Malware Analysis Report

2024-12-07 02:25

Sample ID 241116-zzd27stfqd
Target mini_installer.exe
SHA256 b697691d3b3420eb65fc63f4c467657b789fb0bb4e8a8fd09e07d303b7a3ddfb
Tags
wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b697691d3b3420eb65fc63f4c467657b789fb0bb4e8a8fd09e07d303b7a3ddfb

Threat Level: Known bad

The file mini_installer.exe was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer worm

Wannacry

Wannacry family

Deletes shadow copies

Reads user/profile data of web browsers

Modifies file permissions

Drops startup file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Checks system information in the registry

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry key

NTFS ADS

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-16 21:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-16 21:08

Reported

2024-11-16 21:13

Platform

win11-20241007-en

Max time kernel

215s

Max time network

225s

Command Line

"C:\Users\Admin\AppData\Local\Temp\mini_installer.exe"

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD79CF.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD79C8.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tgikesyrkli880 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Checks installed software on the system

discovery

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chromium_installer.log C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chromium_installer.log C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762649973781052" C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\Moniker = "cr.sb.net912CF349EA5CDCA5C827A64B4A04D6CD2D31F46D" C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\DisplayName = "Chrome Sandbox" C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.svg C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770 C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\DisplayName = "Chrome Sandbox" C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xht\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationCompany = "The Chromium Authors" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.xhtml C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\133.0.6842.0\\notification_helper.exe" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.webp\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\133.0.6842.0\\notification_helper.exe\"" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\ = "Chromium HTML Document" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.pdf\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.webp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationCompany = "The Chromium Authors" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,4" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\AppUserModelId = "Chromium.O42CB7PRQCGIFZMMOX7TPOGNKI" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationName = "Chromium" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\ = "Chromium PDF Document" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.shtml C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationName = "Chromium" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI\Application\ApplicationDescription = "Access the Internet" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.htm C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.mhtml C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumPDF.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.html\OpenWithProgids\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3204426131-1287546763-2377242369-152135641-305933560-3517212411-1733820770\Children C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\ChromiumHTM.O42CB7PRQCGIFZMMOX7TPOGNKI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159} C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\mini_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mini_installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\mini_installer.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 4816 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\mini_installer.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3992 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3992 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3992 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3992 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3288 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3288 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe
PID 3992 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3992 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
PID 3076 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\mini_installer.exe

"C:\Users\Admin\AppData\Local\Temp\mini_installer.exe"

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\CHROME.PACKED.7Z"

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff73b3edb78,0x7ff73b3edb88,0x7ff73b3edb98

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff73b3edb78,0x7ff73b3edb88,0x7ff73b3edb98

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --from-installer

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e87e0ab8,0x7ff9e87e0ac8,0x7ff9e87e0ad8

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --string-annotations --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAADAAAMAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --metrics-shmem-handle=1564,i,10593148211279626118,6609342431828898507,262144 --field-trial-handle=1908,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:2

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --string-annotations --start-stack-profiler --metrics-shmem-handle=2120,i,6547248106953915620,8021023023693984662,524288 --field-trial-handle=2184,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:11

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --metrics-shmem-handle=2452,i,11905886002004830068,5548612815041121803,524288 --field-trial-handle=2468,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:13

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --metrics-shmem-handle=3252,i,13067046881112875786,980841950368565740,2097152 --field-trial-handle=3268,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3276,i,4295307808950516034,8346987840652757810,2097152 --field-trial-handle=3300,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --metrics-shmem-handle=4740,i,12689719730439492678,9502492724354225352,2097152 --field-trial-handle=4756,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5072,i,4141174794409856315,17488190587083686819,524288 --field-trial-handle=5132,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5736,i,7490914973199901671,15123751905079006878,524288 --field-trial-handle=5760,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:14

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --metrics-shmem-handle=5892,i,7289578277655229338,3055637551832164918,2097152 --field-trial-handle=5748,i,2510464061753957980,2213445188814520052,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e8603cb8,0x7ff9e8603cc8,0x7ff9e8603cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4788 /prefetch:8

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe"

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ff9e87e0ab8,0x7ff9e87e0ac8,0x7ff9e87e0ad8

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=133.0.6842.0-devel --initial-client-data=0x154,0x158,0x15c,0x150,0x164,0x7ff75717ec00,0x7ff75717ec10,0x7ff75717ec20

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --string-annotations --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAADAAAMAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --metrics-shmem-handle=1716,i,6485235603946622836,8148252844165033016,262144 --field-trial-handle=2088,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --string-annotations --start-stack-profiler --metrics-shmem-handle=1940,i,6642845270321810308,2948304730013972798,524288 --field-trial-handle=2120,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:11

