Malware Analysis Report

2024-10-10 07:31

Sample ID 240616-le39psyaqa
Target jfxrt.pack
SHA256 0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

Threat Level: Likely benign

The file jfxrt.pack was found to be: Likely benign.

Malicious Activity Summary


Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 09:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 09:27

Reported

2024-06-16 09:30

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630037270235329" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4120 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 8 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4120 wrote to memory of 1036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc9aeeab58,0x7ffc9aeeab68,0x7ffc9aeeab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4496 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4940 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5096 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1700 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4372 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault787f4f24he734h4e7dha839hbd92c82c77d1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ffc9c3a46f8,0x7ffc9c3a4708,0x7ffc9c3a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3992 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 miniblox.io udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 miniblox.io udp
US 8.8.8.8:53 clients2.google.com udp

Files

C:\Users\Admin\Desktop\ApproveUpdate.jtx

MD5 4deb0003801cb20dbeb2614024ca8a2f
SHA1 9b2f7f2b249cedea26b65f03839f1d1d091c01d7
SHA256 f266f5dd7649ec150c0bfa8f2a2d59cf2ad25a133d6fa608b2847c612b1d04d5
SHA512 6a4921be3b190b3b34e5d09daf02d9891f47b6466ec60984f53fa7f0a769c39e3047a709622cf2aa455b791ff4ebc826dede8b4a2d216e900c8f27dd6c1344ba

C:\Users\Admin\Desktop\CompleteResize.wmx

MD5 3cb1164936f2a7f63293a90a30ff013c
SHA1 d0ac2a2d309760c2491f78ff9e19dcea86fad9da
SHA256 1df99625e8b16c81d95704a91eec692257a6fe2777c896809836f2e229fa1086
SHA512 cfac4aaab74187e322c44cf1f27e5112c582786ff6ac2e0ac19b25c73230a553a2abe3e6435822c8549845c017f09bad5081af5f2dfdda843b6e98b75e9e1ef4

C:\Users\Admin\Desktop\ConnectPop.dotm

MD5 c901f56fd67cd74237f6cf6f148a65fd
SHA1 a1ad3207b754698725210ae9c105508c270aa140
SHA256 629232938c319679210732b99a2944a6886fd914a5124f21e11c92707f5d84df
SHA512 b1258e7b71e1a70d360b2a79f4be85a48ab51ecb54ef3152445b87882e6f939436f5ed6f41c6719bd975e516be5392a46410d858a8a30e2a70b1e5703dfcf250

C:\Users\Admin\Desktop\CopySave.vssx

MD5 b16e58ffe89b1e92ab7ff17e6fc55f7f
SHA1 6f4c83d08b345aeae1f6c9c9d5f5216b808d3812
SHA256 e699c7c47c2a10c7b8d0b544aa9757a58057dc04adf588805c921aa64822eb3f
SHA512 dacf40f9838ef85be3bcd024958c77c1634c2d0b56442770a4b7003d0aa505d1c7bcfa0ce34e3a715b6bbfffab5347b7ef4bb4917d1f9639ce420cdebd6ea58d

C:\Users\Admin\Desktop\EnterSend.zip

MD5 ff04175b1cc572dd1b4cd7682fc2f445
SHA1 85f98ff5316401c27f0b91de59d9cba26538dd44
SHA256 83f472b9116585b79f6b4bb1d3f6a2c59cbaf3e62ddeae9505c9de186b01b9c7
SHA512 be3b5e4d7e7a8075ecb30f99c3013db2e0227765798b0acb2ffaff5403b1c0cfba5200e28b77de57f40ee129842f9e432b2d680e54a2614f35f97595c3033b18

C:\Users\Admin\Desktop\EditInstall.gif

MD5 f521be148938c6c0956771bf68e9a53b
SHA1 fc6a552c0adf696dfb4edd60d519c7b112aae29a
SHA256 6b79818efdd8c7b3fc1f74c028488656dfba05061ba17513637f07c75b2f040c
SHA512 22b0146829ce3c7128d041d13900d43acd9f5ff207171fe119abb2251314d91af5c0bdb2b523bdb0c48f3c62b19b50887aad701da69c281f110c2065f805278d

