Malware Analysis Report

2025-08-11 06:27

Sample ID 230423-11sgnagb99
Target https://www.mediafire.com/file/ck3d9li0pnuh0td/LeagVMT.zip/file
Tags
lumma spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/ck3d9li0pnuh0td/LeagVMT.zip/file was found to be: Known bad.

Malicious Activity Summary

lumma spyware stealer

Lumma Stealer

Drops startup file

Checks computer location settings

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Enumerates processes with tasklist

Kills process with taskkill

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-23 22:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-23 22:07

Reported

2023-04-23 22:11

Platform

win10v2004-20230220-es

Max time kernel

186s

Max time network

216s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/ck3d9li0pnuh0td/LeagVMT.zip/file

Signatures

Lumma Stealer

stealer lumma

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\updater.exe C:\Windows\system32\taskmgr.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267684789995536" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b0012c226c45d901cdd146727c45d901601a01334176d90114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 4276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 4276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2924 wrote to memory of 3576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/ck3d9li0pnuh0td/LeagVMT.zip/file

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d3549758,0x7ff9d3549768,0x7ff9d3549778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5000 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5680 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5640 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6256 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5796 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6392 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6756 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6748 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5632 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5516 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6328 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6660 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7164 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6920 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5888 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6748 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7352 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7364 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4624 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6524 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5484 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7804 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7812 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7788 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Users\Admin\Downloads\LeagVMT\LeagVMT.exe

"C:\Users\Admin\Downloads\LeagVMT\LeagVMT.exe"

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6440 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8064 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6340 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7632 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8652 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1692,i,4732502768568810646,7134789529037838878,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2156 --field-trial-handle=1692,i,4732502768568810646,7134789529037838878,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2340 --field-trial-handle=1692,i,4732502768568810646,7134789529037838878,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8036 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8524 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6556 --field-trial-handle=1812,i,2155446500317957721,13966020005770145087,131072 /prefetch:8

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Downloads\LeagVMT\LeagVMT.exe

"C:\Users\Admin\Downloads\LeagVMT\LeagVMT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9d3569758,0x7ff9d3569768,0x7ff9d3569778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5352 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1840,i,2403372452301438382,15248813545010540416,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,3162908810422308612,713171660751473837,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --mojo-platform-channel-handle=2044 --field-trial-handle=1752,i,3162908810422308612,713171660751473837,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

"C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\index" --app-path="C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1752,i,3162908810422308612,713171660751473837,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.54.48:443 www.mediafire.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 104.26.6.139:443 btloader.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 static.mediafire.com udp
DE 52.222.206.6:443 cdn.amplitude.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 34.107.148.139:443 prebid.media.net tcp
SG 103.231.98.193:443 hbopenbid.pubmatic.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 48.54.16.104.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 6.206.222.52.in-addr.arpa udp
US 8.8.8.8:53 29.214.204.143.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
NL 172.217.168.202:443 translate.googleapis.com tcp
SG 103.231.98.193:443 hbopenbid.pubmatic.com tcp
SG 54.169.225.222:443 btlr.sharethrough.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 34.209.118.186:443 api.amplitude.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 222.225.169.54.in-addr.arpa udp
US 8.8.8.8:53 193.98.231.103.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 186.118.209.34.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
NL 142.250.179.170:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 2458372bf3769cfe1612513d5c75653d.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 2458372bf3769cfe1612513d5c75653d.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.250.179.162:443 www.googletagservices.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 www.googletagservices.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
NL 142.250.179.134:443 s0.2mdn.net tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 download2279.mediafire.com udp
US 199.91.155.20:443 download2279.mediafire.com tcp
US 199.91.155.20:443 download2279.mediafire.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 142.250.179.134:443 s0.2mdn.net udp
NL 142.251.36.2:443 googleads4.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads4.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 20.155.91.199.in-addr.arpa udp
NL 142.251.36.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
NL 173.223.112.20:443 contextual.media.net tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 b1sync.zemanta.com tcp
US 35.190.60.146:443 idsync.rlcdn.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
DE 184.30.16.195:443 ads.pubmatic.com tcp
JP 35.213.12.39:443 x.bidswitch.net tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
JP 35.213.12.39:443 x.bidswitch.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 p.rfihub.com udp
JP 35.213.12.39:443 x.bidswitch.net tcp
US 8.8.8.8:53 c21lg-d.media.net udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 creativecdn.com udp
US 64.202.112.191:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 64.202.112.191:443 b1sync.zemanta.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 74.119.119.150:443 dis.criteo.com tcp
US 64.202.112.191:443 b1sync.zemanta.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 cs.media.net udp
US 35.190.60.146:443 idsync.rlcdn.com udp
GB 23.44.232.24:443 cs.media.net tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 69.166.1.10:443 sync.go.sonobi.com tcp
GB 23.44.232.24:443 cs.media.net tcp
DE 3.124.231.178:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 pippio.com udp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 195.16.30.184.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 39.12.213.35.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 191.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 107.178.254.65:443 pippio.com tcp
US 8.8.8.8:53 stags.bluekai.com udp
NL 173.223.113.181:443 stags.bluekai.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 107.178.254.65:443 pippio.com udp
US 8.8.8.8:53 widget.as.criteo.com udp
SG 182.161.73.146:443 widget.as.criteo.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
SG 18.136.177.86:443 match.sharethrough.com tcp
SG 18.136.177.86:443 match.sharethrough.com tcp
US 8.8.8.8:53 tags.rd.linksynergy.com udp
US 34.98.67.3:443 tags.rd.linksynergy.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
SG 182.161.73.146:443 widget.as.criteo.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 24.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 178.231.124.3.in-addr.arpa udp
US 8.8.8.8:53 10.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 181.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 65.254.178.107.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.67.98.34.in-addr.arpa udp
SG 18.136.177.86:443 match.sharethrough.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 d5p.de17a.com udp
HK 103.229.206.241:443 sync.mathtag.com tcp
SE 213.155.156.180:443 d5p.de17a.com tcp
HK 103.229.206.241:443 sync.mathtag.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
SG 67.199.150.86:443 image2.pubmatic.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 146.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 86.177.136.18.in-addr.arpa udp
US 8.8.8.8:53 180.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 241.206.229.103.in-addr.arpa udp
US 8.8.8.8:53 simage2.pubmatic.com udp
SG 103.229.10.192:443 cms.quantserve.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 34.192.88.152:443 a.audrte.com tcp
SG 54.179.141.118:443 sync.crwdcntrl.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
DK 37.157.2.237:443 c1.adform.net tcp
NL 34.91.62.186:443 um.simpli.fi tcp
SG 103.229.10.192:443 cms.quantserve.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
SG 54.179.141.118:443 sync.crwdcntrl.net tcp
SG 67.199.150.86:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 dmp.adform.net udp
DK 37.157.3.28:443 dmp.adform.net tcp
US 8.8.8.8:53 86.150.199.67.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 237.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 152.88.192.34.in-addr.arpa udp
US 8.8.8.8:53 118.141.179.54.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 192.10.229.103.in-addr.arpa udp
US 8.8.8.8:53 28.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
SG 207.65.33.76:443 simage4.pubmatic.com tcp
SG 207.65.33.76:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 76.33.65.207.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 172.217.168.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 52.152.108.96:443 tcp
FR 40.79.141.153:443 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 38.91.45.7:443 match.deepintent.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 hbx.media.net udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
FR 185.86.139.103:443 ssbsync-global.smartadserver.com tcp
SG 67.199.150.82:443 image8.pubmatic.com tcp
GB 23.44.232.24:443 hbx.media.net tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 7.45.91.38.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 103.139.86.185.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
SG 67.199.150.82:443 image8.pubmatic.com tcp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 82.150.199.67.in-addr.arpa udp
IE 52.95.126.160:443 aax-eu.amazon-adsystem.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 54.80.169.87:443 sync.srv.stackadapt.com tcp
JP 52.196.122.2:443 match.prod.bidr.io tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 104.22.24.87:443 mwzeom.zeotap.com tcp
IE 54.78.120.75:443 pr-bh.ybp.yahoo.com tcp
FR 141.94.171.216:443 pixel.onaudience.com tcp
NL 98.98.134.243:443 pixel-sync.sitescout.com tcp
NL 89.207.16.201:443 pubmatic-match.dotomi.com tcp
HK 119.9.108.211:443 uipglob.semasio.net tcp
US 8.8.8.8:53 image4.pubmatic.com udp
JP 52.196.122.2:443 match.prod.bidr.io tcp
HK 119.9.108.211:443 uipglob.semasio.net tcp
US 8.8.8.8:53 tags.bluekai.com udp
US 8.8.8.8:53 odr.mookie1.com udp
US 34.111.79.67:443 odr.mookie1.com tcp
US 8.8.8.8:53 160.126.95.52.in-addr.arpa udp
US 8.8.8.8:53 87.169.80.54.in-addr.arpa udp
US 8.8.8.8:53 87.24.22.104.in-addr.arpa udp
US 8.8.8.8:53 216.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 243.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 2.122.196.52.in-addr.arpa udp
US 8.8.8.8:53 75.120.78.54.in-addr.arpa udp
US 8.8.8.8:53 211.108.9.119.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 uipus.semasio.net udp
US 50.57.31.206:443 uipus.semasio.net tcp
US 8.8.8.8:53 67.79.111.34.in-addr.arpa udp
US 8.8.8.8:53 206.31.57.50.in-addr.arpa udp
US 8.8.8.8:53 bh.contextweb.com udp
US 74.214.196.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 185.86.138.155:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 131.196.214.74.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 155.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.251.36.2:443 ade.googlesyndication.com udp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 aid.send.microad.jp udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 192.132.33.46:443 bttrack.com tcp
JP 202.233.84.1:443 aid.send.microad.jp tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
JP 202.233.84.1:443 aid.send.microad.jp tcp
US 8.8.8.8:53 46.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.84.233.202.in-addr.arpa udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 core.iprom.net udp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 104.18.25.173:443 a.tribalfusion.com tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.153.92:443 csync.loopme.me tcp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 173.231.181.122:443 cm.adgrx.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 ads.playground.xyz udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
US 34.102.253.54:443 ads.playground.xyz tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 92.153.214.35.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 122.181.231.173.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.141:443 secure.adnxs.com tcp
US 8.8.8.8:53 54.253.102.34.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
NL 142.251.36.2:443 ade.googlesyndication.com udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 trace.mediago.io udp
US 35.208.249.213:443 trace.mediago.io tcp
NL 35.214.153.92:443 csync.loopme.me tcp
US 8.8.8.8:53 213.249.208.35.in-addr.arpa udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 52.220.229.2:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 sync.1rx.io udp
SG 74.118.186.107:443 sync.1rx.io tcp
US 8.8.8.8:53 green.erne.co udp
FR 141.95.171.142:443 green.erne.co tcp
SG 74.118.186.107:443 sync.1rx.io tcp
US 8.8.8.8:53 matching.truffle.bid udp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
DE 162.55.120.196:443 matching.truffle.bid tcp
FR 141.94.171.216:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
SG 52.76.51.98:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 2.229.220.52.in-addr.arpa udp
US 8.8.8.8:53 142.171.95.141.in-addr.arpa udp
US 8.8.8.8:53 107.186.118.74.in-addr.arpa udp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
SG 52.76.51.98:443 sync.crwdcntrl.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 8.8.8.8:53 98.51.76.52.in-addr.arpa udp
SG 74.118.186.107:443 sync.targeting.unrulymedia.com tcp
SG 74.118.186.107:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r1---sn-5hnekn7l.gvt1.com udp
NL 74.125.100.6:443 r1---sn-5hnekn7l.gvt1.com udp
NL 74.125.100.6:443 r1---sn-5hnekn7l.gvt1.com tcp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.100.125.74.in-addr.arpa udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 bidder.doceree.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
IN 3.111.204.132:443 bidder.doceree.com tcp
NL 142.251.36.2:443 ade.googlesyndication.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 132.204.111.3.in-addr.arpa udp
US 8.8.8.8:53 bbynetwork.nl udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:53 199.197.67.172.in-addr.arpa udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 8.8.8.8:53 stun.l.google.com udp
US 74.125.128.127:19302 stun.l.google.com udp
US 8.8.8.8:53 127.128.125.74.in-addr.arpa udp
US 8.8.8.8:53 viewer.bby.gg udp
GB 51.77.122.237:443 viewer.bby.gg tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
NL 142.251.39.99:443 recaptcha.net tcp
NL 142.251.39.99:443 recaptcha.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 99.39.251.142.in-addr.arpa udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 172.67.197.199:443 bbynetwork.nl tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
GB 51.77.122.237:443 viewer.bby.gg tcp

