Analysis Overview
Threat Level: Known bad
The file http://windows.com was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
Modifies Installed Components in the registry
Drops startup file
Enumerates connected drives
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer Protected Mode
Checks processor information in registry
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Modifies Internet Explorer start page
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:19
Reported
2024-06-14 01:39
Platform
win7-20231129-en
Max time kernel
496s
Max time network
1107s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\Explorer.EXE | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Version = "11,0,9600,0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\Version = "1,1,1,9" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Locale = "EN" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Locale = "en" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Locale = "*" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username = "Stand.ADi8mn" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\Version = "6,1,7601,17514" | C:\Windows\Explorer.EXE | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Stand.ADi8mn\Saved Games\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Searches\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1001\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Contacts\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Desktop\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Contacts\desktop.ini | C:\Program Files (x86)\Windows Mail\WinMail.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Links\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Favorites\Links\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Contacts\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Favorites\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Links\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Desktop\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Favorites\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Searches\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Downloads\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1001\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\unregmp2.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Pictures\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Saved Games\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File created | C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini | C:\Program Files\Windows Mail\WinMail.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\System32\unregmp2.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Favorites\Links for United States\desktop.ini | C:\Windows\System32\mctadmin.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Videos\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Documents\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Downloads\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Windows\System32\regsvr32.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.ADi8mn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Control Panel\Desktop\Wallpaper = "C:\\Users\\Stand.ADi8mn\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" | C:\Windows\System32\regsvr32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\Signup\TMP4352$.TMP | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE40.UserAgent\IE40.UserAgent.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE.HKCUZoneInfo\IE.HKCUZoneInfo.INI | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.DAT | C:\Windows\System32\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\mshtml.Install\mshtml.Install.INI | C:\Windows\System32\rundll32.exe | N/A |
| File opened for modification | C:\Program Files\Uninstall Information\IE UserData NT\IE UserData NT.DAT | C:\Windows\System32\ie4uinit.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Windows\Explorer.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Windows\System32\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Windows\Explorer.EXE | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Explorer.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Explorer.EXE | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\runonce.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data | C:\Windows\system32\csrss.exe | N/A |
Modifies Internet Explorer Protected Mode
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3" | C:\Windows\System32\ie4uinit.