d52b02c327911c5febf4f5e3ae2e7b313f29b264
SHA256 994903ced9d6d471393ca1b03d564d4c4efa93657d61e4f1e26c27a7f132aade
SHA512 5924976bb1a6dea4cea7e75f02407c107cca7e71729058a034dedb965230103473a28f0785b0110689586ec0519b63523a0fbb1263162ac7272ea4d533b4e7ad

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 46a4eca2a791d84afecfd9f129a567df
SHA1 004f2926d9377cc23c5b68ce26907435b8539643
SHA256 06b6d34db7e9ebecc07e0b53fedb2a9bc2d4563b1d2037b7630fbc002942baf7
SHA512 dbeecf882210add0dd4ac57f75ccdf6a9604c3308e92f70747313f89a7f9c590f4e1cdd507e53ee37e0a1b7e437320dc6ec1299d406ef34ddd67dfd900fddd98

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 e4e50dfa455b2cbe356dffdf7aa1fcaf
SHA1 c58be9d954b5e2dd0e5efa23a0a3d95ab8119205
SHA256 9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927
SHA512 bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

MD5 e5949745a2e4a5b8c85d0cd17984da70
SHA1 84f83cd8f164d133f183c0ab0923aed3f02be8ad
SHA256 1ed4737feae715a268a353c62e7a1db49dfe52f1505162e7519fcef1c2c7451c
SHA512 a8b64d6ba3b5bc58ed258fbdc260b0ad8d1aadb8aa9d7d8627b7d007e881dc65b4671df9ff70bcd0f2a70e23737747028eeb58135354e4753d6c459c52e4aadc

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 f8d71466936113f41c023c7c3408842a
SHA1 e04b617d0e6eec4f11bf0c6016243d5f33bc5e7c
SHA256 56aedf3963cd67d243dc500ae85d0ee81dc7c9399831cb937ae4420af25e612e
SHA512 d39a3101cbaeaf85cd2a7ede76cd154d3f4454510dda7cd7ad47bbb87876f5ebcbfb511a9640f6b3ef1f04854a2d7a89eabc9e8f56de798844f7e306ef2c1c82

C:\Users\Stand.AD8imn\Contacts\desktop.ini

MD5 449f2e76e519890a212814d96ce67d64
SHA1 a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd
SHA256 48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7
SHA512 c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738

C:\Users\Stand.AD8imn\Music\desktop.ini

MD5 06e8f7e6ddd666dbd323f7d9210f91ae
SHA1 883ae527ee83ed9346cd82c33dfc0eb97298dc14
SHA256 8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68
SHA512 f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 2a2a49f7170ac60dfdfc928cfb368529
SHA1 0ee24dcb80a21b28afb40fcde3d04949421cecf5
SHA256 2e8a9ec95107b4d32fad2b50166bd8c0cce9a144eaeae27fdd585d54b1e39f91
SHA512 df387e1d950c730ebe7c1c631aaac14aaf39f4b0888c83dcea3dba97d2bf24270e5e2f00b44930828d21b52bd9ebb75caecdd584a63b453bebc5e17a973b4705

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

MD5 f107d0270e21a2fe91099fdc15918d44
SHA1 dabc2f24f4a4e90053743166e5c4175dcf2b2d2d
SHA256 eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8
SHA512 b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c

C:\Users\Stand.AD8imn\Searches\desktop.ini

MD5 089d48a11bff0df720f1079f5dc58a83
SHA1 88f1c647378b5b22ebadb465dc80fcfd9e7b97c9
SHA256 a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17
SHA512 f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8

C:\Users\Stand.AD8imn\Downloads\desktop.ini

MD5 3a37312509712d4e12d27240137ff377
SHA1 30ced927e23b584725cf16351394175a6d2a9577
SHA256 b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
SHA512 dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

C:\Users\Stand.AD8imn\Links\RecentPlaces.lnk

MD5 0025c3a7d7c4e90e58332958b00d83c4
SHA1 01dd4fdb260f66923004acb5a874111a9d14da38
SHA256 36db348143da1b5c16b9074940e85761950ee30b533b7ca75924f2f4ef6b253b
SHA512 b5631c94bad794541d16f2fa3a02018f4b34b680b63a9f3b6a3da4329216567a7ba9ceb8d4bd18165b0e55142f42e039f160ec675c0946237c276de1a6e642c4

C:\Users\Stand.AD8imn\Searches\Everywhere.search-ms

MD5 0fa26b6c98419b5e7c00efffb5835612
SHA1 d904d6683a548b03950d94da33cdfccbb55a9bc7
SHA256 4094d158e3b0581ba433a46d0dce62f99d8c0fd1b50bb4d0517ddc0a4a1fde24
SHA512 b80a6f2382f99ca75f3545375e30353ed4ccd93f1185f6a15dbe03d47056dad3feea652e09440774872f5cba5ef0db9c023c45e44a839827a4b40e60df9fd042

C:\Users\Stand.AD8imn\Searches\Indexed Locations.search-ms

MD5 b6acbeb59959aa5412a7565423ea7bab
SHA1 4905f02dbef69c830b807a32e9a4b6206bd01dc6
SHA256 99653a38c445ae1d4c373ee672339fd47fd098e0d0ada5f0be70e3b2bf711d38
SHA512 0058aa67ae9060cb708e34cb2e12cea851505694e328fd0aa6deba99f205afaffdf86af8119c65ada5a3c9b1f8b94923baa6454c2d5ab46a21257d145f9a8162

C:\Users\Stand.AD8imn\Saved Games\desktop.ini

MD5 b441cf59b5a64f74ac3bed45be9fadfc
SHA1 3da72a52e451a26ca9a35611fa8716044a7c0bbc
SHA256 e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311
SHA512 fdc26609a674d36f5307fa3f1c212da1f87a5c4cd463d861ce1bd2e614533f07d943510abed0c2edeb07a55f1dccff37db7e1f5456705372d5da8e12d83f0bb3

C:\Users\Stand.AD8imn\Links\desktop.ini

MD5 de8858093993987d123060097a2bad66
SHA1 0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5
SHA256 4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec
SHA512 fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 8866b2dc43a4890f0fad2c39299a087b
SHA1 7aa2233ea5aaaa73fd59f01dc8c1ec44db0c06ff
SHA256 a02d8f96a741d7ca652261be954e8ac5a8a7449a1ca3a4540a53926f8972d0c3
SHA512 3dd85303eb1e88da49a8291865c629e05c27a5b059079e8589e30112c73de8e8a3311e9d4373acf50fc209798a480cbbd54ae14e08f5418bd7252c7a88ca47f8

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 e75d6936d08db26f19930c9ea947bc37
SHA1 a60246a2a6ceff60238278fd8ad2a255f955513e
SHA256 c00a97a203bc186745d804ae70b1af61fc0b96ccee01a73f21ba38b6230ed1f4
SHA512 12843f25c461b499e9fd386439aabdb6706dbf61879fc753506f220390bc73b59f4d90bb84ec656d772cb408d47e53e5c4e69202ff2bdbe21de6bdb325fe5545

C:\Users\STAND~1.AD8\AppData\Local\Temp\chrome_installer.log

MD5 9759cfe8e13a29b2fab0b9456deb7c59
SHA1 238d6e6d2f53698be9f96a668720300fe8749cca
SHA256 dfcec99b44afae44c001582d41e6d6cd7ee11eda8935deea9ed3bf8df2b4d918
SHA512 1f62e4b3f0b7d9b9f4f3a70bc9885a6847f2c6281987b432c6790e61a5cec56f312f35b4760f09d62bfb1c1fb84db3182a5b828915228ce758943abb1739197a

C:\Windows\TEMP\Crashpad\settings.dat

MD5 2c0677db8ed1d55a71627f9f2152a106
SHA1 05f464c9dce4cfc6e8c08ce1c4a1617830b61581
SHA256 4390d6b043d1978e5182caefbc0fa7c5a3e2139c16cb793260dd9f2e4cd02b95
SHA512 9449b1bdcaef809e06a66e8b4a86f9ab424fc160eb201aafb0232dc2d8d2d64d3679f617f480f82445b21f660b3922d8af95bc218a3d2da02743dec9c1164869

C:\Program Files\Google\Chrome\Application\SetupMetrics\8388416a-d746-435e-a28d-931cdbabef31.tmp

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini

MD5 3a33faac6513738fd86f43dff8989882
SHA1 afd4390e6b63c40e55ca08d27661a23d657b01a2
SHA256 21a4315cbae2b0e8db633e86c344171da86f115bcbbb745680ff6f577668c910
SHA512 8d7a47cba6b4d0da36151221c373625b67e44354b7cde41b5c3657e73a843b22a0a5b0bf92a4cbc32eac70b8292d674821085acf92bb58b94ea4542458c94b57

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

MD5 f07e949580702976dfc9157b47f9aa94
SHA1 a59847ca4fa92d6a655e20d771c901333627959d
SHA256 1c5d4a316975c5fb8c1897b89d4b487e9cdf57ec78019980d5d138c993362dfa
SHA512 c60a25a9ad0a779ee52198259697e2f42496524315a7df819280b590974e0f34da7abb9b352f3189eb6fe1b6cfda607fbab4e1de68c3237df2d20a53216fffdc

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 1c61dc21f9b83172d65be1e94b79026f
SHA1 7324473ddda64b87c299bf6e3b9e9aff53f7fd74
SHA256 8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b
SHA512 9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk

MD5 47b2e1c4ddd5fa161f4e7314222d7a29
SHA1 f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4
SHA256 20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772
SHA512 07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 e5a8eb64419f6d85a1b7aed2152616c2
SHA1 f5d94f8953bb235e35fccec0ea4f14ba69443081
SHA256 5266b08d0c1bf229ec5eafdb6dae2a4849b6b394694d34033453cf8a379725a7
SHA512 7c304bc842c81d3b5cff745d34b038a2a867063c65e502f4155439ba0642e8b0643f9b7254f74e85d5b150c134836b9e398a0dcb192550d97dfd431c3d93f1f6

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

MD5 e0fd7e6b4853592ac9ac73df9d83783f
SHA1 2834e77dfa1269ddad948b87d88887e84179594a
SHA256 feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122
SHA512 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

C:\Users\Stand.AD8imn\Favorites\Links for United States\desktop.ini

MD5 87a61a68c2db9b094112d4f4290fb795
SHA1 1b5e6ec32415d010e5311caea31df96b0294fb65
SHA256 e25a84c6e593a5bd6592eca920fbc126d3e96c8d80f2bb0b17a36e40ed42c1db
SHA512 148411b6bd6133b17c3d192594338180846df638b9fd6bef7ddeb13c3858b3eab91940102349f2827ec69111adf7e506f4340b395928672180715798b4238919