Files

\??\pipe\crashpad_2924_HOGJCRWYMATFWCHB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d684a4d908153bc48ed419c5ce2dfd0d
SHA1 025e49defe80f65dc71a1ff8f6ac1f2d67d2350b
SHA256 68acc703246568a8582be80323ba84b175db5141fab44e8e994d14571b3b32fd
SHA512 5bf2f6dc982a9200b2b40fae2e301516943223f6f1fae8bb9a9a5a3c8f92f40d23b9c0b6d8d02ba51f8a5419cb8916c6b3f6c48881f279adcb16b123a8f2ff6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bdba25c171a010ff57094647ea60566
SHA1 aa2c702cf3989d9e8a0112ab0e9912dd5fe2ba0a
SHA256 89c71c4108687bcf60a261ebcc8a289f042e02ecd81f7cc37af58569827775b6
SHA512 8dbac37725b1611437e5b19346ccb64d245880cf4db7c81e7a08af02f87ae7bd7683f6797e5fe2c8abb1a4572bc4764ef634ca3f3a69813e9b7271eaba731edd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b8572be53b8533e086a3718de020c553
SHA1 48a2aadaf170d9cf1fe480632d8d8171f84350f0
SHA256 e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319
SHA512 a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ca4b21d5ee33776db2b6fb1f63acb54
SHA1 13cdf6755f1c0714a6270c1ffacd8b1857e0326d
SHA256 f93c8e2a1deb67380ef17b4fb8d41c3fe1a92811dd8ceef6c9c49b51f01639f4
SHA512 124f17383b2358fdbb1729a94d097fede97527c0e6f4a2d07a928c0dd5bea837e9f9ffb5b142ff678d77037001dd626c57681a1d8abb689911f9752aa7803d53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1900c64b8036543b3d61a1d4459d38e7
SHA1 c9bedca7bda827585c17bfdaa040b8bed6b0c3ee
SHA256 1a3585716d22cb7492ea777ec0ea20f726fad247a63719788ae65e44eee7e554
SHA512 4cf15463643e0c38d159c182032849661dda923ec4779f5e1e52f429b0afac635a9c126dfeea2c806f2307314956a17297f521b092639aa9c8c8c235aa6b4f88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02816a46c45e93b137a48e32418a129d
SHA1 e8ed8a922c0129705a1385dafa42813e3889e936
SHA256 00cb89f189a9455839890a3722affe68b14bf26dacf05ccdcd884221c2b36c19
SHA512 552c791beabdb3635bce2fea9c9fb51eca413dfd07611b1c0483446266ad0bcbea0e1a8ebf25abbc69462f5334ed32e857f71ed05280bfd1a085c2d230e7bf0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 150ed5190ff1e9b02f282ab8614aa702
SHA1 32ae54447d78d18299619b130b1ce7853840e6cf
SHA256 b79667064e01fffd0cd885f2e3cd97b2e585b63669b1cb80cc667cd4eef2f239
SHA512 bafb1b1712491d7d6e230805172f078ddada5a4a6fcd265e573cc9e0cb35a923f9459d8762a79b4965fad6d31b6f96d296a8ee1c611429f2d2716e79a605a49e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 096aa116d85028b362d51e8cfafb7fd5
SHA1 cde2ab3f51a252d7f81d31c1f9e62e475852f093
SHA256 f1635f1b192accd2b70594c4acb79ee061c431de7bd9a166a45c62a70a3ea0d5
SHA512 0ceaa045bc32a8e36f38fe5e0d4d93762f169dfea3847e8e0ec711c49f7367ad0a9d9a48f927648cb66eb38d893a8f737e65cf4b6bd82eaed5f62c5cccd23b44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f88105e2421e6ef10ae2821cc6e0309
SHA1 aa2ba07f6f93096b0e80a7cb6810d90d9c5892d3
SHA256 0c8b257c0a0a20ae04e0e9846ec57324adf3e7a36c50e35b665eea04e82a123c
SHA512 7555c71b91f0cd132e85b4fa02a9ce31f7df23de169e8583951a42a32fc43d41b1aeeaa933e87bfe03f9065069a1fc6ad43301c10aec23b1c00e9c485431087e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff5c001691b46234a35f04cd1de691ce
SHA1 69023412771db706830feaf5c26376ae8698467a
SHA256 6bd1970121337711b039bef02a80c613d0e5b83aa9c099398e48d0bcb71a0abe
SHA512 59582452c39fcd1603e7b40def7553e27adc91a7d4114c3e64612f1ab22603432615d7c1ceab7a042809a47a88b2d638b49355351f7dc27a49238bc55b28def0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d9286ae9-835d-44d6-a6eb-7547847288bf.tmp