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\39 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wax | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\20\IEFixedFontName = "DokChampa" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\34 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\14\IEPropFontName = "Kalinga" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\26\IEFixedFontName = "NSimsun" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color = "No" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\ | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Zoom | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmz | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\38 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\28 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\37 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\20\IEPropFontName = "DokChampa" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\22\IEPropFontName = "Sylfaen" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\LinksBar | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\8 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\14 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Document Windows | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Document Windows\height = 00000000 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Security\Safety Warning Level = "Query" | C:\Windows\System32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Show_FullURL = "no" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Show_URLToolBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\SQM\InstallDate = "1718328101" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Setup | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\29\IEFixedFontName = "Plantagenet Cherokee" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\39\IEPropFontName = "Mongolian Baiti" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\18\IEFixedFontName = "Kartika" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Display Inline Images = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\6 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\12\IEPropFontName = "Raavi" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\21 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\7\IEFixedFontName = "Sylfaen" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\19\IEFixedFontName = "Cordia New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\19\IEPropFontName = "Angsana New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\34\IEPropFontName = "Iskoola Pota" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Show_URLinStatusBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\5\IEPropFontName = "Times New Roman" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\18 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\33 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Do404Search = 01000000 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\5\IEFixedFontName = "Courier New" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\25\IEFixedFontName = "MingLiu" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Desktop | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\15\IEPropFontName = "Vijaya" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\29 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\SOFTWARE\Microsoft\Internet Explorer\Services | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\New Windows\UseSecBand = "1" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmd | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\New Windows\PlaySound = "1" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmx | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\System32\mctadmin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\24\IEPropFontName = "MS PGothic" | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\31 | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Show_StatusBar = "yes" | C:\Windows\System32\ie4uinit.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\System32\mctadmin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\International\Scripts\6\IEFixedFontName = "Courier New" | C:\Windows\System32\ie4uinit.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001\Software\Microsoft\Internet Explorer\Main\Start Page = "http://go.microsoft.com/fwlink/p/?LinkId=255141" | C:\Windows\System32\ie4uinit.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000 | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1" | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize" | C:\Windows\system32\winlogon.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager | C:\Windows\system32\winlogon.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1" | C:\Windows\system32\winlogon.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPShopMusic\ = "{8A734961-C4AA-4741-AC1E-791ACEBF5B39}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-msvideo\Extension = ".avi" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.m3u\OpenWithProgIds\WMP11.AssocFile.m3u = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-mpegurl\Extension = ".m3u" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mid\OpenWithProgIds\WMP11.AssocFile.MIDI = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.snd | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.TTS\OpenWithProgIds\WMP11.AssocFile.TTS = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MMS\Source Filter = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1001_CLASSES\Local Settings\Software\Microsoft | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2\OpenWithProgIds\WMP11.AssocFile.MP3 = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-ms-asf-plugin\CLSID = "{cd3afa8f-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.cda | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.adt\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mpe\MP2.Last = "Custom" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.m2ts | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wms | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/mpeg\CLSID = "{cd3afa76-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/vnd.dlna.adts | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.wma | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.au\OpenWithProgIds\WMP11.AssocFile.AU = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-ms-wmv | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ADT\MP2.Last = "Custom" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.asf\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.MPEG | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/x-ms-asf | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.WMV\PreferExecuteOnMismatch = "1" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.wmv | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.MP3\PreferExecuteOnMismatch = "1" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mov\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.wmd\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.WVX\PreferExecuteOnMismatch = "1" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/mpg | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.3GP | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.3gp2\OpenWithProgIds | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/3gpp2\Extension = ".3g2" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/mp3\CLSID = "{cd3afa76-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.adts | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-mp3 | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.mp3 | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPShopMusic | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mms\shell\open\command | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-midi\Extension = ".mid" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\video/vnd.dlna.mpeg-tts\CLSID = "{cd3afa9b-b84f-48f0-9393-7edc34128127}" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.WTV\OpenWithProgIds\WMP.WTVFile = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.m1v | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.M2T\OpenWithProgIds\WMP11.AssocFile.M2TS = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/vnd.dlna.adts\Extension = ".adts" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" | C:\Windows\System32\unregmp2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/midi | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocFile.M3U\PreferExecuteOnMismatch = "1" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2v\OpenWithProgIds\WMP11.AssocFile.MPEG = "0" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mplayer2\Extension = ".asx" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.aif\MP2.Last = "Custom" | C:\Windows\System32\unregmp2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes\.mp2v | C:\Windows\System32\unregmp2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Windows Mail\WinMail.exe | N/A |
| N/A | N/A | C:\Program Files\Windows Mail\WinMail.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6729758,0x7fef6729768,0x7fef6729778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3304 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=1224,i,4639720493593665414,1985037441559368498,131072 /prefetch:8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6729758,0x7fef6729768,0x7fef6729778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1344 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3116 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:1
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 --field-trial-handle=1284,i,325754172955052911,11471900981391151045,131072 /prefetch:8
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files (x86)\Windows Mail\WinMail.exe
"C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -UserConfig
C:\Windows\System32\ie4uinit.exe
C:\Windows\System32\ie4uinit.exe -ClearIconCache
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb87688,0x13fb87698,0x13fb876a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb87688,0x13fb87698,0x13fb876a8
C:\Windows\System32\slsogk.exe
"C:\Windows\System32\slsogk.exe"
C:\Program Files\Windows Sidebar\sidebar.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\runonce.exe /Run6432
C:\Windows\System32\mctadmin.exe
"C:\Windows\System32\mctadmin.exe"
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | windows.com | udp |
| NL | 20.76.201.171:80 | windows.com | tcp |
| NL | 20.76.201.171:80 | windows.com | tcp |
| US | 8.8.8.8:53 | windows.microsoft.com | udp |
| GB | 2.22.102.181:443 | windows.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2232_OZKVEGODLQRJJOXA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar20CF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e2c063951127321bfdd9004b00f7cc49 |
| SHA1 | 2c6bf63c2b6e559cb73ff42488266ed74f800617 |
| SHA256 | 37ba4e06f2bb54bfbea2cb315ece0f93d1b9560ed9fda1d79363c13991d960ed |
| SHA512 | 602b61148e8344ece20ae14c8eaea4a18aeb1306e6d47fbdd3d7b5138a1b0fac6cd14b9c9db7ec3d775d08dc7f98827c18a315e2b2230e5c75d0ce0c45d24a7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ed0e3538-2cce-4c76-8c8c-382235a1c2af.tmp
