Malware Analysis Report

2025-01-19 04:33

Sample ID 240810-l3p2zsvdjj
Target lolhahahackerwowohnoo.zip
SHA256 0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2
Tags
execution ransomware microsoft discovery phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0dd46341ec484a9634677c19ce94f04287f2f288c7bf4b751e0ca28a569986a2

Threat Level: Likely malicious

The file lolhahahackerwowohnoo.zip was found to be: Likely malicious.

Malicious Activity Summary

execution ransomware microsoft discovery phishing

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Enumerates connected drives

Sets desktop wallpaper using registry

Detected potential entity reuse from brand microsoft.

Drops file in System32 directory

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Delays execution with timeout.exe

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 10:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 10:03

Reported

2024-08-10 10:33

Platform

win7-20240704-en

Max time kernel

1565s

Max time network

1566s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-10 10:03

Reported

2024-08-10 10:33

Platform

win10v2004-20240802-en

Max time kernel

1360s

Max time network

1148s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 214.80.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-10 10:03

Reported

2024-08-10 10:33

Platform

win7-20240705-en

Max time kernel

1561s

Max time network

1562s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lolhahahackerwowohnoo\\wowcoolfile.png" C:\Windows\system32\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2904 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2904 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2904 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2108 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2108 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2108 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2108 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2108 wrote to memory of 2980 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2108 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2988 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2988 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2988 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 3064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 3064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 3064 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2696 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2696 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2696 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2872 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2412 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2412 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2412 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 2108 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2108 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2616 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2616 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2616 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2108 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Add-Type -TypeDefinition @'

C:\Windows\system32\reg.exe

reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\wowcoolfile.png" /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\msg.exe

msg * "Error 404: Productivity not found. Did you try turning it off and on again?"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 500: Coffee is empty. Time to panic"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 403: Access to Netflix denied. Go outside for a change"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 301: Memes not loading. Did you check your WiFi connection?"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 999: The 'Enter' key is broken. Please perform a ritual dance to fix it."

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Invoke-WebRequest -Uri 'https://mirrors.cicku.me/linuxmint/iso/stable/22/linuxmint-22-cinnamon-64bit.iso' -OutFile 'C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\linuxmint-22-cinnamon-64bit.iso'"

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Windows\system32\timeout.exe

timeout /t 2 /nobreak

C:\Windows\system32\timeout.exe

timeout /t 1 /nobreak

Network

N/A

Files

memory/2904-4-0x000007FEF5E3E000-0x000007FEF5E3F000-memory.dmp

memory/2904-5-0x000000001B720000-0x000000001BA02000-memory.dmp

memory/2904-6-0x0000000001D20000-0x0000000001D28000-memory.dmp

memory/2904-7-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp

memory/2904-8-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp

memory/2904-9-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp

memory/2904-10-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp

memory/2904-11-0x000007FEF5B80000-0x000007FEF651D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 1019b1de077b495279a087dc587a0461
SHA1 bb63ad73beb6ac30cda836446d76173c4c469254
SHA256 a37bc1a091b1d3fbe9136ce742c5869cfe1ea12119513f6829448fc4258dedb1
SHA512 3b95eaf731906d9617241c05fe775b4b1e48b4cef1498c6cc94f81c24f02e3ae3260ed3c89f422e9268e0c595de79758f43079443e84589454df060b8252b6f7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ESC7F5YV8ORPR0RFOT0Z.temp

MD5 b677d8824dfa3989ba732222db4c052d
SHA1 e821b12003fdb876b03c9004799357bea565f9c1
SHA256 2086f4ecc5dac9fd6173ac9f2fc411d29648eef17227df8cd8b3718b031c4c0e
SHA512 1da98c2ee3551f7533975c9744b61209d0cfdc98bb5a29ce2c065b0e91fdc7d0edcd5e3a84e52afd2959a98535a91f9dca158fcb9c5e1676a1944f929472f3bd

memory/2652-17-0x000000001B730000-0x000000001BA12000-memory.dmp

memory/2652-18-0x0000000001E80000-0x0000000001E88000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-10 10:03

Reported

2024-08-10 10:12

Platform

win10v2004-20240802-en

Max time kernel

489s

Max time network

469s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc011.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\PerfStringBackup.TMP C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\perfh009.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfc00A.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File opened for modification C:\Windows\system32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfh007.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfh011.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created \??\c:\windows\system32\driverstore\filerepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\perfc009.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\perfc007.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfh00C.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\perfh00A.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfc00C.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\perfc010.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\system32\perfh010.dat C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\basicdisplay.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\system32\wbem\Performance\WmiApRpl_new.h C:\Windows\system32\wbem\WMIADAP.EXE N/A
File opened for modification C:\Windows\system32\PerfStringBackup.INI C:\Windows\system32\wbem\WMIADAP.EXE N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lolhahahackerwowohnoo\\wowcoolfile.png" C:\Windows\system32\reg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\inf\WmiApRpl\WmiApRpl.h C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\inf\WmiApRpl\WmiApRpl.h C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_proximity.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\PerceptionSimulationSixDof.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_holographic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\inf\WmiApRpl\WmiApRpl.ini C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\inf\WmiApRpl\WmiApRpl.ini C:\Windows\system32\wbem\WMIADAP.EXE N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service C:\Windows\system32\mmc.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{80497100-8c73-48b9-aad9-ce387e19c56e}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Capabilities C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\UINumberDescFormat C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000D C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Driver C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29} C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\DeviceDesc C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Device Parameters C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Device Parameters\Storport C:\Windows\system32\mmc.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\UINumber C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912} C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\LocationInformation C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Capabilities C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 C:\Windows\system32\mmc.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Driver C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{80497100-8c73-48b9-aad9-ce387e19c56e}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\DeviceCharacteristics C:\Windows\system32\mmc.exe N/A
Delete value \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\ContainerID C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912} C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0010 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Security C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{83da6326-97a6-4088-9453-a1923f573b29} C:\Windows\system32\mmc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Windows\system32\mmc.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Windows\system32\mmc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677578983293907" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\wwahost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\wwahost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "2" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt.live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt.live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\Total = "40" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomai = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "124" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\Total = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "40" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com C:\Windows\system32\wwahost.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com\ = "40" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com\ = "0" C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "0" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho C:\Windows\system32\wwahost.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1" C:\Windows\system32\wwahost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1772 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1772 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1772 wrote to memory of 1500 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1772 wrote to memory of 1500 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1772 wrote to memory of 4348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1772 wrote to memory of 4348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1772 wrote to memory of 2996 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 2996 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 2200 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 2200 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 4552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 4552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 2276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 2276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 3792 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 3792 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 2848 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 2848 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\msg.exe
PID 1772 wrote to memory of 832 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 832 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1772 wrote to memory of 864 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1772 wrote to memory of 864 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4356 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2400 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 4256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4356 wrote to memory of 1504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\hello.bat"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Add-Type -TypeDefinition @'

C:\Windows\system32\reg.exe

reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\wowcoolfile.png" /f

C:\Windows\system32\rundll32.exe

RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

C:\Windows\system32\msg.exe

msg * "Error 404: Productivity not found. Did you try turning it off and on again?"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 500: Coffee is empty. Time to panic"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 403: Access to Netflix denied. Go outside for a change"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 301: Memes not loading. Did you check your WiFi connection?"

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\system32\msg.exe

msg * "Error 999: The 'Enter' key is broken. Please perform a ritual dance to fix it."

C:\Windows\system32\timeout.exe

timeout /t 4 /nobreak

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Invoke-WebRequest -Uri 'https://mirrors.cicku.me/linuxmint/iso/stable/22/linuxmint-22-cinnamon-64bit.iso' -OutFile 'C:\Users\Admin\AppData\Local\Temp\lolhahahackerwowohnoo\linuxmint-22-cinnamon-64bit.iso'"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f4f2cc40,0x7ff8f4f2cc4c,0x7ff8f4f2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2324 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4876,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3432,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Windows\system32\timeout.exe

timeout /t 2 /nobreak

C:\Windows\system32\timeout.exe

timeout /t 1 /nobreak

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4596,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4044 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4f0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4944,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1252,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=3376,i,2908515085787249360,12854552998131823682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:2

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /R /T

C:\Windows\notepad.exe

"C:\Windows\notepad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault03ab0da8h6b3eh4f36h9449h15875beb50c3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8fee746f8,0x7ff8fee74708,0x7ff8fee74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6185087702473869874,8140085373075818776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa385b055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 mirrors.cicku.me udp
US 104.18.129.116:443 mirrors.cicku.me tcp
US 8.8.8.8:53 116.129.18.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 debian.org udp
US 151.101.2.132:443 debian.org tcp
US 151.101.2.132:443 debian.org tcp
US 8.8.8.8:53 www.debian.org udp
GR 194.177.211.216:443 www.debian.org tcp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 216.211.177.194.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 cdimage.debian.org udp
SE 194.71.11.165:443 cdimage.debian.org tcp
SE 194.71.11.165:443 cdimage.debian.org tcp
US 8.8.8.8:53 gemmei.ftp.acc.umu.se udp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
US 8.8.8.8:53 137.11.71.194.in-addr.arpa udp
US 8.8.8.8:53 165.11.71.194.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
SE 194.71.11.165:443 cdimage.debian.org tcp
SE 194.71.11.165:443 cdimage.debian.org tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.165:443 cdimage.debian.org tcp
SE 194.71.11.165:443 cdimage.debian.org tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
SE 194.71.11.137:443 gemmei.ftp.acc.umu.se tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
GB 95.101.129.216:443 www.bing.com tcp
US 8.8.8.8:53 195.195.62.23.in-addr.arpa udp
US 8.8.8.8:53 216.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 account.live.com udp
US 13.107.42.22:443 account.live.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 22.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.89.179.13:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 fpt.live.com udp
US 52.167.30.171:443 fpt.live.com tcp
US 13.89.179.13:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 52.167.30.171:443 fpt.live.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 52.167.30.171:443 fpt2.microsoft.com tcp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 x.urs.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
GB 20.58.112.186:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 186.112.58.20.in-addr.arpa udp