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

MD5 155c21b99db3eeaaff736021f18f844f
SHA1 a60759f48e144b4faaecf3f0119877622b8d6853
SHA256 8011a613780bf3a4fe17b54929898bff4a1d448492cdefc13255b43a44eebb2f
SHA512 1aaf4bc3de091698e526ce26a1cdf611b49e921e6dc1b510c19457f32051b008f9582afc1030da06a364e883540df58827ff034291372989cb203a8d88ac24ca

memory/2640-1244-0x0000000005A80000-0x0000000005A90000-memory.dmp

C:\Users\STAND~1.AD8\AppData\Local\Temp\Stand.bmp

MD5 04a78f9f8b915c7149502a4abfec6b9d
SHA1 9374fe8327482c8389232081c9566dccebe3061f
SHA256 9355309156e6d6f3b8678c2e4f1b3fcf2dc43feb7de40ed417589e44bd783b4c
SHA512 6954fcabe1b3bbf4ad96760a127a92a8ad3ccb0efe0d286183e272a816d7fb1f27a27c5dbecda510474c99320bc4debf1a91bc60249e69ebc61745b06177d61f

C:\Users\STAND~1.AD8\AppData\Local\Temp\Guest.bmp

MD5 b0de08b6aada24cdd3458113d175f1a7
SHA1 225797b52f320b3efb2643c55fe55ab3a5618ae9
SHA256 40015814487b93a8372f33284d45586739a4a1e9d2b7961ab8c6d4d9561d10cb
SHA512 fd59488e0223f49d66bb3ca7a70e74b7ca2052769f78790aee0682e0306f6e9421d28ab9a34487bd8934571cccb6798c98040b25934dfe1f0a13c7ca490ecbe2

C:\Users\STAND~1.AD8\AppData\Local\Temp\Pre.bmp

MD5 42eeed7bcd378c9e99452016e6785155
SHA1 6a08f39ad64f4b35347deecb28bd54db0af49b88
SHA256 45d6d1332a5a413ec92664df20dc17d3dfe2f9e1975b9942c8f1a648b3f0581d
SHA512 f6689c5ec289b482ef6f3f8baf480c80cc237753d8e4ecaaa405e13322c7c7e5222274b5de342728b8c3dcfbf2b2b624bf3b734b8eb009e5213d2dfc53a5ca64

C:\Users\STAND~1.AD8\AppData\Local\Temp\Administrator.bmp

MD5 343fa15c150a516b20cc9f787cfd530e
SHA1 369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256 d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA512 7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms

MD5 29448277add7648ce4d4bd5211424ba1
SHA1 67905416cea58c1dcf7a64daedf120358d2b8ec5
SHA256 d5eb3cef58d1e7e1c5eadde64dad5e13344bb339f1d7e0fc43f9bf29241e70ea
SHA512 7ac0d1e4c14cb484c8cea8cd04777fd2f7bf4b51220769331633dc79bd38644f1fb2abd1750455239fc857d3d5cb64bfd80d2377468f89e46315d92063ac9dba

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 34a11a6e7becc407b452dba57b7ff258
SHA1 4a1c7e9a79ac357778d9c7d7c19feefc3a736605
SHA256 4c32c2a35310013bc4d8f7125781fefeb86966beb06afa7d48f74d30f45eff9e
SHA512 0db31c84d6eb061f40bf5721a06659c8dcf693430abe467be0f4abbc46a770246e2c011bc880c3d8deb4f97bb7b4a2af0085fd208f35c896a099d628cdedf308

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Center.lnk

MD5 1c60a0683d76441007268d283982ac76
SHA1 98cdfb02624f982aea06c7a4e30ce9f0d48579eb
SHA256 827c70850763c9f50cea4b5307ec0e8f929acc336f5ae210afee6217cb7ab6ea
SHA512 406384a96988ae4d4458a60b7e029e587aa1de9c1671077df14779b238992e6d09c693bab871576a3e86f01429f2cf988bb90d14f8229b79d788881e7b7ae1fa

memory/2220-1768-0x000000001E130000-0x000000001E738000-memory.dmp

memory/2220-1769-0x000000001E740000-0x000000001E8C4000-memory.dmp

memory/2220-1770-0x000000001EFA0000-0x000000001F03E000-memory.dmp

memory/2220-1771-0x000000001F040000-0x000000001F0F8000-memory.dmp

C:\Users\Public\Desktop\Firefox.lnk

MD5 1d1f6758c25efb8475471b422b633c93
SHA1 b468a84c3141f9b4e7ec25339cb6c0a600f1e195
SHA256 1382e91d2509517af8e407d44cc88fda41e2898eba72e183b04ac7a0627e09b2
SHA512 fb7a74b001741cfc6e9c187f9deabb0243a8d5e0e3bd1287ba887889001489a06a73fffb290697bd0e228df7330f041aa6b7f700d90e606aab0d56951ade6e18

C:\Users\Stand.AD8imn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 d5d527cf87044d5616a47f66e7f2d235
SHA1 5a320cbc8d99513ef20404ada59e596c5e1c471f
SHA256 a38b037020a93e62c3e0d1091c2c30e59b13acf93c8b3a73b9768072d2281fe8
SHA512 76ee214b3f17b5251e2f9d5a41ee387e31e61bf13723a83fe296c60acc10c2f53d882ab4df0cff044834a5ac5228bf329beeaa0355e3f14a4db1f78141a9208c

memory/400-1826-0x00000000022A0000-0x0000000002300000-memory.dmp

memory/2220-1910-0x000000001FEA0000-0x000000001FED7000-memory.dmp

memory/2220-1912-0x000000001D1B0000-0x000000001D1BA000-memory.dmp

memory/2220-1911-0x000000001D1B0000-0x000000001D1BA000-memory.dmp

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\1154d974-ae79-4000-9c00-a7a84be1914f.tmp

MD5 ef36a84ad2bc23f79d171c604b56de29
SHA1 38d6569cd30d096140e752db5d98d53cf304a8fc
SHA256 e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512 dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\bea5f475-3abf-4233-9a55-19104c1c2a75.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I26LJTF.log

MD5 5b11be88d4dce6a268358b655e136d98
SHA1 aeba3892ec99d57e9cf4bc9dcdbb1795acc553cb
SHA256 fa8de29f149256af9ba4dc29c403d57c32dea1cd425e352c65b1acaff32e19b4
SHA512 721f0547cc261a036195320560d9e0ee91c521f294286e846d7fdb18976b910225ce53c2a3a8efdf18cf5041c45e8188c5bf7b41745c6e4e77cdebc335b9fa3f

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I54P9GW.log

MD5 7b3ce71ae2938935a0c5d06891b5f77e
SHA1 a98c5ff183a9f39f78a227b7b589577be2764618
SHA256 47ec413216b212d5d13972905105d97784a47a5b26e473d883fafb8c81be7a1e
SHA512 be107be2cba785c8093c62464c72b70496f76435e5fb8deb2f7eaa8b35e7cf54471e78859495c1d83d55ecbe14735e31e41c05ad731dd17f7c2ea242c1591d03

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IBV3A2H.log

MD5 60e6f079df71209cd91d63d1bb2302c4
SHA1 c1819850d927fb5f6587dc8620c5096dd3c80446
SHA256 a5dcb3c5328995523254f20f0cf3184261b642f342593ae05b5a15813863dd2c
SHA512 d3a063935fe91395d8250cc1e6b6a551bb0e1acc7e19b187a09dbc81469494aad337f9bda7d5ac688c35871d7f7916569a4049eb5fbc8e7ecf847137efb5e352

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I4898NY.html

MD5 89ed7c8882cf92fe631c3d742bea1e4f
SHA1 5e468623c01002ece7ccecd3ab9c3f52d863f0f9
SHA256 4d6b49a6f20d305eb851b1d73815ec79d15da8bfa91d1b00ad6d329bd2bc67bf
SHA512 4eac060f87869b8921a7ea9ab50ab67794bab28ddc1bcc13f38ea4a3510bfcc54dfdc964a0fad07af8dc0cddfa85e90b5db2daf32a0ada329b64de464fb297d9

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$I2CHOVS.log

MD5 573a7a49494597a99e9b69598053431c
SHA1 478008db90692115fc21aefaf8f125bd95170d4d
SHA256 e842cdf81ff7165cb1e6a64fd600f0bf2420325414599e57c319be0183c3925f
SHA512 ec1d06a691f12de5ccbe66c6cd63373ebe6a4dd20bd0946ab790da846d4b47b6457ae58a49c4f92a48be1860306014671698cc00d84142a8c9882ed55d79cf6b

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IDPUB1R.log

MD5 75ebf20b5f377e35221626a798c3f321
SHA1 dd6e7e6f9a7f68d80549a148f63c0eee44ce254d
SHA256 660467357d7252206c9bbf087ee0f81b276d5dc44ec26684f5b5680c42908391
SHA512 742c598704f19742315a83eb8c476c391c8c323bb6958b10930b4bafdc045c44eac00de8fa6877db31fcfc0f5014adc0491b1fca59745d3fe1de89b7fe1d492a

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IDSYEI1.log

MD5 99bb2a637afb5eaecf9a56aba7b206db
SHA1 5d613e63a970cf80baf09d3c4131d5a1b2c87f3e
SHA256 583181604e068d6c204356ec489c21a766f811be26c4f1020c941e07feff86ca
SHA512 47f4ff87ad3c7f78a438d5718e753094388f483fe2dc498d58b3c1eca8600edb882430f34a03dda9a41b5dbbf676e897a9a8c1c3229ed6aebbf6b5d55a4a1826

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IHCWHL0.txt

MD5 fd37f2936fd8e824a8be5d38dea64f58
SHA1 3aa4221cb249817a5894be896b23e573507d4a1d
SHA256 411e8d50f2d7022c9a9e8c32dd20c0d4ad6b7be5fb80851dadf6f77e98b97474
SHA512 16893ac002d3d9066dcc103659b29627e297dd3c95cd070a6930500d2f0314cdd3726fcf2ffaeb68177024fa626e481ad1b97c2a5dc8d8df4739d53a521b20fc

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IN3YMEI.log

MD5 3f75218d2cb96f5bda64a87d5caa5fbb
SHA1 8a7cad5b22244acdadfbec3540624df7df6ddaa5
SHA256 9a7f264f8f9f4ca01e4375de9abac2770b5b5230153398c643dc298346a9e1f5
SHA512 a2845803c4f0641442076f3432363d761c7527524d4004ef94be07a8f6e270c5adb9e454df725fb88c1c2007557ec0590df707db96da44901b0ddff1d3a19444

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$ISJJYIH.log

MD5 e63d8a2f0a8ecac69aa69e61a1d1acbb
SHA1 b3e03b2d2a63e902f773ebae9626e25b4c44a957
SHA256 4101eac8075b207ee61941e2c687fa6dd7974ebaf5a6a8758c4ce9d40c0e13a2
SHA512 30c70f76f15ef7e208535f7ed0559c314a523b3f797d3fcf372c8fadb39ea54e2084919051931b16bc3bf439d7a7214b78393d33d66f0aaeb7d7761530a8c12b

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$ISOGB7R.log

MD5 debbba1545db130581480b49db7bd388
SHA1 c9f1dd82cbba955537d7b2f3fcfa15c287526e9d
SHA256 ccd5dcaab8f1e74fe0ec5cf5f466a3e703b1233ea81373593b8286e68540a00a
SHA512 364972a15430b49d60342a28d88078ca729dc89f29c2dd07b92bead00a777aa76fd1eada6d9b51f7cd446b56c959870c2efa4e60002ce5cb282c6a01bf4c7e1a