C:\Users\Admin\Desktop\DisconnectMount.emf

MD5 8d776fbd9fb81c86bffc7db239f446e2
SHA1 1c5ae67761d6bf1f400fd4b389e55db8f4142d4a
SHA256 f2287fda69694058c3f44dac89cf6478984c0c7e987d90a6a828486c1d3cadf8
SHA512 3effd16ede8659a71c25c72a3adcd65bd4ae6676e5756464f857524c1ff737c3491bb4cce182fb2254d14db2b1b22f4300abd0b044493b3d576280319bc75950

C:\Users\Admin\Desktop\RevokeApprove.emf

MD5 84492c8d3d92038736286a27695f108c
SHA1 366453d19eeda8610cf54eea2e833fc65e5d158c
SHA256 e985baabb3da52f156a4a51490240b64cf743449f144650762172e83f9b63ba5
SHA512 a00776ef388a3c42539e7a9a5e2a8fb538b51b732ea7b08d96f072a07e0f4c6d58246293aa6c4f2ce9a98b3c7b4971958b94a8d140e6fd21a4f968a940ef71c9

C:\Users\Admin\Desktop\UnpublishFormat.vssx

MD5 de57c4ab3eeee5441b09c572969bd582
SHA1 d932a986237b8b1b10cf4810e9a5fc96d0c0fcf9
SHA256 942885d289f7c9461fa75e64312a786a1157e5e631d427b35abeb42419a0228f
SHA512 32d26853b42fd84d4c6b85dc653d3ad0f9b7af07751ee91dc6dd950b246016b81f5e024ef3fb4e3cea347e91d6dbd7650116b09ba5715b53d2284e4972091329

C:\Users\Admin\Desktop\WatchConvertTo.odt

MD5 1c6343b84a03f13e28aaf08a5d59afce
SHA1 21ad2995d2eb2566f39f5417c35871d68c408fca
SHA256 7ec071e38d3f81c3e75284c934f36f8a335761c6a5a5135e82ae61be088e3c4d
SHA512 17654d9e7d7d59cd5dc059fbaba0ef88c8c63dd2637da1886580a5c925be4959604b5f4c74f2b0223c0340b79de0b8e2ecc4373b680bc5fde5fc7406ebff535e

C:\Users\Admin\Desktop\WatchAdd.dotm

MD5 28bb33836847dd3cc4527dade2c3b1be
SHA1 a2ff0e4ba5d534df208ce92b8b1220cb41079933
SHA256 4ca4cb4674e9cb65631908955665b3c4a578c62b44f9e1d3ca0af59b7635fce7
SHA512 962d4aeca8f31d9920d48fb6a4238c786adc2864ebe7b096e2eb0e689ab63d067bdbc5e25ca99343b58de092c30fc27bb90e72c1e90f80fe9385125fa73f7c46

C:\Users\Admin\Desktop\UnregisterStop.tiff

MD5 5518b9c6ece0ee3a23a8aac24d79f5bf
SHA1 9f1179a021e8698b1ce3b665754cddab7a16fcc3
SHA256 44ab8823383e337682b5075f6698034fd54a496a61a4cd8f80c1a6786e957f7d
SHA512 0611553e125af1ba9d881c0be30fe017c8d389dd4ac04f885b168977ae83bbcd5c8b81a6d9de0e9ada07fa8515a1f53f8f182e53b7d4e028b2e1548d86fb703b

C:\Users\Admin\Desktop\UnprotectFormat.dxf

MD5 3d07e29e80335df371710b0c574fb787
SHA1 ed8806f43480665aea3bc3f279b4edb44f9144be
SHA256 31d737af6b8a2c514e5bf9eeb5023005f39b5b9d5ee05bda43a4c297bbb1af3c
SHA512 c89c4a04924d7e2c8a8561447e633f39a33a2d0d85dae6e0914a93a5078ed09acefdc68606cc9620cc9dedf05e8fd934dea6547b73a11a3a893832484f89af22