MD5 4dce08aebac2d33323efeb1c3aa22c84
SHA1 df7c4555be8b91b6f83f3d935406663071331ca9
SHA256 9f19b0d4b59a1754f0c5dc51ff539108d831ef8ed45b2c47f7c07c7cf03b3e89
SHA512 ee810e017def90e2efc0ad0203341381c4b5d35942a0d6d99651e705ded4cea5337d1c3b10462e021e4fd8c906be54b3c65a1ca2239ec6d3958cffbcac14c29e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 55616797e8688488e7e145de610aefb7
SHA1 6a51bc6c51dcc051058f5a464863e00a68d74f44
SHA256 a57b4012c1d0baae703bbdb72558264ae86296671b9b751740861c3c542c1dbf
SHA512 450b59263460a9e1d385edc87fb869746963af177b314be49125bea5d09aeff095b6db3286b38dad0d1cb1cc13eed7cdabe67c4efa211c7db649ec862bb1153e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 644c3e66544f416fbd826d373207769f
SHA1 e37ff69928cb4164328174c922c0667f61d523a5
SHA256 00d3508cff6c88d25664222e43f35e32f1c5d7c3cd92f103c49584a34219ae54
SHA512 b217caa33062572ba8cefb19ccdcc37abdd9e0053b7c02c6acd5ab46093b16a775870cc57bfeede970e2bd63b85f42e28ca7e472cb42bb23f8c8c343ab69bc81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579ea1.TMP

MD5 6701d420675882ab63858040ce49d3e1
SHA1 06285dc1cc58cd04b2e89550cdc2e9149219f483
SHA256 7f0ed7ab69ed6c6dc7c5dfc38c0a2008351af1aea9417d871a8c480813d16014
SHA512 3b9aa27438e87ddec3a39d22b6925a09732dd512c08bf4b7fd9eaacb196e0b4810b27594e3fb19c85f3ef4c4173118132139328581b54536bcbbebd083f414bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c52d25d724a97b63c4521fc57bbd1aad
SHA1 eaaba0fd820f8232c613f8de5023e6e60a4d66ee
SHA256 5c6c09f0673c6995c0018c842a7b54e9bab4f091ca1fc96316b3eb166c8e283f
SHA512 fd0a9a0bfdcdbecf862d4b0556c0de9130cfa8f7250e017cf9dd12385c1e1b2592431a4a6f9f321b131cc509688120ff8bb066eacaa7bfb15534bef39462d868

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e57e3930abb2225777ca20d8a28507a4
SHA1 0b9c1df8b9abaf83f8d7b4361e81bc6049cfb43f
SHA256 f1dc2d9e8e1447a32fae1eb32d1651145c014a1d109ca330121313c20741b595
SHA512 7348d802090ceae5ee1dc2e30ab99e54d2d4528bfb0e0e011e12eed56e2dad6cf7aa1cfd1daf88c346dc8d79a7bd089e7573dd7a115ed243b4418fd722289a8c

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\d3dcompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\libEGL.dll

MD5 fde9a02f00bc7b70d93b9e928945087a
SHA1 5136e3d0b681af624086c77cd67edcf537dd27e4
SHA256 d1f504b9136ee6a8955b045e8a94dcb75c5013e9e6896d889edba1491649bc9f
SHA512 7e65a884df7bd7fc74c717528bbd61e5c0671d208cf02849e357b6690f02477659b7c3de43193bb487a2624638fafbfdece88557c9ef1ad28c03f0a6253c57ed

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\LICENSES.chromium.html

MD5 312446edf757f7e92aad311f625cef2a
SHA1 91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256 c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512 dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\libGLESv2.dll

MD5 ed58bd0690a86ac78764654edda50194
SHA1 f7973bdf9ad1c9e51350794c3d51459ba7a37f4e
SHA256 ff813885abdac4bc106bbf7d106325718f568756209b920ac2d83c3c9f9a2ce6
SHA512 955d442f1faf8e22c313c5feec1101444027b920d7fc8c171454c70edd3385f502ccc0a1f80d53bbaacf87517eabe51d74469a995ff7506917d3d2b205865040

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\ffmpeg.dll

MD5 94f687603aba179474517da648f436a5
SHA1 4de598064481401366fbfc81f0a365c13879035c
SHA256 96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0
SHA512 f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\snapshot_blob.bin

MD5 916127734bc7c5b0db478191a37fc19a
SHA1 f9d868c2578f14513fcb95e109aec795c98dbba3
SHA256 e19ed7fb96e19bb5bfe791df03561d654ea5d52021c3403a2652f439a8d77801
SHA512 d291b26568572d5777b036577ddf30c1b6c6c41e9d53ef2d8af735db001ea5c568371f3907fbffc02feee628f0f29afb718ae5deb32ff245a37947a7b1b9c297

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\resources.pak

MD5 c2b9f8256a070f23a2bac3457198657b
SHA1 8a6c14bfe8149476baf407e3695a78863aa35fd9
SHA256 b5ab9cbb8b4f5fb9a3b2f15989a8522d3985c2b4260b1ace9b4edb5173f10deb
SHA512 37bf0e2f1b2bc700519ac7b4fa023611f88a8338d9b303988e1ba37345c1f2199750e60a9cc1e8b3f34c37b78ca5a9ca1f02086755d6fe3d6c5aafeae449c66e

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\vulkan-1.dll

MD5 6704b30acda01af69502e04b57ad4195
SHA1 4d9f921bc4a3708dbe00df54f0706c05c744c58d
SHA256 a1b8bde50262cfcb258068f32832309521cdb4cbeb3694514168ef404252f840
SHA512 fcfcce5589da1114f9ea1b9062caca2afd86b9c8cd3d88542ef36d66c82d8628f9064482c17aa55dcabd9f6ba8b018eb4f0b0e23a68ba06e48cc2c3d12cc5155

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\vk_swiftshader.dll

MD5 824a833b74439461820a2e22f6bfcfe5
SHA1 a05d360fdb4688bc5cb462c6ec6fad40f64744e3
SHA256 b6816edfd0af362a1023c2616ab4d4bb0a1486f4d8ee665d5924f403da8a616a
SHA512 ea9d21f63858c326029b1ff50123ccc58b715f240bf3264f412541384573e0a6be3c2b47f1f187857f919328c915e9d1f09937dd8fb84b06ffc79e5289b1d29d

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe56a347f65e298b5f374f6363cd913e
SHA1 f57402495d812ec753e3d6f93f3c047c5960ede1
SHA256 44e5d32d1e11b90904f2f21067e197efcb01f2e094222432ae43b426be150b74
SHA512 2bcbc2c41dd4fccc42cbf23ad4df0cce4211d1673ec18236dcff6087677a98f0ca4f2f9f970f29bb0c244e6dd29124e20a83b302a014326e33dfc1391f6cab2a

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\zzzzz.exe

MD5 a61f2d769a619abae02f4f4867df8de0
SHA1 52fea8a06d5085f7427e5b141728bc2117335cb3
SHA256 4910505ce5d346ef61bb240f9a303308f969103abd4de935206777a0e8aaa792
SHA512 0d9a9931720f7cef9421b2cf9506401acaa0660db6d44a68e0cecda829d5055ea337a05cf60d06dad72debe85931ef43a8675444b5a155e179f86ebd2caea122

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\cs.pak

MD5 04a680847c4a66ad9f0a88fb9fb1fc7b
SHA1 2afcdf4234a9644fb128b70182f5a3df1ee05be1
SHA256 1cc44c5fbe1c0525df37c5b6267a677f79c9671f86eda75b6fc13abf5d5356eb
SHA512 3a8a409a3c34149a977dea8a4cb0e0822281aed2b0a75b02479c95109d7d51f6fb2c2772ccf1486ca4296a0ac2212094098f5ce6a1265fa6a7eb941c0cfef83e