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IT6N220.log

MD5 3bd659a95cb140aa1ea5d39b11971214
SHA1 59875831ce8cf8b29b5e9a3bd5c90bd37edca0d3
SHA256 af837bb370e6846f4350318e754e4c48ef4f0927b00d4beb6e5bed8a8e1cb475
SHA512 6ee33a6356dc8304f6415a1c77bb192cd8de352abf2e22667a6286748e34812d2e003e107ae96fb87109b7420184967ef139c4bb262e2e1436052adac88252ea

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IVUY7Z7.html

MD5 71f0ee0f1d918fde32b36b9342b9fd14
SHA1 f04973f57408005bd745d2584493579e56b0c6f2
SHA256 fe0abc568018307ade6633a5158ce90ff80b46cf4571af78883412c542411ac3
SHA512 131f2646c41a236b8b44e541533dd15a2a56b0e226f72b44626e4df6990ef3675cb8a3c8047f810e34438239d3f02c4be882970fd8e5a864fcdbfc0863003b33

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IZMBDMC.txt

MD5 807c70d901a5f2084e69c5e8db42655a
SHA1 bcf2faf248d0c291e7d94c1e23bb96ea7acff27b
SHA256 708eee20299b419a16bd01c4bfdc90c792ab5e831a0f6e045c77afacf28cb4a0
SHA512 8adce8b8091ac8a6160962421e80456c57f330b8ff7ab2d012222a5c44e16a5be3e6987fca05edf778d3bc87beb35302506b2ab26c617aaee423ee11aa769571

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IZ321SH.log

MD5 eab637437c9b884fbfa06d21051fd648
SHA1 18971133db7965cdb9595ccb9a3b94f27df1f490
SHA256 ec833e7b798939edf4d66474554cd38cbc808e3515e82362650d040bb66b9bc5
SHA512 aea11da740f18951c6fecc13401e14f6998c541a90e450bc344d776857f7669cb8c87fc9bf94d7df993d66fba644f25e75e948305865eef267fa1bbd4ef7521f

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1001\$IW1QSDN.log

MD5 cf5eca72bfb9c9dee762125adf618062
SHA1 a2e330176ce0a46caafc17358300a49640d31a9b
SHA256 b49c4dcfd4fdb818be1adf172b6c53cdb012659d01bd0fadc24b916e81e6c9e8
SHA512 9fc6a5b81600d46cfd54218e2eed5a2a71d6e2257f7d5dcbc0afe11a61fa22ee51cf9567c3ee5e101be4c652485dad28ebc96f66aca99777adaae9de60ddaf1e

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a99eaaef45af6554840e5835c5ff0c5
SHA1 038056db9b1de75b5b62d18b70988df796473f6d
SHA256 62057226781c609df5552a0dfa4fe1ff64e9481d1dcabb3a5d10f75acadb6d44
SHA512 12819f13393d6ff25c914472239663f7eefc7266f3cf218007a68432e31fac813dd22b806a3da055635a9b3780c5422f6c2fbb53d1bd41050ee32ca9ceead665

C:\Users\Stand.AD8imn\Links\Recycle Bin.lnk

MD5 e91e2e19d333d2869ecd4e84dadce0b1
SHA1 4cc8f4571869f83e2c0ebfac3dd17f0c51654bd6
SHA256 1bae20e282456a5df55249f23d3c89430ed079c5e0f25d16976128f303db9e61
SHA512 b540108474cd92140d824e7aedc50b24fc30bcd9d5a87ac9c5f6af11b1079d518006c1942a156da093f3e27481cb5182d60118c4e984f099a38cff68fbb59867

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9e7da8fb9d230455d982a3522eb4724
SHA1 fa12784840f2f4383e6dc85bea3e91bd63913dc2
SHA256 f17f60d7a4945503a0b9e195bb2769fac1f0874c98b840d76489038594f5a36d
SHA512 72af07be7e9d849b6be1659280db8c8eb1f2286c32452cafc5e9bf07e950643fe5cb5c6534d3626a49025bb60d6361729f930fc001d029cc378c02f20dff3cc8

C:\Users\STAND~1.AD8\AppData\Local\Temp\~DF587BC2F51F8B51AC.TMP

MD5 06faad94968f11733baeec5bd6b23d74
SHA1 9cca4624febae0f5636c2ca004fc8021187ba5b4
SHA256 dbc6dac83e56ed27c5fdb118230e51065bd5908e092d134dee49fe6a07bdd190
SHA512 7ec156302a6d6abf5daa694edaecbc5442b47a105382df23528db251499c9d052b77e90df59ceae58a7ee2a193b0fc92fcacab82ce9aca802a46d508f1d79363

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 decf319c4fa9bb526ac9a0c30af4db41
SHA1 cf129efa4179767d58dc95660bdbcc9555840729
SHA256 2c4e9ae541e8dfab90306b3f10885619dc4d473d28aeddd98e9117d0dc47b44d
SHA512 6bb431ef91e518933ff2e03731388cb19b887092a2fafebd97fefafde29f80a600137db5ed656d57ee56fde221e6089817ca6cce12a2017c39d66c5700809249

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 a61f29d8e8e7f3a23dbcb6ac1b55817d
SHA1 4dac5f76c2c1586008ee2a5cbb899cb88b5f5407
SHA256 4d0d04ec94e2094c4a4dc1e067fae2c11fd26c7856498602103520e00154b968
SHA512 7c9e7527cfc31c0af5a8bfb3f75bbc7f98ec3a20f32ea88217200526237f5de5b83f5c068afde04783be3029db967b345a142f2fae9a84f50fbb78728cf6cd32

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db

MD5 b623140136560adaf3786e262c01676f
SHA1 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d
SHA256 ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140
SHA512 68528a7eb0efd59bed8e77edbee80ec654ec3b8f58a82b1c8ce594dcd3aba07af28268aa83f161837f63ff4278068238aa294e0b5649a688db5a483314df6700

C:\Users\Stand.AD8imn\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

MD5 2034995f0bbaa16db835b462eb78152a
SHA1 ce19b1a236f95307067d4979f8dd96c70d69c18a
SHA256 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799
SHA512 3427f74d944eaaf5a3e1dd22dc566c718be58e4ceb53ba414c72bca974136cac2f1cd8d0a2a0377ce3918c3f83b2480fffbd9088be135fe0fe48c5a499fa6759

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbd5676e351865cbbc0438e92f8e9ce5
SHA1 ccf66bde5c88f9f2ff4f6066e92299a53539b3b3
SHA256 4f40294b2347c908c2d0662dd874006fa8a7c5cfe06c19ba9c00f1ad7304c3b4
SHA512 d35d34864ef8757f83408734c4a25cb7ce6c5822a78ba692a944cf65412432263a37af3fc162795a1bd162e551e43cf519c4eb0fea148a5313f87e920a3d2549

C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 745efd84b67d4bcfc0cc24c5fa06c239
SHA1 6c49140c3d7828414b182f3655606d078322bd51
SHA256 59d8d36394c57da4debb118948b31dce0affe3b9795c46bc41c58a9fada7f4a2
SHA512 863c93d64b86076c4445f0699c765c23b5f9bbff8dea4cd1c0dc174f31de1e45577080172f4e405c1de894253a6bf26d8681f291c9f4a4a39287fe39ceebede3

memory/3888-2854-0x0000000002280000-0x0000000002281000-memory.dmp

memory/3888-2856-0x0000000002280000-0x0000000002282000-memory.dmp

memory/3888-2859-0x0000000002280000-0x0000000002282000-memory.dmp

memory/3888-2869-0x0000000002660000-0x0000000002662000-memory.dmp

memory/3888-2921-0x0000000002640000-0x0000000002642000-memory.dmp

memory/3888-2931-0x0000000002640000-0x0000000002642000-memory.dmp

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\04_Music_played_in_the_last_month.wpl

MD5 f8d3a4cacf055f5ec5c62218ea50d290
SHA1 974474ce3fe345d8015863bd6ea7242ba118532b
SHA256 201f2170812cf8041964c4d3c5ef539d96adeba6a68b69ecaed0affe3ae8e25f
SHA512 ac32cbeb05fae672047705679043aecf9b56314baa09c2d3abb7eac655710d7cb2c967ea1772767e366bb502e8ad6de375302f51ca62a76d962ee539b45bfc21

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\03_Music_rated_at_4_or_5_stars.wpl

MD5 6d791b697af46d6777182af7f18c2955
SHA1 d73e8b5f4ee646c1c4ab6d23f3cb3394cb833ca8
SHA256 4825eb90140f6b2f4f7ed0df66b24e10ff5d0da70af53ea495fd30b3aa791870
SHA512 268cf327a9f471d547ad1dae47833cf6d722c08f9cbf5e7867a422282ce52dc320340ded93473a598903bfee9bf6a1a3393779468dbeb27d3390dbd59e6d20ba

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\02_Music_added_in_the_last_month.wpl

MD5 907bfc98ce854ae312127c952d8be0f2
SHA1 02defe8c5f9cc85742e45ba55e4fcfe326fd960c
SHA256 c475dc7423c2ad60f25adaac754cd8b68b57ff04f26ecef78f3e5961b986a324
SHA512 db4045f992bad6ad660769a22345c5e0d965ae521d6828d612b15f0163622c629992c313a41bc9e381f9b0f098117eef840d33100af4c6a3634eb0013a7fe1c7

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\01_Music_auto_rated_at_5_stars.wpl

MD5 3094088e14afdc15d7427b093b8b7b17
SHA1 ed10bf7cf3df61ba95f45dca39042473efe07197
SHA256 b2b5080d83a1853fbec424e6b179b784c57716600e1b58dd8b2c5fee0e098fe5
SHA512 50cc06540177f4d9c5ae4d458f16ad725410388fbb36109e09a47b08c5dd6fca1a764858c5259c5cb781f8962cfc81226d79c5877f5cddfc47b84dbdd5966f45

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\08_Video_rated_at_4_or_5_stars.wpl

MD5 a3787a42b81fce0e448976ad158edd93
SHA1 45ff275c0c32eab1f0b56e8b61e8ead18cfd1675
SHA256 94bc17ac59bde92fbca00fcc69aed68fcbfe2c1754dd45f4810765f5fdf774ff
SHA512 b36ca10f580ec9d455fb57149bce1897fe48fda6023b2fb55b6b4b80a91f1754311b91edd72c13103e0da9ed90b696c28d6904ea91984ade69ed50791f4065ae

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\07_TV_recorded_in_the_last_week.wpl

MD5 b9987b1f9df6d0afc01558b907e62a16
SHA1 ef202d5d6f90b37c71cb757f3babb0857ce54d86
SHA256 0892efdb8459d81d4c5e1085239734d9910b9c6a1debd7189cf385141f0b19d1
SHA512 6bc86075632c3e56ffe1d371f4178299e93e014f5c5c83dfdca2dc9efd1155633409c79ec87cfe2afd4374b83771ae56a3eb7fac00f83921b433cb49216037f9

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\06_Pictures_rated_4_or_5_stars.wpl

MD5 0a8a40ca87323dc16893194b00c7fe77
SHA1 b88a42a85053e0a7483e331b66ba5a40a6290e10
SHA256 9aa433bed2e090cc6904f1c24d5a7b5a1ed6d8f71a997e661b886c69383fd53e
SHA512 5932f09106d622054e6d624221d754ff471e3f37d9f585ed23db7f7327fe1e2f624b22a8f7f2827b607fdb9a30683b8f20c48a39cd35a57ad5cb78467af2c20e