Files

memory/4036-0-0x00007FF8FF0F3000-0x00007FF8FF0F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_25ckmlix.hb0.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4036-11-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp

memory/4036-10-0x000002833CA50000-0x000002833CA72000-memory.dmp

memory/4036-12-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp

memory/4036-15-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp

memory/4036-16-0x00007FF8FF0F0000-0x00007FF8FFBB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6d3e9c29fe44e90aae6ed30ccf799ca8
SHA1 c7974ef72264bbdf13a2793ccf1aed11bc565dce
SHA256 2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d
SHA512 60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a

\??\pipe\crashpad_4356_VEBNNDSBCZSKVTKS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 62077a5dbc8c337b87297c4b30408538
SHA1 3e9045ea139788988646b7c2f403be76c8ba2c98
SHA256 da69bc3be730566d7d5d72dea4c8329ed1a25e023b21565cf684fae01ee51b77
SHA512 9f56d52e87ba024941f9929737d9be655bcb268f25db4d4d45f9d72a4c52d9544f3eb4d2bf5d8f004dc8446b8278f2d3b3073b3bc6d6c00f80958c3d0bcc490e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 092e6a933991c780ca3298e0fdaf165f
SHA1 51873f974b53bcd9e275d017f8335e69fa1b1dda
SHA256 816b50628b50aa97f43c2bdb5477a520ef90e0bde398609f4a2c7f80a1d1976e
SHA512 8aa8a6ee29c8a48f04d874ceb37e208a01596a1ac40fda7c43c24b60cd49960ec69e8adda98b629c1af934c382b30571d69b25b83c56f92bd2d945b4804be1f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e98137a3e6d4f442e03390baec858d12
SHA1 4e36caa966e4f7539f924387460cf92436c23a85
SHA256 bf5babab46e69fa07581269ed74422c7cc3b83a4942770859101f64e3c77bb0e
SHA512 b3f21818acca9955e671fdf9f8786f9b748f017356ebee5df43cca24785cb0b588f5fb4993126ba6b3f8868bdba9d83275f18e311a0bb82802bd6a4df149606d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b34a18e83729e0e5621630310f7b32a0
SHA1 e72102d96a8cc0509937c54de96e6af7b5d0693a
SHA256 58aa5e3834e999afdbd6d003b612e50733c88879a3981ab1e887110c9a5f2128
SHA512 e5dc6ea5f31ee3e463b162717e44bef2bf499cb9b6e4f3d5d62a1e93599f0a963a8b5aad3f81ae0e8b78e25400a75b5ad486aae16610c5e21bae8c2e579af86d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d8f25b15ab7eb8eb36095bdfef7a8783
SHA1 af3526d9c9b7bf33425e640b351579b8983cab92
SHA256 87c9e9510631944284fd12dcfcbf8a1636053b3ce70abc1bd04ed2b3e6ba1e14
SHA512 733a9a1dc4b0f31301eeaa2e0cdc977c0994a6372dc867655f47b4610a4c64ad0633b94955976724123bd16c0352aa3ed27ceed01bf4dc4c59a4e7cd5705cd95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee39b0311c89fd406122e91662dcb65f
SHA1 ca69e37cbaa723b1237c93215ae026e2c223356f
SHA256 fc4559c388886bcc1ab3a1a002cb3f8b8efd243f0a74add019beb8ce3802bc72
SHA512 044f75c874c8d4c30609d619bc68439be51e039546dddecf1e45009a88bb4d71f041613bace71fda99baacfdfb6d45d9895e23b988367f91a3f7c9e1141e94d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 70650ce9a2891d5c8a19cc558daf6677
SHA1 bcbf4c797f64a336c2a2b55a34a5f4502072f96f
SHA256 fe6507d1b18baf5ab58790acf810c7e426c2378d4d79503be35ae24375dc6dee
SHA512 6cb133bdd5b092af9b4d27927df83f6f6a6f892f8827159c1405058e310ec8daee37fc53da780fc446d3b82d92abadf385a012684a1e024ee3eee36167eb981c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dad48bc931ad0ab3998e10b0acbdbf9c
SHA1 adc8f2b21a72f8c7fea74c1979575ab08aff026b
SHA256 4b379a6860573dbc4cf51fc4fc8b55e2b82b3d01f4c7a9e1ee2b696597a9d62a
SHA512 0caa279a9fef866ef26833f7b11c190c22a5b612c08f99b98c4a8b0c4d2a130cc9f2a78c56b8b4538a2d951634dc4b2a30af26c95d562f4cb699834a7aa896af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 65a22df154d8b5db21276b38ebe04a31
SHA1 ea7eb87041558446b53ab6389044cc825e49fb4e
SHA256 01a22a9867070de36ac5ce272831291a672144d10e332a5a88770f9c8c90f006
SHA512 e47b4df83a3755899630c54bd36b74819343d7cba247d178f23d75b3388d8e893676742ab0e46c4321a40a901af37c0969293d702cc46683ba9a02a17165ccec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b44fa2381ba24fc5f590452bc284fb03
SHA1 035313b627344349b819bbb80e597509a45ddffc
SHA256 daa046f657093dd8be00bc3fe39c8647b9ff9eeb3eaaee47da03dd51cd4025e5
SHA512 6e6edae8572bcc6dd10ec760efb9d91216de71e0cc1e39084699a6fce10af6bb6cc93bcbd3f4faec13bdd0c6e74a2a9a4ba2562908846e5286799612f90e6ed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0b078f3484bde813833badfab581b09
SHA1 272875418b136938a23564bbd22dffd551fb26c4
SHA256 1bd14e8193ccb79276aed63e29c465ed4703d794919aeaec309a484fb70f5fe1
SHA512 e5114cc60c7a876f8fe142601316c4b9513833ecd240be96a843a8d3e04c3529e54a470ab75d8fa5224b84a36d104a291676edebfc5993ab49e655884e929ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ada5d78195e0e3e10800fafe63f4861a
SHA1 369ac4007ae3549fe0869ec8720d0dc7b5680ba5
SHA256 5bb37758101239a3b601cab20a02a6829a88ae2c349475995a7083fbee88a783
SHA512 e338a0b66f69846af2b3f3725c6a9f0cab258f69406379bb1e3f55865195e6ef70ee9dd5f6adcdf69df3e818ccd2599f1660924ae8789471889afe3f13763ea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2d3d3adca44878f431e68f659b1fc10d
SHA1 508ffb183648be862b15f41a99d46bf7e79d087d
SHA256 d00012367d32efed6e531058d5ce4f284f42dd1f19ee3cf30b30e560e5c3eea0
SHA512 bd1d5224c628163e8fec7458bd166b7b0b89be02908519662801844888adaeb457d60c8b8aaf210a6d71392f5d41c19b10fb2464384d9006173c86bbb3f92ba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b00c3c3d5997bff8df4e4980195aa0b5
SHA1 be208d8e7d14760e01ca4ba2c41a71a474297c33
SHA256 e850328dbbf1a5261bd1df52507eb9eea0c525379d8e0795e34d050890487a35
SHA512 edeea323466f04ab0be6a321a21b1472fe8579a5384bc0b3998523a2662d1e2996614e821cdd26b879222ecc704290625b34ae49cd3d8695db5f24b08f990086

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3f932ae6cbbfc0b6026921dc358853c
SHA1 a0e137ad411a8204c647d93776e1c07682877508
SHA256 97a3f85ababc039a510b456745e4472dd7ea27d1cebaac819992e9a2e747d0b4
SHA512 292458971287275f23c9fa10533469e2376716c2bfd6c783a4ec35435ca176e7a646c7d071c4a8b898f1e0fe54b0441f5c614dbef649f7f32930249eb53fc43c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75a9d946f7563fc2f96ddb127590757b
SHA1 8cc68435105e91ae8be4556f47db70d1f2e1854e
SHA256 3a92e7ff69e3ad0b78b1fc1b6b42f5d4f851e31b211ae6b5e0ba2274179dbbde
SHA512 a559ff09f835da28b43408044180fd6590b6b6705b4a5626ac3e3344883a9dfd37dbecdd9d1dc8de54204e6e24e67d9b7b0b51c7db3ff40c6f95f70de6420db1

C:\Users\Admin\Downloads\debian-12.6.0-amd64-netinst.iso.crdownload

MD5 6c6ebfcf7d2bb5a6b7762eb4235849f9
SHA1 028c1e5d2f5cbe24da4b9deef4ff15b21b7b4470
SHA256 8dd2840af07a805413d97ec3e7c72a8af8685dbdddceb99ca4a99d04dceb521b
SHA512 ae5a2aba1617b48c3b4f1810bb43bf0738a96f4e9f2c15a4d9fb43a917bc011282ae9f40690858e2cd56990c2ae879350f62e609b8f423c1ea2b2e3a21883660