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ca.pak

MD5 d259469e94f2adf54380195555154518
SHA1 d69060bbe8e765ca4dc1f7d7c04c3c53c44b8ab5
SHA256 f98b7442befc285398a5dd6a96740cba31d2f5aadadd4d5551a05712d693029b
SHA512 d0bd0201acf4f7daa84e89aa484a3dec7b6a942c3115486716593213be548657ad702ef2bc1d3d95a4a56b0f6e7c33d5375f41d6a863e4ce528f2bd6a318240e

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\bn.pak

MD5 5cdd07fa357c846771058c2db67eb13b
SHA1 deb87fc5c13da03be86f67526c44f144cc65f6f6
SHA256 01c830b0007b8ce6aca46e26d812947c3df818927b826f7d8c5ffd0008a32384
SHA512 2ac29a3aa3278bd9a8fe1ba28e87941f719b14fbf8b52e0b7dc9d66603c9c147b9496bf7be4d9e3aa0231c024694ef102dcc094c80c42be5d68d3894c488098c

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\bg.pak

MD5 a19269683a6347e07c55325b9ecc03a4
SHA1 d42989daf1c11fcfff0978a4fb18f55ec71630ec
SHA256 ad65351a240205e881ef5c4cf30ad1bc6b6e04414343583597086b62d48d8a24
SHA512 1660e487df3f3f4ec1cea81c73dca0ab86aaf121252fbd54c7ac091a43d60e1afd08535b082efd7387c12616672e78aa52dddfca01f833abef244284482f2c76

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ar.pak

MD5 47a6d10b4112509852d4794229c0a03b
SHA1 2fb49a0b07fbdf8d4ce51a7b5a7f711f47a34951
SHA256 857fe3ab766b60a8d82b7b6043137e3a7d9f5cfb8ddd942316452838c67d0495
SHA512 5f5b280261195b8894efae9df2bece41c6c6a72199d65ba633c30d50a579f95fa04916a30db77831f517b22449196d364d6f70d10d6c5b435814184b3bcf1667

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\am.pak

MD5 2009647c3e7aed2c4c6577ee4c546e19
SHA1 e2bbacf95ec3695daae34835a8095f19a782cbcf
SHA256 6d61e5189438f3728f082ad6f694060d7ee8e571df71240dfd5b77045a62954e
SHA512 996474d73191f2d550c516ed7526c9e2828e2853fcfbe87ca69d8b1242eb0dedf04030bbca3e93236bbd967d39de7f9477c73753af263816faf7d4371f363ba3

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\af.pak

MD5 7e51349edc7e6aed122bfa00970fab80
SHA1 eb6df68501ecce2090e1af5837b5f15ac3a775eb
SHA256 f528e698b164283872f76df2233a47d7d41e1aba980ce39f6b078e577fd14c97
SHA512 69da19053eb95eef7ab2a2d3f52ca765777bdf976e5862e8cebbaa1d1ce84a7743f50695a3e82a296b2f610475abb256844b6b9eb7a23a60b4a9fc4eae40346d

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\el.pak

MD5 9528d21e8a3f5bad7ca273999012ebe8
SHA1 58cd673ce472f3f2f961cf8b69b0c8b8c01d457c
SHA256 e79c1e7a47250d88581e8e3baf78dcaf31fe660b74a1e015be0f4bafdfd63e12
SHA512 165822c49ce0bdb82f3c3221e6725dac70f53cfdad722407a508fa29605bc669fb5e5070f825f02d830e0487b28925644438305372a366a3d60b55da039633d7

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\de.pak

MD5 8e6654b89ed4c1dc02e1e2d06764805a
SHA1 ff660bc85bb4a0fa3b2637050d2b2d1aecc37ad8
SHA256 61cbce9a31858ddf70cc9b0c05fb09ce7032bfb8368a77533521722465c57475
SHA512 5ac71eda16f07f3f2b939891eda2969c443440350fd88ab3a9b3180b8b1a3ecb11e79e752cf201f21b3dbfba00bcc2e4f796f347e6137a165c081e86d970ee61

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\da.pak

MD5 1a53d374b9c37f795a462aac7a3f118f
SHA1 154be9cf05042eced098a20ff52fa174798e1fea
SHA256 d0c38eb889ee27d81183a0535762d8ef314f0fdeb90ccca9176a0ce9ab09b820
SHA512 395279c9246bd30a0e45d775d9f9c36353bd11d9463282661c2abd876bdb53be9c9b617bb0c2186592cd154e9353ea39e3feed6b21a07b6850ab8ecd57e1ed29

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\en-GB.pak

MD5 d59e613e8f17bdafd00e0e31e1520d1f
SHA1 529017d57c4efed1d768ab52e5a2bc929fdfb97c
SHA256 90e585f101cf0bb77091a9a9a28812694cee708421ce4908302bbd1bc24ac6fd
SHA512 29ff3d42e5d0229f3f17bc0ed6576c147d5c61ce2bd9a2e658a222b75d993230de3ce35ca6b06f5afa9ea44cfc67817a30a87f4faf8dc3a5c883b6ee30f87210

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\en-US.pak

MD5 5e3813e616a101e4a169b05f40879a62
SHA1 615e4d94f69625dda81dfaec7f14e9ee320a2884
SHA256 4d207c5c202c19c4daca3fddb2ae4f747f943a8faf86a947eef580e2f2aee687
SHA512 764a271a9cfb674cce41ee7aed0ad75f640ce869efd3c865d1b2d046c9638f4e8d9863a386eba098f5dcedd20ea98bad8bca158b68eb4bdd606d683f31227594

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\fa.pak

MD5 9d273af70eafd1b5d41f157dbfb94fdc
SHA1 da98bde34b59976d4514ff518bd977a713ea4f2e
SHA256 319d1e20150d4e3f496309ba82fce850e91378ee4b0c7119a003a510b14f878b
SHA512 0a892071bea92cc7f1a914654bc4f9da6b9c08e3cb29bb41e9094f6120ddc7a08a257c0d2b475c98e7cdcf604830e582cf2a538cc184056207f196ffc43f29ad

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\et.pak

MD5 a94e1775f91ea8622f82ae5ab5ba6765
SHA1 ff17accdd83ac7fcc630e9141e9114da7de16fdb
SHA256 1606b94aef97047863481928624214b7e0ec2f1e34ec48a117965b928e009163
SHA512 a2575d2bd50494310e8ef9c77d6c1749420dfbe17a91d724984df025c47601976af7d971ecae988c99723d53f240e1a6b3b7650a17f3b845e3daeefaaf9fe9b9

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\es-419.pak

MD5 7f6696cc1e71f84d9ec24e9dc7bd6345
SHA1 36c1c44404ee48fc742b79173f2c7699e1e0301f
SHA256 d1f17508f3a0106848c48a240d49a943130b14bd0feb5ed7ae89605c7b7017d1
SHA512 b226f94f00978f87b7915004a13cdbd23de2401a8afaa2517498538967df89b735f8ecc46870c92e3022cac795218a60ad2b8fff1efad9feea4ec193704a568a

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\fil.pak

MD5 3165351c55e3408eaa7b661fa9dc8924
SHA1 181bee2a96d2f43d740b865f7e39a1ba06e2ca2b
SHA256 2630a9d5912c8ef023154c6a6fb5c56faf610e1e960af66abef533af19b90caa
SHA512 3b1944ea3cfcbe98d4ce390ea3a8ff1f6730eb8054e282869308efe91a9ddcd118290568c1fc83bd80e8951c4e70a451e984c27b400f2bde8053ea25b9620655

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\fi.pak

MD5 d4b776267efebdcb279162c213f3db22
SHA1 7236108af9e293c8341c17539aa3f0751000860a
SHA256 297e3647eaf9b3b95cf833d88239919e371e74cc345a2e48a5033ebe477cd54e
SHA512 1dc7d966d12e0104aacb300fd4e94a88587a347db35ad2327a046ef833fb354fd9cbe31720b6476db6c01cfcb90b4b98ce3cd995e816210b1438a13006624e8f

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\hi.pak

MD5 1766a05be4dc634b3321b5b8a142c671
SHA1 b959bcadc3724ae28b5fe141f3b497f51d1e28cf
SHA256 0eee8e751b5b0af1e226106beb09477634f9f80774ff30894c0f5a12b925ac35
SHA512 faec1d6166133674a56b5e38a68f9e235155cc910b5cceb3985981b123cc29eda4cd60b9313ab787ec0a8f73bf715299d9bf068e4d52b766a7ab8808bd146a39