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\05_Pictures_taken_in_the_last_month.wpl

MD5 821d2be672f05514127c117cef460c6e
SHA1 1c75f314e7658a3dcdcad315e301f2bae6d47b31
SHA256 3abdb6cbd88ad1557054ece3f10dd1a8494ed32f423b3cf8321b18decc489474
SHA512 146d6293173b80ffe3721ae6e61293cc1d838e8a72713be8b859ce33c69ef753408057be9ce15a78d573e253548ee674ca3fea77efa3d330ce8c8a50f8a8a988

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\12_All_Video.wpl

MD5 372d0beebea5460409a6a1c53ac52a18
SHA1 1b5a925e00f9a4cc3a18feb8f74a2e39ef11eeb6
SHA256 5b8b62b35e5dd8a46ccccaf3fc3743be9e0965d24cbcd20da2681065eeb37ef3
SHA512 efb412e3a17f4eab84fb9f99b9e420d18e23610a9a66bcd7298c3ba68fd24abe0c1f2e58faa411e059788d34f4cede45f9e25c6578d13faefb8ee79acd50f2e0

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\11_All_Pictures.wpl

MD5 74294ef495559ed32731f19096d70312
SHA1 fdc6cc849270016d2a382d7d0daabf44a4556cd9
SHA256 db34d82f2cd23e6e55a64e12d2a0a9c27ac2ded156483238f22a336ca6825110
SHA512 b068d903b83945f146abd4cf384da99af608643c62b647ea65db33c3b0e0face4727a74be3210a9c6469bbc403d1f5c59d92cbd57722737e992b0e4f5e66662a

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\10_All_Music.wpl

MD5 51aeed11707741118e0706c1259df22e
SHA1 6434e915b018c6d15898fe0a4d006bbe3e1edb60
SHA256 ec286113e5ad77ac34063589a137a6dc4b4cab8845cd9c5386519983fa3b48f0
SHA512 a674487f9cabe1fb2809cd98958dce696f7f066d3738bfb30317201ed804df3c72f2d24d6f9c0832cf446c8a965e21f3ea50aada1c69860a12340d6eca88e942

C:\Users\Pre.Standley\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0F83E7DF\09_Music_played_the_most.wpl

MD5 467e71aa2fd951eb0a1af3d6bb8378e8
SHA1 fb654c0b2663d4fa5fd0f1658097d936dd0429ed
SHA256 a54bc2cad63ced4fd9ff2a3a094a26e264e8a5ce8139193896d13236f494e2ee
SHA512 f9242a4925b910f4a114652967a6e2f49444a3f0d9f35402fef28cc8d39c58720930084112baf92eb6716af541fd76e3803ccc1e742cec07f1d4fb6abc13a42c

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 696bffbc8cd1ad6400f10220607837c6
SHA1 4f7aa526dcfe9b2931d58e3730d68aec56ba8c15
SHA256 5ccaea1aa0a029d4c535f919ff30467be23ffc8f4c20c213a29e1b7da74407a7
SHA512 7552a73d36c23f85df32dca367d9719dc699ce6823d55f03fa11e27ed1becc80b5e8842ca9e102cda1fcddc508149349f5ed939e7596ff04820a1139f0799363

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 83586e9e97aa4d4b59cf65ba760fd856
SHA1 3b7ec2aafa03a06b105eff377cc55a80e4f804d4
SHA256 27a94d523d82db7ecbd6d843f3172997ea6ac8d442e46e4a268d18c9c8144c08
SHA512 de4e19a8fdec56af0be69ee1034e490c5a35638f85fc9ad4f3629542e5a095f6d70e6e05670e14ddc92214517767a1ffcd58f94dd18e4abf9d9eafc86018789d

C:\Users\Pre.Standley\Searches\desktop.ini

MD5 8e11566270550c575d6d2c695c5a4b1f
SHA1 ae9645fad2107b5899f354c9144a4dfc33b66f9e
SHA256 1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704
SHA512 a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 aa4238553d2ed26c73021359686b1cb2
SHA1 e14f8be45c0fa3a445420d9865132c3fc5281fa1
SHA256 9f795de97f11345ba27e33a1d576a1f526f7d129e658257c11629bd7a5e23886
SHA512 c4bff8763338af4cae951a22a468ce0ab0c3a808d3717719a90f338997de839dde038b5c86af810a16dd94c71ab29b055564ab43b49d5a5b6c87a2aee8aeed78

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 9e6b2f975ec89de34f5b19ea5dc0d3dc
SHA1 9f8f6aca92cb7b1c16fbadf1322fbb4f055d027a
SHA256 c0d938044c54e36ab0d3455cff73639ff7ea5749e3f1ea7d58c9d77d84aeee09
SHA512 26b0815d9137d8deb0e0232e2c4003d390d2772224eca309ad462d345870f29aac297e332d2883ab5b0f57626de8eb13398200704d955d5f003bb9eef887e8cf

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

MD5 5547a64ee3681b1fca07111e73dcc51a
SHA1 0b16a54ccb7c0284df649594e006ca96e07ac296
SHA256 c6a3db953cc63f23aa5ff66de5fc6b483f6a1106cf1f77cbd73617b2c4340e0e
SHA512 21a6b9b2c578ea8d0bfb22c1b37b0dde47395ec958fa5c73eafeb8b865080db132e565c7e8ce2ab1d2e934f414e23b820f3ff3571a7d737453f3ace76d11cc25

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 4f92139cd322a396d7e0d25e5d151301
SHA1 67f94e2990106d9481e78ae08356d7a4ec1737d1
SHA256 f47afaacc544f681170b9d6ec201dd92d2a166966da9ea1274675b1a9d6c4b96
SHA512 cf135d6a55e5744b905d2ab65d7d021133c353161a431a1026055632f0988e5760c7f0b334d17f3dd3ef1d98320efd207c36db1948adc00d2fa6035a172498dd

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 e53ad243452bf96451697a9edba59d10
SHA1 f631e442362409247fce2acc12f1d6fce4abf294
SHA256 3c2164139c9fa4d5b6a209c3006789183f91b2ca0e998137aa65e100aab2e93e
SHA512 5a95baf9b2f922490eaaa2831985e1ad7e0481c0f16df84feccf5aad95aa222ce4334c55ded691d7314bdec94e24a2c7f1a234ddd214c4408c3be1335e1789cc

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 7e40f5e4b5efd5dda70bf756a98ac8d4
SHA1 838770370b9a7c2a44520e1496a52b03ce260629
SHA256 3a20029b5abed0cb1a6de9d1addbb2cb3ad5648fddcb5b4cb9e4a66dc3a90263
SHA512 240a1b362d6bf82d0e8cc5e4c9614e04e3526ce44a15e8215a48c5147152694090b132bce1aba728305afcc0284b8369caf12c908178e0399bd44ddced7396f2

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 9f4ca8113775c9f98333a0239bb7cfe1
SHA1 626691d19c8c42521d8b8b59aaf2cf22d6bf8f74
SHA256 e6e6f12cf10aaad9238756a4e61cc5591c9afea573533fc99a7f8e09723b53a2
SHA512 8ef5bdfc4c6d9cf46b146a516d723a8e3235a3fe734968a16be8b7d237a6bfdab19fab0e95f519b95a4e9bf6a6f3287211b5b2210e15e93763649bc4a8a46053

C:\Users\Pre.Standley\Links\desktop.ini

MD5 97c4b6a49508c908cb2fa8f9ac7b65da
SHA1 ee42026822a3b88cb3d3fc72fa9f2825c84935b1
SHA256 6c75a78a339ab546b553a0aaa90756da9dbbc2b14a7fa75ae5f13cc210bba7e7
SHA512 44af3c2f4c5cce0fc1458da56ca3f4016c26fd8160cff329c93e26657de88fb7087b08a0bf495e3d9badf1810d8f58639be2dddab17620fae5bcbc2e65739e06

C:\Users\Pre.Standley\Favorites\Links\desktop.ini

MD5 3c106f431417240da12fd827323b7724
SHA1 2345cc77576f666b812b55ea7420b8d2c4d2a0b5
SHA256 e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57
SHA512 c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Mail\edb.log

MD5 b910201e7aea5b086abbfc332909af31
SHA1 fdf001ca6a52051822adbcf014da83b3816c8034
SHA256 7ea97620e90ecd448a74f739c10c6058994eec486e30bbb8c3685a9305f9b6eb
SHA512 c2c9037f1fc01b0379f814fea5af97d9ff554d058c164fe63d972850a0a12f8ce80f079da28a544d5b1c07b227925102e6f69222ed78c48d310be551991d0dc1

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

MD5 3462727d7e81cce7a72e44ad99110109
SHA1 88d324247231ec97bff28ab6f88e1b03d0576436
SHA256 46efd7c9dabdd00d18280995f43c8ec07735a9929c232deef1aa784bdc6512e8
SHA512 d7f8e3fdf61f22112e6916236350b2fb4cd6d0b69c7d63db8ad7962495cccbfebab8426dce5c8044eb76295d44e0c9d8291129f16ee3832ecde9f4d08eb22c33

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

MD5 99c37f36c039087efe547adf00e10eb8
SHA1 7c1bfcd399038fac154e7caa45ab51dca2ac43fb
SHA256 b2310c993ed4206f0d98c469a06f6ff5f67ba7d2a6405f1179611126b97aad73
SHA512 82eef5daf28f96bb2dc45d9624e5c5e35acdd9013f4ad66935f286e414226e7b0f89d43263a1889a02f4035337484fdb620d473fd71a1ca04f071b5f0deecaca

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

MD5 3ea6f6ec92c2213e20321d55c71ad133
SHA1 e8396417d0c2bebb3ced3a3b0c2bf10cf9abc9e9
SHA256 3100a03da5172caf7605c0bb9c6651c8889f34b07da419dc2483f679ed9d2ad3
SHA512 fd715a5a3c8055fd1b25cc2f6b0995a808f344586bddac565f60de7530eeff91afdc454c73509aa43fc7af713c9dc096f3f6082e43cb8aefae7ff831987cdb5f

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

MD5 4c2f9b919cfd469b9ef0aaacb27ed171
SHA1 262b336b55a05416def415d566d6e74da033b494
SHA256 ecaa13a75ba23e710dc883bdb38e8bf099f5745cc31bd748bbffb3f3f6c5d9e8
SHA512 77ba305d5ef8c268ab3eed87d26218c1ed89239d8ac26ec3b33445e230c6e182af677409285faf3e86772761f68f1823ad2b845e56618659eaefd49a64471401

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

MD5 85559ce338e76533bcf451b82c00d3f0
SHA1 88fd791a6cab337b743cfff739ddebed5a8c9541
SHA256 6196d00887f31c026ac3ec78db93d9db6007ada3fa4ce8b5d55323147b80cccf
SHA512 0b4db1c595a1855b521ea777fef8eb3af0978226f176f43036a31dd4aad0ade09c47b6f9342c8a2ed2a664d03fc1527ba032873a317dd0974e9ffb963392740a

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

MD5 293d0749e077e1c5301aa0d29b298282
SHA1 e9cfd05e52151d805df5bbecad9b29499238cc88
SHA256 8948efa8ade41b396cbf43debba72a28467fd3a1221b61f16496920e28da0742
SHA512 c887dca722069b4de0adcd1739f77f02dd59ee794b9f412ddec6a75dfbffb4bdd7366a6c58def56ee2c6eedab633b8374672093ec4954d75bfc758b0d0e16e2a