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --metrics-shmem-handle=2496,i,3198832854681593609,6002266995815705961,524288 --field-trial-handle=2504,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:13

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --metrics-shmem-handle=3500,i,1902956024797587257,5036121622429436116,2097152 --field-trial-handle=3684,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3524,i,2615196415983730119,16924288164822186264,2097152 --field-trial-handle=3768,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --metrics-shmem-handle=4748,i,18166339022660861825,14182772229365040049,2097152 --field-trial-handle=4736,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=3732,i,9020446811191151586,15337688045987058181,524288 --field-trial-handle=4868,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --metrics-shmem-handle=5596,i,5487211215978258414,2028276052451843795,2097152 --field-trial-handle=5028,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --string-annotations --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Chromium\Application\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --metrics-shmem-handle=4408,i,15330435360368237352,1124783329882861356,2097152 --field-trial-handle=5736,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13596136258941074891,4765181409797908563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1348 /prefetch:2

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=4828,i,572688495991528581,316292147252484849,524288 --field-trial-handle=5788,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:14

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=5968,i,180147886698713559,16176722167058285168,524288 --field-trial-handle=4000,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:14

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

"C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --metrics-shmem-handle=3960,i,1185298306692897626,1799476732608936611,524288 --field-trial-handle=3936,i,16831380355551552277,17410607547056778139,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:14

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 67351731791554.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tgikesyrkli880" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tgikesyrkli880" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:80 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.201.97:443 tcp
GB 142.250.178.3:443 udp
GB 142.250.178.3:443 udp
GB 216.58.204.74:443 tcp
GB 172.217.16.227:443 udp
GB 2.16.153.216:443 www.bing.com tcp
GB 2.16.153.221:443 www.bing.com tcp
US 95.100.195.155:443 r.bing.com tcp
US 95.100.195.155:443 r.bing.com tcp
GB 2.16.153.221:443 www.bing.com tcp
NL 40.126.32.136:443 login.microsoftonline.com tcp
GB 2.16.153.221:443 www.bing.com tcp
GB 2.19.117.148:443 aefd.nelreports.net tcp
US 95.100.195.161:443 r.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 64.233.167.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 95.100.195.166:443 www.bing.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.4.4:443 dns.google udp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.110.133:443 tcp
US 185.199.110.133:443 tcp
GB 142.250.200.10:443 tcp
US 185.199.108.154:443 tcp
US 140.82.113.21:443 tcp
US 140.82.113.21:443 tcp
GB 142.250.200.10:443 udp
GB 20.26.156.210:443 tcp
US 185.199.111.133:443 tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.213.14:443 tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53027 tcp
NL 185.66.250.141:9001 tcp
NL 194.109.206.212:443 tcp
US 204.8.156.142:443 tcp
US 8.8.8.8:53 142.156.8.204.in-addr.arpa udp
FI 185.148.3.69:9100 tcp
US 8.8.8.8:53 69.3.148.185.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\CR_C6677.tmp\setup.exe

MD5 4dcffe2c9bbe1808b07a2816b30ec9b0
SHA1 56974f015c64376c04f12ad09e130c26a3432796
SHA256 1cf7ffcf08d7d8e6484e86559fd28b0f8fa419247ba49378ca65aa671e01ada1
SHA512 e2285e7059bd266f6ec88ae5725955dd18ff67a34024cbdde4f8bbcc99bc5aff72fe27346dd3bd54820d31d5deaec1f3200a3bbaa23be854a3eddf4eb7e6b13e

C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad\settings.dat

MD5 7359ac8da454193fd33a5016baecd8b1
SHA1 63d7228e0052949041ffb0a5f19dafb5d5d89356
SHA256 d65be5459a1798fa051baff3a5e87be579d9d060ea0d3b35dda137c9cea93f4a
SHA512 eea3f7095dae3a847169822ec153a3311581df293378e99342f336e54b43dcb8513548d6a2b2c6acab2dd7861edc5c7952617ba44efaf2e43f2431491d86f3f5

C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

MD5 50089f738b1a2a3d51345c750ab20c07
SHA1 821a7d43e369f110343c3f9757073e914b1ac80a
SHA256 a592620bdbd60757de318947828d44cd7abbbcd5cf849d0243c94142e75ccff8
SHA512 43e1de703a75cc0aa0675e9774f885ba719a62f15298d17c4929607be008048390e38817b831b28f5988e3304d7836541a5b9e8eb0034ad04c74fd44f92171fc