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b473a0929b7c6f60739501804cb425d
SHA1 918b1cc07b775ef1ea0487de92e89d5df8408fb6
SHA256 b6c7d79298397434bed86699ff48378b9d2f5a433e517c906f23120fdc4278ca
SHA512 63419485b835d1c157d1990ce4db3dacca6cf5cd8afcdfd01add90ed99724eaade2b93c654cbfa324084bc375d6f7bfce46b243938e5e32f91ad5ad6b64513c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2f733b0fff9208799a1e014f1496712
SHA1 35baa4e433b130039bee095ca6673294806efdaa
SHA256 05b4758bbd51e1e55bd0f5c7829296e07aae373996ae174d99803a508882f16f
SHA512 58fb9ae6a3878d62ba10abd964dda9de661d1bd2817f68dc9678e0cabb6153b69ae0493eff273fa60d4b35d9a522489871b0e120fe57ad97025db9ab51e44d5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2f1e141d1c90991871a8df7dd99f1f3
SHA1 140a64f2e54eecf453da2cd5226a6728b3a85686
SHA256 c600d21e7f932d262e2a8d9e842beba56641e951e46fb68bf76d5607c60290a7
SHA512 1fce4231c2d31da9e6732dcfd955d8ecbdcfade268eadfe831a7908c41f256df6b78ee1d9b03c422ec66d762414344ef41eb425fb3fa92e5bbc4ff4142fb5e1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b82bb35f99f293be290437a65a1be6d
SHA1 057cae0508c44223b88b4b5be3d735b2a1e72f49
SHA256 b70a1c1b2d34e638a783a24d328567742174db1e505ca368bb3d8919994457fa
SHA512 c19c736445941ef0ea5e4b0eba9aa67ae44b8331710d7f68178e1d26cded84b7772463b6f416d20d4647c2b3fe7fad3bf8ef7ad38fd0ce269d1e1f9fdb50622d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 912bee4d3f7347714927865136087ce1
SHA1 e1ed5b97fd5d6800a7772f2f239978501e74452b
SHA256 139a429f840dde2cbc3cefdbdfaf4a14ef7098b19657860e61e52f2d22d075cb
SHA512 d41e59d462bae96f201208065c0c25ca2bc979100f24c7c758c0c27c3bbaad42462e250d2353ccaacb917db9a96ee77d0fd2cc67063b3f730aa79761038ae24f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a12ccdfc72562407bd1464a46cca3971
SHA1 8150b6cb1400418a832721e97c6d101aecb47544
SHA256 4455369cb4d83dfea677e90860564d3a675aa1be0f224f4c6ce159b5b7932689
SHA512 9389941a5f16a2e5a0f25a3402eb12b035eae530c34218300ead805eaaf269018d76e8b230492ca316c6f8117c0c2e75c654f56245ea5ddb97e550dae6877fe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8866c63b9d0d4a7fbcdc0e7c7a089305
SHA1 fa5971648ed94502aa62666019a7dcce148df0fc
SHA256 c8f24e9e31b5a4f389dc77fe8561c965466d9562a4ee1e175470f6a7266b8596
SHA512 bc81fb638fa1fe63c4b634dc38290bb925c6f9033e1a8c6958f318695297674be7bcfe095bee524f516cb4a0de0423ac85924ecb4a504fc55ff4095eed196d3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 39a8feee5db6fd5b36defdf7ddf9acec
SHA1 651c4f96a888cb433d4484f43d9378021f775eb0
SHA256 7d1936f2497632381b455337d6b66e14d93b7b11ce5a20188b21ecc37cd74ead
SHA512 73a68c4bf12eaa728240e9bfdbc7796e3e4f8c5ca1d9a1fb09739e23d11853645db86decc907c0e9e350bf032393cf1af70edc62d5ed8d466cb22b98557af6b5

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 ff9615348bafab70a615c61fd851b1ad
SHA1 4a42b22af709709fb9e23911cc2290aae99ccd8a
SHA256 896ac590c141fe0109068f3a3d4059fd0a888c0202574e3c4326f9fcec62c38f
SHA512 a0fc04d882774717cd8aa4967b2ac8b0bd401a960f7d318c3864bf347c424412047fe4c18c8854c03920d376601adbd784a8808ef9e9c6ca6276a466dd3e0be1

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 6f68f3ffb1dadefc96d1de1c1d440acf
SHA1 93abcf8fdcd282debdd613bcf41ced6c773cdf9b
SHA256 28d04b9d08d447ac0be9dd4cb06480e452d106575bde529e4d6c1f033e4cf4fd
SHA512 8c39f9efc73e3df517ceca202a6ef9cf38a35be10aeefff95fd9eb3c912174ba89f3c42e356434c3ac77ab342ac5a4d2af2e5e4c8247c8b413d2b7ae3bbabcc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

MD5 d137f684aea94f3d8f8bb3b14e6927d2
SHA1 8693f88c476670995dbce56d883a089049e20ab0
SHA256 62c551732bcf61d1a12ffeec731d7ca1e01ba8d964103e74b2ed29a55b3081ee
SHA512 760910caa502673abfea29e33eb0622c9b084606f927e395b91cafe6b74bf7eac079ca5e33dfba4bd20dbfd92bed42cefe15c7c8d64d267ab2175807bbde2d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

MD5 58966394d825813da9d16e42aadb5608
SHA1 9ee2c88c7b3728f2a768542d98959cc8be211309
SHA256 e096e7e066e0b91583720464861d39dc8c613546a07e3cb53e8d5e2504d4c9d5
SHA512 2e70c4cda77af9f3897a53b908c2273863f3c992c8115ebb45dfe66b753e28c71ae1f0cf89b0695ee46584c432be621a015d4ec82eab8f2df6890cd06873278d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003

MD5 fab12e902f43bfa36f299ef39bb00f8d
SHA1 90ebc451da3d5c1dad32e5d27f2ed71fbf4d5d9a
SHA256 3403dcb7c222ffe3c1af56463d748783acdb533390cbcbe091b9447f7c2860ee
SHA512 37049585fad525fe62d2e1919fbcbe5de9a96e336dce8ec2753bfc3c755f5c6efc2a9e59cf42a516b0b60e779abf05f173fe5092afc6cd0b3b444ec80dade420

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000004

MD5 bfe9c8f5c6807ab98b3c218677dc5ea9
SHA1 d64debb67baf9da7194ae13f19a408f9d1eb36de
SHA256 40ea44440f66dbc20161f23a1dee03936b0142728fdd5221e796c2857480e778
SHA512 be0eabdd93184ea5af8c635eb2a136b4656721354a0c45e4e5ec5c373517b0d9012d279b218816fb8fecbf9b960521f84e90af7c3f25374b328f4150545222f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000005

MD5 e6f43d7fd116584692685ec700db4245
SHA1 f822fb1d06a5261f1399badb25a9f9493df3c360
SHA256 550ed00f6ac5b8ec8592d1882854f75edc03bc209c239155cd182e20b4cdac3b
SHA512 9c2fa2e4b05443b42a2d4ba02bffe66f9f4ddeabb192ef37e3afc32c49d7cbabc38bd2c195d833b3524ee7ead19a13794f4053ad1d959b9a3118be9858ba1201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000006

MD5 6a7172b3c71d61b024e56a0f5205a12f
SHA1 9ac232fccb579df93ab8292df1ab6fd18bddf751
SHA256 741cfb19950f0f380d1dbe062ba5c0c06402cbd9a9e20d326323a8b051a9fab5
SHA512 0d46efb6fb5476b537bc982bae373cb74d39ea6f6cf7bdd239f1ff558f59cef86840fffb1f3c03d0694aa8fac1585d69d15785fe52c6eb72828d004541c6e66c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000007

MD5 5cdec0426eb6ec54578b03331671102c
SHA1 eb1c2e089ba8d367fbb7af4b84e2791fb5e378d7
SHA256 fa7ebfec6f63fc35f3ab2cb4acf17b51ae9f8436ce59354348abdb2f0b633155
SHA512 b8cbab449444e57aca9e6198b803cf7eb1dea2c10470b9aea77d7b34ff80a45cebb405a9ef1b645eef252e5536c80b60490a9f0fd05739bbc9c581d7ed6c5609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f00c089103b7a7812efa8ac16f65218
SHA1 d7e6a8ce6d755d28907e099854356005b6469785
SHA256 7a5e692d8061aa32c738fbfa58d5b0bcd67132cced9f2bf35eedd4691740aead
SHA512 9f31228d33923f4767e7e02b491d8594391f6d54ea325989770ecdb05f8251b0b0fe80cf05f48cb9a3101d8a9c3b2dc58a73a7e62ac80e44c8310ac8e30f918f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b6efe6e52d4604be5745ac8f6a1b7f0
SHA1 c69e015f415b499c05680ad0f6b2a3a5f6af4a09
SHA256 263a624b6aa35a0367899dd037690660ef669a69d4be678aabf627c85042d0f8
SHA512 71be75ebe5b9ae3ce29ad7e8e14127729f5b5c48849cfe548a93f76a4bcb1f2ae46a03064b15366c1a0070eafc36927b556e566fbc4f885bd62cf490d04ac59e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f65158cbbca50035bab6974ace63e75e
SHA1 db083e59f518d58025bd3a51cc59989aaaf61706
SHA256 aae8540dd08226bf4078c6f3379308ae51d6788b60be2fca36aec0875246a482
SHA512 0b9833ca77288816c56366a92a2307e7bf881d2a67ee60cca1b4465953f63d1bf7b83c4d874c7e187cec94335b5d0ebb24cf37af4fdab3142539fcc26dfb1adf