| MD5 | 7a86112c820d1db541b7d46e01ceeaca |
| SHA1 | dba50111870c9f45256579e23ccb045fa46b999c |
| SHA256 | b27022f67b61b4bd1709a09b1f9fcf0910199fa869edfad0b4f6da6afd3734d4 |
| SHA512 | 32c59e2aaf6e0af590ffcf5954877eaf13bee36cda670a62b7dd4e374b5a49f5c2410c176d356723bbc7cc38ba6687e0957d346c2dc5836f211a41385c8b789a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | cc224701d3988dd5549f5d4adbf10fe4 |
| SHA1 | bf7837f102c82b785f087208d907c86f3de96bb4 |
| SHA256 | ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21 |
| SHA512 | da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362801596535400
| MD5 | e4282f3baf71570502ecc483ef9dd26f |
| SHA1 | b7df7377a83434113d25c78f831881551808d09c |
| SHA256 | 2d23266ba03e7a7f21c8841254e5e975865c7f3c168ba8a44fdda3f5c2064ca8 |
| SHA512 | 30ecbbd1f5a9ebdbbf3e58eced6b48a032d9d3a2531fee09f75e0bfdf3ac3586422208e48b1cf9275b0b9ea29fcdeda081c45c3cdd2859fe854e6b733272983a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | 1a4ca9070765cb8eb3320588d6b0b6bd |
| SHA1 | dfa85e85c97ec3fbebf9348ce66dfa79f28574dc |
| SHA256 | 92682e86819a76399c791eb4a6f66bc4aa51ee1e044178459406e9a97618c0f7 |
| SHA512 | 905bc0730aa625d7227ae7a8a3b99cb058039b8d9a1c602eaad9091b642ef9a6c012bb14a255001651d3a56e8ff50cdffd500a317a0455c8b50109c53f9ac599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1656edcd1da30a2f99aecb6edf78a908 |
| SHA1 | 0b46ba80ac79898e6996c30e94ea47dd7f8ab649 |
| SHA256 | cf8fac79f6c8cd25c18f5e36cc410ac33b9accb1de908ed5e9f547832c7748fb |
| SHA512 | ad64eef0c896482ee64a80026aadd13560ea2d78134cff00571a3dbe020283c4289dcd7d4a4494339052cb6c464cc0d65fafed53aca28a1373fa732b5fab4996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log
| MD5 | 894a6f85ffb1ffe2efa3a71252b41dd2 |
| SHA1 | 004c8c7ef0edadba5020eaea2a59234493fb39ba |
| SHA256 | 1a11fa443a9c5276f83ffb7498a8731b48448ddad02dd5bf2857ac46616c0510 |
| SHA512 | 311ce543e4829a598d6f6e92f9692bc0ccb291279d78d753e36db110efdeb6f5e6680d1558ccc23ac890f844585bc008e9c7d15fb3b35c69e97eb03638c2a63a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | f9b398adaa849beec315e5f6f0bee834 |
| SHA1 | e24fb84ed0adccb30cc05c0129115d582e5e98e5 |
| SHA256 | 1e6c50f9e61028b66f8c19f8fd6f2d60c40fee3602397f1f47188ce9813d6257 |
| SHA512 | b37ff594d12159f36368f1529f1069e9b61b820fa94ae567084a9944abcc4c5eaa4c037eb236f3198b649ba989a628571caceda98404aa05b8cfaebe45d5758f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 25576758c2fe54cc6cf36adc96da8c20 |
| SHA1 | 0ef4d6c8c608289a73d60e5f2ab9f2dd71771c13 |
| SHA256 | 043ac5cd99239b1974d2fc0cc59602d60a562b89d38cb629faab112b98a35fa6 |
| SHA512 | 65c3ba923b8a913bc148f41f18fd39f1dd4c9f501a997d6bb6c170a65192d75faab64b931763c1e72e3ffd5420b57f31a221787aa49d71449bedc1f1ea3f87d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log
| MD5 | c57eb64be1f584710780e0671f0d75b5 |
| SHA1 | 6a0c98fdc7c6efeb4cc5677d0f63dfc77bad5908 |
| SHA256 | c695e68e3605e0018d90d2fdcbf76bc465e58304869fe594d793309b92cfe4c6 |
| SHA512 | 392defb51e091624af23d3cda854ae5536aa11688bb0342e45e702d06cc6aa8c1d73c1f41f53c101f9cbb325551be221b97f5d226e891bb88b73cc5a2f335fae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 0c9213c87ca38c4692c02766420b6bcc |
| SHA1 | fd231aaf4549b16889aff792eabf8fab495bd808 |
| SHA256 | 4343b6ba2d170d0fa55f837d167da34c95d06e82e250f60000e6fb871ef8751b |
| SHA512 | e17b66f64e7790d742cc37d6fe107b776619d76c7c0bd131f88445819ec8723c9c796481aaafcf6336021b0deb267233003f366b80f30b104ac60bdd32a942b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
| MD5 | e9c694b34731bf91073cf432768a9c44 |
| SHA1 | 861f5a99ad9ef017106ca6826efe42413cda1a0e |
| SHA256 | 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85 |
| SHA512 | 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
| MD5 | b6d5d86412551e2d21c97af6f00d20c3 |
| SHA1 | 543302ae0c758954e222399987bb5e364be89029 |
| SHA256 | e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191 |
| SHA512 | 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 1c826a34c17683a705d9c2223037a66d |
| SHA1 | 871d084212c70eb2c7b45ed2c38cfe6a862a98d4 |
| SHA256 | 6f9c4399002fa4a21e665956aab5479f2de79403cabdf26d1bfd58af9d574be1 |
| SHA512 | 16724655c41eab0047bbe7e994463204c4cb2d59f1b2f0cd523ad9e4b9683334ad119aa14f35a48dbef574cf1410c50044cc3965e5f1f2c443273c24ce0e57b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | b0b509b9ced8a11dc49eeb07a2f0f450 |
| SHA1 | 6e8825afd638b10cfb98f5d2eb693508a735c734 |
| SHA256 | 058247690c9bb8142d94c05bc916796b14c51768bde0d671a481279dd945d357 |
| SHA512 | 12590a2e702d51daac3b66b84dd359e1147294deb1f7c353df7eba14f5e0602d79393347b61a270929bcaeed77286f8cec91a7446b7c7323768fb79dec3c450c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | 8f863be793fc1466742d98422e1d41ae |
| SHA1 | ab22bf35f460a26f450865317462ffc978bf6656 |
| SHA256 | 3529c35d9a91515522104e65815f9f2454692e21f2bb6af9a5e6bcb9c7ef5f9a |
| SHA512 | 50912b7c80b53fda2595c44bd2362a1e43188ab07e88f8b359414d296ddfb628523c5726191a27fcaa7e307dafb000665808465b3c3f6473523f5ee49168e956 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | 1c0c23649f958fa25b0407c289db12da |
| SHA1 | 5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574 |
| SHA256 | d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf |
| SHA512 | b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | e89d8d14dbd43fa5a7e8995275ac566d |
| SHA1 | ea7613b006537cb7e59c10289a8a25bbb72ead5b |
| SHA256 | c8b6dd159a3d5d776d5fd76a038f4e1a238421d774dfb2b23ecc0045f5225ad8 |
| SHA512 | bd3fe1a6f2401fb863ed092d59dee1a848d593b7c43eed267900436f255d59d9623ba14e9dbaa9d147011655d3ee1c1589ac0d28373d6df080a028922d13a09e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | fe62c64b5b3d092170445d5f5230524e |
| SHA1 | 0e27b930da78fce26933c18129430816827b66d3 |
| SHA256 | 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4 |
| SHA512 | 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | b144a5356106960cd35c014ead7e932f |
| SHA1 | ae54b49136ef78e9e0b211d77202b6d50bb71109 |
| SHA256 | 221250efb84aeb3d4ada055bfea4958463e942ff54129799af90fd623d3ddd94 |
| SHA512 | 92d30cdee8177fcadcbf044f62b2707548ed43654685dd220e5d190733fea935e694dfb58933c4efcac66d81b22e19e81f2bcc3b20a8d8e80b596a7d2af32953 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 81779a980583062e52499dadea8b6052 |
| SHA1 | 176e4ac7d770bc0405b9e75ded2b44e02b842445 |
| SHA256 | 639d27d5d53c22075a3911025620abd592b748f78c9b7beebd3249dd0610fcfe |
| SHA512 | d244a7222e5e6a06a328d10d8123a9bf9fb18a2759d3e7a927a484a0d52f5e86010dd33073249d29a96c5779b5bbbf4b58d76fa6b4558348b588a31862a57f84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 24fbbe8a66d6ffa2ef859e4cacf1b503 |
| SHA1 | dd93212af34b8458c65e3fc58cf6009715d6d78f |
| SHA256 | e88722405a77cefc9b778105581f9a84746366fe008fc41433721094e210b14d |
| SHA512 | 3987d0df930e7bb7e0887e21ebb30109bbdb0ddae8c8c008614e24db0b66436b13f78613fd814483f2af39d20867c3dbd00dad38da902159be76be2f17313e78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | d2ad253e04ec72e8cc64b472cc996ce0 |
| SHA1 | cc0c5f244aa289778130714768523e71d4c6c989 |
| SHA256 | 16d2c7b3adbb7f36f4fd66adce698e0cba169521f59c6e8223b3ef92ece207fc |
| SHA512 | b937bf6e5ec362122857930743407c61485c5d163fef83c19033f037429c9e8b4127bdd77e00dae46a0d4a89599b078f94296e088949d4a785a24f05e68ed8e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | c42f8516ccf71c14311c11a895015b12 |
| SHA1 | 88658dcc0e25c48ba339520544e850133cc1afe2 |
| SHA256 | b0ec0ed81215b90a2df452d72e670c3923f365b7184ca6b05c3d5bf061d63067 |
| SHA512 | dc8dbb26bcb95180cac61261e02c4055bf105a9c344e85be951a23412bdc3187fece83df24464e2366c8d30188ca30ac35eff2448371e13eb3b377f7531208dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | 147f7d7039ae66390eb8426b559dcc4c |
| SHA1 | d8b1f50c4597976cf4da395e36d503b491f4a503 |
| SHA256 | 635e1058c5101d5fbc463a6792effb8083d5bb5ecde784cd3b0ea31f2f005943 |
| SHA512 | 579b197d0c861a7cba8744cac365c2c832664a5be9135256a0d40f142963a1781e1e32b54a2cc92d063a0e7766e9a33e9343502fd4b123dab3c11506a0035f07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006
| MD5 | 78c55e45e9d1dc2e44283cf45c66728a |
| SHA1 | 88e234d9f7a513c4806845ce5c07e0016cf13352 |
| SHA256 | 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec |
| SHA512 | f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 248aa19895f1d99ff98a915590a28730 |
| SHA1 | 2b8af55976f2ae2cacbf4912f83bb21148c38de2 |
| SHA256 | c810b66398e2935e9c1c438bbfdeb3c5754d729b62a5f612fd0811d18b30e204 |
| SHA512 | 83f7981e4b558bf8f5a1ddb31ff3864f66afc6aa831528cbc0f0f8d6d1a489d43cca49ca6cde44f256fd8c4eecf86f51aabf3252224d78a14bb6bd41aa0a889d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcde4d3f3be4996392b93d300762a464 |
| SHA1 | ffd1120952cfe81cd88fc0c87248de1321e36425 |
| SHA256 | 9d68556371aa57fa758d7a310e463dd999f35d9eaf4811b0dd38042c9dd629b0 |
| SHA512 | 104b712befb8ee70e8605e2292908013b0dad66754cb1f24fc022644b6aa8f99cd80219b3e4071407605e7cc7afed7f9eea9c382983b44e8aa8ace563bed8c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90d6a5ac813252d284ed0becad8c007f |
| SHA1 | 7f54d93696cf98b6b7985571ede7532134ee3419 |
| SHA256 | feadd3cd3570ca3262de98dae15dd77f47bf855f6160099c9ec4a957c3f937d1 |
| SHA512 | a63dba19b5ea1be509c7b17ab2f4b1c6d2ebccfa7757c4fe507c9d8685e46f46daca6ae888fc99076bc741ea860d6fc5c82a6af5da77021854b9e130ff2eaf87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ec55376d827d78fe98915bf5fecdc7e |
| SHA1 | dccdcfb0078c4bcada515ecde2c4901feb9862ec |
| SHA256 | 2d623030fdf2db71f4e41b1c84c8fd53ba07a6efaca5c262ebebf72c10862fd6 |
| SHA512 | 791d7fb87ac439e4c66b4105cfeedb1bc351bf05407f20e3977c072eede198dbe13e70e99ba2144df755e24fdd738fa84a66afecaf4ca6482a0a1a2c7e3a62fe |
C:\Users\Stand.ADi8mn\Contacts\desktop.ini
| MD5 | eefa7f76ff11a5ec21bb777b798ac46c |
| SHA1 | 2e7a65ea8427d13a92ea159a5b8859ff99d2a836 |
| SHA256 | 840b46ed74821b5b61ca9ddc51a91cfe9151d11a494c89f183fadc02a78ac8ae |
| SHA512 | 111301e33c0b33c154ffff274db5eb167de0ddb4e769cab9a2d9fcd2882e6192053149abbcb00d17ae5f7661bafecc1111aff2025c89d07b247633bbccb0e3ef |
memory/3044-419-0x00000000020C0000-0x00000000020D0000-memory.dmp
memory/3044-425-0x0000000002120000-0x0000000002130000-memory.dmp
C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | c8acd770f13f3768c87ef5e5c8b85d08 |
| SHA1 | 0917e7583a19808a3ead4565ee247ffd641220ef |
| SHA256 | 0d6665c7a70f525d2aa551a3884c0a0799096e6e13be1fc9e8dd14ccac5b7012 |
| SHA512 | d7e7a4ceb3b8faee5634566119b4675515af05650299e06f50a4de1aa3671f05b46ce4e1baa4cfb451df9d6124e6b5b3d92b6e3105152572e1c75fd7e1e7586d |