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk

MD5 1f62285dc44e2cac69cab4ac9cf2ae65
SHA1 37bc792f28e2923a673b23b4bbe02cb4f387cb00
SHA256 4af1abba38be64621b54a25b01b16945676ef7477d2d33c9e4ec2701ed4ffd71
SHA512 6826251d9dd022789f7e71f2f37ee7c9d4b1b4732c6c39f97978d07cffde2c764994b66b7a85d7add39770d673fbbb63a3ae50473a0f18851220865515d4aace

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\chrome_elf.dll

MD5 8a8a50f3c8855df58360667663d246a0
SHA1 c21731094c37537b255d5b959560b089a33f57bb
SHA256 bedb732a1fad31ef332c9cdb923b06e9af55053d9c600556986a139db4b75e9f
SHA512 20f7755885cea9b6373d75099856d7cb87fa9c85add4504b6711af36b06f46a623e844c9163bfda253d1edd2bce6a2b1a1f13f3799c1cd30517db2feb7972cf3

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\libEGL.dll

MD5 559e1b32b7d26e6babefa2628eec9d9b
SHA1 e91770cbcf281b9be49678b7002b28bc0b70cb0f
SHA256 c0f99437a186daf06ded4ee985915e33cd7dd3c4de68820e9ac27a65f1c72cde
SHA512 4bf8097fe9136d73ac82150e6620194eb5ccb4d1d8dbe776efd27316783211f2da6e5b98616099ebad343e31c8a271026b0b5a99bde0bdd0597eae0c74e0e26a

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\libGLESv2.dll

MD5 921d00625565df6c3c3ed91fb7014f04
SHA1 8821068b3bf6ba6b1982fd09cb7b788d79fa9980
SHA256 cce85d89068e9b3b77fa9d0daf5180238819ff33d4d433157c3e31a21fc9fbcd
SHA512 8381916853aeee34f6d09095ee65374999b1870f2a858ca5098741370717d7d5728f08aa39fb4419ce45953a60938092c1aa482d3f49b144f3c958ffa061e2e0

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\dxcompiler.dll

MD5 6408ccea836ccaf521bc7faa3e463f22
SHA1 90494611cfe02aa622ac0c2086edafea852e29d1
SHA256 0ca01e204eb4848cf0e8186bbd1c3375074bfe17a4a09bde0030b31398f98287
SHA512 85aead0cfe857ad97598a474b10136b9d917ce64dbdaa768cd8e58824b1aca2cb00ba523ec04707e51040020e013c837b83643bcf58d5955bf6c22485db91958

C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Chromium\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\dxil.dll

MD5 30da04b06e0abec33fecc55db1aa9b95
SHA1 de711585acfe49c510b500328803d3a411a4e515
SHA256 a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68
SHA512 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\vk_swiftshader.dll

MD5 156955119ccbe9cdf7834e9d78a60a4d
SHA1 a6711b68a30fd5e036a18703f11dc22f19ed4db1
SHA256 013e80af17631e6f764112dfd8001c502766ff2606eb9f6bf7eee8afd6a05598
SHA512 3382c1d683c001ac15aa712a855869c9d34d4ea392457439d0c79f50c72b02b57f3e86c544e476eaf71edc7502a94824bb1496a34f71ceb0cf2590c0ffe9510f

C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Chromium\Application\133.0.6842.0\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

\??\pipe\crashpad_3076_IDMSJIAXBETGXKHY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\9f551d31-3cea-4e9e-be83-b4bd85813401.tmp

MD5 f2b201b3da07d84b8c54fd2290913d38
SHA1 3c27f0617b299c7fa318de6d0934170374abaf0f
SHA256 f811d2d9703a9d0300aa2fc02459b9f0616be82b69e457a4603805dbb1254738
SHA512 24b475c32f9509dd9b7b6eacfe9961bbb8f96370e4c9bb92d067ad731ab2250d00f30fda1cd20961d201ea140d2a9c09f5e61cc4a2dcd131a17e5dc9efed2dc2

C:\Users\Admin\Desktop\Chromium.lnk

MD5 519476ecdf366574618442a5bbf01a12
SHA1 050d84a80fd6fa7d8ea84c5523a8f2407bf7c739
SHA256 e659b744d1067a5fdae775bd90d51107c3652f63123e08b1c93178562f745519
SHA512 bd043d12f5a6bfa93dea7e86df7bc2b09197aa155cf7353c8a7db1d2cd39c690a3d13585fcefa621e1408a03474edccb4314856e2a29a09b20c3b8e9ab17521c

C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\3288_13376264990612657.pma