C:\Windows\INF\c_display.PNF

MD5 bb5c2218b4fb6eca7bc8330d9c7acbd2
SHA1 4c9bc9b82e525c47ae88eaec54ff1b4f96726074
SHA256 fc3e4b310ecdc66b222137cd42e7df51c0db15478e6f46522a050605c228799a
SHA512 f923daf40c3b1b52b3f5690c4db27c40b0e041cc4f80c38312fdae20ac53998d0b9d1c9d5eb7fce853cbb365badf7af771968909b7e50688838a697eba056161

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48b85d49a489a27c178046401c22c75b
SHA1 b2f6af79e5dcec2a11c38ede68e445f80d80e4b1
SHA256 a6913e665224cf3cb6abda0b8d17183d5c324d1cd7a2d749cd1f8054333880fd
SHA512 27549e617276bd806f21eac016b68b449a18f1babf8b5369dc6c27d363238f1f356df98ad2293088d602d86decc9d461d45b1e6b768f9160023b33d7eb03e33a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 3d1cc40218778722228b92f7fad02363
SHA1 20934ca0f1100aaa8b3a2d64a82aae7820a7c42c
SHA256 e63ac430ccdd90c940cd241543e988440aa6a384da1a61763d82ebad0e4cc582
SHA512 6f53b1b93bf9a12b4909fad830343e30f303bc674468a8e62cfc02fc93e6f82ceacb39c149c5096b36554bc9d7b69b2a5a08f059844c66e8b0a0c6f7feee214d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 846465db95d9ce3ae0d67eb49d23aeaa
SHA1 dfcb833c8e1c4933a0e5c92a8cd91e1cf409bebe
SHA256 cd3bc6b80ccf827b7edac6ea083c68bba1f00f05d67b01cff9f6c9b61469246f
SHA512 2c2553e9c74c0a4a11a71c1971ddad1c363eaac3f15f29ed608a1beebf5277693608deeee81179c0f74eddf67e0d71725c0fcff70cc055a6236fae93f26345d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 0a7c15175514002b67e9fabcf61a07aa
SHA1 036f1c380866f807b53211ea0979ce7329f501a8
SHA256 145e70790d0364d6ba9625d2eef600413e16ea2d97a72e59ea71407b2bfa897e
SHA512 acaa1eb95cde478ea451c455ee239d2b6bfafc520f1545eef428eaf1d9e2ce423d80e15a1c70667fbdd08688269a372f44e394b254cae1cbb1272b03320e6a72

C:\Windows\INF\dc1-controller.PNF

MD5 771f97f4222a8e67db3ada0f5c96af7a
SHA1 9f1a32c31eea6fc7d69260501761674e8518d693
SHA256 8b56bb0275ac2e6d407cefd16302040531fcfce4523c6b681918daa83923dd12
SHA512 b22d2327f0c9e4715ad62cad5de72c489530bada6aca7f73a994557a6a1f97e3744d66837cb175b514276b2cc161c764a01c3cb044211922574a62383e2d5ec8

C:\Windows\INF\digitalmediadevice.PNF

MD5 809816b7e03df836bc59d1c76c0106c5
SHA1 b39d1c1db91f352733032d766f5450c6e92858ff
SHA256 91e85175633e3bbe910e1ccea2fae04cde4d75bd536b23cd4e4df449438265b0
SHA512 20a9a109c813ea4d4ef8246814dad50e47ab59cf508c89b502234f0af91f9145ad3c4cd0eb1611d0f0be51745dc0f3daee55d47ce50976f37a98f3cb694313fb

C:\Windows\INF\c_monitor.PNF

MD5 29f6df5957016e418fbd0f2407e3575e
SHA1 0ffdc37e214ad11658b1732a8448eab853713b6b
SHA256 8175f3000d31f9afadbbba3149b647da59b30712668751cd04216bbbbc9897ee
SHA512 e5916dfd44a4456d0f8c7f42b993426c1196059c053a46ac324104edc674944f622b43c7ecb652e1904dd11932d98b87216e7860f5ce193bcd8899162dcbcc8a

C:\Windows\INF\c_fsphysicalquotamgmt.PNF

MD5 b03950c7202906e928bced8484dd2777
SHA1 7a64d8d68b5e0e308e463a4fa618db05096651e8
SHA256 250447e56fff3c2b1675c5eee8ea7c2d4cdf667058d4c53cc8d2163379f860d4
SHA512 f9b8a93afc6210b145c89d49895579a1253faba1ab2cfd2476f6b1f6e674deeefd230a9adbc222510fc12a37a1d9f77c85c1d8a890fa992eeb5c4af0eb297a34

C:\Windows\INF\xusb22.PNF

MD5 85ff96e96acea3a9ad5723ba90aa2cdb
SHA1 bee57b3abe4b3182284755d206e0565f990e2cbc
SHA256 c7f6aabc0b73f90fe527cbe4cb8bd0047988d471731471808b07a87b61eea13e
SHA512 ca3aa49446693678429e1920224170abbecfc52eface28801acb0de4ee0cfde2f4a7e1f7203f86733b866feefe33c3887847ccfec2077ddb60cabec5c5a21f28

C:\Windows\INF\c_fsundelete.PNF

MD5 af0a69821c879e1b2fda39e3ccaa25ff
SHA1 2bd293f7266bb163d04cb892ff29a3c04e26995d
SHA256 21ea34cceb80420ace7794630ac82ffda7930e1baeec9c2da7ba3fb6430f25a7
SHA512 aa8cc09608c625c404dc4956718194f3fbebc7175d89f0d484b3406770fc225dffaa562521fd6d894dfba4545491e1144b73b7b6a6cc676d2dcc99dba96bbe58

C:\Windows\INF\c_fsopenfilebackup.PNF

MD5 49d2854a79baa40c69b5c0d0f2cbcb3c
SHA1 294e79cfdd29e4c864f500f7d14041c391afa671
SHA256 acc479f94a52ae51b6c7a6c919e5e1c6a7dcbaf88ce0e768b0e526f1f87c22cc
SHA512 81c7c1d248d1fd4cbee4fbf7b0f516c1f9249d4ac91231d727c27b2eea24f3b48a2e0c28fb0e496fa976ffb8b1e61a2fd5b54f4883c494ea15dec4378c7d165a

C:\Windows\INF\c_fsvirtualization.PNF

MD5 c1e850d8f2baa3c6943d6042db6dee7a
SHA1 bfccafaeeb44da789b9c2dc1a53d7081b4f735cf
SHA256 7ccb9efd738a97dbab566e83ada5d7253a6222e8cb32436bc002d7fed06810b4
SHA512 01f68721797672668e86d90493ef3274561e9829e4135e391fbd7808f9c2c2f8f27a21781b5ed8e98a0fbcb1cec9f589d38310fd4daff39fb84678a418e1b61f

C:\Windows\INF\c_fscompression.PNF

MD5 bf1c3f17c1d941d5e8311d9406b5b38b
SHA1 b9ebd85d29d1db10d1311c3670599dbf676d000c
SHA256 441c0f8a6e57d6f1b0d16cbc70bc641d08b2cc84dd2597595ede037c0a91f203
SHA512 6ce65aa8e9bcc2c3dba560faad0cdbe4075e4b753586ac29eb3c64649e8f8cbdd58d6fa0ddea2918456a98bc5ed67f7d5f8571e7457b9ecffdadfba728f118b7

C:\Windows\INF\c_firmware.PNF

MD5 911ee08a103051ac9a0c3815424601b1
SHA1 b84efee77f3f3c13dece8cd4eaa709b8b9134174
SHA256 fd1e7f0c335ba0fc0c96153cbdbba854118f7cca3174ca154d5a48ba047252d4
SHA512 ab7d56de857f92953b53b12658b761a365d7418848c37501dff12c0280461be41e55a9dfd0bccb36c260c4f8cd2fc8b8d70b4ec3c2c73d551ba7aebdb1c59831

C:\Windows\INF\c_computeaccelerator.PNF

MD5 973e595cba93661a5edf66401697be71
SHA1 59c48b655fd2314094fd5c09fcf9e46a94821c3a
SHA256 a434961a3fc17e971a029c8c0d8f19777871c83b77b9137ed7daa10ea8a72b32
SHA512 e08707a732832e7713721c7fb4487d7c1f75eb6a340c62c7904ada3afbf72e2597ba2b23b5bc9dd2744cb93816271964322f69081c590a4f4cc48fb519749a45

C:\Windows\INF\c_ucm.PNF

MD5 011094e73efa8989376cc0e27df526ac
SHA1 571e88602c63b465461c7cd333a6ae2f039ab249
SHA256 7b641ad7a1bab6bb06b65dd10756c0468a15e0b57604a5a53341d48f346eede9
SHA512 53ca3489840b880ad9d8d2814d37f7e5dc3c78e96c7c1156265d89747f83b0bd37498b85b46226ad670dd3b63b7f005c6cdef846ed79bdb10345e969fa32ae55