memory/3044-438-0x0000000002310000-0x0000000002311000-memory.dmp
memory/3044-440-0x0000000002310000-0x0000000002312000-memory.dmp
memory/3044-443-0x0000000002310000-0x0000000002312000-memory.dmp
memory/3044-451-0x0000000002770000-0x0000000002772000-memory.dmp
memory/3044-453-0x0000000002760000-0x0000000002762000-memory.dmp
memory/3044-461-0x0000000002760000-0x0000000002762000-memory.dmp
memory/3044-516-0x0000000002A70000-0x0000000002A72000-memory.dmp
memory/3044-517-0x0000000002960000-0x0000000002961000-memory.dmp
memory/3044-520-0x00000000022E0000-0x00000000022E1000-memory.dmp
memory/3044-524-0x00000000022B0000-0x00000000022B2000-memory.dmp
memory/3044-526-0x0000000002210000-0x0000000002211000-memory.dmp
C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8a7a914a9ad11f3c4223f4119663763 |
| SHA1 | 3e7868f4464b78b7ac4033329a39b181981427cc |
| SHA256 | 2126edcf281d005c7543e29f12392e30356d6db8681fb00ba2cc714ec5629f88 |
| SHA512 | 1b25358dba555aeeeb75b0b6af6a14b923a621976cad5f6e0dee1a45d4f27ff44c040ace9eb960dd367585117cb829d0c0abab6bc73191c76d401e33d7ac800d |
C:\Users\Stand.ADi8mn\Videos\desktop.ini
| MD5 | 50a956778107a4272aae83c86ece77cb |
| SHA1 | 10bce7ea45077c0baab055e0602eef787dba735e |
| SHA256 | b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978 |
| SHA512 | d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a |
C:\Users\Stand.ADi8mn\Pictures\desktop.ini
| MD5 | 29eae335b77f438e05594d86a6ca22ff |
| SHA1 | d62ccc830c249de6b6532381b4c16a5f17f95d89 |
| SHA256 | 88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4 |
| SHA512 | 5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17 |
C:\Users\Stand.ADi8mn\Desktop\desktop.ini
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
C:\Users\Stand.ADi8mn\Contacts\desktop.ini
| MD5 | 449f2e76e519890a212814d96ce67d64 |
| SHA1 | a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd |
| SHA256 | 48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7 |
| SHA512 | c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738 |
C:\Users\Stand.ADi8mn\Favorites\desktop.ini
| MD5 | 881dfac93652edb0a8228029ba92d0f5 |
| SHA1 | 5b317253a63fecb167bf07befa05c5ed09c4ccea |
| SHA256 | a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464 |
| SHA512 | 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
| MD5 | a2d31a04bc38eeac22fca3e30508ba47 |
| SHA1 | 9b7c7a42c831fcd77e77ade6d3d6f033f76893d2 |
| SHA256 | 8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531 |
| SHA512 | ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6 |
C:\Users\Stand.ADi8mn\Music\desktop.ini
| MD5 | 06e8f7e6ddd666dbd323f7d9210f91ae |
| SHA1 | 883ae527ee83ed9346cd82c33dfc0eb97298dc14 |
| SHA256 | 8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68 |
| SHA512 | f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | 17d5d0735deaa1fb4b41a7c406763c0a |
| SHA1 | 584e4be752bb0f1f01e1088000fdb80f88c6cae0 |
| SHA256 | 768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed |
| SHA512 | a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | c140f29230c9a4eb4ab775e517c359c6 |
| SHA1 | ad92b8b7ea27ccfdf93cf258349dc67b578912ec |
| SHA256 | ecd97f8a22bdcd043b35e43a878df2f60b125196267c357169bdf09fe0c458da |
| SHA512 | 24341cf7cca6feb856d0fed5d7dbe8599cff94ee47d77f7de313c5ae6da368b3a2f59d5c54fe0a07a6734834ea04c2c829facb11bb5745e7f069eb11a51cb77c |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
| MD5 | f107d0270e21a2fe91099fdc15918d44 |
| SHA1 | dabc2f24f4a4e90053743166e5c4175dcf2b2d2d |
| SHA256 | eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8 |
| SHA512 | b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c |
C:\Users\Stand.ADi8mn\Downloads\desktop.ini
| MD5 | 3a37312509712d4e12d27240137ff377 |
| SHA1 | 30ced927e23b584725cf16351394175a6d2a9577 |
| SHA256 | b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3 |
| SHA512 | dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
| MD5 | 7f1698bab066b764a314a589d338daae |
| SHA1 | 524abe4db03afef220a2cc96bf0428fd1b704342 |
| SHA256 | cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76 |
| SHA512 | 4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 107007b6944f02921ea38915c168d226 |
| SHA1 | eaa3ccf0123084a4d4ca7a5b889cd965940c3e6c |
| SHA256 | 9fe15daf69cefaaec8742a63bb780609d3317fb98d742be9dac39c054cdc0b24 |
| SHA512 | edb6a1f75b590d8680ec5b1335446ddad38a671d628ace549f5ec67cdf4734a6eb69a8baf995755674e3c40a24bb990d5eb635ad3afe2180bebaaac6513dff61 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 5547a64ee3681b1fca07111e73dcc51a |
| SHA1 | 0b16a54ccb7c0284df649594e006ca96e07ac296 |
| SHA256 | c6a3db953cc63f23aa5ff66de5fc6b483f6a1106cf1f77cbd73617b2c4340e0e |
| SHA512 | 21a6b9b2c578ea8d0bfb22c1b37b0dde47395ec958fa5c73eafeb8b865080db132e565c7e8ce2ab1d2e934f414e23b820f3ff3571a7d737453f3ace76d11cc25 |
C:\Users\Stand.ADi8mn\Documents\desktop.ini
| MD5 | ecf88f261853fe08d58e2e903220da14 |
| SHA1 | f72807a9e081906654ae196605e681d5938a2e6c |
| SHA256 | cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 |
| SHA512 | 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
| MD5 | 548b310fbc7a26d0b9da3a9f2d604a0c |
| SHA1 | 1e20c38b721dff06faa8aa69a69e616c228736c1 |
| SHA256 | be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac |
| SHA512 | fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1 |