MD5 1b7cdddfb06152ae01f12d9f253237d6
SHA1 1ef358781a086a0727f4fa95cd53510eb328bc52
SHA256 fd668d6edcf6b6cc176edd9bf7b0d7f1881fe2f0d94ebae656127c27a359550e
SHA512 4705c93b233be92dd2d04649d404b538bc76607bbe655d5e35a739653ac1af776ecdd12ec1cbf81476070ec5bae633f891817155014730a06939efb21bd132ea

C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\3992_13376264990700185.pma

MD5 a2b53bb970e3ec6b56ec7f304ad0c9bf
SHA1 34365e0a2c0b77260a73864bee96be8a90d9f37e
SHA256 c890363b9850e23803cae09e60860e6be1afd1d0c701e355d921610aa5b1b7a4
SHA512 0a2154130eccb85c366b7df958c14559cbdd5232c26cf74c1fa946921e29b1dac383467ddb95d683ceadd07704ea4b2b6e5bd6355903229af1ae8a6bde6aceb8

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State~RFe5817b9.TMP

MD5 fe536579c344e0f7b242038121abcbcd
SHA1 4cffdec30b07f14b9c0e643af318c95b8b46f330
SHA256 911e501b0d33d00fc73c65cc24a1ef9e4f53a3a4beb96deac2b9c69e8af7ecb0
SHA512 aa3c788c3283db5d1a186e4cb92b51d82343be60889b0aef5ea84b747479ee975358b73175392e52080c543a751e4ea691a1cff2d1565bfa37608e0858666f5f

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

MD5 2f056039c5560f832ee509d97508833a
SHA1 417a861ce3fae5979a216464ac368749739fff35
SHA256 1a0466db95e5183adbbd0a887e74f6a0c99f59b8a6385ad4b71f82f9e53c30d1
SHA512 c44df4b95f25f557f77b50ae2622ce69c54d9a83363cab63cd619eaa30a87b72100479a86051a8db63808ba4bb6677d91be5aff3a9011dbe2942ec8e99e5126b

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

MD5 a12e4df5498b4896569d588420d8b2ca
SHA1 9519c4e81518d6105d32b3c2b1cdd123538d47f6
SHA256 d0ae6414c95c2bdf15bf2e9d9ca4be328e7ed05ea4a76587c709440ffc7802df
SHA512 764c96b659d275db7c01535f7958cc3fb33cf8fa1976e330cbe7f63258b2bac72e4c5333655f756822758e716fcfdf9d31a5f1bb3e7ffcfef73f6b0e24179244

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c7b288f426e05cf95a00220a4aaca1a
SHA1 910203625ace9fbc35f0d9c1252554fb8bf6a89c
SHA256 d6c3aee8cb25741de942171a7be27e0e25e469cd40a4589934b8ea51cf886daa
SHA512 970833acf654c5b5c446b401373b386048f967bd3f5c326f7e797ccffdd98756f9328291e11b06829c9dbaa6bc237f911c30c01670c0ef5109c2801ff57d5195

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5844e4.TMP

MD5 62de96f499b2c4ceeda554c18fcbccdb
SHA1 93a89aaeb13280386510e9577799d76e9f8f48dc
SHA256 e3e7abce25c48c27c7e7612db91e53ddd0784267429bbaf7aa7bc3f87a0e9680
SHA512 01d417a54085be5e678baa8dc4cd57fbcde6a38294558806269ab79b7161a03038a4ed06972b8a107b4e8f6ea4b83ea407a3e576e2de73aef487e6b93a31bf0c

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences

MD5 66c8c2f56ce20d0b0c253fcaff29e09c
SHA1 e32948d5e953500252f7a52e1d7f130e2381d0d2
SHA256 3aace3fe41529689ce253074d2a566c09b6906d4e2e07b759710843fc016b99e
SHA512 a958fc0988a9422cd44d60ea11df209555738293bd22eb68e929f4f5d7270a985a5fbdd92f24af91bc863d081d899f50616bee9f4febe82dc5a0586d79fb7de9

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences~RFe584503.TMP

MD5 41be01dfc8562e0f3957c936d5a9118b
SHA1 1bf9012f9261e0c55e2b1d431bc0e657e6a94967
SHA256 0f865fbbe64f04c99e9ed79f49c4017d1c4659bf06c7abd27e991dc762678dc2
SHA512 b437d34b7204a35ee1c604b3db61b53594c4e2766f48d2e46514db88b193ee34921251e887c496b836e31fe2e08474181c349b2a5fb2a367e26a3fc636fbadb3

