Analysis Overview
SHA256
1d62cdf72a651270712fccd43f749f8bbd97bcb1578652c301d6f4f3ffb16021
Threat Level: Shows suspicious behavior
The file Sodastream_logo_2022.svg-removebg-preview.png was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 15:08
Reported
2024-10-27 15:26
Platform
win11-20241007-en
Max time kernel
1070s
Max time network
1079s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745155851415389" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "3" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt2.microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\fpt.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\account.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "40" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\N = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomain = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt2.microsoft.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\account.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\signup.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\control.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.com | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\fpt.live.com\ = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\wwahost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\CredentialUIBroker.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Sodastream_logo_2022.svg-removebg-preview.png
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Windows\system32\CredentialEnrollmentManager.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9f5303cb8,0x7ff9f5303cc8,0x7ff9f5303cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f36ccc40,0x7ff9f36ccc4c,0x7ff9f36ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1764 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4228,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4324,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3344,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3204,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,16785508636775544209,11493456567284492242,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11139641516628200131,11407646934365459864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3994855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 195.195.62.23.in-addr.arpa | udp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 88.221.134.2:443 | tcp | |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 150.171.74.254:443 | bx-ring.msedge.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| IE | 40.126.31.66:443 | myaccount.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| IE | 40.126.31.66:443 | myaccount.microsoft.com | tcp |
| IE | 40.126.31.66:443 | myaccount.microsoft.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| IE | 40.126.31.66:443 | myaccount.microsoft.com | tcp |
| IE | 40.126.31.66:443 | myaccount.microsoft.com | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 104.208.16.95:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 20.42.73.24:443 | browser.events.data.microsoft.com | tcp |
| FR | 51.11.192.50:443 | eu-mobile.events.data.microsoft.com | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 20.42.73.24:443 | browser.events.data.microsoft.com | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| IE | 40.126.31.67:443 | login.microsoft.com | tcp |
| US | 104.208.16.95:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 20.42.73.24:443 | browser.events.data.microsoft.com | tcp |
| FR | 51.11.192.50:443 | eu-mobile.events.data.microsoft.com | tcp |
| IE | 40.126.31.67:443 | login.microsoft.com | tcp |
| IE | 40.126.31.67:443 | login.microsoft.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 20.42.73.24:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| IE | 40.126.31.71:443 | login.microsoft.com | tcp |
| IE | 40.126.31.71:443 | login.microsoft.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| NL | 52.178.17.235:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| GB | 51.140.242.104:443 | x.urs.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 88.221.134.2:443 | tcp | |
| US | 13.107.246.64:443 | fp-afd.azureedge.net | tcp |
| US | 13.107.138.254:443 | spo-ring.msedge.net | tcp |
| US | 20.42.65.89:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 88.221.134.2:443 | tcp | |
| US | 13.107.253.254:443 | t-ring-fallback.msedge.net | tcp |
| US | 4.150.240.10:443 | management.azure.com | tcp |
| US | 20.42.65.89:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 10.240.150.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.4.107.13.in-addr.arpa | udp |
| GB | 88.221.134.2:443 | tcp | |
| US | 20.42.4.113:443 | eafddirect.msedge.net | tcp |
| US | 150.171.74.254:443 | bx-ring.msedge.net | tcp |
| US | 13.107.246.64:443 | msedgetest.footprintdnstest.com | tcp |