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\he.pak

MD5 6d787dc113adfb6a539674af7d6195db
SHA1 f966461049d54c61cdd1e48ef1ea0d3330177768
SHA256 a976fad1cc4eb29709018c5ffcc310793a7ceb2e69c806454717ccae9cbc4d21
SHA512 6748dad2813fc544b50ddea0481b5ace3eb5055fb2d985ca357403d3b799618d051051b560c4151492928d6d40fce9bb33b167217c020bdcc3ed4cae58f6b676

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\gu.pak

MD5 7b5f52f72d3a93f76337d5cf3168ebd1
SHA1 00d444b5a7f73f566e98abadf867e6bb27433091
SHA256 798ea5d88a57d1d78fa518bf35c5098cbeb1453d2cb02ef98cd26cf85d927707
SHA512 10c6f4faab8ccb930228c1d9302472d0752be19af068ec5917249675b40f22ab24c3e29ec3264062826113b966c401046cff70d91e7e05d8aadcc0b4e07fec9b

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\fr.pak

MD5 0bf28aff31e8887e27c4cd96d3069816
SHA1 b5313cf6b5fbce7e97e32727a3fae58b0f2f5e97
SHA256 2e1d413442def9cae2d93612e3fd04f3afaf3dd61e4ed7f86400d320af5500c2
SHA512 95172b3b1153b31fceb4b53681635a881457723cd1000562463d2f24712267b209b3588c085b89c985476c82d9c27319cb6378619889379da4fae1595cb11992

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\hu.pak

MD5 f5e1ca8a14c75c6f62d4bff34e27ddb5
SHA1 7aba6bff18bdc4c477da603184d74f054805c78f
SHA256 c0043d9fa0b841da00ec1672d60015804d882d4765a62b6483f2294c3c5b83e0
SHA512 1050f96f4f79f681b3eaf4012ec0e287c5067b75ba7a2cbe89d9b380c07698099b156a0eb2cbc5b8aa336d2daa98e457b089935b534c4d6636987e7e7e32b169

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ko.pak

MD5 b4fbff56e4974a7283d564c6fc0365be
SHA1 de68bd097def66d63d5ff04046f3357b7b0e23ac
SHA256 8c9acde13edcd40d5b6eb38ad179cc27aa3677252a9cd47990eba38ad42833e5
SHA512 0698aa058561bb5a8fe565bb0bec21548e246dbb9d38f6010e9b0ad9de0f59bce9e98841033ad3122a163dd321ee4b11ed191277cdcb8e0b455d725593a88aa5

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\kn.pak

MD5 c548a5f1fb5753408e44f3f011588594
SHA1 e064ab403972036dad1b35abe9794e95dbe4cc00
SHA256 890f50a57b862f482d367713201e1e559ac778fc3a36322d1dfbbef2535dd9cb
SHA512 6975e4bb1a90e0906cf6266f79da6cc4ae32f72a6141943bcfcf9b33f791e9751a9aafde9ca537f33f6ba8e4d697125fbc2ec4ffd3bc35851f406567dae7e631

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ja.pak

MD5 d10d536bcd183030ba07ff5c61bf5e3a
SHA1 44dd78dba9f098ac61222eb9647d111ad1608960
SHA256 2a3d3abc9f80bad52bd6da5769901e7b9e9f052b6a58a7cc95ce16c86a3aa85a
SHA512 c67aede9ded1100093253e350d6137ab8b2a852bd84b6c82ba1853f792e053cecd0ea0519319498aed5759bedc66d75516a4f2f7a07696a0cef24d5f34ef9dd2

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\it.pak

MD5 d58a43068bf847c7cd6284742c2f7823
SHA1 497389765143fac48af2bd7f9a309bfe65f59ed9
SHA256 265d8b1bc479ad64fa7a41424c446139205af8029a2469d558813edd10727f9c
SHA512 547a1581dda28c5c1a0231c736070d8a7b53a085a0ce643a4a1510c63a2d4670ff2632e9823cd25ae2c7cdc87fa65883e0a193853890d4415b38056cb730ab54

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\id.pak

MD5 7b39423028da71b4e776429bb4f27122
SHA1 cb052ab5f734d7a74a160594b25f8a71669c38f2
SHA256 3d95c5819f57a0ad06a118a07e0b5d821032edcf622df9b10a09da9aa974885f
SHA512 e40679b01ab14b6c8dfdce588f3b47bcaff55dbb1539b343f611b3fcbd1d0e7d8c347a2b928215a629f97e5f68d19c51af775ec27c6f906cac131beae646ce1a

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\hr.pak

MD5 8f9498d18d90477ad24ea01a97370b08
SHA1 3868791b549fc7369ab90cd27684f129ebd628be
SHA256 846943f77a425f3885689dcf12d62951c5b7646e68eadc533b8b5c2a1373f02e
SHA512 3c66a84592debe522f26c48b55c04198ad8a16c0dcfa05816825656c76c1c6cccf5767b009f20ecb77d5a589ee44b0a0011ec197fec720168a6c72c71ebf77fd

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\lv.pak

MD5 e4f7d9e385cb525e762ece1aa243e818
SHA1 689d784379bac189742b74cd8700c687feeeded1
SHA256 523d141e59095da71a41c14aec8fe9ee667ae4b868e0477a46dd18a80b2007ef
SHA512 e4796134048cd12056d746f6b8f76d9ea743c61fee5993167f607959f11fd3b496429c3e61ed5464551fd1931de4878ab06f23a3788ee34bb56f53db25bcb6df

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\locales\lt.pak

MD5 980c27fd74cc3560b296fe8e7c77d51f
SHA1 f581efa1b15261f654588e53e709a2692d8bb8a3
SHA256 41e0f3619cda3b00abbbf07b9cd64ec7e4785ed4c8a784c928e582c3b6b8b7db
SHA512 51196f6f633667e849ef20532d57ec81c5f63bab46555cea8fab2963a078acdfa84843eded85c3b30f49ef3ceb8be9e4ef8237e214ef9ecff6373a84d395b407

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ru.pak

MD5 ab9902025dcf7d5408bf6377b046272b
SHA1 c9496e5af3e2a43377290a4883c0555e27b1f10f
SHA256 983b15dcc31d0e9a3da78cd6021e5add2a3c2247322aded9454a5d148d127aae
SHA512 d255d5f5b6b09af2cdec7b9c171eebb1de1094cc5b4ddf43a3d4310f8f5f223ac48b8da97a07764d1b44f1d4a14fe3a0c92a0ce6fe9a4ae9a6b4a342e038f842

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\sk.pak

MD5 c6c7396dbfb989f034d50bd053503366
SHA1 089f176b88235cce5bca7abfcc78254e93296d61
SHA256 439f7d6c23217c965179898754edcef8fd1248bdd9b436703bf1ff710701117a
SHA512 1476963f47b45d2d26536706b7eeba34cfae124a3087f7727c4efe0f19610f94393012cda462060b1a654827e41f463d7226afa977654dcd85b27b7f8d1528eb

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ro.pak

MD5 99eaa3d101354088379771fd85159de1
SHA1 a32db810115d6dcf83a887e71d5b061b5eefe41f
SHA256 33f4c20f7910bc3e636bc3bec78f4807685153242dd4bc77648049772cf47423
SHA512 c6f87da1b5c156aa206dc21a9da3132cbfb0e12e10da7dc3b60363089de9e0124bbad00a233e61325348223fc5953d4f23e46fe47ec8e7ca07702ac73f3fd2e9

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\sl.pak

MD5 d4bd9f20fd29519d6b017067e659442c
SHA1 782283b65102de4a0a61b901dea4e52ab6998f22
SHA256 f33afa6b8df235b09b84377fc3c90403c159c87edd8cd8004b7f6edd65c85ce6
SHA512 adf8d8ec17e8b05771f47b19e8027f88237ad61bca42995f424c1f5bd6efa92b23c69d363264714c1550b9cd0d03f66a7cfb792c3fbf9d5c173175b0a8c039dc

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ur.pak

MD5 ff0a23974aef88afc86ecc806dbf1d60
SHA1 e7bae97cbb8692a0d106644dfaa9b7d7ea6fcef0
SHA256 f245ab242aafeef37db736c780476534fad0706aa66dcb8b6b8cd181b4778385
SHA512 aabe8160fac7e0eb8e8eb80963fe995fa4a802147d1b8f605bc0fe3f8e2474463c1d313471c11c85eb5578112232fdc8e89b8a6d43dbe38a328538ff30a78d08