C:\Users\Stand.ADi8mn\Searches\desktop.ini
| MD5 | 8e11566270550c575d6d2c695c5a4b1f |
| SHA1 | ae9645fad2107b5899f354c9144a4dfc33b66f9e |
| SHA256 | 1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704 |
| SHA512 | a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | d1e9b491a2c1a247bcce86478b611feb |
| SHA1 | b5023317e12d07be381590a7c654c753e8d3d39d |
| SHA256 | a7c09e7bd8efbc04a827666df38da4a1598ee3cbd23cc8883aa7d54531715d0d |
| SHA512 | 970c64524aa898d0b24890115ff11ba6cd547e641fb7658303cc36ef6bef496e3c4f0bb95ba48aa10e3669d3171a140b7602fe8afbf4e94c00d1a099d4e0aa2b |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 43316303b93df0edd21eea3577b6c918 |
| SHA1 | 21d3bb07752df5b440fd538078c6b81f5f7ac6a3 |
| SHA256 | c9e27337ac347564b77fd29cfed0f8817b61135adee1ea992ec1c9777ec786f7 |
| SHA512 | 33fa9a6b5b1f193da62e28f0def6a1666498dd4176e4b4afb161f5272bdee29bc7f50a85fc4dcb62e73d4546dfa7f0f4d16ca7e458f0ccd6a9730aff164958ae |
C:\Users\Stand.ADi8mn\Searches\desktop.ini
| MD5 | 089d48a11bff0df720f1079f5dc58a83 |
| SHA1 | 88f1c647378b5b22ebadb465dc80fcfd9e7b97c9 |
| SHA256 | a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17 |
| SHA512 | f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8 |
C:\Users\Stand.ADi8mn\Links\desktop.ini
| MD5 | 98470d9bd7fba55a0c303065f9c4f9be |
| SHA1 | 5303b190e29ba48332f7c90a832ef08af5a1953d |
| SHA256 | 3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72 |
| SHA512 | 134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c |
C:\Users\Stand.ADi8mn\Links\desktop.ini
| MD5 | de8858093993987d123060097a2bad66 |
| SHA1 | 0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5 |
| SHA256 | 4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec |
| SHA512 | fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 453249f95d75eb5e450eb91fa755e1c8 |
| SHA1 | 3e200e187e8cd21d3d1976ea0f7356626254de18 |
| SHA256 | 01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a |
| SHA512 | 6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c |
C:\Users\STAND~1.ADI\AppData\Local\Temp\RGIC69A.tmp
| MD5 | 3006752a2bcfeda0f75d551ea656b2ef |
| SHA1 | b7198fc772be6d6261ed4e76aca3998e8f7a7bdb |
| SHA256 | dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a |
| SHA512 | 3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854 |
C:\Users\STAND~1.ADI\AppData\Local\Temp\RGIC6EC.tmp
| MD5 | a828b8c496779bdb61fce06ba0d57c39 |
| SHA1 | 2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda |
| SHA256 | c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d |
| SHA512 | effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea |
C:\Users\Stand.ADi8mn\Favorites\Links\Web Slice Gallery.url
| MD5 | 873c8643cbbfb8ff63731bc25ac9b18c |
| SHA1 | 043cbc1b31b9988d8041c3d01f71ce3393911f69 |
| SHA256 | c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466 |
| SHA512 | 356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943 |
C:\Users\STAND~1.ADI\AppData\Local\Temp\wwwC94E.tmp
| MD5 | c2858b664c882dcce6042c40041f6108 |
| SHA1 | 52eeaa0c7b9d17a8f56217f2ac912ba8fdc5041a |
| SHA256 | b4a6fb97b5e3f87bcd9fae49a9174e3f5b230a37767d7a70bf33d151702eff91 |
| SHA512 | 51522e67f426ba96495be5e7f8346e6bb32233a59810df2a3712ecd754a2b5d54d0049c8ea374bd4d20629500c3f68f40e4845f6bb236d6cca7d00da589b2260 |
C:\Users\Stand.ADi8mn\Favorites\Links\Web Slice Gallery.url
| MD5 | ad93eaac4ac4a095f8828f14790c1f8c |
| SHA1 | f84f24c4ca9d04485a0005770e3ef1ca30eede55 |
| SHA256 | 729111c923821a7ad0bb23d1a1dea03edbf503cd8b732e2d7eb36cf88eaa0cac |
| SHA512 | f561b98836233849c016227a3366fcf8449db662f21aecd4bd45eb988f6316212685ce7ce6e0461fb2604f664ed03a7847a237800d3cdca8ba23a41a49f68769 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
| MD5 | da288dceaafd7c97f1b09c594eac7868 |
| SHA1 | b433a6157cc21fc3258495928cd0ef4b487f99d3 |
| SHA256 | 6ea9f8468c76aa511a5b3cfc36fb212b86e7abd377f147042d2f25572bf206a2 |
| SHA512 | 9af8cb65ed6a46d4b3d673cea40809719772a7aaf4a165598dc850cd65afb6b156af1948aab80487404bb502a34bc2cce15c502c6526df2427756e2338626062 |
C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows Mail\edb.log
| MD5 | 3b8be7ca650b50f1894a7fc222e01e79 |
| SHA1 | 672a022e9ab50ad269bfe7f06d2f8d4dbe4e0a73 |
| SHA256 | 6022d01ab28b862388506efdcfb096d38ee495bbeb68a1361f9b0a0ae3e8c5fc |
| SHA512 | c7d75e42f4bd4a7e90332c3b899c09af881dc504525f7d87f0cc15cbc6792786fb7e15e3affde3d13831a55ed4178ce969635d0f55ced887a2a064d1c9f21093 |
memory/2880-996-0x00000000027E0000-0x00000000027E2000-memory.dmp
memory/2880-999-0x00000000028E0000-0x00000000028E1000-memory.dmp
memory/2880-1006-0x0000000002450000-0x0000000002452000-memory.dmp
memory/2880-1008-0x0000000002430000-0x0000000002431000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | 46a4eca2a791d84afecfd9f129a567df |
| SHA1 | 004f2926d9377cc23c5b68ce26907435b8539643 |
| SHA256 | 06b6d34db7e9ebecc07e0b53fedb2a9bc2d4563b1d2037b7630fbc002942baf7 |
| SHA512 | dbeecf882210add0dd4ac57f75ccdf6a9604c3308e92f70747313f89a7f9c590f4e1cdd507e53ee37e0a1b7e437320dc6ec1299d406ef34ddd67dfd900fddd98 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
| MD5 | 4d7a0638c2d76fe0d8a6bc92be6d45c6 |
| SHA1 | b7ce38e2907faa31d603c75b1ab17ad24129c30d |
| SHA256 | 35150162b1d250163f3aae105c64dfc8b5d294a9a09f90a0f6494624151b4aa9 |