| US | 13.107.138.254:443 | spo-ring.msedge.net | tcp |
| IN | 104.211.137.143:443 | 5a38e14695e263b8060e10a399f1607b.azr.footprintdns.com | tcp |
Files
C:\PerfLogs
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\vcredist2010_x64.log.html
| MD5 | 9740dc5235e25bc0b18f57662e0c0608 |
| SHA1 | 580613b11115712bfed89de8e5fb1b8e001060fb |
| SHA256 | a45911504f10e4ebdedd041d0cf174b64ddba209e6effe2a52294cd5f9c05098 |
| SHA512 | 9f46232726bb758acac5d85424022e8fcfa14ecf5b0169b9721117c9e70a8aa1e1c907d1d09d97148072ac0219fbd0ac3fe8050a5d0a40d4b4b85daec7652134 |
C:\vcredist2010_x86.log.html
| MD5 | 2d9b43d9cf9404dbbbe637b274460336 |
| SHA1 | 3ec3d60d54ef3a42877bb9559c9ec49a5cf90e15 |
| SHA256 | e1100c6688277f1c65cae7672df11f488151cd336891b4909b8fb1065cd166eb |
| SHA512 | e2232e611adfa1fc507c709cb5ec020c468521054b754178bab8d0c4ce13aa72d0bbc491f3c0727ddc57123b1be9b9a2ec51cdbaedf0450b5a0248e30e27203a |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 2e86c75b2fc1c2d554e11d44c280429f |
| SHA1 | 93c06449220db173313caee5c7031bb76888d643 |
| SHA256 | 3cb93f264076a0dcb578b2d0f80d2c1100ae068f33a9152e053a698f8f45669c |
| SHA512 | b3d367f68e5f745ef2e562537183cb25aefab086361d96e15f2f9931a43c536641753ea0f2dcb28e4925762335db60575ca94b8e7da7141eb0037d91842c458b |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | 07e0ee0b82e8b2f4e9d322e633c341a1 |
| SHA1 | 0ac1e2c1d1294740041cf56f1607057b994bb809 |
| SHA256 | 9c25207438f88e0ffa8dae1ba94d1c41777d189cca2deb56c0f58fce9d5dc63a |
| SHA512 | 87d36fb221215127aa74033452e8667e15e505799cbab5b302c014a5cec3aa3c73990e3be17e3daed36bde35c29311419b7f3088e2a6bfdcabec78da48e15eef |
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | 0ffe07b4372e8a96cc296f6f70f9cb82 |
| SHA1 | 7e9056d8273c3d53594062725686133fcbe25808 |
| SHA256 | b06866f3839b932f10a0bb2a0f455d3c3397dde84ffa717b6ba942087f1b9fb7 |
| SHA512 | 110acabc88ed233c227f3fbe4106f757d3d0bd62c52609ee35236523ccde231852e4fe6c2a7c2c01d8c1601be8946c3fa3316e8866d03711300276a470fea0d0 |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | 06b4a609ee1a5c8d127bf25f92f21cff |
| SHA1 | aec5707a704bee14c79f32369b9921887487c5db |
| SHA256 | 54c8b1c43a78aa872d02bed0af57d1566ec4bdcf4acc0dfd5c36cb7a36229790 |
| SHA512 | 2a142dff771a7a04ff42fee65f85b7874c5fc48c66dd7ef47400922e4912866c9270306004f902b97ddd3acf1bdff405da18f0324c60e4f5f4d4061e5775080f |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 7ad624cac4b7c724a4a7d2a31e766fb3 |
| SHA1 | a7b4d0006ce1f340b2b9326beb021189ba8ea0bf |
| SHA256 | c83a2911dcc04941bea0e1f5e1d141d0f674cd4dc533d41405ebcb0d6435309e |
| SHA512 | e603feb050aa65fcc032c5956cb2da38cbbd5650e1fd9985090ee5a517365e9c6c23af42f02a936428aa9808212733a2f62a9776f4f897ad1aee84e705349e7f |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 7afb2eee3193d09737365ba9ee5385b0 |
| SHA1 | 17dbeecb1168c62997241147f67da69416eac274 |
| SHA256 | ee077a858edf4929e179e6015a83e142bd3ba161e2fd8eae1b3b93ab2b6de893 |
| SHA512 | d457f9e32e967673eab1239d9121780ff06ce92d3b10e9a70ac72a800264677f2356c2cc1d1896878463d12ad6cadccf314fa31cd555720de8040c2b9acb1e06 |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | 1b67eae4371cc10110d6ba255601244b |
| SHA1 | 15d2e5b194a205beafe4df98e7731f086d149f5b |
| SHA256 | 94e17aa951b99980e95dd61f8f8427f851343b60017e6a2c55fad5abdcc4abec |
| SHA512 | 6c5ef16c527fe870a85fd22518c24e234ed26f0114013a3165f508e651bf2bbcb6ddd7833e5bc46a9eb83c3ade079494d8a0e95e46759475dc9c32c609b23be7 |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | 2e6134e9d0930ca14c891322919196a6 |
| SHA1 | db6c4b6d6b2c407bc69c00f6df3ad00e0e05a6a3 |
| SHA256 | f6c3c8460ddd938c41ff1bb65071e3027e9ae2c14546593144fc202330488a64 |
| SHA512 | fec20abe20997bf139e76c7a55a4007cea4d8b3e42e135cba7fb060d07383bc1508b99f6a8c0858ccbde1f5696ccebc79b8ea636f2a6ed1adc9f09464b8140b6 |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 7a9db1cc5864d185919af1fa0dbd0ba4 |
| SHA1 | 63bce8167408e4a3dc109ce9145c752c0e7bcdc2 |
| SHA256 | 3ec636d99be1b8edd9415977b8a7aa6dc9c4d31ed663f3fd5862926a72244635 |
| SHA512 | 5f3fa32c1e59e3c0aad1f394fa48acbfc5ac4f1b3e51e8a1ce131a69e5018a0a7da4072f2bc5062b9e8ec92e1c74c65a6222c37452b5f6fe0f61cc9243c508e3 |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | bd67072a13084f8002e57be303b7668f |
| SHA1 | ad65063ad2dc2652722d080a4e0ad368a64ba204 |
| SHA256 | 8cd4a0da2acaca2aa97d1c127f78facc4762fb882bbd20dee2cddb5e2bbcac49 |
| SHA512 | a473413f9aaaad9bfd7d69a6216a6523c9ee25ba7624f41bb499390ce8ab3b944cf1c84592bef1093ed66fc505e687c339f2a542102058a7e2d4d5ed406bb64d |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | c0840d0bdc77fee06a6c4859ea1552de |
| SHA1 | 997ce3f68e3e88c3304399796ddd0b7459cc247b |
| SHA256 | 5d44c5a0666182646e48aac26b7a16c8adfbc7993a9c9764ce2d4873ed8520f7 |