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\zh-TW.pak

MD5 524711882cbfb5b95a63ef48f884cff0
SHA1 1078037687cfc5d038eeb8b63d295239e0edc47a
SHA256 9e16499cd96a155d410c8df4c812c52ff2a750f8c4db87fd891c1e58c1428c78
SHA512 16d45a81f7f4606eda9d12a8b1da06e3c866b11bdc0c92a4022bfb8d02b885d8f028457cf23e3f7589dfd191ed7f7fbc68c81b6e1411834edfcbc9cc85e0dc4d

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\resources\app.asar

MD5 195df4b7998875821ed715b9f1535ac6
SHA1 27a67ecf3e08b12fd7bc68a02cfa6105fb92d0f1
SHA256 766cc67899cda8aed1732ee079d4fc62c8cf78706b2be3da911787d6669bab10
SHA512 cc8b0377cd2e88aedf1862f6b27dacbf6638ab4fd66a477740365fa370efd40cb06d75b38cd38f5b644b53a02d74322ff5e8c9a644bbfe11a9e6e337ed6a8400

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\zh-CN.pak

MD5 20f315d38e3b2edc5832931e7770b62a
SHA1 2390bd585dec1e884873454bb98b6f1467dcf7bb
SHA256 53a803724bbf2e7f40aab860325c348f786eeca1ea5ca39a76b4c4a616e3233f
SHA512 c338e241de3561707c7c275b7d6e0fb16185a8cd7112057c08b74ffce122148ef693fe310c839ff93f102726a78e61de3e68c8e324f445a07a98ee9c4fdd4e13

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\vi.pak

MD5 3fe6f90f1f990aed508deda3810ce8c2
SHA1 3b86f00666d55e984b4aca1a5e8319ffa8f411ff
SHA256 5eebb23221aebcf0be01bfc2695f7dd35b17f6769be1e28e5610d35c9717854b
SHA512 9aa9d55f112c8b32aa636086cfd2161d97ea313cac1a44101014128124a03504c992ac8efd265aba4e91787aef7134a14507a600f5ec96ff82df950a8883828c

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\uk.pak

MD5 ee70e9f3557b9c8c67bfb8dfcb51384d
SHA1 fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e
SHA256 54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22
SHA512 f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\tr.pak

MD5 3a858619502c68d5f7de599060f96db9
SHA1 80a66d9b5f1e04cda19493ffc4a2f070200e0b62
SHA256 d81f28f69da0036f9d77242b2a58b4a76f0d5c54b3e26ee96872ac54d7abb841
SHA512 39a7ec0dfe62bcb3f69ce40100e952517b5123f70c70b77b4c9be3d98296772f10d3083276bc43e1db66ed4d9bfa385a458e829ca2a7d570825d7a69e8fbb5f4

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\th.pak

MD5 2c41616dfe7fcdb4913cfafe5d097f95
SHA1 cf7d9e8ad3aa47d683e47f116528c0e4a9a159b0
SHA256 f11041c48831c93aa11bbf885d330739a33a42db211daccf80192668e2186ed3
SHA512 97329717e11bc63456c56022a7b7f5da730da133e3fc7b2cc660d63a955b1a639c556b857c039a004f92e5f35be61bf33c035155be0a361e3cd6d87b549df811

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\te.pak

MD5 f809bf5184935c74c8e7086d34ea306c
SHA1 709ab3decff033cf2fa433ecc5892a7ac2e3752e
SHA256 9bbfa7a9f2116281bf0af1e8ffb279d1aa97ac3ed9ebc80c3ade19e922d7e2d4
SHA512 de4b14dd6018fdbdf5033abda4da2cb9f5fcf26493788e35d88c07a538b84fdd663ee20255dfd9c1aac201f0cce846050d2925c55bf42d4029cb78b057930acd

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ta.pak

MD5 7006691481966109cce413f48a349ff2
SHA1 6bd243d753cf66074359abe28cfae75bcedd2d23
SHA256 24ea4028da66a293a43d27102012235198f42a1e271fe568c7fd78490a3ee647
SHA512 e12c0d1792a28bf4885e77185c2a0c5386438f142275b8f77317eb8a5cee994b3241bb264d9502d60bfbce9cf8b3b9f605c798d67819259f501719d054083bea

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\sw.pak

MD5 39277ae2d91fdc1bd38bea892b388485
SHA1 ff787fb0156c40478d778b2a6856ad7b469bd7cb
SHA256 6d6d095a1b39c38c273be35cd09eb1914bd3a53f05180a3b3eb41a81ae31d5d3
SHA512 be2d8fbedaa957f0c0823e7beb80de570edd0b8e7599cf8f2991dc671bdcbbbe618c15b36705d83be7b6e9a0d32ec00f519fc8543b548422ca8dcf07c0548ab4

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\sv.pak

MD5 502e4a8b3301253abe27c4fd790fbe90
SHA1 17abcd7a84da5f01d12697e0dffc753ffb49991a
SHA256 7d72e3adb35e13ec90f2f4271ad2a9b817a2734da423d972517f3cff299165fd
SHA512 bd270abaf9344c96b0f63fc8cec04f0d0ac9fc343ab5a80f5b47e4b13b8b1c0c4b68f19550573a1d965bb18a27edf29f5dd592944d754b80ea9684dbcedea822

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\sr.pak

MD5 cbb817a58999d754f99582b72e1ae491
SHA1 6ec3fd06dee0b1fe5002cb0a4fe8ec533a51f9fd
SHA256 4bd7e466cb5f5b0a451e1192aa1abaaf9526855a86d655f94c9ce2183ec80c25
SHA512 efef29cedb7b08d37f9df1705d36613f423e994a041b137d5c94d2555319ffb068bb311884c9d4269b0066746dacd508a7d01df40a8561590461d5f02cb52f8b

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\pt-PT.pak

MD5 6a7232f316358d8376a1667426782796
SHA1 8b70fe0f3ab2d73428f19ecd376c5deba4a0bb6c
SHA256 6a526cd5268b80df24104a7f40f55e4f1068185febbbb5876ba2cb7f78410f84
SHA512 40d24b3d01e20ae150083b00bb6e10bca81737c48219bce22fa88faaad85bdc8c56ac9b1eb01854173b0ed792e34bdfbac26d3605b6a35c14cf2824c000d0da1

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\pt-BR.pak

MD5 0d9dea9e24645c2a3f58e4511c564a36
SHA1 dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256 ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512 8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\pl.pak

MD5 18d49d5376237bb8a25413b55751a833
SHA1 0b47a7381de61742ac2184850822c5fa2afa559e
SHA256 1729aa5c8a7e24a0db98febcc91df8b7b5c16f9b6bb13a2b0795038f2a14b981
SHA512 45344a533cc35c8ce05cf29b11da6c0f97d8854dae46cf45ef7d090558ef95c3bd5fdc284d9a7809f0b2bf30985002be2aa6a4749c0d9ae9bdff4ad13de4e570

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\nl.pak

MD5 181d2a0ece4b67281d9d2323e9b9824d
SHA1 e8bdc53757e96c12f3cd256c7812532dd524a0ea
SHA256 6629e68c457806621ed23aa53b3675336c3e643f911f8485118a412ef9ed14ce
SHA512 10d8cc9411ca475c9b659a2cc88d365e811217d957c82d9c144d94843bc7c7a254ee2451a6f485e92385a660fa01577cffa0d64b6e9e658a87bef8fccbbeaf7e

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\nb.pak

MD5 af0fd9179417ba1d7fcca3cc5bee1532
SHA1 f746077bbf6a73c6de272d5855d4f1ca5c3af086
SHA256 e900f6d0dd9d5a05b5297618f1fe1600c189313da931a9cb390ee42383eb070f
SHA512 c94791d6b84200b302073b09357abd2a1d7576b068bae01dccda7bc154a6487145c83c9133848ccf4cb9e6dc6c5a9d4be9d818e5a0c8f440a4e04ae8eabd4a29

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ms.pak

MD5 9b3e2f3c49897228d51a324ab625eb45
SHA1 8f3daec46e9a99c3b33e3d0e56c03402ccc52b9d
SHA256 61a3daae72558662851b49175c402e9fe6fd1b279e7b9028e49506d9444855c5
SHA512 409681829a861cd4e53069d54c80315e0c8b97e5db4cd74985d06238be434a0f0c387392e3f80916164898af247d17e8747c6538f08c0ef1c5e92a7d1b14f539