C:\Windows\INF\c_fsinfrastructure.PNF

MD5 723426dd71662af4097be90cb53e8828
SHA1 d1d56878592460116615859d181c14a6e1b90892
SHA256 6125670b13610e5c6bdeafba3abe2259e393ffde70c41326a75ea7d72c61b3aa
SHA512 be6b36ced201d6363fec2f6a4d026c596f35bedad05f10fbc900f93c66278a5373197aab3be92a581e44026e2797775c4c7cff286ebadbcb73d2be7c42cf0fbe

C:\Windows\INF\c_extension.PNF

MD5 b5e13e9d76626631da8f637c78186bc6
SHA1 c69cd8e96bf5d8d2f434783a13355c8b949cb974
SHA256 179adec22ae16e8b7f72f9dd1b6621fd0745f76cf914d9fc12593e73d10bd831
SHA512 4410f50f8d42ca023d68fdc08b03a00a70bf8a87c558fbd6c09886ac9d3410d9a344db0cee182335f5f430b8ee85cdaddbe533f7a8c2627a1b025a7d737be6d9

C:\Windows\INF\c_holographic.PNF

MD5 81be210d7d7cd21e90d95d755cc3395f
SHA1 ea1d40880453c8abf7a7a497df8e709efd91eb49
SHA256 3e1c9e34e096d496dcbad8ca63620eb31ea5970650a260f74293d051873bcb93
SHA512 272eb592eb9f05b36fe234cfefb724185b61cc4645e61a5bb17923831787fff3ae00c1346c75cddbde91f0f3397140e955edca91b4bcdccf7395f4a64848ae16

C:\Windows\INF\c_fshsm.PNF

MD5 402cef30030ba80a9ef3042eba01e5a8
SHA1 a4dd21eae58929685a8d1a2b286308f3669c2ae3
SHA256 17cde021fa96dda6c3857f138504ba90788d9c044a0e5751ac4d6b25c46a148c
SHA512 2970b67775de1c13d5c2de951fb2b1404796b5efbe03888a7ba901321256392d657f3bb3f6474246bce960deb96ed1d57184d738aed933c37e7ae64d1c63c72c

C:\Windows\INF\miradisp.PNF

MD5 a29c26407bbcd347209ef1b6ee0da34f
SHA1 e1f4ce5ff4619a4414aa1e0ed3ac520a83919584
SHA256 519c5d140e5fa8aae6506e14dce399e1e7d44798989227962ef51733cca03227
SHA512 1760e5112b9e4723d51be0f07986649b3b524ec3a994b3035b6239850c449279cbbef40533dab1cc08c1bae3ec5957148ce6f66504d0c9cfd52109ef09cb53d7

C:\Windows\INF\c_fssecurityenhancer.PNF

MD5 98a74de4c3db8586d3962dae5b832b42
SHA1 74c132da4f92c904f4fd3c6e2bfeb61cbe68bb51
SHA256 142ae41ac2a475b819cd8f998b829a7766aefd0e81a191e3a3f1611db1e32f03
SHA512 3df5d1a5afec7743c82d8facbdfe2d3e29efdc2bbd1b0a2b59571c845aba3661fcbbc3ff7138cb418268229e87cdb3faa675aab8395c84ec1c2e8bae110fdd15

C:\Windows\INF\c_fscfsmetadataserver.PNF

MD5 cc316a005167b7a7b9acd1e1d24d5153
SHA1 daa6b910ea852257d8098fd1611760a8b30a3634
SHA256 10dddb5334d5da9bf1088bdd461b9ed42810da1d7afada078c7a1ffa112a5a27
SHA512 459ba0ea0f1153ccf313408c162ead62b502468a9f4d29a6306c30e343bf0a8eba41e7441ee73401e4c06dba44cb18e4f007f7e07bce46692a8d53390241853e

C:\Windows\INF\c_camera.PNF

MD5 55c37531cb8d70055e8fa5e74dabf42a
SHA1 fb46341f146c582e63db0e26d2a5da006d6f3424
SHA256 70df4413fa77f63e7783e51b9c90a9f7293ebeaa236be194f788800650f2206b
SHA512 814bca88ab2a8ce33feb288bd8110e7e0698373c7f3c171d9960167f4bed209005d36cf46e7f0c3860a22f86b1fbececb3c83492d34d4b38db418ce429fa14ae

C:\Windows\INF\c_receiptprinter.PNF

MD5 77e013b2731d2431231383ad3b1fd5ea
SHA1 162064c8a17ae83dc366f65f21aa32ca1de2a26d
SHA256 74c1bcc8cb61dc04dc61c99e1332d5de3b4bc4df201729569d6b83caf9d0c263
SHA512 49c46b6bceb0b20f4ac594d541199fc9ad333eb776c6a4799ab5fbadeda29979d6aa890359b92556d4fbe4ad7ec3fd53f1f4b6da06b40f071950186e675dbcd4

C:\Windows\INF\wsdprint.PNF

MD5 1671a9ea5066b2b30ad0b59fbcd67992
SHA1 eb44dfe3216ded035bdc4b891a06763e2a0584ca
SHA256 2e4a7afab81f605c4b994bb71ddab299e7f1f7ce96140fb930110c3aa5d1167d
SHA512 610c718048e2243f6a46bb02f9921fdf0bff26306cd58114002ca7269b68db27ed37e5c7be45e62dd328dae24f634496d78a08263d708f27868536a98a4d4b38

C:\Windows\INF\c_barcodescanner.PNF

MD5 4705549566d5f15cccae4d54209a4eed
SHA1 ad3986036ebf800fe196e0ee2a8ec609b57d1f34
SHA256 0c8dda91d03dbc25376b19a14de363158bf6790b0f99638dabba9e5ba26f808c
SHA512 49ecc489bb6ffa4f370011af3f21e6b553bd9b282820165c22148d22631e941827773b0e6b1f8c568334b6b10c40cf204b85d120721f87611ea1a650edc1ebca

C:\Windows\INF\c_fsactivitymonitor.PNF

MD5 a3a9b712f940de4e926d0e4ccf405dfb
SHA1 414f8852997cd8b4e6aef89116575f2144aa2908
SHA256 14b47248b7ecfe5ab120d45dbf04b3c04db263b9cbcef687b61928f952db3442
SHA512 d1d1561b1080752f3088f0dcc7f87038eb7e1ed8c4f9a8dd4993706b696c7df10b0fe540a48ebe65bec6643687464adf683ecfea6ba14805a44712a131d7b506

C:\Windows\INF\rdcameradriver.PNF

MD5 e7765e0da327d6d21ff63aded8e09809
SHA1 7bb3a9bae244f7630075332fd230ed15dad184c4
SHA256 4a8063f0e82e46295e7d955e29902f97cf8806892bc6387cfcde2402b3067ca6
SHA512 a9b0348dee15b196a46519962c8fa3b15aca80a3381395dcbbc19199023daa9376486a3598ff1a0b9e7325e12d9af13102b195d39a785880e945cb5e65a9ab7e

C:\Windows\INF\c_fsantivirus.PNF

MD5 b93d641489836820549a799c8e0adeb4
SHA1 cb8c8a23ec4af9db35ee5a8b7ba05dc45a88c407
SHA256 d26f373639b2492bb19b1fe49cb4a15468fa82d33a5edee783085ea930ea548f
SHA512 50971c7eeb11d71c709d973d02095195d402a9ab841d209b7768915799b0efea44149c2295271d370e8ece6bb7e61f2a710743f235d3dac2c01b504bea8b22d3

C:\Windows\INF\c_fsencryption.PNF

MD5 b6d4bc452fd6a18e6c8740e3af413ba2
SHA1 d2942c6360207ccdd3fd9321ed4a00a2c108c16a
SHA256 f4fa61365921ec8e825062c0d43230aed1cf1e6b0d1c7b4037b300658ae967a9
SHA512 be7298742dff91648e8df9cf9fe5b6a91af570f2c7dbac8711cf612b1c30b2941ffbe06e8d9f75e6da08daa956afd26e3c99003a1495deea54a711ec19b06d12

C:\Windows\INF\rawsilo.PNF

MD5 7dda8349d792874973914b6402fb6d3c
SHA1 c28ecf26eb4b21dbeb6ffcad8535c0804c41b0e4
SHA256 9676f340750cac105df46f894750ef8b1fb634217811da49858c5c82846f7e28
SHA512 57e7548ebb734ec8a6b2935059052971965caff9972eb57cf543f08ed0ee4d69de14806445b3ce0dc45f884f5b7ae7decc2d49fde5d8ee8076ffcf429ae3c1e2

C:\Windows\INF\ts_generic.PNF

MD5 7ec7892ac4a62ad2548387f11f5a8917
SHA1 75b606edea0cb4964ddc2d28b7706d437ef8abb3
SHA256 8854966db0db843129614acff3ff81c06cecaca079833b83a7f4f5a0e7592db0
SHA512 cb2478853de7b2784b62043e37f8515ac1c0777ee2c336ed1c81e6f8d444c8b16a9e6b3ccdec80117c46b3971a0848a860bd7492970f2bac4799443b8fc211e4