C:\Users\Pre.Standley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 9a1b13fd914dd7054b83bc1760c99ab8
SHA1 340c37602b11cd3cb9ae681d09bfc4c81f733742
SHA256 7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3
SHA512 50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e

C:\Users\Pre.Standley\Favorites\Links for United States\desktop.ini

MD5 43732b12dc5e0c37046900fa2a1f0df8
SHA1 dcaaf6b16847f4ff66788aa1416c137e62361d0f
SHA256 e8e187d06caeb619b7a60d6fd4d1f4e9d70f5a232b02826ce3ebef56246f942b
SHA512 578126bec9b73a8d55da85f4f9fd8d91b21c1b25314c706cfbd5efee5a869e85514423f0d437709c9888dc98fdd9f9778444430419d3316113d2b13540a458ed

C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 2d969131bccec01149620521aab5d9d2
SHA1 ef8864ea141862fbae6eb25c0c62b34f5398c304
SHA256 63b9a95398fa607bdbd5187b15ffd20aa6fb3055cf6eb524cdbc9450ef5675cb
SHA512 edb7139066dba40bfb2f0aedb48d7103eb54de28e4a5c61a1e200a3430782f04eebd1ca26a693a616444782d5c1966fe40dacb3180900cc0c80a81b0a53c41d3

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec4f0005cec346322e4404c44f3573be
SHA1 850061f3d8c0e21b98ccec657c114b63c4fb8810
SHA256 59b0209af2ccbf27d4604fb7221310f5da7f4a53f0aee37c8f8e3271e4d0466b
SHA512 ca795e38e3ed0596b5028776003810442c646463b5f5105cf6f8ecbd7bb26826c56b20affa569102df415ec15040bee47334e01f21912cfb4191d2d7f9d1434c

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\656b78d7-ead3-4c04-8316-1a79af36e4d7.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 259e7ed5fb3c6c90533b963da5b2fc1b
SHA1 df90eabda434ca50828abb039b4f80b7f051ec77
SHA256 35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09
SHA512 9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\128.png

MD5 c6f3d94588346615faa141b70e4bce44
SHA1 ecce935bb311d64192fbb7910129db09ce12f468
SHA256 750673fc54ee0d9dda821205fafa3720a3561bcb483b9df809d6dc8746623c4d
SHA512 1d4c1c950949a9c3ff2e921c0316f71627e2357f7863756e5d6d5176c0c17de4ec710a430e7304e540610c25f84519dedd5c376def7d1dc3b5e2191afa51047d

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\96.png

MD5 307d23d2a906b85e8e38afeef14a0458
SHA1 5d139384052b0fc7e5aba4ebd02d83201cff427e
SHA256 ba3a848ab615dfa22460ae9aec5e1f10065741f98c263acae4de40a20bf109c1
SHA512 a4ee732edfd8111b13c0517ed08477f21563e4831fa9ea8eb49c1d3745cbb80bbfb17c2a257d1a55672548690bc881fe54867943233e1efaeef06557ada87d80

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\64.png

MD5 e1aacbd5738f07d59cb91506431d5878
SHA1 976b28b7e3ab8b13aaea8d36d9a0ee7e1e4f2993
SHA256 c743612af3eb143cd7bfdd48ec59ba6b7358a5622fd948f31a9b753fddc9da4a
SHA512 f9328bcfb38c84785541e2d17855f5260bb9f6d8a6999c0f8c5d15aebc15e653b1736b7093d1c51d17b3b4bbac764b67a90cb7a1c6ceb945d9098ef702f90131

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\48.png

MD5 f66423edd82a48b8b9af4a91806e2ac1
SHA1 228bf95c3433780facf4bc4b6a09c6a3abbb6b6c
SHA256 ab4eecdad514547afc5fc2847ee34c5d3c16e44067b8629b1a6e506d6333253a
SHA512 4ce4e2009fd71b93fcc194fea5be5933d8b90d80cf997b79c3cb477e325ab284c148e1a9e17fbe034f3499fba734984d010143b8f727ec67146ed614953111d8

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\32.png

MD5 5d7f01d87cf03ea2349c7aa61f44a8ad
SHA1 3b1819d2711806dafb4dc690796a39d62752c34a
SHA256 709faf4aa39e22c3f77f5ec580be7d0e227506d3cc2d0b892e66d6fc5c27822c
SHA512 6e149adcb9eed2b00827dbca072cf9457dc8e68de532720b570e06264e131afe226ec8fb78156c140a075998a1da260e7ce737677039e5d9497ab8f69ab5dc62

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\256.png

MD5 525662b7a7a0f1c15afd03d2b3c57dbe
SHA1 0d695745426ca1e4f4ab4047d123647eb0849842
SHA256 d28e89165e82e1efe90c497c78fc0d98e4f01d53a72e19cc427a53b50c619960
SHA512 323bb51285a84b08fdc714e5fb324f195adbe378f78cc80c6014fbf58be3eac0079674cb246eeb75479999a06885c4624503bd3d85a5b4605f0eea906660e131

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3608_1482299238\Icons\192.png

MD5 fd3484b8494ca05eb1926ff2e7877d07
SHA1 34750785dcf3cebd587a9bb137c2fe7b985646ee
SHA256 a4254e19218b9ca7caf216b77d3929ea5dfa4883ffaff4ed9cdc74a0c6e92051
SHA512 0feea07cc952b511e45cfeae3d269a3750aad80b7bd69c6195ab351bb1723c03318d377f1dcd529794c581a801e9b6ff7ac28124f236700115f5a1ae8bfe003b

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png

MD5 c2041f6fef10364434abcc7e198eec0f
SHA1 38d2ed3af17e64f96f21df12c5c444138489da48
SHA256 dae8a0a9c81dd21b5b593cd90968507f5eabb85f7912135143da60ea62d3ee9f
SHA512 821fe3091cc3de86c642e771f606af9fe0d34f626ead5811dd136ac427475bce69893bfc11f7db5beb1bba7f74cbc49ba3bef01dbe793f9b507f343a80f7d901

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

MD5 2208a92644dcb1f39eb0eb2a6cd5627e
SHA1 92b1bb3f52841272dd5103058d10b8938d82f582
SHA256 1a087dddaed584b9df580672ff112d538b02a3005862ba2a38147c498a5f4c01
SHA512 f155b86f9a3806e7e204fded36c722b69f94e778b3d12684b2b5dd2ca649b02bbca24e6ec01f27e864e8004139e800cb1f7f098c9dd380363a90e686e617d90a

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

MD5 7ccd89bd73287c34e2f93232b5794397
SHA1 f67272153f3beb99df55c2d321b394bd855df693
SHA256 afc439984c9fb4c04101cbb7d3f72b2b123ac30d788ab58271d2f1db14ae36d4
SHA512 1cc7ea3206112916750018a3aa0c90e73ba80d4e5f8652102cd9467ac68c86b99b4584e8f850dd21e9dad454c3230b3661b05f696bbf35aeff6d29951d582b47

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

MD5 920e94dfc0a5448e1da40d06aa873d5f
SHA1 b88fd200e5f7771b897528a4e869ead72144fca0
SHA256 c10d2f537e072336c10afa11b9621b25d0d600ff04d12d1070dab942bdfae62a
SHA512 c893a6d711249d5b546553813d5ec21dd7c8db0bf144a7f2bc47c3a4ff00615708f679f499452ce68e1bae3cb9098593c519a3055e207c86d571079f05bff4e0

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d902463a7aab276d57b9a20da044f8f
SHA1 febb2db3c34e8d8a98955ffbbca5470faf9600f3
SHA256 183e5e9682a607724aa8e97bea5f9c372a829bc5f934b464010e68774bb25e7b
SHA512 8bcf79272b648e3bf01d9d086de196c7097b7608db52235ad253add4c541ca3de5001adcd0361187e6a6ae0f24fd9be7157e3c148b384d8763122fbf96c41d8b

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e6f38588cb57d8a64e1c9fbadb9f5cd
SHA1 7d17dc38baa157d9af0c952cf71777f3ceedcfbd
SHA256 ac6be5f2c0a032ba8c02992e8167f24d740b52eeb84ab1c957c9524f8735c82d
SHA512 e354e58a3b96b3556a14fba9660b37b47ba5970fd38d1f865f232622b27010752e29bfda9193e90adea3b43636f059c999bd000087d8fdd545e2ca80a3879ff0

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 5004c9f1f14d4c680e8bbf0857b8aef7
SHA1 2cabc33641483f34e0e764dc4f4dbed963971b5b
SHA256 bdee6afd5a8ed067875ad67ed57d5de253a25ed8b2b2f8672a1e54ed11ba1c3d
SHA512 9df4d194dfcd0b9a4710d34d6cabbe91c227a0d7eaed260e19b26c30c58cc5dbf7983dc8c960c440e4a6999017aeb55b5fdf3acb3c176d88c85b01e6baaa0319

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State

MD5 c6f09465a8669c160c36c58635ccc941
SHA1 df9248525501bf1296d02874049a216c39d4daa1
SHA256 4d05ab2363b0b7a105555075914de6239102ead53eb3c42eeb4db12d31ded75b
SHA512 8d762bef00086b62a1e17c9cf6f4cdfad614edc312e9963583df5d5a0ba8e982ca94d633f16ecc7736e369eb016f4347348e43cb42d2371a21a3fd1752623f3b

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000002

MD5 22bf0e81636b1b45051b138f48b3d148
SHA1 56755d203579ab356e5620ce7e85519ad69d614a
SHA256 e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
SHA512 a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\83d95128-c177-447a-a15b-ec17f9aaa867.tmp

MD5 3124381bed9bfd5d8e7315068f9d74da
SHA1 b0ccd3c02444b8edeaab2ae46f8781ad0db28432
SHA256 10de454ce84f75ed92fe7ae05855d79c020c9adba814e792606a3a19f2f15106
SHA512 b1e0add2ff62efe46b9425cbedd51e2f54e9befb3e59647beeb519ec3b47e0efbb313b031ee1bc3e8619ed50520e33cc36b3b5f34e957258450d4bedc1e0aa70

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\91658b3a-3a92-450e-90c8-230b4e155595.tmp

MD5 4e459ff607de729d2c5ba795e9dc401b
SHA1 c0bdceb895af2fa7d3ab54af673dac3bf8a233de
SHA256 6f39e7a7070a515bb566a50f9daa20ab51051b13dca8b962554e5b9318793998
SHA512 c459f4064c955689298360e08ade2fa68c2729b700a0b155b4b671f5cc7f59aea09ebd43b7f51f74c7147e7eb1d40b64c81a25c8cd8c060f7ddca99fffc021c6

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf850cdd.TMP

MD5 f1ea659a02e5330dbbea9664b29656f7
SHA1 162fd1461f3c96c8a8377d03c36f9b393ca59579
SHA256 a51c52a54876860f3ba032e08c0004149128296823a9594a555d58e8abce4e98
SHA512 650ada18217ca36ee3a18336444d5fcd551d9baef83c160f86dd2addd9ce32237655e091a37d554c6545ba048a1e4ff4d1d6219936f551eb9c17a1b7cce29aef