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\mr.pak

MD5 c0ef1866167d926fb351e9f9bf13f067
SHA1 6092d04ef3ce62be44c29da5d0d3a04985e2bc04
SHA256 88df231cf2e506db3453f90a797194662a5f85e23bbac2ed3169d91a145d2091
SHA512 9e2b90f3ac1ae5744c22c2442fbcd86a8496afc2c58f6ca060d6dbb08af6f7411ef910a7c8ca5aedee99b5443d4dff709c7935e8322cb32f8b071ee59caee733

C:\Users\Admin\AppData\Local\Temp\nsgC9B9.tmp\7z-out\locales\ml.pak

MD5 8b38c65fc30210c7af9b6fa0424266f4
SHA1 116413710ffcf94fbfa38cb97a47731e43a306f5
SHA256 e8df9a74417c5839c531d7ccab63884a80afb731cc62cbbb3fd141779086ac7d
SHA512 0fd349c644ac1a2e7ed0247e40900d3a9957f5bef1351b872710d02687c934a8e63d3a7585e91f7df78054aeff8f7abd8c93a94fcd20c799779a64278bab2097

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

MD5 a61f2d769a619abae02f4f4867df8de0
SHA1 52fea8a06d5085f7427e5b141728bc2117335cb3
SHA256 4910505ce5d346ef61bb240f9a303308f969103abd4de935206777a0e8aaa792
SHA512 0d9a9931720f7cef9421b2cf9506401acaa0660db6d44a68e0cecda829d5055ea337a05cf60d06dad72debe85931ef43a8675444b5a155e179f86ebd2caea122

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

MD5 a61f2d769a619abae02f4f4867df8de0
SHA1 52fea8a06d5085f7427e5b141728bc2117335cb3
SHA256 4910505ce5d346ef61bb240f9a303308f969103abd4de935206777a0e8aaa792
SHA512 0d9a9931720f7cef9421b2cf9506401acaa0660db6d44a68e0cecda829d5055ea337a05cf60d06dad72debe85931ef43a8675444b5a155e179f86ebd2caea122

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\ffmpeg.dll

MD5 94f687603aba179474517da648f436a5
SHA1 4de598064481401366fbfc81f0a365c13879035c
SHA256 96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0
SHA512 f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\ffmpeg.dll

MD5 94f687603aba179474517da648f436a5
SHA1 4de598064481401366fbfc81f0a365c13879035c
SHA256 96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0
SHA512 f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\v8_context_snapshot.bin

MD5 4f4d00247758c684c295243ddedd2948
SHA1 f8e8fc6c22fde9df1d60c329e38b38a85f96bb69
SHA256 4ea84c4465eea20b46e6ded30f711f1e0d61e15574d861b0210819abd5e895e5
SHA512 2c335672979114bd68ff6f1b1b94235fbf072fe8642cad1f7d61855b92741f0633fa0ccb77cd520be560db2d3ac75f9be08e22806487bf5d3045781e3903ad45

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\icudtl.dat

MD5 d89ce8c00659d8e5d408c696ee087ce3
SHA1 49fc8109960be3bb32c06c3d1256cb66dded19a8
SHA256 9dfbe0dad5c7021cfe8df7f52458c422cbc5be9e16ff33ec90665bb1e3f182de
SHA512 db097ce3eb9e132d0444df79b167a7dcb2df31effbbd3df72da3d24ae2230cc5213c6df5e575985a9918fbd0a6576e335b6ebc12b6258bc93fa205399de64c37

memory/4948-987-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-988-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-989-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-997-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-998-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\resources\app.asar

MD5 195df4b7998875821ed715b9f1535ac6
SHA1 27a67ecf3e08b12fd7bc68a02cfa6105fb92d0f1
SHA256 766cc67899cda8aed1732ee079d4fc62c8cf78706b2be3da911787d6669bab10
SHA512 cc8b0377cd2e88aedf1862f6b27dacbf6638ab4fd66a477740365fa370efd40cb06d75b38cd38f5b644b53a02d74322ff5e8c9a644bbfe11a9e6e337ed6a8400

memory/4948-1001-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-999-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-1002-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-1003-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

memory/4948-1004-0x0000025EE7CC0000-0x0000025EE7CC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\d74f1c37-761e-4bf7-9194-15e8132c15c7.tmp.node

MD5 de381eaa2ece8270012ee128d5cf9e2e
SHA1 1f06480a2491182f361683e9b901cf26115ef222
SHA256 ef775eba5a870f92f29be91cdd777e5b7451e44f1a1f23722d4f8d0c6ebe4ed6
SHA512 7ca1ea7e3bdee2e5c6a5e1d04e8869af161ace08b914f2e1b4d67d17fadcd719c08f381b6a1c22d43769a066d87e39f91b7059065e4de0525a1f1a2853be982c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7efec14ad7fa7d40460706a795bffe45
SHA1 7fa9323b46ad8fe00c4aa0c399f5d0db0fbf1565
SHA256 f6bf77cfda488755db9e42500dc4b10544687e84eea2fbae344e2d2aabfc7a70
SHA512 48134c6ceb5b881a007383eada61449899291fc458c2a293043f8d66b81672c78ad3f9837c522ecf5f39dddb32d4ba27b6bfceeab55e66eb8b0cd33657785106

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\resources.pak

MD5 c2b9f8256a070f23a2bac3457198657b
SHA1 8a6c14bfe8149476baf407e3695a78863aa35fd9
SHA256 b5ab9cbb8b4f5fb9a3b2f15989a8522d3985c2b4260b1ace9b4edb5173f10deb
SHA512 37bf0e2f1b2bc700519ac7b4fa023611f88a8338d9b303988e1ba37345c1f2199750e60a9cc1e8b3f34c37b78ca5a9ca1f02086755d6fe3d6c5aafeae449c66e

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\locales\es.pak

MD5 a36992d320a88002697da97cd6a4f251
SHA1 c1f88f391a40ccf2b8a7b5689320c63d6d42935f
SHA256 c5566b661675b613d69a507cbf98768bc6305b80e6893dc59651a4be4263f39d
SHA512 9719709229a4e8f63247b3efe004ecfeb5127f5a885234a5f78ee2b368f9e6c44eb68a071e26086e02aa0e61798b7e7b9311d35725d3409ffc0e740f3aa3b9b5

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\chrome_200_percent.pak

MD5 4610337e3332b7e65b73a6ea738b47df
SHA1 8d824c9cf0a84ab902e8069a4de9bf6c1a9aaf3b
SHA256 c91abf556e55c29d1ea9f560bb17cc3489cb67a5d0c7a22b58485f5f2fbcf25c
SHA512 039b50284d28dcd447e0a486a099fa99914d29b543093cccda77bbefdd61f7b7f05bb84b2708ae128c5f2d0c0ab19046d08796d1b5a1cff395a0689ab25ccb51

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\chrome_100_percent.pak

MD5 acd0fa0a90b43cd1c87a55a991b4fac3
SHA1 17b84e8d24da12501105b87452f86bfa5f9b1b3c
SHA256 ccbca246b9a93fa8d4f01a01345e7537511c590e4a8efd5777b1596d10923b4b
SHA512 3e4c4f31c6c7950d5b886f6a8768077331a8f880d70b905cf7f35f74be204c63200ff4a88fa236abccc72ec0fc102c14f50dd277a30f814f35adfe5a7ae3b774

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\ffmpeg.dll

MD5 94f687603aba179474517da648f436a5
SHA1 4de598064481401366fbfc81f0a365c13879035c
SHA256 96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0
SHA512 f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

MD5 a61f2d769a619abae02f4f4867df8de0
SHA1 52fea8a06d5085f7427e5b141728bc2117335cb3
SHA256 4910505ce5d346ef61bb240f9a303308f969103abd4de935206777a0e8aaa792
SHA512 0d9a9931720f7cef9421b2cf9506401acaa0660db6d44a68e0cecda829d5055ea337a05cf60d06dad72debe85931ef43a8675444b5a155e179f86ebd2caea122

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\zzzzz.exe

MD5 a61f2d769a619abae02f4f4867df8de0
SHA1 52fea8a06d5085f7427e5b141728bc2117335cb3
SHA256 4910505ce5d346ef61bb240f9a303308f969103abd4de935206777a0e8aaa792
SHA512 0d9a9931720f7cef9421b2cf9506401acaa0660db6d44a68e0cecda829d5055ea337a05cf60d06dad72debe85931ef43a8675444b5a155e179f86ebd2caea122