| SHA512 | 94716d430d5e08ac117d58a85a9b491d310681728bf12543d94f3225131ea2dcd62ee268f745a4cefdf85b3208498371f2c6bec0476a9b680df12c53e484c4c7 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | b1bb8107e64dad4993c9b0332bc70928 |
| SHA1 | b3dda2c68cf40a638a4c83e636172d19f0fed382 |
| SHA256 | bbd75e6e1588acbefa8c2799aa053d0d1d9a080ce48ed758ef374a00cc1d5056 |
| SHA512 | 77e242e8cdb36804edb4ace6daaae091797466f6aa65d918cdaea4ccea2e5b4607659eabe383014dab87030a49b5099583b442bafa6a360d5204246d9ecf8fe2 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | bb95b1b9164d92fc3e1f5616e700593e |
| SHA1 | c29daece171331fa3f599c4dd555604c962f4169 |
| SHA256 | bfa7014e0b1702a045ea9da87933ce05fb4dad95acf5bb80da4e042ef5a9c24a |
| SHA512 | 7aded98f014f7a09328d19660c20ded7221f099f6c393738dec703319c00dd3e4e8245d5f3d0becb81d666928e04cf917cb7547a50b6e8f4d2ba2183b5128a63 |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | e77948d3628c1bd0a01baeef555d2fc3 |
| SHA1 | 56d70e66fcb7325256bd4bbbc1c9944ba3b33d44 |
| SHA256 | efcf8abfc16f4ea5784e991759d26e78526d4a42159ba12839f9762c191439e9 |
| SHA512 | dcaeec2d2833af4db4e74d0fb3b80629dc71b811219edc9d4799a444dafa77496d4f51e9261952b0821862a2d8db6675c3c4f3904693a48dfe4c09f5cb4b10ac |
C:\Users\Admin\Desktop\PublishLimit.ppt
| MD5 | bf5bd2ca59047b48e476ef8fe52b503f |
| SHA1 | baa0dcb3a73b97384262279a27e45fedc2e0a520 |
| SHA256 | f3d1ade1f198c84d41acff584259f7a58be096dbdd97d288ade0e81bc0f12bb5 |
| SHA512 | 845229bfa625098aed0846629479bfcec7dc3e39b8120acab67c4920e6b03dd3ec5fb66c6a4c5d67e7b64af9af3b68c96c777885b8c077862a9f36741f4671e4 |
C:\Users\Admin\Desktop\RepairConvertFrom.mpa
| MD5 | 08a5874f5639a444f8e39b03c2f1d1ba |
| SHA1 | da3965257f937917e5189400f9723b0c93b95e81 |
| SHA256 | 76942199e2e303c90fd83ebded88589b542c05bd030f4c1183567ac2a3fa88fb |
| SHA512 | 8fbbcb6807b55b60bc34401a17de78241f7c5082bd10281c5b0dedae0569d98fbf48690634c63559c939b0ee676caff167b8757fa94fa2568a416908fe86aaa6 |
C:\Users\Admin\Desktop\RequestReset.rtf
| MD5 | 050369a9c3f672e628354f5d71213229 |
| SHA1 | 62fa75cef40515cbc5ec63516d883b2151ad307c |
| SHA256 | ac881dad822314255a3796422ba90ac237cd92cf96de158b9df3df8170cecc84 |
| SHA512 | 9af99e1401d3690683fb634d874fac6317ffb024666dd549802196615ec9ffdf08b98dc71fc405b4c10bdfe9011f4a7b8e6294c7d8afdcb17986c0788a9b81f2 |
C:\Users\Admin\Desktop\StopOptimize.rmi
| MD5 | 33824694188d8fbd8d8696f3448232db |
| SHA1 | 6c08b340fd8f0d9cb9bf0126951488ad8d528343 |
| SHA256 | 221d1f1a4c169e903fc24f244007ca1ae17ff6cf1c5f2ee491861302a936477d |
| SHA512 | 48a6c9a925d821034bbf6379e8074543e428aec98fe879942de0f0827afa9b94722fc23f4fd627ebd3d7d48b3d677d3a53893f0e3af1715e46e8252a6916c4f7 |
C:\Users\Admin\Desktop\SyncFind.xml
| MD5 | 43a9374702518e43cfaf071a83295129 |
| SHA1 | 5786693816d1829b2754858133a23d70a8b7aabf |
| SHA256 | 03c620ed27e1c1a7a73da897b6445b5202ee4fa5cda450a39fe60069a1d2fc62 |
| SHA512 | 6fbb4005f2af0aecc6197a951d970bde80e901d0e27466c154cadda45d60c30d67868e2b537178d66cd00af1970ee6c772664842b13e6b43b6c89638356b24ea |
C:\Users\Admin\Desktop\SyncExpand.wav
| MD5 | 8cd264aa87c0eb3c2545c631426b0a2d |
| SHA1 | cda91db05e216ffa5c9d98c54febb0a63bdd3ea3 |
| SHA256 | d883c7387e340f409836da69a9c4f8a660a942bb2476a1ebe53050647bb4c2c1 |
| SHA512 | 61398b867373de1c105e59c40d8d14a79e0b6d5b853afc8d508d0cd6d1d3ce9d3c09ef527e33052c368019c63e497a7566d4c62bda43289183ab6a4129b77141 |
C:\Users\Admin\Desktop\SubmitResolve.css
| MD5 | 251b23e6a0ce22b1b6a4697d07ae0b77 |
| SHA1 | 118eb59a2a8f063bc5eeba1eab250ef2818a9706 |
| SHA256 | 7e19fbc1edd7dce34b276bf6be7341229b080899384690fc1803d339a3a14577 |
| SHA512 | ceef2a240103edac1c125de86ef8e248dc2fcdd08028254352c228c32ad89dfe6cc5e0c2d1048e0e762b18566179972676520398e628bd4fea3fb41d2297b8fc |
C:\Users\Admin\Desktop\SendMeasure.ocx
| MD5 | b37fcc4c454b6a15226c0f5b964d4311 |
| SHA1 | cde908ae1f1d4038fc35a138ea9b7d3e6429204c |
| SHA256 | 2d47a63bd169f72a4f0a1de31ebbd12da39ba06c44d03463329671abd2b59882 |
| SHA512 | 57f63d89996c02604b1d93eae394d572f0c5e7554a5edf0b500bb3085505608f81ce65c664988e7a2f604edfd7ed5d0c0b350c7fb36133d2743ad95a8417af44 |
C:\Users\Admin\Desktop\UnprotectClose.rmi
| MD5 | d6fadadd747a9df25a4220671462c7cc |
| SHA1 | 2ad5bba2624b870328156d56262dd030a9458032 |
| SHA256 | 2aca75405e1961687611540ab794ca9cf8e64b77be83d1f70511bbe2ddff8913 |
| SHA512 | d2c284682a39226b040df1130c615e8497e87eab3690393ffc4c2828c2db6356a2b81dbe791f1b9cb51a988a006432e661372d04765f537ca8b48d7c274d7d94 |
C:\Users\Admin\Desktop\WaitPing.kix
| MD5 | f04fa9637933605f367de43df10f7f50 |
| SHA1 | 8a6d72c46eb97bbda6d29e53b8d6c2bf87781309 |
| SHA256 | 8d848b43ae9a90c7c346ceaaea12432cb0863702a0544ac8b51bc33cac7ef3f3 |
| SHA512 | ee21ea7b053101255b460f61401728df8194ebe38f192ab26f7175e821f3a8fddaedbea87c227444f7378a85b82e7ee5d62b3b69065fc54ac3b99330ccbcb17b |
C:\Users\Admin\Desktop\BackupFind.docx
| MD5 | 71299ceea658d099688d0b3f6dd485d7 |
| SHA1 | 6966d7b6eeff47ed1f05530bd30ab2d85729aa0c |