C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

MD5 ae08a2f7fbf44ad3cb6cbc529df8b1dd
SHA1 bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6
SHA256 8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f
SHA512 4ba54d565403b82b8c293acc2da5a4c6bbbe5278ea9449720b18901f58a68c3e91c494d763a3de4f3c295bad5685156552c2979453a8765e0b994c28f378f089

C:\Users\Pre.Standley\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

MD5 3e9c4eaba2c54dfe525197d54dc10532
SHA1 4b71d8970e657835ebceee5ec79faea2c1422fbe
SHA256 05da3daa836dc6ed72144dff35f8d90396b4d524dc35ef8d8cd01d86855be858
SHA512 d6c71d6d749ee3599216208ae7bb0dbb45153cec956c447756c826b06dee139df0903e18400cc73d143164a6e766e29ac7e6f6aed9b2f865b5bcf55caf2f5177

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/4912-4537-0x000007FEF45B0000-0x000007FEF45EA000-memory.dmp

memory/3716-4541-0x000007FEF5C60000-0x000007FEF5CAC000-memory.dmp

memory/3716-4542-0x000007FEF5C60000-0x000007FEF5CAC000-memory.dmp

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\256.png

MD5 ac7f83649fa4d03a36f5d909a9cc05b5
SHA1 9411b6b69757a02e57cda1279ea8205917e535a7
SHA256 6ada7b08dbce9801650d9e3b0842e047ffb1aedec1a4b1c56ba06eeb8e66fc6b
SHA512 af09444463a821bfdbcc98261b37822d97ade437d9d808723d4c3443244d519091740d4dee409d055b8681c2a3a11296660e0869637b3fdceab6ed52f2809b5a

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\192.png

MD5 5f308e01c182249f162e32b18b274112
SHA1 4f74336920d0c8ec4fc1a63e6ba78f7efb8180b6
SHA256 240ee0e962a4329405eab7ada9a77dc17f82c9ea5a7d79c5092e2f9c72a0e700
SHA512 62233924d9f5e68dee4f39926a8962761e700b5494dea5bdecbc5ac1e82620c1e49200c68034319c4c3b1e7d4eaf136a2f0c05a9840437246db798faf14e3f05

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\128.png

MD5 6aea2921a6305cf1942f9260e1db6f5b
SHA1 dd3fe876dc860e7aa4a931bc2e1eb8013788de57
SHA256 89337b497089c0fea3a2770ed9361578031734ba384085596de3010c35b37f37
SHA512 45f69b92378afb4c0507518aa0607a82b8289584a6f04ffaa27b853b6c0ece1ab77729ce54f530025012725be43884f4fe497fbecd18c4bb27b39a793164da3d

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\96.png

MD5 593f28bc1d122233a577c5487b20d7dd
SHA1 77d92c7c79f584506ae756969af791aa99a850c8
SHA256 32e7e09770c7d1eef87e5e701c15f3c1a61b4bfd41130a58f510ad8126d38d92
SHA512 774d5e94f39676d1e802f80b1ef0a6bdc07d884338e4bf40e18c68b6542d673416d82b0e97a0c010a26af095f9d3ff092e81d5299eb0d68a070d19b2dea2436a

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\64.png

MD5 18b6d2de0ec107ec9b500c1c258306e7
SHA1 26e81b7593e560ed0cc9b58ca727c35e50594e8d
SHA256 60c65d8856391992a0b398ad230f5b45af821167e5391c3a985daf0d43f97ebf
SHA512 b455b50032dc46e7ea6a70f43d936ec61a564f563fa2c3f20afaada2860c1d621d4b6aa1e0d885a75d1bdd33b71d2b717c501c75300d04177e85645b03d1ff05

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir272_941305955\Icons\48.png

MD5 8bf1d6b1e669240ff3b6ef6d12e4b940
SHA1 83a57f47da34d26f657d53836ce1d8f5957f83de
SHA256 aa5ee3ab59c750e036086154b959d17b6f9613c5ae38b23ad19f8f8968e5a688
SHA512 928193182a9bcc83e31f1719dcaf3aabc04ab20d39df42985ab5664c48bbc44037f4956e816f2763503efeb7d43a26b10f6d02d23b9b5452b49b42c651ec2a6e

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\53ad861c-2451-4f15-b41f-f342b1d6821a.tmp

MD5 1f412c795dcf668033da9d3fc0464e00
SHA1 34fa5e7b9d6621aa0b7e59929da744a05b0c9c44
SHA256 eb73ac8be3071a6da7a750eecb26d5e1ec23f48b7531f85da717faf87866ecf0
SHA512 e8e8627e0aac91ffeabf30bebd8af308fd49cc26f2a8385264d3f36449af04309ad474b8bdd2914b908d31082abedc80322f7083ece57513c4888c12660cdf0d

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ddf64b49331bbab1fff554f9ab20d1b
SHA1 9558094e202c2f4eb259af123bc9bc1cc8e613c4
SHA256 6c2358310f9c6ab77e4f353c181c76451e922f0febfd18e0356f4d0255efa2d1
SHA512 ea46845739a40ac167c4fc9d53f93b633f5afedf45a119f895d47c753274d6c1af820ed2f8ffc425a6b1a4e93aa28ae6e459cafd7bf6d306443990085652549a

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd75287c932e858579c8d2cce3d7fb44
SHA1 08d14b00472a5e185401e15f155fa91edef8c748
SHA256 67dbd193eac425b3cd7a7ec9624990a54d9ac09a974ca4faec37093731126eec
SHA512 490b08a5cc5474be8ed92efbf18740b03f4d4e72217192acfb0f46e7d325aa25bb4a1a18eb4590a0ecfb775583b51dcc1127d376c7e86a5d3bea5c9a2c8f4360

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 a43d0f70593312304ecc97d7b650fc98
SHA1 0f906f955792c3e42693838ae08bbb57f11ce398
SHA256 a293038f6190147399b4bc56bee5b58f90461e65abd4e826fc22c409f4081c9a
SHA512 3b85175ecfc69276b5d1b35f71208fb77a419956a104620d90129b285e1d5aea2faac1a9ae2218eaead12afa830d26e86272a3dff2835507f245dc50018e2d02

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\e1a284d4-bcca-4e3a-956b-11f9fe8fd0ca.tmp

MD5 e20f36dbfac8c31dee76ffd6fed0e42b
SHA1 f6447b3d0e95a2f95d58e8ba0eb626a149317559
SHA256 cb2321d8262cd3f9e1d52a50bc88d419bb81aa3e09dd12494cd20a2d0e38e443
SHA512 a6540789a0dfa5503e084e33851f0bdea1a0cb39dec70d8f2ae7ba2458d6a610da889aa7cf2376ff73b10e7fb2a2f6f7ccc10a896890cbd91a530373d7ab46d9

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\13033ff2-d454-4316-80e9-05438102a985.tmp

MD5 ad5a74704aa0cf727b4007aec0415975
SHA1 50115226faa24e8f2578d9f58914e7814d81bbd4
SHA256 4d8e350ed1cdbd763ac29691def87254c6d1364270668ef313fb284da4d90c69
SHA512 760f4c6c16e0abe4bbcf4332e2bf72a5a0acfbb227bdca3dc3e346251e2df825d71b73a9d6d23235c580e8cd6fe9196ebadc3f99a4665b18ec0969dfefa4dfb9

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcac0968a7d46aad8f2ef8766b62dfb0
SHA1 54e3d04403826c16df062798891648ddf8d7899b
SHA256 58dd93f1b3205d65f440a224d49c2207325aa7bf0d773a8ba8abcf8d3ee27464
SHA512 1b8e8c851b967efd98324c3ed9ae0a23000a331e4e190cf09ab8294b04e7f128911170170c7eecd72585236cfa9fef9f165202a25745f2af67ecf1317bd1ad20

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Network\742a4c1b-8616-487a-830f-ecbd9ed52fb0.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81d876a236b4020424b21064764c94b5
SHA1 94d01e70ccd82b995e7a4f8739433236406c0c4d
SHA256 6b4fb700fec5181c402ddf71b9990b549d496481b75a09a8e760167801f98c38
SHA512 b72930bac1667d62624153277508e68f5382496a5bc8b865a6847a9603f983721925d8c428559bd42ae568e2b5b26ed2d48691079bf2c1633a05458b5b702d86

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 1bd9f6902c4cb44a2eef9b3ba017f2bc
SHA1 66bcb83a138c96f3056216e34a3f7cdebcbef3b1
SHA256 a9cf8adbb385b51b8af6036f850d9c5553084802920399f5a2dcf38e5ee28d17
SHA512 86b4fc4d7a70da25bde4f28f469524e2bfa2592fb1f998132301d6ec76675914e0354a9c2a7d3ab8481babe0c32f79e47557f8b1215349e8bf1d921cbfccaa98

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State

MD5 0b5e7e3ed4f939e05c4aa63e1bec40ea
SHA1 214ec9c8f900e857ef9ddf6579ae8fc98af676a6
SHA256 50cc704e0498a6788ec8c9e9a28e9888041c56f5216fe7bfb991e125bab7b8d6
SHA512 22bab677832f1c31734700ec5bb98bc0a1147b8d81167518aef7ede77396ef66dca43625e252243e8e6280e3e721f7c9e060f507cb50b607cc5aae5a7bf7baf0

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\256.png

MD5 85cd049264557366bfd65ae85baab695
SHA1 f7c529ec76638b7432c8e262c3dc6545b6de6765
SHA256 1541079472cb100b3c71edcc44f2fee3116c0e3e6f206043d7ee385ef1c34ca3
SHA512 a4aaef7d71a6c2b028ecf8f159e521646bd4e238c329b932018b09918f4c368b7ece8926d8dcc74da42b51cf16859777a830256bbad91a1d66d8a9d70c9e0588

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\48.png

MD5 e1206a489acb3ac0a19c7f2280ad0a47
SHA1 13c937c50f252a4ade646abcfe4f71df512887f8
SHA256 ef09acc7cf4ece630e590602d86872c63750dfdcf48f7d113af69d947640b54e
SHA512 d22eafa9c0b01dfc243845156302a89fefdb6eab08d3d656106c6998b5e02a2661a333014dade4ef44130459f8d09cf599ee10e8b436285feadba7f0be17aacf

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\64.png

MD5 dd988bc871bd79b8a5f247c7afc80cf3
SHA1 f3bb7d242b53dc4b8962b0fe3d4deaa22f303148
SHA256 bbd03726471e930e28251dc57d6d7df7de21ce6fe23771bfeea87b6da297de2e
SHA512 8ee3723211e5c85ee9e56becb69e49098694f130a0347f736507e3b8b463d5a17dd1a607f1bf3ea81c52e171cebde29e369fa91d7e6da7426df6f0c6ff0a0595

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\96.png

MD5 5bc097407f0124c78c63657d6dfcf840
SHA1 e313152c04b2fa4c4aee76a6137df92796b11ca3
SHA256 d05d45f8aa3cf82924f11c6f31ced4ca01ecb3d9d9895213af0672436c57dc46
SHA512 d057736c4f62443741ba3339aeef4a99198168b346b23f7195fe41f5a27b352d854dc873a2b9f3ddca4ef6aa5e636d9cab3552c7f0cf266cab045bd71a917b3f