C:\Windows\INF\c_netdriver.PNF

MD5 5c27ad0bcfdb97c82023615170e6fdbf
SHA1 bde09afbe5ec6218a0463789a88b54e35964dc62
SHA256 7ae12586e00113234cdb39741ada6312dc5abc5e8fdbdaab73464dab4f296d7c
SHA512 2689730c5c0e2bdb8b5fb4e5fcf50c53c7f0dbcfb681fd7e8969a2c9578bdafb7514cff2aa9a952e658a2a386a53870e0619ec03f39aa483c3c968a1104b6ec4

C:\Windows\INF\c_fsquotamgmt.PNF

MD5 3f89a0dd90abf143239cb4e87f197a25
SHA1 2f76223b8c2b82cf591b85ba2da86fd0136ee25f
SHA256 fb2ee1308ec24b3df1288469d1d348c5282c45fee47ac1c22a49b3bfab9df924
SHA512 db214e2b8a896e9dd67006e4bfba24ef005105beddf0939ff263fd78411940810fea264aa24ef2c5fd6f00c09eff98fb4fdcbbb8f9675faa0363094b87c53bce

C:\Windows\INF\c_cashdrawer.PNF

MD5 8210253c127ede2cfca6d6af865840e2
SHA1 0191aa53ab958cb798d19d7263120c618e530842
SHA256 33f9b32cf7af8b738c17ac973fd14c531e16cef06fb432d2bd99f7dcc44b3e05
SHA512 520341c2e2e00f5437f570ea2ea390536372cb7a0a8b97d93d0686ab625fef04fb60a5fda90f1ce841622ae270eac0ea01011251cb94baa6970d51d2439b69ed

C:\Windows\INF\c_fscontinuousbackup.PNF

MD5 84f9a2f0aac1bcdedac267dabaec69c6
SHA1 5089876525aeaa99b198edc4f4d54eaf1d6ca108
SHA256 adee1e8a3d9f06faa8336a7e5a4718e23cc2b3afcb88d2d8e0cdbd4f41a7418f
SHA512 2cd605402ea80534fbeb4ac17ff943a3f9b263c5a5fac80f4d0fca4aa579ab8f541eb3f2db5f811293db0233cae990385b7deda4d7cd45076c880a03f7b8fdb7

C:\Windows\INF\c_volume.PNF

MD5 556ce96ae35a7473106caedd5bcc406f
SHA1 97204f7efc016a0146a5947829154e4087bd5f6c
SHA256 727a44c3c690ca8e5a2f75a4fa5be134313e6f860416ff4a05e97c2420cd6187
SHA512 cf9ba4a767ce9e7f7584b6f36f4365769b5a633d45d8726250de43e0e85272d79a4844338efdaf6530235aebadf63029777050690ea3028bcb53b417b5af8072

C:\Windows\INF\PerceptionSimulationSixDof.PNF

MD5 c55acb42b7798d1cd4f866a4aa551a28
SHA1 8cfa3fecc102a4c0d6df5d97920a8e3d3822905e
SHA256 ff6b9b87675aaf2f05d50cc6143f170832213c37a4cac8805eccb78f6ace1c5d
SHA512 3af4e35e580e523a960ba69fd8cdb7c55607b237864cc7b0e8929e5f7776f4c7ecde0ec1f0c3de7281157dc4e49e044ff6979d31201a12f84f220a23bb18b716

C:\Windows\INF\c_fssystem.PNF

MD5 7cf549713514f246a1763b98e7ee2b3e
SHA1 92c2b23c7761f029ab2651dcde0e5486b542d6a0
SHA256 e93eb833bc91e4b9df971273c012e13f2fc61cda160f13b9e1fb639926f478de
SHA512 997d388d3ea8deae432b96c7b8e54caae3072710cda216df6386bc73b4bfc1f32aede991bd5a4269ccb1ec790a4b1b10bad063998b30c9dd4d14e460f44ddcf7

C:\Windows\INF\c_swcomponent.PNF

MD5 b097dc99f5d4e4924505d26aad418060
SHA1 56c03dcfd0de0e0248c9087d278736e1c047ee98
SHA256 f46763a9b7072706927e582e3cbae297627738a5031d03b60dfa860888aa6712
SHA512 436d54a5912128459972bcb5cefae0fa9e878f8c0b142df76a4fa7060f2f08f5bc4fcffdee437c355f52450c1354c7128be72d1e32a7bb012aec02b7394cdcfb

C:\Windows\INF\oposdrv.PNF

MD5 7768b9b4e49eafd3c7d29b2a9becd26e
SHA1 3722573da580d9c27d16b6d04b8b46b30efbaedb
SHA256 24cd85b5852511cf80f1bb1631a94d59faf1849dd66b67aa90b44e42c9a416c8
SHA512 fbeaf605529c1294811e3b03524f63c8564bef7b8cedf00d649e84de451128ab06115f79610419842420df62902c4441713564eb12fb65014eefb98e60210311

C:\Windows\INF\c_apo.PNF

MD5 035218fa18fdb085bee4bfd5352c162c
SHA1 0f93b85ca2561e42ea571aac11536be7e05bac2c
SHA256 29d052de69fdb9cb212b7165a778926e6aa35657dceff9645112d6dd53453617
SHA512 3cf3d6b20651dc96fa8031796a913d8d867668101869b4e0803ba614a780bed355689036151db862afbe617eab6684782877b1617fa4c077afd2df3b7e245df7

C:\Windows\INF\c_proximity.PNF

MD5 c5873ff8d892a41c6690fe41197e6b43
SHA1 c0b372d928c90291624e10b8eef739cb63b74445
SHA256 4eb14714b8b70a1ad55ed1eb7e59370fc27203d40df5dc27cebdd46e0f5fc6b2
SHA512 d4af7cac6d35272721447ee89cb2fbba912da855246fbc00fdb6a88936df10a63c734bff4ee4a779be84b2b44fa32d2c944f5843de315a866f973f784ad40bfa

C:\Windows\INF\c_scmvolume.PNF

MD5 946e35ab7a9d8cf86d5c6cb83dd8636a
SHA1 3455614b00b7de00a3c3d5c2bdb87cbc8c5ebb04
SHA256 4f57bfc496d88106f21875c2304e3a8854cfd02fb93ae106828fc420c5303580
SHA512 c727e7014545520c8a8d4d08662d6cdde8e88fec7dbf5c3a282331f9654c96a5ff67c2cd37eb0a73f6702c077206d02355470a7b8fe157bf192083ec3a7b1a58

C:\Windows\INF\c_smrvolume.PNF

MD5 42faf9433a10d0dd7c12d104a28bcf84
SHA1 65652cde1f6921ef459e64f9cc2b5652b9037ed8
SHA256 2f215928a4aecb224b4e0ab5894e20b306a7124654be74076408c796f8e13fa4
SHA512 aec00fb75aa1dd4afd3423d8ae1178b7a7c33c930c39cf8de828a4d1fbc9d1e3c25c8dcdc50d8001867b58de364de2c94f53affea4682bfae471ce3fa2f1be11

C:\Windows\INF\c_fscopyprotection.PNF

MD5 394748e30ed2293ab8848f7590f13d27
SHA1 377bf53bc971ed3dcb7565788463ba3f13ee87f7
SHA256 c7b8af67c4834563713eea646af508d357e4bef96269cb144b268f6161fb5533
SHA512 5d3085a0d5c5e1a3a8e9b6d7801bfe2d506d481218a44fb8e73bc800e89552ed4dc028f7a81b68a4318900976a8a4907766224d0ed80847cba29c3c8159dc32b

C:\Windows\INF\c_smrdisk.PNF

MD5 158e51bc766488af1c34b13fd9dad8ff
SHA1 585bf24690b485b288696e915cfb917422502f8f
SHA256 7c1dd73ade222f33ce88645459e3a0296ecbc048b84425c8d68d360537a329bd
SHA512 8cedf3dce0aa3cc0c4391f8e65d47b5416cb9049137bc396ac0bc15b4e1e6a69d9b0a65972582bcb3374ea234d8660873b69b969b44650e2c9f3e95ba6611eea

C:\Windows\INF\c_processor.PNF

MD5 931d5b9c73165ea68841f4e5f15cf6d6
SHA1 655e941a30174f169f1bd58dc8eb40a2f74fe024
SHA256 65263e150d08ebc6b38423a007aabba76b4c8d476941b78633b1f256b16c7b0d
SHA512 37947ec53418f7e3383a1c395e734b2305910783b01b97fe126cf149ec0fbbdbc4ae63cd56a5cd8edf14e38cb2dfdcd8dc63cb896fe8965e72b442787742ab85

C:\Windows\INF\c_linedisplay.PNF

MD5 e1c7f2f39f5d72f8a9bf176c988e7acd
SHA1 adbb86fbf82f4d0676e11949ee65e25df2a63131
SHA256 ccf334064e49d49a444c6534f182a1ea08087dfc42d6c3241cfe3bfaca5109a0
SHA512 ac13d949ffac013f6cbb5dffb7716c4260cc8c1532750fe87d162d5f137f40fd4bf41372ca0985f3bcc211404119d5643535ee388891e8ef5653e8b8523de462

C:\Windows\INF\c_media.PNF

MD5 d6f787534eea52824abfef940379b071
SHA1 b200fb5e314de41c743ac84fc973584dee668946
SHA256 feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8
SHA512 7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca

C:\Windows\INF\c_fsreplication.PNF

MD5 157aa90a35bd8b7b0d87d95761238050
SHA1 38d47e599f548833e6b57a8e1b6e561d16ff76bf
SHA256 60bcdb442f488ea28e6e46549ebcb0f0bb8ed8993dcbae52796985dd71e0226f
SHA512 f63dfbb728180ffd170adbb4fcebd90e6c74bce2c97883f0f96b9c8bae6ad93c232fffdaee63c5fc283f65a8746631887e3fa83880bf085bdd2f8069e63a666f

C:\Windows\INF\c_mcx.PNF

MD5 1b909c8deb042ba17243934d48b3ee41
SHA1 928e854f9097ac311fc5ce458fd6909d812f7d96
SHA256 20781e9cd4f11ab6dcc3cfd6df92e0c70f55ff043165f1681bea6e48e45eda03
SHA512 088c1db3e9b55fbb46cdfa4ff18040deb5c1a1347b7f6366b8bbcbf6a1d42ec74aa9e167fb021210ddd613a55c8fc223d99ce2f39974dab1eb301d4f3d1ede9f

C:\Windows\INF\c_fscontentscreener.PNF

MD5 ae30cd132bafbddc34e2c241fa89cf78
SHA1 e4a77358961d2f98cde0b1f3ed08e34c41763a1b
SHA256 1a3f5c7dd11a67e640948cf3f5eb6ca1baaa94bbb458b29f06bf99ccd96aacac
SHA512 9fa0fffb70b02577335f9c1428dce46811ebb2feb3fca9291cb3746595a4690d9e1a70ffbd943d54726425f2d30e5337c5f88ced773c1366491eb9e61567ad04

C:\Windows\INF\c_fssystemrecovery.PNF

MD5 1c20b551c8177c64891f1c20f38141ca
SHA1 5698b6c521d66a0c19ef1400bd05797f2d0dbdeb
SHA256 9e7a415f05f5ef98ed2afc3cb9b3af80970bdb80b00abaed19c89c6d4a2f3df9
SHA512 401c6e105ca2571202a1f2c4e7cd6e9b0e86db8122d45fde55ef3f84ef515938f516854fe5f665fd4934b4e39a61fd7700d65da6d95f3f1f54d0dade235ec3f5

C:\Windows\INF\c_magneticstripereader.PNF

MD5 b19015e21e1bc2886b0b674d2f450bd1
SHA1 540de50a0d3b98b6abbc084178ba05e4704321be
SHA256 a1bc54e853d96acf8279a0a7f98de870e6d217d281b1119aad865816659b1eff
SHA512 cfe69151364ff1227b2eae37420ae70f34760150ca78b2e5dad9a83cd0538f6e1ce2798b4f31ee6fd9b9e17e020d738c7ec3805796e8d40bad1cbaa3914350b6

C:\Windows\INF\c_sslaccel.PNF

MD5 a5b60198ed9c83074babfa86f60c1e4b
SHA1 2f3e922d885fec14b965d9138ec90a1571125e8a
SHA256 024d245e7af8409c38f53bd91cf4ede6c11dad6a192a27351ce027db7fdcbb03
SHA512 47571c1995d026e90114bea355d67842e8e77ab003e906f7f5b247c1fe50743609165b944368f7b92759082c78f5b0ef020023c45bb712ede8e408979a7bbd00

C:\Windows\INF\remoteposdrv.PNF

MD5 fb460e244cd9cac078994034581fdc7d
SHA1 9d307b16699befabd5e8f439247d5a33cfbadd0a
SHA256 52dd7ece992c377a357655a3f405280f13133fb6b82bc4deff63fee36b96d552
SHA512 a8a6ded6f621cc2c8dbb87008fec27590be5c71c902927474ec3152925b4612d4f490636cf9f1c064510d3debe9e331254d47941e53a305845fca6ee358f0263

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4a216518268b902a5a03d359a1f702f
SHA1 5ce9de8201ff726cb3f78286029f26ed379de099
SHA256 43b8461389aa5fd021c84be186d3e99cbe3ad6d33dfbf670c0a507934af41570
SHA512 14bbf0ac000d18bcf2facec3c455e13cf1775dd72c1b256cd26df560ef58de5df1059b73901a2c51de7a09cb0dac16958ce7a9c3cef9d528d1c7ace477a46213

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3eb5bc32-99e1-42ac-a51e-44ba93e2511a.tmp

MD5 4101d2c75687e3e8514e4cc9534c66ec
SHA1 920351771355d095e9cd915718e7d97d0412994e
SHA256 f9bde821ea88e8b278fad1fdd9ad2696146329fbb3b8f2285e872a4bf4697a3f
SHA512 51f1f948dc8e9f8f632a940cb7894c544b47c7468b2d875329b4aa9d9c40b0fb1d8fa204c1116e16626f724f58743fdbe6a2e917ed32079f6cf92ede0d59bd7c

C:\Windows\System32\wbem\Performance\WmiApRpl.h

MD5 b133a676d139032a27de3d9619e70091
SHA1 1248aa89938a13640252a79113930ede2f26f1fa
SHA256 ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15
SHA512 c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5

C:\Windows\System32\wbem\Performance\WmiApRpl.ini

MD5 ffdeea82ba4a5a65585103dd2a922dfe
SHA1 094c3794503245cc7dfa9e222d3504f449a5400b
SHA256 c20b11dff802aa472265f4e9f330244ec4aca81b0009f6efcb2cf8a36086f390
SHA512 7570527fdae4818f0fc780f9f141ab6a2d313cc6b3fdb1f7d7ff05d994ad77d3f8d168b1d77c2555d25dc487d24c18f2cc0eab505d1dd758d709f2576aac1a8a

C:\Windows\System32\perfc011.dat

MD5 eef14d868d4e0c2354c345abc4902445
SHA1 173c39e29dbe6dfd5044f5f788fa4e7618d68d4d
SHA256 9f32176066529c5699d45728fcad1bccce41d19dded4649b49cb24f7eef9ce7f
SHA512 c926f13a0fc900dd7d740e2d7d33cdd1902ece0bfb44b6e1f5fed6ffd348c3e7d71089fb9792e38799e8df6573bc09e67bbe132cf9c2ae0a7199534dc5d959ee

C:\Windows\System32\perfc007.dat

MD5 1bd26a75846ce780d72b93caffac89f6
SHA1 ff89b7c5e8c46c6c2e52383849bbf008bd91d66e
SHA256 55b47d0f965800c179a78314b6489d02788a44fa2ce00f68b2d860440216927a
SHA512 4f5e14637e9e89700f1ee2d0e575d26d4f3d164d859487f1471bf4410dec6d0d7dbf552c6f791c12388be035c6b974610cda8882c6394438e2220b79e4d74e9e

C:\Windows\System32\perfh007.dat

MD5 82d7f8765db25b313ecf436572dbe840
SHA1 da9ed48d5386a1133f878b3e00988cbf4cdebab8
SHA256 3053aa67e9cb37cd6f9645ef3bec8d43b1863afd852d3860ea73fcd83c7010c3
SHA512 59766b408b548dc020b54c79a426b361112c33c7263c16ca2e69485dadca05fb4c63b6433063e77c6a9e28a43ec6d3c8206ea702a33b79151fa6309d83b316a8

C:\Windows\System32\perfh009.dat

MD5 407f4fed9a4510646f33a2869a184de8
SHA1 e2e622f36b28057bbfbaee754ab6abac2de04778
SHA256 64a9d789cc9e0155153067c4354e1fc8baf3aa319fa870a2047482450811f615
SHA512 1d420ea7ac787df81bbc1534e8fac89227f54fffff70c08c6d2da385762e6c5766448ab4a47aae1c5cbc671776522b6fb6d9c27870b505ae101462bce912867e

C:\Windows\System32\perfh00A.dat

MD5 4e62108a0d4a00aa39624f4f941d2595
SHA1 7fbff1d3ac293c715a303ac37da0ceb12591028b
SHA256 3df3adaa8bd1ec4dd99bf304c7a1b0d513097fbeb8648efad4b127c5522c3263
SHA512 c79a483e4012d8c97f4a2188fdc27ea04bae24993b12487551872f1413a1a0884197dc71d13ba1dfd32c9b2c93089761f6f3ec37f0bb19e209dbf19283462126

C:\Windows\System32\perfc00A.dat

MD5 6d4b430c2abf0ec4ca1909e6e2f097db
SHA1 97c330923a6380fe8ea8e440ce2c568594d3fff7
SHA256 44f8db37f14c399ea27550fa89787add9bfd916ffb0056c37f5908b2bac7723e
SHA512 cf28046fb6ab040d0527d7c89870983c02a110e9fe0ecf276395f080a3bd5745b920a79b3ce3bb820d7a5a878c0d13c37f67f4b5097245c5b93ca1111c1e830b

C:\Windows\System32\perfh00C.dat

MD5 b87c7ea0e738fc61eb32a94fbd6c6775
SHA1 0e730aa70900f623205b93cb1d6e11be4c0d51b5
SHA256 6cd8b09f644b22c39e02af26b57580baa0fbed01b682d158b29c676d17dac5c0
SHA512 4bad64af992b17a5700cf25ccfa299b2db5be846b8bc28233fa6987964994a34694eb53329ede8d04092298e4b16f06563e459692c210111e0420ee34468f23d