| SHA256 | 21e342048c9e77308cb5a7cd4c471cc75af23b9d202c0adad68c9583e3da12e9 |
| SHA512 | 0508daec44a05a22acc777d38fb451f3e9fc4e7443b4e2e31822b3f8ca0319b553e2f8f9bef2199b0c8c0b14ff722cb302afefcafbaa6439879784529803a4f6 |
C:\Users\Admin\Desktop\LockCompress.docx
| MD5 | 6333d6872680f6479465c6deb4b1519d |
| SHA1 | 4b9391d0847f89ed79c0c1252397acab11adde2e |
| SHA256 | 12479333f63d2221b2e9f24a55dc43ccb29ba9210864ae59feb1aef6a0d359e8 |
| SHA512 | fb5c9318678aa2cf4e65a3ab5e8fb02fcd030a592aa30dd2268d45dc09d9f435a60190aa6e09117185a96ea0d1228cfe10613439d357d9e248b0ed7e96bbdf95 |
C:\Users\Admin\Desktop\GrantConvert.docx
| MD5 | e4922d36d1b7b9d4818c6761b4a54dc8 |
| SHA1 | 0362b981fadfdcd103e24c9119fe21683f4cfc8f |
| SHA256 | 1344f75940d2fa35716706b4489c2e5f0fe146be599a72c7e3d5d88599746f79 |
| SHA512 | 1e4d8c420215e95bb2a9eeee0499255b5b4416500a53a2c1b60c974b150ab261866e16ce92d847f69594aa8e5a7c1c1cd87d74a6583fbcfae89abb7e84946836 |
C:\Users\Admin\Desktop\SendEnter.xlsx
| MD5 | 827acb7354ed11ef2d4969ddd3113efe |
| SHA1 | 965c47094fc1de5bea6eaecb3127d38786d71e9f |
| SHA256 | 03d6fd2e8650262afa2956d31948910b9aee694b1acffa5be1ad18c058c7d1f9 |
| SHA512 | 2e1b604da99c7478c9d9081f3044dc45974e1eb53285a6c1151696e2290b1d0cc161a13d3b0566acda9f1ddb54ed69979ac4c21d00a8c1398c1aa77f066d6a39 |
C:\Users\Admin\Desktop\StopRequest.xlsx
| MD5 | 4e709cb06276a2d12a8973babf7ca909 |
| SHA1 | 17cdef382e28a2efb96a87ed0bc394da6748a41a |
| SHA256 | 86c2e89c87107fddfedef997c8e4291560121797ee4272550a0807d9f4d69132 |
| SHA512 | cbd4b9d938f849f2a33bc0df80622d820d360b7112e6a148228206e84bed4ac5b37521a6c4e436ec31aba450ca0a7764711aaf394e11337f0debd32be63d4edb |
C:\Users\Admin\Desktop\StopJoin.xlsx
| MD5 | 386f7c658b68dfed95d5a8dbe9a09ff4 |
| SHA1 | 29b3aef73d1012aacbf7001a1b8256e2e87228d8 |
| SHA256 | 358dec947099139749f8a53410fba2490cd6a9f15676351e81fb9aeaf57a27a4 |
| SHA512 | bfc4941bd27e396ef4496c599eecfc07afb7deff505a7c8da1360697fd6776dcace3bb26daa4cacc49b5f7fad839ce861f03cfe7a3117dab4087499971eca3eb |
C:\Users\Admin\Desktop\PublishSearch.docx
| MD5 | c55c29a8a304cbca5c47670601c7eb4d |
| SHA1 | 52622d4b17ecd12d0792c3ed03140187f6595a17 |
| SHA256 | 9b00d30a7f38066962ff285196025bde385b66cdacc0fdf6c038a9b2296ae95a |
| SHA512 | 75fbd5931bbb6b3e1c62f5173daf2bde9925d3e05b866bf14cf49a611d4341576f2a852ac350293b46d17df522e6ee051a7ef53acb1e6334bdc08094d61d780f |
C:\Users\Admin\Desktop\ConvertClear.mov
| MD5 | ae32ab9bc775a6d02f80138e7ad89293 |
| SHA1 | 29390df0e453e2ede710c65ec3ce416f0c40c406 |
| SHA256 | d69ff054b8f086bb4df04265f30be3b7dac51ef8ded65921bdcedf805359a851 |
| SHA512 | ee6b3888b388c58d7ec290db603ac455213c04cd26d4b653db29a8cd8ea41f94c9a2a280ed53e2f930620751a86c56b8fd5d702a89edbcca7b53e1dba58a1662 |
C:\Users\Admin\Desktop\CompleteRestart.wps
| MD5 | c88e93fca7e86226b7d3f46b33885337 |
| SHA1 | 78a4e050384fb3b59cbd7631303c8623790e4c5f |
| SHA256 | 73abecaef1e32bb6b6086a7265d2a7fd0a588d8acf981a90b57ddbd5ca86606c |
| SHA512 | 2e5632d9c241b565ac4ca06182db3e1737cef0a48598d6019d007ad0f7f733d3e18868a76f5f012b792f05d38c9caa8ad47e11a23551ec81dfb7d4fcf385a3a6 |
C:\Users\Admin\Desktop\CompleteRename.nfo
| MD5 | 36f07bad2758c4b8b5dacd5291751b81 |
| SHA1 | dba7ed014d047fc88304dda8fbbbc6e7f5c0f0c9 |
| SHA256 | e1eef6d351964d01cdea810364903d93482928bdcb65d3d764398943c0be38fd |
| SHA512 | 328dec585deeeca9de02460f39ddb63758641c0ffa9ff31c24627ab6b34b75fe00f65a0ab47ca329cf9bc6ba15125bc0dba7e4f83bc68b68cda6b7904fa8075a |
C:\Users\Admin\Desktop\FormatConfirm.wmf
| MD5 | 8f245be4c9322e6e14c3955c5bbbe371 |
| SHA1 | ea694ce0e24db8ee388c3f470d69cc1025cf14fd |
| SHA256 | f8d5a5e1b421e77c0089f35a4467f448a5867474c9924417a59d18ae0da6e78f |
| SHA512 | d2aa9d67886b2a80efaf3434f7426e6b452fae6be63343012155f866dcd2338a2e8513c39013231a1e35d8c9911c2d1886c4ffef879064ab4b0aee31c42b4e1c |
C:\Users\Admin\Desktop\PingSwitch.ps1
| MD5 | 2fe82c341cd156aa2c32ae0d947c34a0 |
| SHA1 | 63204c670636b628a3d729603d511319ebcae368 |
| SHA256 | b9522a988077d4299d808621c59433dd80e27f84ed51eb35e4af821aee70e1ea |
| SHA512 | 74fc75ec6861774bfc62b9c0822aca65a4f86830f623c961d1912df7137772f8625b453781d3c41435c6b1a8db145781efb818fd6ad2ef1a46b670218003ecb1 |
C:\Users\Admin\Desktop\NewSuspend.gif
| MD5 | 4865ea79dc7252facdd7e7ae87bf667a |
| SHA1 | 93e0d2b832b29c7896ccb0fec1ec26766dfb00b1 |
| SHA256 | d014512dc4ba7f1aee0dab0b29b0d7398834556c93fda4d95c6c1a6aaf5c7529 |
| SHA512 | 661e6df772039e18d290aea1a60f441f4fc09e2b145e0ce7a195d63613f3e05ea77db45a264c419303ba38f56d0677f52f0fd5ca1d8db4479ddb504b398c85a9 |
C:\Users\Admin\Desktop\NewResize.mid
| MD5 | a971823c72a6d9bd269b12b58660eb4e |
| SHA1 | fdaa6c30c1de52b594d7c16a995d6d98179ac667 |
| SHA256 | 664d129aae44d6e291dd820a67f84a08687ba9944a3e7588d50f0e897caa20c8 |
| SHA512 | edd8604a12923f47dfcf3c076d3c703b599c8da836149ff9dfaf605d56aef551c87bc71479427a5ccebd79b58966e92b0e629eb021f22796187df2f2940c6ad0 |
C:\Users\Admin\Desktop\MoveConvert.mpeg