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

MD5 9d597a810a32e730a8114003cfe5a86f
SHA1 05faafb26ec2e9d475a83f6b154981e46e712477
SHA256 602512e4bc8a39d329f0c0f724c27bfde3461c6c85b590fc8ec9c289e78526e8
SHA512 4aa53630aab5ffd0595e872195604518b0ae7bb87a450045759c4a1b4638a02e109108e34f761398a30782941d48b4ad4d0642df0e6d230832613350f2cbd39c

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences~RFe584513.TMP

MD5 6054105f072d5763f52c9f170beca3be
SHA1 abd273da0fbe809715fe29d2ad70ef468dca58c1
SHA256 e07406d5725713d5e7a31bd06b1ae6a2136b6c4c721829c9012146f3e7c005fe
SHA512 c9f10e639b198befcbd611665dc3cbde3387a35e59cc7bfe9d6f84fcff11942bd6a839941570edb48aeae2e2b7019b9d6516d55935c9c7ab29f1f58f6b4d4a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a28bb0d36049e72d00393056dce10a26
SHA1 c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA512 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 554d6d27186fa7d6762d95dde7a17584
SHA1 93ea7b20b8fae384cf0be0d65e4295097112fdca
SHA256 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA512 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e457554f6dc345e56a0ce9a7a68c62a
SHA1 4da06cc00c9b73d080528b942ba6a1afd1c8d957
SHA256 80e410bca7a9e31bb5eb42d4a6cada7157aa7aee7e8acff1bd6bb3f0c4077694
SHA512 62432b811911500c37af09fad493ed009e003b068554e0893eef1a52b790d2ad7e6891224eb2f2a712644074d18935fcb5d85a90cd8de3897e6310d8a0d38eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a64307d27fb42ca9d255366f6b54e4c
SHA1 d135930cfbf31685ecc7d58b3375da90abd361b0
SHA256 183c0afec4c8f2a58fa89257649a70504fec0e145cf12c8940867be250596258
SHA512 b13afb0d3bb632da42ee8b55013a84dbf0fd70fca31d5e5c99873e81855ca9a0093d9ed69a68dde08a3eb2fcdd6147e87efa30458c243cde1f7dcf8db280eef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ebdb934045a48aad0226e50d1a4034c
SHA1 0672586516f211fcfa1aaa0cb335ae9ea7275287
SHA256 acddb64216003da9ffbe285fe2d96de1073c204b89b5e9c102b679a44bec6976
SHA512 edbec94d50ec226189021f70b88bc01f1120d0806ffe93dba186e6f8e70164120cb7d01543e333cd4820fa89af3938b74cdbebf9b06f9072d33fd247816ae251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a009622addd49cfc7987fcf164a06a7e
SHA1 a371eeac91518a32edc07ff340f163248e7cdd3c
SHA256 520783aa7a0d261ed263a92fa5a02efa1c09ec633899bfa66cb211220055aee1
SHA512 4f7b917837cb549a4ea0466b03c05769fa29723d0d3349d20c50a2bbafd35f6c3e3b630253dd01daabfcf96d7556b0a0a72d0fae9a8cfd5d9bdbea1342cf2881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3139cf4a656c5c3f95529c1728d8db8a
SHA1 374581e023cfdfa0c9ccbc2585c4f219ffadddc4
SHA256 6200a368ec59d5c003231c0c464f3bad88ea368d61b22cbb1bec917ac2dead0b
SHA512 a4bcb9e7be9b21d734d333fbc0d1115e5f745c7ec743f78a24549498b5d54b685b02680521815675d01b427bd04d46e339d4ef9b23fdb12ff2a050383d1317af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d76ea62d237c63c2206bcfabb0800ac5
SHA1 95ece66966b5fd67bd45916f3d2969a9141e19a0
SHA256 04b36129bc773c03271366364371b0adae91b239b1a14ea17bb6b1cdb018f297
SHA512 ecd52288d3cbcf2c7dd72625646307d0cbea7e844577b029d1a93ba07f54604c72797d3097878e228bf140f37cf5acd169021c927dbcec44ba7b915280f2da4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c84a42acc52f9f805f0cfd395320947
SHA1 79776750a63d0ee8fefbbae9c5e203ddb2273345
SHA256 aaeb966aaf367adebe12738b99e05b74bd45f99d7c2564bbb7f2409660b49c16
SHA512 8a7ff3fb2bac52438f5d2f8620ce959e2f6414117895d464adb215c68776df327928f88af42c52981beb6023762427fdafec7f8dc845979de786df5347700be2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34dc8e5745e6e672cdc812c6654cc252
SHA1 a971776a3a2450698ed1f72fd12a18000860a8a1
SHA256 dfd031a1bc9101554953ad711db4de11ea9eb275badfb36c38f5b3ed424a3179
SHA512 fa16fc32c91cfae1fcbc6e0aade1a316abaadde452a4d1445acd7186330f7232bddfb1e153eb272b2f2e0a494f618bb9d754bc8c336c08122f089682898635ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f92724d1d57621f2775adfc5ffc1351c
SHA1 6526139e9adf6a2d6c19ce1368da7419cd280301
SHA256 cb3bef47d4b1a3491f3713825d4ffb6107b83c9bd06c6e0b0d459f6fe35c329f
SHA512 048e1c58e17449a28cd17216aaf4f24941bf3258b26de4a86baf182c997065b738df604ff8a7fddcc97285b38e685bb4672a46601ee0d42716c803990eb5d8d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 10c13faf212cd241c1329eea0491413d
SHA1 e289b614bb97638ba827a556d6f1182d851b7da5
SHA256 548b791b36b2d1769deccf786af67902094809fe9d047f6b93c6d1038d89f1b6
SHA512 02c91f3462530016ac13752367dd721c8926be9f7f42bce90e08aa4d79901ec6cf8cf7d8d5c239eef2a803294530915345674f784aac1173e65d440d6c157cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596d56.TMP