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\ffmpeg.dll

MD5 94f687603aba179474517da648f436a5
SHA1 4de598064481401366fbfc81f0a365c13879035c
SHA256 96e7ed9463802023c86ba42f8045d5249baaca7f679ac76087d29ae33be1ede0
SHA512 f94694bed9b6f2c5365b12acad28dc49579c9fbbd7db46569d1fd919cc6973236cba8aa4dd0d8d1a3a9ddef81c285c5dbce47294259462272f84e41a23d9d1e0

C:\Users\Admin\AppData\Local\Temp\2Ol4e8rQz0h0wOoUdsfPrEXFdWg\D3DCompiler_47.dll

MD5 3b4647bcb9feb591c2c05d1a606ed988
SHA1 b42c59f96fb069fd49009dfd94550a7764e6c97c
SHA256 35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
SHA512 00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 97ba4b74814e50a49b34571681f0fd08
SHA1 5050c2f374f86711a4164a6bc98173d4638cadca
SHA256 06a90990458abfe861a932606953c32539a654fa88c8cf339c7b3980dcb9f566
SHA512 cfce5c54e853d4c9afa25678d77a1e36b8306d84ab67673ea6a5173c093d39d8cb440db33760b2136ebf995d3588978c8f5239a70cf23db8491bcde2156e4202

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6bd435c08bcf738773c5e8e31f18a941
SHA1 622806dcc29dcb63a44ff4e9bdbd2a0fb9c8b593
SHA256 8bf95dafdbd63d25a1b3c843c0cfbe3e52f0dd839ff815630aeba797ec93bdbd
SHA512 4c9ce91c64cff27f36505287e9c9b5b6131d433cb8fb1a99ff5e956eca248e5f8dfc7c68b6e1d1a2ce33edb005670728ce96145756b5e961f5fc5630cd3d4afb

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Roaming\index\Preferences

MD5 94a653910a42a49fd566e03ca7a541a6
SHA1 21c33c0bafa5e9f3f172fcd245b8ee7977d5cfeb
SHA256 a029bb554adfcf222607af6413f0e6f5567fc5027cd6f3be146d643af1db65b0
SHA512 b4e74e73b7ff65c82fafcb537e1055c9be0df6a14ead662f1c2ffd664424fec841b831c57d63cef575ecfe3afbcd460df61135eea03ec681eaa385ea25f789c5

C:\Users\Admin\AppData\Roaming\index\Preferences~RFe58e990.TMP

MD5 8a9bbc2f833ed90104d3e81732369d1c
SHA1 488256a8361ef1496ad01a67dbf5eb4149aef667
SHA256 eccd0ffbf81c7646a3a23e4727206b08596cbc0c36597ddb13a8c6906ed89115
SHA512 ee423d4ceb3bfbd8a6d61cc48077e92c2f764d0135d58d07f2c742de9e936a86059d60c08998918fadb0e3e66eb25b3bdd49e4bb95e7a67dada71fc487a345ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 52957d4bf2f5b79a0cf7b42e9eb1a954
SHA1 c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5
SHA256 373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b
SHA512 90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b1a923e1a5719ad4cd2d610bce8bf74c
SHA1 9d1e017cbe823e970456f1073cffc293f857a940
SHA256 4e4206ca0fd78777c4e097b26547bab2bc689189853d0e73ad182a789e19ec03
SHA512 e38a33d36d472c1c4db603c4276897cdc60b34c79da7ca58fbea59cc63acb0fefb0c911b5f425384635046d2dbdd1c55c7da92b55e859032141c2ea3b12fe15e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff79d9f96eb0edc0c86c0a8c84a02c3b
SHA1 b06aaf66231d7491125b77e65594d95386f61040
SHA256 5e961fc4a52cf82bd2adb146f9b3125a18ea7217dea8ff6b301392450c412032
SHA512 d951d4e18649da522ae84908f02bf01a8a545dc48e038b619d1cd5be9515d2272dcad5bbd10deaab131410a0b0f10b1d705ceca119067c79fc0f74e8ee94c3e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 109e1354dcad59ff8d3e589dcc09299a
SHA1 bc2cf564c7967a59936c2074b78e124e17439c3a
SHA256 a9f34a49984f7a94c7a522a6d171e470701d34a4b630dcb7ae673e6cfaf2e5ae
SHA512 4a85f37ac35db60a44e729a0ee842e45172657c17c71022dfa73aed445106b833cdceccf94b1735737d5b9c06da8db19a6799186bbf742544c943a4b8de737ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2b5e3033c60ca3bd2f808038be6882ed
SHA1 27771b52ac1648f51462b0ab15aec40239084a9f
SHA256 147f6408ca816bac36f330998fc27d3f3ee80069fe3615b11252d87247ce003f
SHA512 79808a9b27c19807d1de1247ef0a2ea139130a244e90ccf01268ee10b6e4319470bd8b3a0b918a8d60de49574d79c31d259cc540c8dacda6a08280987c454a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c1b91411781ad69eb4f80bd20797657
SHA1 0dd24b68605710d3f62cd93f22032f53295ae825
SHA256 49f82cc6ce779cfd418a6ef93ec765d3e76bbd7c1de3c494e9384d08e72d8775
SHA512 07a378a7db3407c87b929084b9128ac11701c0460cd9075142f37e63af837d6318bfc661605477355577bbb824ebc140317d06e8aec586c9bd87ba9b7dd06ef1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 596746d702b777ad1d516454300da91c
SHA1 ecaaeb10cdd54506ecd9c5cf4c2996345dcbc500
SHA256 5ac7c870180e4807f3aa8545f42eaebb235e48611edc4f3a61ede804583f0fe1
SHA512 9b3bd9fa4cff3eb8a70872882c93935d29b1fe2e58badcac73b7a568528771785239c297f215f1f5c4e3263e349d99a2e89fab134eb7a5a47f5957f57d9c24a6

C:\Users\Admin\AppData\Local\Temp\nstCC26.tmp\app-32.7z

MD5 262aacc27fd68c2e83f65267a6f9128f
SHA1 deebc359fa09d3f6a30eeb380fbf9ea8f945cf2d
SHA256 64f951459098a3a730ba13267a9ed0671d41c6f329185445414f50589d6cf614
SHA512 f589cb617c98c7cacb9ddcaf71c5a61df90dea4e78d8bfa41348bead4c23ffb695c141b13aa5de2aad39182725f51b02933e7e0c1e0098d254da1d058fa3ab07

C:\Users\Admin\AppData\Local\Temp\895116bc-3034-4b2c-9251-0cfe1817760f.tmp.node

MD5 de381eaa2ece8270012ee128d5cf9e2e
SHA1 1f06480a2491182f361683e9b901cf26115ef222
SHA256 ef775eba5a870f92f29be91cdd777e5b7451e44f1a1f23722d4f8d0c6ebe4ed6
SHA512 7ca1ea7e3bdee2e5c6a5e1d04e8869af161ace08b914f2e1b4d67d17fadcd719c08f381b6a1c22d43769a066d87e39f91b7059065e4de0525a1f1a2853be982c

C:\Users\Admin\AppData\Local\Temp\54f364ca-98de-4305-8e36-31f1e07fb21f.tmp.node

MD5 ded033e7e5371e470d7b41d1b4e5de3c
SHA1 83a8d677f577774cba6f1ea35e730d253df96688
SHA256 393e2339f75de2d5a44fcd1db078de5f99659efa98cc210b497eba38b29317f0
SHA512 1f0edca43beb822332e9f6a1ec8e38e7f767c2197d181c83446553ca7f2dc481837a2be2a2935064f36f129826fbb18b27e4e9da7c2e0a0a2974381980e5d6d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data.bby

MD5 780853cddeaee8de70f28a4b255a600b
SHA1 ad7a5da33f7ad12946153c497e990720b09005ed
SHA256 1055ff62de3dea7645c732583242adf4164bdcfb9dd37d9b35bbb9510d59b0a3
SHA512 e422863112084bb8d11c682482e780cd63c2f20c8e3a93ed3b9efd1b04d53eb5d3c8081851ca89b74d66f3d9ab48eb5f6c74550484f46e7c6e460a8250c9b1d8

C:\Users\Admin\AppData\Roaming\index\Network\Network Persistent State

MD5 8edcb096239ebd5ac6b4515b9a549c0c
SHA1 81e87cb199117915c22c8dcdf4caf6dc3ca02a27
SHA256 ebeab13e1c8f54c2eee08e39bb7338c965ec65fee43661b76e3e9e1129e76655
SHA512 356106bf4ee5ee89b0ffed40499de1b9985706a721ff904df19d7390a3d4b73761420f685bbc9bf27b08b3263cc06e7a9468bf3bdfd6987c67c8542f13813d7e