C:\Windows\System32\perfc00C.dat

MD5 6adbb878124fcd6561655718f12bff5f
SHA1 1711619dda04178fb47eea6658da6ad52f6cf660
SHA256 0b16ac631d596f85f0062dbe5da238c0745bd4c033207cba2508465c7c7983cf
SHA512 88ec8b3c4670970900ef8fdaf0865e24a5bbc9c0ca375eb6ce12e8d8a3ec08c8a45dfc8ae3c7f4ff1974d5e4b53e0905c5dffadb852e730eb8097a22cd750006

C:\Windows\System32\perfh010.dat

MD5 2b41db88b556a31593911ade702a8306
SHA1 9820c8ffef6b27fad15badab22408eaf52d58300
SHA256 61a5192c872e646050ee10eaef95bbc313fb7ae639b43c1ed3d2040f50cc1186
SHA512 0b0c6b8cae683aa645ea2e0285209ac6d82624bfdacdb4e0b92d8118c30fa2fa6def665150b548e4adbee399074f73a961217e6065b05e65919c198efeb424f6

C:\Windows\System32\perfc010.dat

MD5 c0a264734479700068f6e00ef4fd4aa7
SHA1 4e1a8c6a53ea9b54eb76f12d99b1327137a47ebd
SHA256 71c5a18d082651484ae96e93f127bac9ac217513976b7e98eeb2b879d643b735
SHA512 85ff44333fc4d47b02cdbc8c665c0bace22a19961e40419227976333ec1384ef8779232d241a9e3b54d988117b84c436f695f0be80dd109ede60fed919ee5fca

C:\Windows\System32\perfh011.dat

MD5 7f2b576ab40800aa5f1e3c163176c1c7
SHA1 7c24fd2342498e1095f58d264078988323834e20
SHA256 f98dfd85751e15486b725d4f36f7ef3fa0d72b76dd48401ce93e68b19e486e60
SHA512 6780454b0ca385ae18baae45ca37103aa69352ce5dcf1f16debe6a49923a4137e4e1471439853ca8a965c12a9a5498b5f634119a1d9daaf5301e43663da7db94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 531416841a11c62d06e71e8732de0699
SHA1 da0ee45e9fee9b3199eaaae341fb984aaf0e0dd3
SHA256 ba242a976ea78e0c322e596c48cec04272d65f1d95434d7f1ad407ad9c760b99
SHA512 5fd5ea838d20b2ba98e9ee0ee7ebd6393fffe91848118260804e30cd3bd1324b7507a22aa01ddfa47914e4995663bb1daee947a9243e9428551af296c8fefb47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a13467318e6b6a56b7aae1d79bcae051
SHA1 77aee22106972b6a1637dcf3bc60ee8ef8891398
SHA256 4b1b54bc4b13d740707739af6e0ca992cc771b387e73569a5deff7c5604552db
SHA512 79f5864ec6a876ae407420ea892edbcc78981151ce7ee3ea2b248d01d5199f14fa0dc06792488f2df2bed02e676b5f8046f3993cd16c92dd1ecf6dcb8f707c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d56076e8c84b0fe091987d473e40d22
SHA1 3726a0f4b24a4f0bd9ffee3ebfe35648a5dc7581
SHA256 7b4c3a12b2795aad26789396325e6261d05ff6ea864f3ce7757d399b3c6f6fa9
SHA512 b44fb77b104f454e0714a007b4944e91d052504bb4f005f20a006a1397836935d0099c3ffbdc2c2715bc776272efecc79270988ada171a3ac13fa9e31565836b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 861ccd430b55f88b30bc956e27a9c516
SHA1 81d95ab1b8b31b6cecd57c17b83a16187adbae56
SHA256 d8afe1bea6ce130d136d89584f4087e6c8d2f03286a57e5cd3f81f9e228cf8ad
SHA512 b92422565724dbc7ecdf30e83e6927a0399af28170443379f0ac970b50cd835748ac4d0ff602d35366f10112b841fabe7e3af16a444b2cd70d656a8d93b29922

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8468179f3ae3e979d00c908292a730e4
SHA1 1a97b7c975b4745f220a0d9ce854dd0a12e93b16
SHA256 6af5833aff07689602bbf81bed94bb8a032ec6cf93164540d036597c71608e85
SHA512 d0da8fdcae381d476a41011c8310a122cc63195c2ec215a92316cd2548b84fdc5566e0ae1533758120d6b01d66039402d061309a9e245731c1598107a693b484

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c48b5d5abcf8215b44d9ba3997f69aae
SHA1 0702dbf98b41c55fd74e0e8e5a2e34d68689c396
SHA256 f099ff7d59e3e3ad4c24a527a65cc6760e5ae7e30fea2c86b409aee39e241d97
SHA512 cb44a1c49947b0dd2553b8115a3c5be713ade4400fac540a399aec84c05a787de75f272d7501d87d5e6d6d1c10983f8e150f5c993ca53cc7094107e265150c14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2718230cbcb6d54f80af49255acd9b89
SHA1 c46c949df42ab08773924f6a745560c1677cc5e4
SHA256 587a72e9d225170e9bd433b31e8e9d8ca6a7824c2602d929d79c8a8bea8f9b44
SHA512 ddc48ea793ab56f775e67aee4f80e27101417bf964b5b1b416ab2a546ab2d056015e1cf51786910ad443ff28bd17ff8a031c8ece3618555878aa71b7b15e12a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2587a0c6c2d860e86edb04df4239d670
SHA1 16e9d5c540467b1ad098f76c6c9b906e0c2c698c
SHA256 a6b628423aa879b654897ac4fc790037e2d5f0c4f2dba1c8ee5aacd989750782
SHA512 0febdac073323020764faa7fd5220a8ba1f4ab05fc366af44868fc51112774cf56f93e553b5cfdacf936f650a7d8e4c5c1f226d4a05963830b7c1f45244704cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6997798abcc387b7300dc6ed3c9a0587
SHA1 445697c79faef97ccb6adabc1e69af27f3b2114f
SHA256 f8ea060ee9de02f63fe3ba357d2b7cee6db4f742f5df5f08c37f8b7efe409fda
SHA512 8d3b6c811d94be8e740b1687882b39736fb9f417ce7011f6e63214425d935781175d7025e0f0d32cfe2bc24682d7ef70542ba4ce818faf62e219108dfe139be1

memory/5584-1264-0x000001D5F6450000-0x000001D5F6470000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7130c1e55abbc6944b6731f72ea1812a
SHA1 8659577c20e36632185f3910b2e1a87508a72fbd
SHA256 c4ea45e618cb6cfb54ec89049e2512e9bc923c3ea201846aaa8d6cf5b10c4403
SHA512 cb50a5ea70dad72ef5e1c9e04e38713be1fdce1e4058d149e654b7fdfca3cd5987ddfd6ca2507bfa0a54a6770188e7a362a76cec2b5fc4c27a851bf120dde7d7

memory/5584-1383-0x000001D5F8DA0000-0x000001D5F8DC0000-memory.dmp

memory/5584-1388-0x000001D5F94A0000-0x000001D5F95A0000-memory.dmp

memory/5584-1486-0x000001D5F9FF0000-0x000001D5FA0F0000-memory.dmp

memory/5584-1433-0x000001D5F9740000-0x000001D5F9840000-memory.dmp

memory/5584-1416-0x000001D5F9000000-0x000001D5F9100000-memory.dmp

memory/5584-1400-0x000001D5F95A0000-0x000001D5F96A0000-memory.dmp

memory/5584-1389-0x000001D5F94A0000-0x000001D5F95A0000-memory.dmp

memory/5584-1589-0x000001D5FA5F0000-0x000001D5FA6F0000-memory.dmp

memory/5584-1580-0x000001D5FA5F0000-0x000001D5FA6F0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7F5218FH\account.live[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/5584-1765-0x000001D5FC750000-0x000001D5FC850000-memory.dmp

memory/5584-1819-0x000001D5FAEF0000-0x000001D5FAF10000-memory.dmp

memory/5584-2182-0x000001D5F95A0000-0x000001D5F96A0000-memory.dmp

memory/5584-2184-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp

memory/5584-2183-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp

memory/5584-2264-0x000001D5F6D90000-0x000001D5F6E90000-memory.dmp

memory/5584-2397-0x000001D5FD960000-0x000001D5FD980000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7d6c6937bcb95f7505f256dc5a8523e
SHA1 3233f820df53d6dd0034ee581a2d38e0757a3422
SHA256 161e7ac1aa16cb10a1a20e0d464139b38479cb47ba06208f7ec093e03522dec7
SHA512 22084b540d04d36fa11fbf7ea136889075354de1180cd9341a4a55b0fbf1a8a36a0376d8db2a32c8191d1eb29422c366aa6ce2a1a167619cf13f285ef9529e4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0fef64252715dbc8e6e9fe82f4edb62
SHA1 ec33c2ffae6812e2f70abc44750a24b5af895158
SHA256 15ee880f2f49294b80fcec1a9ba5dc925a4588e7a8dafa6300b53d1fbc5a832e
SHA512 3ecc6db319c450401c81f9c8fba6bd629240b656b66a5580569302f268e77d35d3df725201eede2d8446ef935cffebdce441e61fc6cae2940fafa1d6c5e665e7