MD5 cf3429c34a35e99728fdf74e8b9fd420
SHA1 78f2941b327400744ab6315c24ac40444b67a8f1
SHA256 e38d43fc5583e5430e61f0d4d2a15d63a7a7c492daab820ae6041d32f4359994
SHA512 91f97072b28998239521ef5ef1c8d66678ce9ea0dd36c68a30773c808692ff2f4587526b7b46c4d3c71dd4aa87f81846e005451dfd91d2806e76bb1a7657ec6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 831d28bc4bc17e94a06988e507edf030
SHA1 ca05af05691b8836a965fadaea1062f859e93edd
SHA256 a0fb3285e570b67b3760927e4bbb5173d7b43a691be7eee20ae8b33fd37d4742
SHA512 66aa3359136961ad695c6f673e343d1a8089b1102bfe7004bc28b64849debd5636780546ab6215fe414960556cc0d61905a9eb994e4993d8fb80d963b246616b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 e938739b12a56769d93009345d4044ab
SHA1 5c566c0dbdb6aa805538b3f7d80c693072e0289f
SHA256 0d5a83909375a9139c60d36dfe1f580344321ce7c38e7ac9463b17396b44d5d8
SHA512 0f133f2e6a918909f00bd1220f5afd05a26177aa17cbe29da35ca60f92f5bcc780f8f396e2123908f33e57c8301bfeb219423869b5f687acbe60d5b022c3fc6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a289e201dc141d66b30d945b4ad11de
SHA1 1c3f3614c6f3a8dc677fbe3aba4d691c172c7967
SHA256 aa85e32575655c8ca6ad35c8cbb5a4ba66acd538acc387732593299268449336
SHA512 bc99a9c8ee50761c2c843d5c9d232e400aa68a2a4eb57add73c2f95420fc92b26b54d3f473c80d58ff55ec47ed7b52e7be724b933b579ffd19101eeb7bd72581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e32fcb6516427d8a169d518c90462ead
SHA1 87f28c0525c431d480e5992cbb4bfdaf03b1d3b2
SHA256 9200382c2c0faa2c73051f57d07bfc63ff301387c681bb4045b1ec70c8412f19
SHA512 157ef926b861d3a86c1c7455d4bc43279d2d592144a6511a378e7caec234cabc3dde919b8daaf13c65731e3166d2fe19b3a88f945ea9d4ff4e6a27b1b8c4675c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2551edd85cbae781c82eaa62bc1e2826
SHA1 eba73d7e371e6970bf5d0c5e06ba76ca6f9a3441
SHA256 7c90a1862205b7ad798ecf9d7650180b112a3dd2238ec4edc3a6598d3913c42e
SHA512 a026239009dd1938e5c1f2dfb2b455a50650ac656d1492523ec8aa0eeee37a3762c993d6ed21981183886381aa97824a201124b6c11a8e87fd17629cf1392878

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\41497641-9d8a-4723-84b3-9f76ef9904b8.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\a8510879-dc33-4296-bb60-7833d6f9ec06.tmp

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\d47f01af-4335-42d9-8eaa-591dc4852e32.tmp