| MD5 | 366588b5444b866e884c8aa9ff17c2d1 |
| SHA1 | 744d3d6b7c2c0549fa5e108adb4f41e98c4d7d12 |
| SHA256 | ddbbede6577ebb2534712faf7bf21cee439b3fee8b879e8e3970950129e93fe0 |
| SHA512 | 9243d2dca43ebea41aafda48eca266fa8d0b9cbff2338919fce20545de652bcc49b5426c2e14986aae1d9e4721812861032cb5bef613eb4e8344b4aacb75c1e0 |
C:\Users\Admin\Desktop\MergeBlock.bmp
| MD5 | d92f5696650504320fb7c8397a924b40 |
| SHA1 | 7ab81b0d260b558735abf14795722b9e28545458 |
| SHA256 | 559a9159764bd47e7f3c9a9c1b5fc232fa9a2ea52e130c4ac0ea2d9b6439ec25 |
| SHA512 | 333cf5be0fce69d9eb6a4be9885b9d66bc233c0836aa71d84c7c683c236b4d89f26f3446248e9e4c73c54c2e510ba69478fb50d33bc76d16b6e9ec0a82c01ef1 |
C:\Users\Admin\Desktop\LockMeasure.eps
| MD5 | eb432242c8d65a063c8dcf47ee4ac441 |
| SHA1 | 113c01ac31a5a1c11fbe3d5bb0d75d0465578e63 |
| SHA256 | 7b842b46020a0dfe88d487e05b80abd858179484d5864e3aadee9876e53c946c |
| SHA512 | 6794e58cad47f8b03565695993e233dfb781a444b2ecf194dfd9f23540eecbc004e5625b8274977e443714aef82b1eb280d97c5c4df063fe031432a5a60bc168 |
C:\Users\Admin\Desktop\JoinUnpublish.temp
| MD5 | 4556b26cec07758b71dc46c47027a15c |
| SHA1 | eda3a5c6e0c7af4df97d343705396113dcf72c8c |
| SHA256 | 4554510f63137890b35f0ca381fcdd26c03e737f51d0f9fceeac0750eb8105ec |
| SHA512 | 5e6ec1745b61db1c9f40376b0f4138bffccbfe68a3639bfc7acfc0139451379130adb7ee03906f567c5ca88714059a08b0ce1f2bd221e8318a89063f27c0d0ee |
C:\Users\Admin\Desktop\JoinSync.wmf
| MD5 | 3b142a01a8238e14df1c249e7c6b990c |
| SHA1 | ea09295ad2ed79348a6c26c542c36a6c797e5045 |
| SHA256 | 6625e6279c996db024eceb14a1c05fb5af4c2e447a9509d31695900a9058cee4 |
| SHA512 | 809d41b55a12a82fe5daca579b59af7b9ebf633eeca96800bf825fe5559c98fa9cbdd110b950943deee264eaaa22229e5dc1748b6fb4c50a43b754a6482442e4 |
C:\Users\Admin\Desktop\JoinCheckpoint.js
| MD5 | 739db0fe7c2f90ef837150f1aa6b33f8 |
| SHA1 | 827254cc0348fc9e1ae1602c8ed5ca1b5eb0592a |
| SHA256 | ff6a4c4f12b59a6cbf7f8117fb50d9f253bee429f73eea8a695d0f877c6c97c7 |
| SHA512 | a8c5a14c64a4dc6596abf1a0de54b077c386a6fb84a9de58f806ce55c7678bfa13910fe121b0fd3090951df77b08273a07ed9e19205a514e5bc56ed065ac0947 |
C:\Users\Admin\Desktop\GetMove.rm
| MD5 | e31ac0d99036c52632a183746f129463 |
| SHA1 | c3e72119f9a2378fbea6475645d86060c771ea55 |
| SHA256 | 90a60f589381eb1f1610d9d7d34534937e3064b0ac5acab3f8477bd1354d83cf |
| SHA512 | 3eab25188bad8ea6696ea027785e7972288bc5d037aa87bd67ca404d540a11b1aefe19def5c309af839206df41ef9caaa28c419d490d23e4e911d85de624e1fb |
C:\Users\Admin\Desktop\DisableOut.avi
| MD5 | 283248e04e139ebea3e039be94adf420 |
| SHA1 | d3901241343452e5d83895928742c8423f2d43fc |
| SHA256 | 2ce49138097fb916d2406b756737c6f3fa34cfbb79f8e0d3424eb2c13fa1223d |
| SHA512 | c8d26aabb51904bd0640572cf65dfe5e3882f9f0ce3dcfc67d2292973944fd5cf4bfe7e65e0dd4776eaf0c8d5f895f48d3ec3a21eba265b9b2d927c4e0c21356 |
C:\Users\Admin\Desktop\CompleteConfirm.odt
| MD5 | ee300dd936448beea0fd96a32cb722fc |
| SHA1 | 761139f89eb7671777833eb19f9642026a731e15 |
| SHA256 | 0e45d23da6523a477080270e35001b8e627d0d2ea9318137f01a1f1a574e8682 |
| SHA512 | fb0b56be5df6bfc356e9509e21e5bfce8170d91760b7807b0024b245b2ed267304eaa9071921fd0fee92cbce5f041025fa934bf9e01b975f48ba6ff8789d2fb9 |
C:\Users\Admin\Desktop\CompareResume.mpg
| MD5 | 49afc430a9a08a30ccde0dd0a463931c |
| SHA1 | f350ba4e1e714ec4e3d43d5aaab594ab76e6fd17 |
| SHA256 | c4f89587df8127657bd2b94338c12ee67ae50a9dd3f8a7381eb1ab7d9ae67846 |
| SHA512 | 9315afa5ddf31ea0c4173551d351e032deb98cbfabc0cbc74d10b217b093c93e181ce4f8e6d2f7cfbf663664a478f4bfc3c1abc30efb04090a7fd84ab673aed3 |
C:\Users\Admin\Desktop\BlockWrite.xlsb
| MD5 | f6491a422563335813e274abf5c48b90 |
| SHA1 | 6853ac34a3a166ba3f6b169670ce06f46a5ec489 |
| SHA256 | 52ec42d0930fd88ffa88b8bd6682abd6cd54af6f51b1ce7919fd0caea6508e17 |
| SHA512 | dccf9af964e1b1eedff7816007be74126656a7adfdebc2f20c16d474011ab4ab9917c5c8e0a9494f706e189998851f3de69570f2cd0e8ce00afe3236040cfcb0 |
C:\Users\Admin\Desktop\ApproveUninstall.TTS
| MD5 | 0985a090e9a3c0f3ad596dd4b1730cda |
| SHA1 | e72469ed97e9af4d1a64e7283daae395869b6168 |
| SHA256 | ebabfe291b281cbaf649ec8a3e49376328be866969207cd7eb09351f7db5d471 |
| SHA512 | bda27a3859cbdd9b1916e52940d92d8e918002367b074264122ca49c85a5394231010a569d780dd0c8a6608fc9968862c8cf1d13ebecb1d51000fe5081ebe189 |
C:\Users\Admin\Downloads\EnterPublish.contact
| MD5 | 605ead69851b366d70f89a9026ab37f8 |
| SHA1 | f99892ea68c4ae72e1581483b1ecd838a47cd84d |
| SHA256 | 2ae6ea6ba1260685c31d29def520a7f994ba86e4d9f17702c0ea51e4f68173c0 |
| SHA512 | 81fbe2d651d28c7e5fabebca71ceae59ba3f81bc86f6a2854010581edc925640dbecfda8e86c0406ebc41f72e7e922f1bdc0680e1375a5388c260907059392bd |
C:\Users\Admin\Downloads\InstallSend.emz
| MD5 | 4bbc9b7b5f1a876ba8d1fd35ca9902b5 |
| SHA1 | 0a67ee593af6d7a1593db059fb689ed5e9a879ab |
| SHA256 | 86d4a190957cb5836cec03178759ae5196a31bbccaf6c55940caf1aaf02fe2f0 |