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\192.png

MD5 7f52b05a141a277b58ea837f32b12cfd
SHA1 a0dceaf6dabafc56297deb082003d32cd667b44f
SHA256 47c2123c41419004e1172d183d270a1274f1b59c0d33b8dbc516a9b8dc280305
SHA512 999d6c84ac7f4314dbfce74858b3a7dc45171ac7b50b8ff714994b8e7ea2e45d497b8f108ffa96972ce9f837307de395a5ed2df3393b78044ac60cf569ff5448

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_1058149161\Icons\128.png

MD5 9f7165e53ce1f7f109be240a7145d96d
SHA1 08df18922492fe799f75912a100d00f4fb9ed4c4
SHA256 7ace7af33ecddb14b0e5870d9c5be28f0218d106f33fb505154d089a5055e9e9
SHA512 8fed74e748736b36a9ff33340120a85f722651a877b5404ae79eb650b31885d37b43d8102cfd9eeda4033dbf463d324533ced3bb2418e95fa0662291652db448

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\192.png

MD5 e0950ddb520548b796f7ecb6851dace6
SHA1 0fd82cb8605edbe0f6ac6ecbce1f59845e9739ed
SHA256 3fc98bf86d164168fa88a4d21db0d2c7e40773948246a6f6edc249d79b7a0d5c
SHA512 62aee7b920e4a9e0f8ea39c2ced1d95462e54051ec86f30d8eecd3e603535375a5eac86edea7fd17955a1adfcd4aecae86b5c092cab0daa93e0284cef5d92731

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\256.png

MD5 d91940c5f899a1f1fc57f8beb45e3c00
SHA1 43c5aa19a315606bdc8e007aa83880de3bfc3f29
SHA256 c101ecfc5ec54cf8923dafdae19b02f9283b34244b9d41393fa41f4f99f5b9b1
SHA512 1b8ea4612e09d9a4fa9183e7965f6a6fdfe455ac58a58e2d0d194b6bc15f5377f2dbd8b9936b7feb9b523fe3713e4630b7a95ca4c863abb4fbd094e93fadb644

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\128.png

MD5 997bba6d21b9d4855b204bb7121dd188
SHA1 3ac41824188d7d819f3d50d59b432002bfdd6c0f
SHA256 1bb4c715f87c6f5d2a50adb0fe28b11d4042127f32c456f1b3cbd458f718892b
SHA512 176ea67ae4db539e86fb5ebcd0a5a320db02a0a10031853fedc004213f376137f7bf4412c505427a3437c80f29c79033b419e5b83f1195c4e003b59f4c9342fd

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\96.png

MD5 327fd48ff88a5e34be72836f3a9fcf00
SHA1 8325470fdcec337324724e958e80b68fe6182592
SHA256 b102d83705786261eb82f39f40330e402064a79c03371f3a85dd6b32b60fd2ac
SHA512 ceb9accacc9f9610f58cc2a2fa48b891120c770e9144e94a8c65fbf6fdf57c2db9ed119b9fb76b259f41bb4cf45835c0da0c502d032de6389bb55ddc2ff1904e

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\64.png

MD5 7ee1f93efa5f62510bd807b90f078761
SHA1 033e79344f685d2272a4e28d948b3f41ee1be9d0
SHA256 14e4e7bdd6d5384300a44656a8860721c011d39adfe6b2fa66695b527f11b261
SHA512 647994c66ff30c5f494882e19d14fc8c34975dd5f48129be0950dee9ae4421f5e4123301f9f14094e78bb2ac8bb44478293aa362c4ceb5d879724c11e7727469

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_842057105\Icons\48.png

MD5 57c87ac81a3236b86ff49775e44ba9a6
SHA1 e0a6c49916d0818811f80203a3bfa16541e847a3
SHA256 b09fba2edea17e4eaafa7eb4ef1178d4d1f251abc0fce1e26a3a132f8c4151ba
SHA512 5479b7564cdc6128f22a70128772985296db1e0a4d461cb894b1eb519b15f2a6116f8c8f11e08f5001b84e78ff16e03c72b41ddf85688d2db96fb14f2d098cd3

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\128.png

MD5 970c928086a086a39486a503723f2f23
SHA1 82ba4fcbc08c05f7adb70f95f613dabf75342ce0
SHA256 2eb825fd977c21bc39e6f4e03f2070d45c712326dc37c3c8896472a111f792b5
SHA512 9e3dc5ee2db558a77516de038f7bc33f190c0d09186d8b6d268d25448d363d2e7ad9e5b487a7b9ba958c2ab0e9c415fc1d98108ac34d18de0de4923b5835f959

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\96.png

MD5 e99f1ca5f029edbace7431d93b862bda
SHA1 4b88f5779911127df450a239f4a815d8a8b68a22
SHA256 c31478ea6f741ffac59b61ad7884690df87a622a473deea794fb9ee380e43863
SHA512 605cb52463de3ebc6d52adab0ec5e33def8f597ec69d1cc3a78c36663431e2d8bdd3337e4f0303c4996f9ba3f9ec710dc230648c3cda383aeac2d26ce0fca616

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\64.png

MD5 7b84cc9446f405769986e0ea0e0088e3
SHA1 416a63f3e90a358f98114f3d913b13d242abc535
SHA256 378bc9c1a0ddc0ece84277ab0258ceff76e973fdda016cfe9a828e901c2b9286
SHA512 6b78066f829c8ccf3ef8254d6c55e72308bd639a981eca6d96434e68b8e3b9ca22e98f814bfbb24ebec55ce7f063b5f3e12e29208c142c852250ce1e82d6b3bb

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\48.png

MD5 cd2cccc611815e835ee9f9cea818d214
SHA1 4052e8bc79e03918bfe4879a98644ad02e099074
SHA256 acda6e58b5d8b9c3949a09f7594eb7ab05c27138c4a58a44f73844696830d7ac
SHA512 38ccfbdde06db81b66798555f883e9fa921db5f9983a45b29cbd96e6a7c9d13401af6c911a38e010da0da9027622e29b35413a35ac98170d112b04358bf96cc0

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\192.png

MD5 9c122ac4e6b9faaf25e5fefc5cca8032
SHA1 ab89119afab3a186c54b264efe405d2ab109c35c
SHA256 720f05488412b8ab3c426a459248e099e0bc560a2fd927c7ef9ddd0dd4e9a84c
SHA512 be229edd61fa395b5005d015c825bb094b44f0c63c5740fb6078fd8528c7e575669d35d4966d94b6906471813cc62006e37c4a42aa95d1f5f540014e3a5e2ea0

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4744_841567154\Icons\256.png

MD5 8056b9d1b4e3abb3d995743d12ac530f
SHA1 cbee4bbbf28d889750942b15d198ff1687f127ea
SHA256 641b5659cfafbe84d9734821a1a1766156bc1e0961434e9fd26f0d6ee6f0e3d0
SHA512 54a381cab7877f338856665059d6f9a1b3c40721d0a8b71747931c59f793a55f3f9a82d9be2057489ae14503ee2c11e36ceabb3ff2278b3dc013a76f906ee85d

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\8ea2dc36-6fb0-44e8-aed4-6bed521138f5.tmp

MD5 8c83bc307630c8c33445f0e9475fd0d5
SHA1 eb0e962d5fd95c284d5adffcf7f59dfec6f2aba7
SHA256 5a6f38ff57f0f3c1a99884de12aaaa2e3d24f0f8d9c15c910fb4fe8e8b59b6ca
SHA512 34510d10fbbf1750de8d8c7c8baf71281faed294fd2ae42624110359a2df5744abb1446a1cbd7300926d601880bb0989fd3d3b4b30b4941be870cf1eb5ad2198

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 630ac0fc45e571bc264894e252f54bbd
SHA1 7eefa7308eab4ac8c3df8105a75c1dbc2cd38442
SHA256 d47d2320eda093e3a9470b35dfed63f464190708a454f922249d998a00f13538
SHA512 db58f53a1aa57967f208154083bf6306926378f072e02b8a92da92b284395c6db269477c3e74ec23257170a6ef97ac93e5f1489921f8e9a77cbc46b78093dc01

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 6758b19e220612db198d6f18fc6f0811
SHA1 a20e99b60b66794e47a0f647faa3012c02223f57
SHA256 8a4e672803b766b47dcca114fe5bd3acee1e1a1ee43068c686f9d314f5b85d28
SHA512 66fb48f04f1688426bd669644a804da65e19d3da8292ecc8595dcd9a5cc2202b8a7928718301aa7f55c0a47be1de83baf6cde83b6985f370590ce944c1211712

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb3bf81ac606f70f6fb63ccf38958cf4
SHA1 ea2a1703f69e091ad8e5e01d93e8d139bf35fadf
SHA256 eb77563227701c816219e8f0226c94653a40f043bfa61001f94246f96da34c57
SHA512 975cf88ecfd1739d5ee83cfd620ce47e6aac2766ab69e3375dcecd68ec695cdf918e76d7a9f1679fe4d950ed25411e90a9ab92697eba4eb941154937b61c54bd

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\4ff9fba2-4768-41a0-a451-90eff8c5205c.tmp

MD5 5c755c2c48624a947f3d381ebd2af8bd
SHA1 6cf5b4898c5e77894077fd1b72322d6e48b5a321
SHA256 5d156b6cec4fab1dcac8e9c41a8336d54857cc19d85d136424df211ea371426b
SHA512 4566158c099a89007dbceeeb46822bf02b16efca3b3be735712c7ad3ec15243eccd7909a13b876cb5d6aabd65eb0b490046e74224656ff42d1ae58887675a953

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 d1f604157b0745a40453afb93a6caa42
SHA1 3d5d77429b03674ebb0ba34d925ba1b09310df5e
SHA256 468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5
SHA512 0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 df7bb62fe19574af10dd2dc0de451400
SHA1 c45f32676d9b8f9b04cc397b78dba243e5179f79
SHA256 201f35209b348a5912133e073072d1834203ec5f6294987251a67c9bd2091a54
SHA512 92ac56f0a7f5f151babfdc318da0481a8250217eed3ec252ea0ad7ef61f94d7e5c6e56e08e4a1777f15565f9f6f536ae6235fbd5d450c74c87c4c4f99ec63e4c

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 772bde987edca8b4ad93878d34d3845d
SHA1 b0658363f9cdedab63c050dcd6448171b63db43b
SHA256 5495411522fd61cc59507d188cb1e3136ef97f5f8585783b53f37bea2d2ac348
SHA512 f11c058993098e0c0efca406bffb791ac44fa50bb5921ea6bbf3a379d5e94191617f887388802484bceaeae83e6992626822be9d6b908a48b02bbab980115e77

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 ae0f4cec82421bbd684ce448bebf3746
SHA1 20ded759dcddf7de051216c3032a5b643889a264
SHA256 032fb79d855d894c4ea6bbf3457047921c61ea3c4df3a46457d8a73418f66633
SHA512 359466cdbc24bd6910a9f835fff3531eb7d70686e2d626b1104bbcd197de50391fdd5a9732343d74708b893515843df47f029ca13c47ffa68f378fd22ea7301a