MD5 c4af7ad7e11e7129e5077c9c2fc74ae6
SHA1 3342be0db856c7286b96f2fb13318ec69ba2ce13
SHA256 ebeab19afb17e8c2998fab3e91a388627630cca4a8d6e6f58a3ab47b0cdbb150
SHA512 8474feb71e49b511bf6b76845e97aa67c1cad1108860fa1a14e357e3b3a7b073237e805c0569ac0618238b717a0933c3479c1d2bd8a9f8a62b217195b078dda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a9038280863119a5ae7fdfac5cf77e5
SHA1 deb202fa0e8e178d4944f1ffa2c8aa7441fabae1
SHA256 ede1c73ed9780d24c747c0987826ad552020dba9d36e2e04aa16e040d7f9691c
SHA512 de4dd34277592efdc72ac07d475d446ad79078be772130647f47a296c12097673a3d1afe708679f3acaa763073190256d8cc54c38e144f2ea0d30afc8ef7c202

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

MD5 53509edaa52cb827d6b01dcb752d2f11
SHA1 c78bff99d5f9e8d89a56ba46560ba988b8af610a
SHA256 0cc10065af26d68211fc87417f201237e07e257fb67c41df64e0403f208f90b0
SHA512 facc2ff4671d62d87eb0d909f4996e89656bbfd47f3e66a029f35d071160216e4e2e9e873156578c0c495233720df2183462fcba9f9e7b0673ffa5b4c0e8ac3a

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

MD5 2ee8d91359a972d7a778f41869457054
SHA1 42c8c3617023c80fd2d893151515ecc70283d535
SHA256 4332ee872c62b82d6edb4edf6ccf77e8ef83d339086b7d53b1b2378f40db53b4
SHA512 cd63ec3283e263ff1b0de33045759c62037f9aa7b20bf8f8e01e636d1a8f084a44db5d3a5b16ae32b5430c503d8fe76b6ccefa6bc328c63d757c5ce16b6e1015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c6a2e9ab63839d1e9900439b7de9302
SHA1 32227e703d3adcaf0f0022f498542d3926358f10
SHA256 822ac3a9389804f5cb56b36443e81c4fde1cdca0f742fa72c45bd315ad388275
SHA512 833128cbdf25a916f6901c03ef3430bd69d85c3b55ce496bcdca91e18aeeacbd1a7ad06b8cedca783c7433762b6198f1649b6fff8627da1afdda7422078fecbf

C:\Users\Admin\Downloads\Unconfirmed 897641.crdownload

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata

MD5 c12198a618b0d2ebe9337893e38d0605
SHA1 4c7c6ea11e307e8694f686f80a0a81613b613d5a
SHA256 c21ee56f81c4e61e94ed62dca291b7d85ca0ad8e5148f26146395c8f0fbb591a
SHA512 dbf1997e87083b41d1184e9f2f50b35bc8d36d6670f5e653363187b33bf15c0beeb8842090081ab69875b6a79d4800f91318deb17bebc386424a0cb1b7263c72

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata~RFe5a443e.TMP

MD5 07799115ccaaeecc4a1eb0d0a91fafa2
SHA1 67a547c8da215371c895c0fd3d4199d0190d377b
SHA256 ae85e76d89568dcec7d86d858c20b1ca0aded66e263cdf8c2c1bf86c7846ba07
SHA512 53a2d9a9dcfe7e1b3745c27c2b95c90e9e27b5e43e57817e6419aa89d81c5709feea4fe04eeff4d9fea5de9bd410fc195f91b23490a7124f529385b6e6ca02ab

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d9e537090d6404e11028f4a6f4fc430c
SHA1 4d978bdd8e0c654adf268c1eea728f9e6aeace3a
SHA256 686b746b881c20ddf49d4633abce69f4c68d1589a97d1364b9e55f77e9104fa9
SHA512 f81c45918180a7637bbd5a3277bf199149d1fd953caedefcad51705e2b1d860e9b52805ee5d5e410fbf76d49a6beb26efe498b37a7cc880e24d458facef60134

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\DownloadMetadata

MD5 d80fbffb0dce9e88bee19947caf3cceb
SHA1 71d0ab343ef803616b864bb7af464c006b86d13c
SHA256 b3f9ee8ef50a6daaa5e41628e217d6ba2f0f293405d987ad7cf08cc5f44d63d7
SHA512 7595b94d9db4bdacc8079753acbeecf6325635dcc6288f86844e3603ce0450ee0707c516da7d4c0f4cc498cd01afa3c78117ba6d5f26a5a954389135326910ed