| SHA512 | 7eda0077bd7eed038193bc655075f121ccd825132d0b92d21ec4f72f47602a92194414833d715baf389aec5f51271293fd2fd36a28dfa5c60b933f867ef71d92 |
C:\Users\Admin\Downloads\BlockSelect.eps
| MD5 | e7e3f0164c6627c159d178c2559813da |
| SHA1 | c59ef9f37465f466f4bd624e798a1773509a640b |
| SHA256 | 2ded4afd887a128bd6b152ae93f09d19562c6813f134f30bb3cb6141f2bf7f09 |
| SHA512 | f01ef7363d839fa41b7127873b6a2aa2c0b8b5a90519e1a70e20cf04305a0628b55c9789aebf1c66dfec8f468ee249f7f58d50c19e2d41bb2b846cbb33ad26db |
C:\Users\Admin\Downloads\RedoTrace.otf
| MD5 | 9e0f5bca4d737f55ff36b369fce3488e |
| SHA1 | db158f7be79b11b65ad4b0d4f7531e52940c8b00 |
| SHA256 | 9e78461c034131cf868a5c6d4b3c2373376cf832327fb98c8ff7c8b2ac079398 |
| SHA512 | 40c8a715a11c0be96184b662b2dc4f289109959259443fe77de27d4ea1e62811e6462d108e6387df4ccb34a68b6cc024a9f64f6d80a90a9bf5dea23da4d585a6 |
C:\Users\Admin\Downloads\SetUnregister.tmp
| MD5 | 8e581898fe65f965ceafcf57f464c4b0 |
| SHA1 | cd145ed69e941b540aa1ff5d620f1760aff5f2aa |
| SHA256 | 87107b7d83f2678bfe626d8ba6dedc870194877e6429135f267b50e4096f7a19 |
| SHA512 | b4caec4565afcf4affae0009839f6b316414486bba8097a509f0cf570d6118faacdfbda711bab94c5e3b354a11706ae0faeed80255bdf54c6bce031d75ef4222 |
C:\Users\Admin\Downloads\ResetEnable.mp4
| MD5 | c4f334ab44057d489b71418a6bd1dabb |
| SHA1 | 049cc69e3cdef1c2cbee60dae52c29db961e69de |
| SHA256 | 5603c1c0b916e32f8c640a51a50b424a6110a5a123ee390ed2a0354ae041eae9 |
| SHA512 | f314ebff2f70628e960f8bf13557ef886e757e41127ce88a8c7644814ce5579294fa12f4b05c16421f53c066ab2b5d8a1a71ef32d77b9a24342a953abf57469a |
C:\Users\Admin\Downloads\ExportResize.xps
| MD5 | 14137aa6e2daecb7b2122b9fa94d4069 |
| SHA1 | bdb6be73c7995e0576692fb17d6831a595d0be08 |
| SHA256 | 5e7edbfa6f9d88b1c92c10c1df4020d2aa9d8133801c3bb87cad30902eec9ee3 |
| SHA512 | e80004ec68cbfe92c08bf8ff6a01f96efb4a75e592b23f51830810700809a3a6c26bf82e406af29aa9f1da2426fbd84671b53dcf0d5601907f179f4dd81f6d08 |
C:\Users\Admin\Downloads\ResetMeasure.cmd
| MD5 | ba54f700e9161077968c05d643ee461a |
| SHA1 | 2915d92eeeb8ab2c86dd6b719ecaaf21efa5b6ad |
| SHA256 | 9d05ab241dbc04b9754f377ef9f07c6f7275751f5b48819e1935efd26180586d |
| SHA512 | 17bf733ff6cd852167f7ea756e8716fac45f0c9894b8c774c40addc6f6198a4e7d3c8a8e9eefb3bf5d6105a617e0c18c5b3d02761dc4337e16537d041358da51 |
C:\Users\Admin\Downloads\CompareWait.csv
| MD5 | 149246b437748e5b0e9013f4a9947d4c |
| SHA1 | d9e92fa2a4b47567641dcc2109c8ec5075f0111b |
| SHA256 | 896011e29087d43b4be1d9347f11c3cc5a96cc2adc68a2e4004a27633529d728 |
| SHA512 | da94807efacae4cb55723d254ab35a01d93f3d4f7e1f0e89c00c8a08a286b869a1cbe2980a14f093c1208a33b7f6978f81870496717467aa6d2fe630cb6a53f2 |
C:\Users\Admin\Downloads\ResolveSend.mp4
| MD5 | f232aebc4c54f1429b66e4f3543fa307 |
| SHA1 | c9293a69f844a0cfddadd99c00b23a0e61c97520 |
| SHA256 | eb099f458cd0dea341600b37f0ce4ebd738caaf57663f239c14e6bd78b07f104 |
| SHA512 | e12556e7cd02ac9b935f7e076f9edb159a79ce3cf569288e6daeed73a4acc7aa434add3751523e8b96ddf7ac0d46b24a1797c4e747a137df67d86b8cbfaa3547 |
C:\Users\Admin\Downloads\UseExit.vsw
| MD5 | 3090cba2357dac90932b3335d3505ad5 |
| SHA1 | e3fe199590817ea1ab8ad20a19ffbc3c8640974d |
| SHA256 | c3c4de6eb9b240801e4323ebcc4c2dca6a4ab26194f8f170e36e12370cd9080f |
| SHA512 | 6b9992d7584d5eabf6208f0d375d76725053c96878ff1c70d9cedbe6016c559f1b9cd21d05eb46e27a79df13fb56d95b5c5e8040269ad0bd1304b140bb99ad28 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\f80f5f25-8dff-42b9-98bc-469e664f34f8.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a28bb0d36049e72d00393056dce10a26 |
| SHA1 | c753387b64cc15c0efc80084da393acdb4fc01d0 |
| SHA256 | 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1 |
| SHA512 | 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 554d6d27186fa7d6762d95dde7a17584 |
| SHA1 | 93ea7b20b8fae384cf0be0d65e4295097112fdca |
| SHA256 | 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb |
| SHA512 | 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 894bdc6e33e275a9a8457eae02c49959 |
| SHA1 | 1ef7de959a98569c7e85dc7c064a2f5bd46d8b6f |
| SHA256 | 6e67173eebc965ed5a9e3f8f26fed38630fcb92847fa751324d293a8f818282b |
| SHA512 | c5ebc7e8bba4c1ba16b09190e692e698210a9ba1a34b986925db61ab983a9f58e8539aff3dcf31cd580c1137ba93e4129c45f6ba4f2d05af780f8e55b81f9074 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c6baac27e301e958b39a1bd4a8256b00 |
| SHA1 | 5f4bfc99f6f0543ed004258136e4cbca45153531 |
| SHA256 | e751cd91f1b836f976da6ed2de857b3518f7719cd05cb3b7a6b3e5e70c9dc4b4 |
| SHA512 | 2c92df1857cb8fd6412959af938e467b412c352e0dcb666eef9c48dda1d6a3197ccf6e95c72b562585252f0479fbd0d00331ac606d11b7e1050c1555a5f7298d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b7b88644462dcb3d97506311656a3dc |
| SHA1 | 8a7321bffc8963ffdde703ace665176986156b3e |
| SHA256 | 90f04d9f6ee4a2aaa3a073107f0caba048e04aeb4bcc5439dd315b92b6bbc181 |