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c98d62b4da3a9d8a52698df6970bb239
SHA1 0e04e1fbfdb789aed613a7b47fa411005bca5002
SHA256 abc4057d07bba56100356789c4ddb4a03dbb48eb333b05f263c3d9b1e0daf92d
SHA512 d680ed042f6eea2f5dd1e738e7f1469f53b5ef7a5f5cd400f3ad4416b433f05c83c41d28f9b1f4530de6550417157feb728d01410625aa89c13ffffe4705145d

C:\Windows\Temp\SDIAG_9db4f2f7-a75a-401f-b883-d66e1c12aec7\DiagPackage.dll

MD5 4dae3266ab0bdb38766836008bf2c408
SHA1 1748737e777752491b2a147b7e5360eda4276364
SHA256 d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a
SHA512 91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

C:\Windows\Temp\SDIAG_9db4f2f7-a75a-401f-b883-d66e1c12aec7\en-US\DiagPackage.dll.mui

MD5 1ccc67c44ae56a3b45cc256374e75ee1
SHA1 bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f
SHA256 030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367
SHA512 b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\NetworkDiagnostics.0.debugreport.xml

MD5 47bc6fc0b32c517e6223fe67364bf8bb
SHA1 8c65e05f229594f69e252dbbe5824e7049db71e8
SHA256 744a13e5b3c10c922ce1fd133c9b82a15569099acf8f18dc505d6286ee72839d
SHA512 813f5abf04aae3e6e92e531e10996474d0e3403e74d6eacd4f0ab4db4dbc9ddb8a4bd99d7cdd7ed6c857ba0ea65da8fae175c514ac224386c94267b4fc2aacfb

C:\Windows\Temp\SDIAG_68667f38-9242-486c-b1c9-5411fc12f13d\DiagPackage.diagpkg

MD5 c9fb87fa3460fae6d5d599236cfd77e2
SHA1 a5bf8241156e8a9d6f34d70d467a9b5055e087e7
SHA256 cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f
SHA512 f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

C:\Windows\Temp\SDIAG_68667f38-9242-486c-b1c9-5411fc12f13d\result\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\results.xml

MD5 840b413cbf5e57a93deecff7e76cf260
SHA1 cdcb54b73ea2acbfaa16e9355b347c2548411026
SHA256 de5825ee63dd98ca86f86652ff81ac75380b3ac4d880ab44d8984b8bf531ffae
SHA512 2130c9f55a3b28492c698def50cf92d805ccee1334c95ca8f9f776f6ceeee91884e751fac42510088a262dd82de01dcd6aaac5186db4a97a221bd8289a72c3a1

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\ResultReport.xml

MD5 df37681a43c20a083d9defa043d19cd9
SHA1 86bb0939852e030671d0be1aab18e0568d112428
SHA256 8ac8fafafdc979ad747b31d833e4d52da5872198f2c814d72408c5d05a42c4cc
SHA512 5573e7c8ac0152eb67cba5bf097034de3d15c1bb48af0e7e0365d96ae39fe7057bf0370197096c06450d64335489db064db0b7383e6704c5d0ddcca956fd7776

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\NetworkDiagnostics.1.debugreport.xml

MD5 949c75fb12b3e6dbf3912cc63e04b498
SHA1 f8efd633bf90c156253e9448be2e8dec1aaf8fcc
SHA256 9247206da432eabb558eec9c79b6938200905d6102d06173c1720351a4a7638b
SHA512 6a110e0146334ca9118bc9d81d67aebf1ba3f18e65918c8b31d12b46caadea46af3e0ab9de7f917419ece59818543b5efc2d95545f146462178038b683e4f002

C:\Users\STAND~1.AD8\AppData\Local\Temp\PLA1176.tmp

MD5 b88824a601eacf12fedc97896d92cc68
SHA1 52b49eb42f33cbc8de57a3a18041a33ee0331f4a
SHA256 277c9bcb33c861d7caa27ad120571fbea92a5b8b73752f1b472a42981b76bdba
SHA512 d04ed6116a9b59b4965b557cb65217840e7ada2f474a54d0711b4532fc007d27b1a9c039098732dc9aae9bdb048dd1684e80dbe7e75828ee42a2b5a6e18b5623

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40e7b562b9811626f073c64a470fca19
SHA1 24715d353c9bab8478baa1dc667ee9d623321499
SHA256 880d313deeaed4bd45258e5c6b453e007ae78345cde121d0ce0ac1cbc726ab05
SHA512 e843f5e3d4009bf950903dd6e8901cbc2f1159c8c37e369deb6fd325017179b0a71b1e51b0b764b19f91e8c6d14040cd47e02027e937814dd31620aa3b532548

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\47a4eedc-ae40-44ed-bbfd-60fde2db6661.tmp

MD5 938e61010381b0dfca8988ccbb851528
SHA1 7ef20d7359c19a6c00db55e95ace0bdc680a4e7b
SHA256 3d83951bf142396c9987adee13370125eeae015178192ad3054d8e747766b6b1
SHA512 9863ec596ffad792283cfcc8bc0fba38849aa27d2c29f4bbc58900a54211ffee5377593b039e812512eb3414c335096e5c7548d5c704c443e0e902d342bbb40f

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061402.000\NetworkDiagnostics.0.debugreport.xml

MD5 ec2e10a90e4a1fa8b02c0cfae85138b8
SHA1 39dac84380b43e0f680a179d7ec3d7c3761b7e94
SHA256 4f8d49b284e0e7795546ce11158f23149f2fbf474a03c7075198302e8aeb1b3d
SHA512 e477ccb6d4f82b4fc0f33a10add1d258aa328d1cd3c741837318afb8a8c53c54e3ed9b766e5714fd1f89a97cd6bcd819e67be6cde904107f898573732fcc9e19

C:\Windows\Temp\SDIAG_7f64b413-8ef1-4d6d-a018-230dfa3a401e\result\ResultReport.xml

MD5 d10e07b37a0073f7a4e2f664e82843b3
SHA1 c4d89f5be6cd02e16e1a42b726b2d6c9ac37e470
SHA256 8cd8d0d3545c59c0ccb844347f0cc4fae567333a8a6a727c5c307262edc9ff6b
SHA512 8b288a0bed0c90cc86c676387d17dd1ac7d6d6451c9bd718942fea1a352feea2b2c2a75aa406acd249b5438cb8b12fd4124803eb1a8574a3f15ff20e2a5521a2

C:\Users\Stand.AD8imn\AppData\Local\ElevatedDiagnostics\460911090\2024061402.000\ResultReport.xml

MD5 d2202666ad9fad0ceec82bd867f645dc
SHA1 c8632eeedafeabd414851a16775e697acad9db08
SHA256 2b8ccafd622f95d40ae1152a2f0293757fad2048bbc6ded4df59f86d82f32a3c
SHA512 10bd87b644d2a12d5ecebd41f02349014e188df49129e778fdc8d7b72d1f131f6943c374504a5e5b20adc53e15d0c1307b35b7bd40f7bac3cc96b77946f3a117

C:\Users\STAND~1.AD8\AppData\Local\Temp\PLA182.tmp

MD5 25025694e8337c31fe8aa821a2663c47
SHA1 a831c750a60ce0d6133d48efbb06c70e5a17aab5
SHA256 1d355e812e22d2b5fc50a27b3c3dced1afe331503a3960d41cab3519f4de12e6
SHA512 0e55f211ec734c938c2f01913db846ec241e2235d31c221948d0d48039954f6ce6040f8414eab679ad1a63b77365aa783a1d75e4a24de8e26544a50ba521ef8b

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5a42e7c0bade026dd3225b5daee7ea6
SHA1 1cd09fa25449fb4ba752f37909a0c581fafeecca
SHA256 777406d49ffe9ca997e032582e839890d9623451d4254e01a2a5172efe35e359
SHA512 3cb8d74f6c17263ed6177cd0164803e6f8c6b6340bbe441464a5a70d55db66fb7719ca7e637b6861f614b7f9ef4c7a4748a6bd2d6d410f583daf8f53764b16ff

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Local State

MD5 1014bff1c45f0a95eef619c1e18ce2af
SHA1 aabd59cec66c4ffc3aca071d0d1c051b0f815abe
SHA256 8856d40d9ccc55f4de4206d7bcf6e89f37b7ddda150065a22bbedb6698a02c6f
SHA512 fedc9a85fd8f7f6c171edd5ae7554934740a9b4d4acb80305845eda1b6bbd4b06e7ac76e0d8b70ec1ddc08225f51fbfa9d607fa7219e7f5dd4e9d5c2b87240a9

C:\Users\Stand.AD8imn\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60afe51004e0bbc0f296fc5e58ed5da2
SHA1 44fd6c5af0c539a2395cb475c26f324710a89965
SHA256 0c69d928a55b7ca64cea36343c10cae67f988e9a77cd4960dc532a1f997e35e1
SHA512 94897a9005aeb4c8778f1c424b25bef7f140164544b1a120ec50badbecf30daec49c0e1fcd479191501cc52ee3009323de7515246324bf80fc47d4c133ac666c

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5bc1f3ceff3df8b11bc48cb0c714353
SHA1 836f61bfcc683dcefc9beeec26f2fc8f3422f6ea
SHA256 04c2568a6ba35251a717810b7413be6adf04de8cdd322a1f1623c1df1d67f49b
SHA512 9c92901a0384eb978bd111e7c5f9beb7d6d819b7ddf1fdd820da0578fd8e31d1d95c2b23587c4799262a28c8425e72801a7f3d3fc56bfc7f9b3aca7789b48aab

C:\Users\Pre.Standley\AppData\Local\Google\Chrome\User Data\Local State

MD5 42d76f1ffd5a001be1a3e8d889ad43c2
SHA1 5b86939b798a6c0eccf8999343a511e360acb777
SHA256 b55df38b49a6803b9a9110bfac9d6986490c9d8c365671f7799432a35fb0f1f1
SHA512 140208cfd6be11d940819cf19e8e1d89820e135e785b68a537d987099f6529fbcf98e846c8eda8ca62aadbfa39465d024b1b5c5ff0af5e6f5fcc19c5be261556

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:18

Reported

2024-06-14 01:21

Platform

win10v2004-20240508-en

Max time kernel

13s

Max time network

14s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628016928626488" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3224 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1040 wrote to memory of 748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d94ab58,0x7ff97d94ab68,0x7ff97d94ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,16503901999282118501,17879122615272050258,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 windows.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp

Files

\??\pipe\crashpad_1040_AMWCMBYHONHDCMVQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a2140c3826bde653f78c95af49c1d63e
SHA1 6731fc7b01e7cd13c07ec08015fa9be501b3c47c
SHA256 099b07fd0a2a5e24334a88eeedb9a15b887a69a50bb377c2e4a4352e9e09f289
SHA512 2c3946bb32c278bfa7e8eff438ff0fc66b311283128271883bd8b6f3b0936c79c253721475edefdf24e0315b3f6d63166f47c7d09ec2586fa8a798f32041d6a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75fcd8312220621777735c99eec5ce06
SHA1 d952e51496bb299a94b6db810f64c7a10dbcf864
SHA256 56c26af4b9c866e7f1f0e6e1efb10a8d8f06eee9700b98d6e4aeab116b2fa57b
SHA512 0f274621aa38b92f6fe00fd36d259e2b520c11ae7895ff6a4e1d57d85d1310453632569a0abc2b807a88dc5ad90fba99b62be8f2514582de8a811e175b5385ed