C:\Users\Admin\Desktop\SyncOptimize.ogg

MD5 d34af3aeb784b4e2d96855940c10baef
SHA1 e11fa76499b87121d25818a8784ae318b99ba299
SHA256 3b6142086abad48e675abebb23b301e1d6c98f4099c82235630b04946320912e
SHA512 8e785e87d47f26f61a77f3d64c48139ffd64e4bf112dd4b4556a87bc401fde3ff2f50678886574b5343d2318e2ccaa2d9d8da1763311c5f557ae642256268cb2

C:\Users\Admin\Desktop\SuspendCompare.tif

MD5 52550c2f92421d5fadff5f02721c0f5d
SHA1 8971101297062db4bb243c2cff051328e0c6bb45
SHA256 67d32b60d92b3d66424ca70fffecea9a9121ff372aaec0de0b39a45c8232295e
SHA512 7687a94f5f9a3474ef5ce8f77c79b5f563634df8414e1069414f621fe7bde4815ea8dafbb94a8d10eaf0f71ea284133eeb95095d84ef8fea558d5b2b8dc30259

C:\Users\Admin\Desktop\SplitPublish.bmp

MD5 7565ee3fe10758ef70a88a45c3ab79d7
SHA1 d8a7a04d511f18bcf59e8c8287a337c57ec47f07
SHA256 4a062c4d43e7d73d892a0eaf85004b417ee061ed46ff106b66ddfe85de89a718
SHA512 d6a34adec27aeaea417f901c0242d2d8e42226bdf3231f20e18c7e5b9f34f7e916ce57ee8b69553a942ebef31919518ca229b58f52e5b7d60caa58eaff3b194e

C:\Users\Admin\Desktop\RepairEnable.mpa

MD5 f1b7fba6b9a8103eaca989d7aa14ac98
SHA1 bca7ed7ea448e0673baee9bea72de5f840f39fff
SHA256 789bf4ad1bbe93e5e00d6e47ce0d8990f9867b852c85318d5ff3e11406b4baad
SHA512 2356c402b2c689d0ed83f6d496b23d16e8332b9b1926a39f6edea9077f45c854528be84df0f40b3873b8fa8ec71eb936aa442c91bb34245921f22b66d15d4d5f

C:\Users\Admin\Desktop\RedoSwitch.wmv

MD5 8aa811416942052342fe3ddc323233b7
SHA1 66227428649d396506a4bcbfa97228c063acba18
SHA256 d01ebf9f74a2c74b245d772d28fe093d056a49024d43cbd33fa4af10d0d1bab3
SHA512 48791276dd8f3e40e35dbad1ce77fac9f39d46926a28f9e448f488ad957d43fbb4d74f5c85886e73657b1e7bbfb20b315a2726c82c49592875045b8f081639dd

C:\Users\Admin\Desktop\RedoFormat.exe

MD5 1d174021c811080d75ac9cc87e209eb4
SHA1 8ab2b9269c13f9d08ff8bd754761b183de54db31
SHA256 da3f4bc000df1a90e8e5de20c8b7ed34649b04ce9b3bafe1489680c7de799f5e
SHA512 708263ad1ca98f48946a02cf67efd8656ccc6dc3b2e307d8dff26edfdfb450ef24f5b5a99f58827bf265e946dc63d3fa5a2b75bb7f1473aa57c83e2c65d2d6b2

C:\Users\Admin\Desktop\GrantResolve.rmi

MD5 5b971b43199bc97885308220511ac2aa
SHA1 55b639e9cbae01a92a0e81abebfbd333701d8c0e
SHA256 4a52d69c1b220cdbda075be145abf14ff02dfa36b62c86f5d8cb6c91b920ddfe
SHA512 869a0ceafe08fcf3ec35e75562785a3832cb313c32693bef792b74f9ea305ff8761f241fdca59fcf6a0b1cc41572881f6d1ec43409e4d14af6b072a1eb6710d9

C:\Users\Admin\Desktop\ExportSelect.m4v

MD5 1ce62e49ae99ddd3cc98226d239f91b8
SHA1 535e5fb4f6e2cc9676811b08877593ff8a2667eb
SHA256 adf6259d1cafff65fefb4138975a075aca364a85b0a41ad92697951075078701
SHA512 a0ae7c16efc5419e363b2446cd7f80129051be3ccf9acb05a17d0ff7a2db721118fec1ab8a9443a3c365a4f0d60b7d61d9944533e45254c4882e7e0caed5072d