| SHA512 | ca7e099d9496aee67cf8c0e594a2c6dc601951f82fe303220f3b74ad252313dd0221078fae9e30ebabda27644cff27a443eca740747edae6289f650d2d1216ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91f44283cc0b8890f4e7907672af4297 |
| SHA1 | e345a5bd5486c5f9dcd7c0700f568e2b12964a4b |
| SHA256 | 97962a72bf0e8400d9c2355d95c4c8008d1ab112ad884f528f821f71e4bfb8ce |
| SHA512 | b876fd401dedb1ddbd119d0d47e6274ebb6c18789dbb20e927148b32e1ae2aefb7b1e5c4a2741bc9f98d6522515c8a429a7735efd567a92442612003747ed177 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7eb0937560047f8a9218780a1d6360f |
| SHA1 | e837612f9d6a300985024aa59c126d786b03803f |
| SHA256 | 861cb41ff3344c29983192e0e22fb4e1f144153b0e6854cd1ae93167ada58d5e |
| SHA512 | 60e8b373f8e1f0a2db1af70d351b601b7ba127e1b9a805e9f7aa8b548e9235d85ef25b247218e54beaaaa0af91bf7d92c3267d6ddbebfd165f9aca084d0090ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 101fd06bf6569cbc2c81363eaaec25de |
| SHA1 | 79c1dde1996754f11623a75836faafc96ec58d7f |
| SHA256 | a462a3730a9e46d6e01d62f87d29c84fcc5e7f53e9aa855772e657c5171c3524 |
| SHA512 | 7d203a9f219e9804c2618fcaf6c6291f70505a61cf7e0a78dfa48c4a871ae059e00e6d309ed723a0f1c537bf06db3c60a08ab69de8faf690e26ea89033d94b0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f1fe9ed1ce08fc7796fce5bee66a388 |
| SHA1 | 76f58503429cf0620e6a6c1403705af4f3f4e884 |
| SHA256 | 97fdaf2b09a45352953f8c2057f309688b66cbdc64248cee20f2d92a67b5ce8b |
| SHA512 | 9736108948cccb69bb7e288e9e7f6465cc9362d8506f3ea8290a69e039ac83fa9e369791f83ce3b99ee2759bf0ff3c2fc0bea65dec162ee3d63cf37c9cd60ef0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4016def982cf1c510b37a8c095b00379 |
| SHA1 | 53465bc62cd2211846a3c1a458863989fac8ec40 |
| SHA256 | c380332027736c2be25250eaa6ac1fdb5a0e8199e58d221a899aeab1270151f5 |
| SHA512 | 4a448baf33772f1ca1a8e711745a0f941fc0f2a2b2c7a1a696e179f7b7909b13077ed53a6a4f2706cd42766574ad1a679533657fe3f7add5ba60a07c0f10a146 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d83dce1290083ccbe35886219746f95c |
| SHA1 | 236e99a5744325c3ca49545fd025102a1d03b8dd |
| SHA256 | c36252de172f3656b09f734decdc991cf9764c39d484d4aa044093581edf170a |
| SHA512 | 6833a0b18c463137aa8826a606c88f16eb4bf94885d492be20722acb2fb52e07a47dca327df0721560696382c7cfafb133bff1b44598800a4896953bc422bf80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 869caccf56d3935aabd72516791f25bc |
| SHA1 | 9f89b21d3adeae1dd4272a6af5dacdaf6c9b3f02 |
| SHA256 | 1ddc9a9c0b5b6865f6cc6e43a72b8cf82ad50940a387f2eed108411b6008d116 |
| SHA512 | efb58f32e9510eca30de647abd28d2cf4b8aabf497982e0f9e4161884fdd55970f4af888708df6105501c16ddda4310e6ecb39972b511e7e4c0fb9e676e5acc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4af7fa51c3819e96d4ac5872a2410522 |
| SHA1 | ba17c99721c1c1ca2adf16f716289719ece281a5 |
| SHA256 | 2662a43af0b1e867dd950a99eb43d3c405c299a9008ea110d1eb13ced01e4ab7 |
| SHA512 | 34d8a1699d1de97cf16a1fae3478363d7cd77c02bab31f1361f9ed585b379b8209d8648d3394cf3ee2a0ac0c2dccb9e460d5e40134ebb28efb57375ce37a1094 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c4052f00cbe8edc5f7c4fc6ff891d077 |
| SHA1 | aea0a19aa816db7ba3e2df8f8f51bd1d3fa1e321 |
| SHA256 | 535937e024cb9ea3b92779c7a1e4d0f4aa9d97c9bf35e04afc2b087ed060f472 |
| SHA512 | a1105f42578eb1551b5c3240848dc34a882a15e83ec9cc96c81c731973c43a1fb8096372a7a7fb8fbfe587f2bcb77873f23f0b6fc76f505334b0ed649c5db333 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 947285c455e2e479e51a069f33576b5c |
| SHA1 | 1b922533b1f9b3c1e86191ab225073e517e46d08 |
| SHA256 | 01fed052267bf0c65af45e028221d155d63d9a9c8031b0dda1496851715123ab |
| SHA512 | c3a96a642f9cb6954409b8b5c9260903a4db2ba61c0cabe5005160639e1f178f0a891246807874dc4053b6db0ee9de6ad7fa9e4d85961dcf97800af7f9c50218 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af72a661ac5dacfdcb04ee9afb15a69c |
| SHA1 | 63fdca1ded7edd77a0dc96482faa785567cce9e7 |
| SHA256 | 3c765f08ea7363974f37cd37c878e62b432fbf5da89f918c4bd71f3b4a9ef7e4 |
| SHA512 | de9c9d2be03470d2204418202fa1f4186ea66c04578e40ea50b22391dfe5201d6c75e8bf65c1fb43cea3e0a4b65287fd487bb8930b293ac8b9ebb9254eb8915d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bc56f.TMP
| MD5 | 17979ad7046dc874dba706fe852b5485 |
| SHA1 | d90e933e28bb9bfb69aef729d920b2dea5224571 |
| SHA256 | 5a2cba661156910f288cc3675e81dfbd68f78f31c17d829b5b52a4ab2ea8ef6c |
| SHA512 | 06ffbe075539f315c729dc107abcb8a529803e9d2748ad861d304344687b4eea9005c52b0a283c1e09565dd6c4677ff8a093d4864c2660c1f7a31169bb9b457b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | f0de9a98dbdfa8c02742ce6d92fb2524 |
| SHA1 | cdec682aeb9e39edccc2374dab26f04db754a8b5 |
| SHA256 | faf4294f27a542b0f9ea2a7cb2711529ab027cd84a5f5badfae752100855e6be |
| SHA512 | 856fc9ab199997e69a9487372bc0083564f7115b3e0678cf1d542b9864e9a88d5ffb85697fd93538dc9439071e3bcd4b8bccbfc610e1a45de104d6362d8adcd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 2d3fbed6ddd719fcc1bfb500b612fcec |
| SHA1 | cd91b795dde806ac8a38e51ccb6e8bad8e57da1b |