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

MD5 6449b5fe1516d2e70eb86094be61cca9
SHA1 a487744797401be1a59ee90a1c62697a8fe79a41
SHA256 5a0328df00b4da6234aebc707cabc3ee7ce43f89e89c9f42bc60f4a504b2a404
SHA512 991d5eea0a471192c21dc097413946cb15418b18c6d6e4b3d60424136163d2222bcef3f4f1811712b0c113d79fab5ab10dd08bba3e127374b2ceb76034e759d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f768fe7f3b7e12fb9197c1426ac062e8
SHA1 259dbdbe0a51494263e5cc0f8f42e30a048c2e8d
SHA256 449bcb75ed12392f1a34cc0abffa9474a5936f3de708c2529ba0d09493bd411a
SHA512 5904111a9d22d70105995b592ec65c58822b602fd265c043238a49324f14f4cee25bff82004a6ee93f7501c83775501e0556c356f5c94a87db073341b795ba2a

C:\Users\Admin\Downloads\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/1376-1645-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 f3b27b7815db7b4d585bb109af0832e5
SHA1 2a191e9951ab137495b26ee20eda3eca0f87b624
SHA256 79c3158dc0d890cc98af6829a7ad9967c61a795778850d418cda9cc417b2a46f
SHA512 3b97a88acf7e8b1f6198f57d6a277afb0a465ec81d657079a41d9cc73ba64d6cd4cecd24e7664c5628c35a9773444e8a05cafcea5e94c232907fe5d0f86237ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ef70bc6fc308564437a2e3facb56149
SHA1 0f7dff19169c4cbbbb49f26d4b170393e7de3b11
SHA256 02c38ae78d6459c04f8ea01e96ca6bc3666dabf02208efc8c6f7778c63a27720
SHA512 613105de629b8c3fee95b426dbfb44393eebc9a0142fc700b270e4e91d36232e3a955dfc9a3fb2a1f03200339243e881d53061ac2bf547219bf6d7768c9eccdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8c64d7d46f237b9f46f62cda16828bc
SHA1 8a4e0152e04063b50e147fa07ad3d6d5344fa56e
SHA256 c8516df0af00868eadf02bf73bf21a235850f119ae4dbc6f0be9518a22b1b5c3
SHA512 f5469e785a3aeab854e139bb11d50de9e2dc018456ef5625772d533c39d4568b5ce7ea6f84bbc1615b0f0197767ff8b7fc3c2c79daa8fe683627cb60b810cc92

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

MD5 beb44b37182ae14dbe9c227c204a66b8
SHA1 407bb74cd87cf541214ccbd3cc7b8080a8f1f963
SHA256 11c96afdaf20b952d306f7a291f1451444174b497c65386b52c9fda288d27ff9
SHA512 567666c73c00296b99089c71d23641b482521922c985b62e7d9355d5f6c76050782586f59e21b55e8b6ee9da46875d604092356184967cef43cd53c9d8f8f3b3

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

MD5 150638c310263cad1a6ff355d3b8f0ee
SHA1 cba9c8516ce7a2e5e99b6c1b8dad5fb08f329a14
SHA256 2b678a94897dedbde8fa048543ac6302da7e3908358cea750faa1b3ba72c3998
SHA512 53f14dee63c2146ec9b62f65519eb2dec40e4b2d011caacd9e224eb5d7d134d2a1afa6b5aeadd9528bdd121590b8f7de2b9ed68561012995d4ef86804b648fc4

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2748-3075-0x00000000739B0000-0x0000000073A32000-memory.dmp

memory/2748-3077-0x0000000073900000-0x0000000073982000-memory.dmp

memory/2748-3078-0x00000000738D0000-0x00000000738F2000-memory.dmp

memory/2748-3079-0x0000000000B50000-0x0000000000E4E000-memory.dmp

memory/2748-3076-0x0000000073630000-0x000000007384C000-memory.dmp

memory/2748-3094-0x0000000073850000-0x00000000738C7000-memory.dmp

memory/2748-3093-0x00000000738D0000-0x00000000738F2000-memory.dmp

memory/2748-3092-0x0000000073900000-0x0000000073982000-memory.dmp

memory/2748-3091-0x0000000073990000-0x00000000739AC000-memory.dmp

memory/2748-3090-0x00000000739B0000-0x0000000073A32000-memory.dmp

memory/2748-3089-0x0000000000B50000-0x0000000000E4E000-memory.dmp

memory/2748-3095-0x0000000073630000-0x000000007384C000-memory.dmp

memory/2748-3099-0x0000000000B50000-0x0000000000E4E000-memory.dmp

memory/2748-3106-0x0000000000B50000-0x0000000000E4E000-memory.dmp