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 a62f85ded507d9e3b6201ce2026832d2
SHA1 e56e290431ab577db73c9d92da8463c765ed274c
SHA256 97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0
SHA512 387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987

C:\Users\Public\Desktop\VLC media player.lnk

MD5 6f7965131b5e962a9635819f96160aa1
SHA1 aa2a5ec1bb2339db835982980aaa5373be687359
SHA256 e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4
SHA512 7b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2

\??\pipe\crashpad_4120_PYCWTBLCMMYKHMZL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a5685176689e5490293d92573f780e4f
SHA1 9a133c6c9569ccb3fe7de71708e63506051a6afc
SHA256 60032f58fae23de41ef4407a612db65d73f84a604d5875e17012b2bb492002c3
SHA512 9cda2da99987bf63890f225bfe0a29a8e0a949b4f12b28d964ab90f057a3e6b5ba8fad2c227feafdec44d40ffd9f9af8b5d742fa989ad184adaab98824ee1806

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bb3b0a89cc6dde5d0941c43d28f10398
SHA1 10fd7bc6906556470374c61857d1c8fc696b8bce
SHA256 fd08fb386a34757658eda09f6cc8f38716a6d9e8da9e6f70f16e8443ce63e41a
SHA512 ac44c34187520294119c3079ce805ce3f5dfea3f6542e9fc0c55065fef43a006ac3560ca0fa4ccd082e5503cf4f4f937890857dbef39af9045572cdf9d02493c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2883263e1cefac34a12308e289548381
SHA1 ba0f123131000853605214c5711bcc876dd715ec
SHA256 5908381d92342b665a775c9eae8463cb2e3be18f19297cfcb97721405d80cb1b
SHA512 4801ad3838ce3d2d47ccb32ec7c356ea0f4d39b9b7bfbb60cfb7f446cfa21f82301081cc3869b0317fde10919b2d488f918e3bbc3fbf01a9e0afd7eae947170c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b1e7350378d87f1ae173e466346c7e3a
SHA1 733b21dc194190945f31b0c1099d8e56fbf71b76
SHA256 613a542b0a0357d3fc65bcad971e759d0f7d8fe0fc45331e86d4ceffcff7b3d4
SHA512 9cfa676c71ad91c01597beeb273fa715008ae0ed8f44a5e5454b3f5f64a08a0ac9434b989049f00de501afaa173f3c26e19b1f172436eb744eb19be115faf172

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5898ef.TMP

MD5 087bc06b695288bd6a61f8b640f5c636
SHA1 616dd9810e04e470289719fef0f66dbccc27c70e
SHA256 550a159cac837a3ded20ef28463b79c5599a20278c3d5a851b335d58ef8804f9
SHA512 10b15107a74c7ac3898e8e37b1a04a339a2d9360ce528c80a075bed51665b14046db11b484253df2b39533b4a5c2258040da1f16429664b5245004e2b46a1162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d472b079d9f7f8f848b5cc2d25e3d466
SHA1 70c6d04206f1686907a6230495ad223f2042e49f
SHA256 32f642540294f0081f424d5d604901d158c361734e35de03dcc407250f68ff95
SHA512 2a1736b48adecd4cb6d9c3c277bee578166a84efbdb6ddf6346d77aacf897cbebc8f63f1216d7d5e84c991da51b4e46e173172e9fcbca3a83b74248bf4d6aa10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 91d4f68c57a54d09aa032220f3058d66
SHA1 d0c5c72148fe5cb618d1a3059f125c2e67907154
SHA256 b889b529755ad66ca3520698a9e50ba0b6a2dd4538c7167bbbaec61281d6a681
SHA512 8586a7c5e246861ed20cf03306cd16f71e68dc29f23a219a6ee2489796635319a68d4fd6a228ecce645e77112a344d35d3044a8418fbf262403b9c78f3521256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a