| SHA256 | b2566b646f02df4ce30b05d8223b78130a719d4ec9e4794a0106c371ade33cc7 |
| SHA512 | a870e514b325d6fdc4d154438a8dd333c7ab46e545c1b27ac4869d9f1d8594ca1cdc530f5e96c835220ddad4e1cef841673696978031b5237e783972aee701d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 262b98aa500ad46de74dc1eca39e7c82 |
| SHA1 | 9b652b055d7ade65bb9fb538a58a0da0a2b343bc |
| SHA256 | 97b3f677f9ca44320bb64698a4e15ae91ed853737ad54dc32bb1ffdedfd53504 |
| SHA512 | e480f61613ae6cf9a5b6c5ede2ffad85fccd2e4d675b2dd44c12f9df60784c9d4c0ae0a7aedaf4f77ea1831c95a025d7ffd188daeb4ec35b841856119a1e9b39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 28bfab89c712ae6364af1990970ba0f9 |
| SHA1 | c9563240d56c1b9b10be616d062576b37309c1ba |
| SHA256 | 9f5b2fa0287e7c860d68c12b3e0a66ec773d7588ba88cf33401f5b2985d87bad |
| SHA512 | cabcb7cef78075ed6223042f5ed35171fc51d97fdf28fd9abcdf3ecfbc98d8e5b3a76650c15e1aa4610cd004cba2a4a992aeb4e06b78ad207045d472566c4cf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd2a79db9204fba9971cd9aeac94abb9 |
| SHA1 | 95740863706aa73edf361b7d5abe5c50fe63952e |
| SHA256 | 31cb6fc9a40fc741f73e9c44409074f6e6dcfa95ff8c6383a26f383bd9fbed82 |
| SHA512 | 850ca0b7ac16e397ec19baa50f083f647d6eba789bb79d4a6c6b671165ee02b67da3fa73c10fb271159793f7d3fa1c13abb2ff73be72ed2a7afcea80c01576db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7def1aa00fd4ba3830768f80871872a3 |
| SHA1 | 6bcb1af0a00c26e5a75a375143e1df0c17292bee |
| SHA256 | e66d543a4abf02e0f59ceea840c8230b04684bf0443053ff27f1ec01bd9c7a8a |
| SHA512 | 9c664a7e9da33df501609771428f342efc6aacdd16f8663886918574e5a02e83538bb9ee20b5d47ab238c349ca0c08666847074374e84299c99571debd0321a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 41d4486d23713f1e103adb189d331b66 |
| SHA1 | 102227601b79df65df162ef22770a66603c9731d |
| SHA256 | 8b05df7e8d58a986305cfa6cb8789acabe6cbc5f3fc3e44e3f53fc0fc4d7f7fb |
| SHA512 | 91d8cff0f1ae317b4615fefd7f53c3b645c53bb3b87f497484f6b8514d074eca382408ca8215e0a51d0c8ab906ae2313eb15f1b9c14d63c2968c00717766cb63 |
memory/1336-694-0x000002C89C9C0000-0x000002C89C9E0000-memory.dmp
memory/1336-812-0x000002C8AF5B0000-0x000002C8AF5D0000-memory.dmp
memory/1336-802-0x000002C89EFE0000-0x000002C89F000000-memory.dmp
memory/1336-913-0x000002C8B0640000-0x000002C8B0740000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P83QGHQW\login.live[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/1336-1849-0x000002C89EF40000-0x000002C89EF60000-memory.dmp
memory/1336-2063-0x000002C8B40E0000-0x000002C8B41E0000-memory.dmp
memory/1336-2250-0x000002C8B3380000-0x000002C8B33A0000-memory.dmp
memory/1336-2269-0x000002C8B2BD0000-0x000002C8B2BF0000-memory.dmp
memory/1336-2387-0x000002C8B1D20000-0x000002C8B1E20000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I3NL4R3M\microsoft_logo_564db913a7fa0ca42727161c6d031bef[1].svg
| MD5 | ee5c8d9fb6248c938fd0dc19370e90bd |
| SHA1 | d01a22720918b781338b5bbf9202b241a5f99ee4 |
| SHA256 | 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a |
| SHA512 | c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json
| MD5 | a19cd759b78f0257278ea48e6b417618 |
| SHA1 | 2994a307e3609c3dabc52b7ea8a2cba0a0257a3a |
| SHA256 | 89e4e79a21e5bfff3794d477d0997c976a66eca9ad91276bb08c77efb9953cf1 |
| SHA512 | 67f93708e83a73c52259503532ab9a46eacc67586080a4b1951f5e093685cd6fb26aed7218cc7d3b831f9afee0cd18c03debbbd8af6b71983c8a05b6ecada0a7 |
memory/1700-2861-0x000002089C280000-0x000002089C290000-memory.dmp
memory/1700-2877-0x000002089C380000-0x000002089C390000-memory.dmp
memory/1700-2893-0x00000208A4970000-0x00000208A4971000-memory.dmp
memory/1700-2894-0x00000208A4970000-0x00000208A4971000-memory.dmp
memory/1700-2895-0x00000208A4970000-0x00000208A4971000-memory.dmp
memory/1700-2896-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2897-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2898-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2899-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2900-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2901-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2902-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2903-0x00000208A4990000-0x00000208A4991000-memory.dmp
memory/1700-2904-0x00000208A45C0000-0x00000208A45C1000-memory.dmp
memory/1700-2905-0x00000208A45B0000-0x00000208A45B1000-memory.dmp
memory/1700-2907-0x00000208A45C0000-0x00000208A45C1000-memory.dmp
memory/1700-2910-0x00000208A45B0000-0x00000208A45B1000-memory.dmp
memory/1700-2913-0x00000208A44F0000-0x00000208A44F1000-memory.dmp
memory/1700-2921-0x00000208A46F0000-0x00000208A46F1000-memory.dmp
memory/1700-2923-0x00000208A4700000-0x00000208A4701000-memory.dmp
memory/1700-2924-0x00000208A4700000-0x00000208A4701000-memory.dmp
memory/1700-2925-0x00000208A4810000-0x00000208A4811000-memory.dmp
memory/1700-2926-0x00000208A4710000-0x00000208A474B000-memory.dmp