| SHA512 | a275366aab51a03e4838bca5ef335e4433838895ef1146ec7c24b5cf7660f21a0eae93914da34c758e47d6ccf8ad262e5d58979e78b7d29380e1d9939e723dec |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
| MD5 | 9d3992c20197c16cff5b7c3a385aad64 |
| SHA1 | 9a2834d33eb30d65b2b2c4e66cf5f14ea0eb5417 |
| SHA256 | 1bbb09845d9e1a4e3eab3f65959ebe583ef9fb361a5b7062be069212f68905ff |
| SHA512 | 3ad05ff08a49fb4524ac9e588ae7b09ac70d37b60637965e4d2f5a286080a3b01c1ed20ad6431b088ecc065233e00f4d84946be2fc6ee224dc6cbaeb127408a8 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
| MD5 | 7a8d325ba6bd708046b0e8e26aa22db5 |
| SHA1 | 5994c67a16969ee746e5a85198746c477bb1aba5 |
| SHA256 | 139aabdd512b412114252c20742fc9972d8cf9c52dc1926ec74e34f68359e694 |
| SHA512 | 6688f21f26dec0e317405406133d9f26ccf0cbf3730843ceb737fa1ad0ee280ed476bf73eab72e4d770b2c89ac1f59d3d6568df74d6c6cbab8c07430027473e6 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
| MD5 | 7f8019fb465f9a09c3b5002059a248d4 |
| SHA1 | d16c0b7e6215b2eb1b262c7a57a46c4677aa8163 |
| SHA256 | 6853e3431028ccec881c9644ed4a5eb4635465eb8399b0b10acd3f7499bc8716 |
| SHA512 | 5849eda663a86c17a7dcbfc6083a16c8ca8eb72d64d8a63dc44f5e9efcf5d72ca8e2cb0fb92b388f92cbfbc39235577e162ac94c728c130b7e2313aa5c7451a5 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
| MD5 | e4e50dfa455b2cbe356dffdf7aa1fcaf |
| SHA1 | c58be9d954b5e2dd0e5efa23a0a3d95ab8119205 |
| SHA256 | 9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927 |
| SHA512 | bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169 |
C:\Users\Stand.ADi8mn\Saved Games\desktop.ini
| MD5 | b441cf59b5a64f74ac3bed45be9fadfc |
| SHA1 | 3da72a52e451a26ca9a35611fa8716044a7c0bbc |
| SHA256 | e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311 |
| SHA512 | fdc26609a674d36f5307fa3f1c212da1f87a5c4cd463d861ce1bd2e614533f07d943510abed0c2edeb07a55f1dccff37db7e1f5456705372d5da8e12d83f0bb3 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\829fa8f3-412b-41a7-970d-566fc67b2ef9.tmp
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
| MD5 | 30a27cb437428ae853ab4a63d26b1519 |
| SHA1 | 07257f7a5a46e6ea1bdfda19dcadd197fdc963a7 |
| SHA256 | 47d06cdd9f2d897a41a73af397bbddba273121c695800f33cb2bd00deed1790f |
| SHA512 | e24dab58eb4c316ff4c0f8f0b5c29aa4d2262cf3a38310dfb8bac7c9ae6a12e82410632065f7887cb3c9a9acb02cc8891da91e7d7e94d2592320945ef0030a96 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 1c61dc21f9b83172d65be1e94b79026f |
| SHA1 | 7324473ddda64b87c299bf6e3b9e9aff53f7fd74 |
| SHA256 | 8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b |
| SHA512 | 9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 9a1b13fd914dd7054b83bc1760c99ab8 |
| SHA1 | 340c37602b11cd3cb9ae681d09bfc4c81f733742 |
| SHA256 | 7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3 |
| SHA512 | 50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
| MD5 | 47b2e1c4ddd5fa161f4e7314222d7a29 |
| SHA1 | f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4 |
| SHA256 | 20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772 |
| SHA512 | 07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
| MD5 | fabab9793df60cefb431abdf1568c276 |
| SHA1 | 3fc10a1b9516918e9d73799dff46f2a4e135ad22 |
| SHA256 | 0c973b208d08a12dc4cb0dad1351564c8178d00bfc425a2d1bcab98629e111ab |
| SHA512 | 8e635d9e6527180ea5a288e800db6ab8ac523c8fc56bc640af5c00baccd291e3732ed05ad4ebaf59ceea5bb453696ac9464a05a06ba917ce5692f7f021b44f21 |
C:\Users\Stand.ADi8mn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | e5a8eb64419f6d85a1b7aed2152616c2 |
| SHA1 | f5d94f8953bb235e35fccec0ea4f14ba69443081 |
| SHA256 | 5266b08d0c1bf229ec5eafdb6dae2a4849b6b394694d34033453cf8a379725a7 |
| SHA512 | 7c304bc842c81d3b5cff745d34b038a2a867063c65e502f4155439ba0642e8b0643f9b7254f74e85d5b150c134836b9e398a0dcb192550d97dfd431c3d93f1f6 |
C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
| MD5 | e0fd7e6b4853592ac9ac73df9d83783f |
| SHA1 | 2834e77dfa1269ddad948b87d88887e84179594a |
| SHA256 | feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122 |
| SHA512 | 289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55 |
C:\Users\Stand.ADi8mn\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
| MD5 | 1c16ae3357a1d789ba860daf7cf79da5 |
| SHA1 | 429097abf9545e5dbd7c7255e7ec3d3f246ae209 |
| SHA256 | a5f957220955ed98a639656f3add79ca86772b73f55e0006f2d7afad617d3eed |
| SHA512 | 3589fd4ed4bf1fc0359a53ffe4450a0760e6e509921ad6e9e68430dcd0c629d4b05d2b3e4257d650b95d4d4c52cf58271573321758564e61c6126bf8472cd3ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b93732edab0db0ece0e8d121829ebe97 |
| SHA1 | f2cf37e3f5e482c819157a98e347a036f9fd4d24 |
| SHA256 | 43359fd652637a2cea5f2cd3f52e689e2f988d434955d6c74b54d4be16a8b32b |
| SHA512 | d2b2f588a5ea8c7958786ca844be108675fc11572f1b27cd5ca6bfcd035b9ab04f84ba3dbb45951593ed84bf4da443c24ceeb8dba95399fdd5a893bd43101de1 |
memory/1648-1459-0x0000000002A80000-0x0000000002A90000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d60633b29a1bb8265a0395ef5c38e038 |
| SHA1 | 385c08b596c3224a0a1bde9a20d890a73009b81d |
| SHA256 | faca587bf0e0597a8510a027d9fea52454a7b67b08c442bf9d8be681cde89283 |
| SHA512 | be559dff42fe6422edcb1a20b2ac3a66da6f6d4eff58a5f1f879b7a45f32dc28c64368528777c791b3949087a3e37196731f87936451913d80ecfe0e2c1903f2 |