Malware Analysis Report

2025-01-18 22:13

Sample ID 240501-jx4xvadc39
Target 486d07b44ecb8aedd18daa8fa0493822.png
SHA256 69cfabd220265bdc9dec149bf14ba3a55d595e7a5106363887f536be6ab0ddfe
Tags
adware discovery persistence stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

69cfabd220265bdc9dec149bf14ba3a55d595e7a5106363887f536be6ab0ddfe

Threat Level: Likely malicious

The file 486d07b44ecb8aedd18daa8fa0493822.png was found to be: Likely malicious.

Malicious Activity Summary

adware discovery persistence stealer upx

Downloads MZ/PE file

Registers COM server for autorun

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

UPX packed file

Enumerates connected drives

Checks installed software on the system

Blocklisted process makes network request

Adds Run key to start application

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-01 08:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 08:03

Reported

2024-05-01 08:49

Platform

win7-20240221-en

Max time kernel

371s

Max time network

811s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\486d07b44ecb8aedd18daa8fa0493822.png

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\installer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0323-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0386-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0276-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0173-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0155-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0163-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0281-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0065-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0111-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0171-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0097-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0001-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0010-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0285-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0116-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0067-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0050-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0278-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0294-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0374-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0072-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0237-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0353-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0188-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0356-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0238-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0063-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0259-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0318-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0125-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0092-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0121-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0087-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0225-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0196-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0035-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0397-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath C:\Program Files\Java\jre-1.8\installer.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\rt.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_259740042\javaws.exe C:\Program Files\Java\jre-1.8\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI3DA7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3DC7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3E18.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b3911.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b390e.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b3916.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D86.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3E07.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F12.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3F23.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI40E8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b3910.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b3914.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7b390b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D07.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D36.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB46A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7b3914.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7b390b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D47.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7b390e.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7b3911.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3DE7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7A23.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB16A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB39D.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259711540.tmp\jre-windows.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre-1.8\\bin" C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0009-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0136-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0357-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_07" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0266-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0235-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0197-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_07" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0080-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0248-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0334-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0206-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0112-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_112" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0115-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_115" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0167-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_167" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0248-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_248" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0223-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0272-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0069-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0046-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_46" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_02" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0337-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0370-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0254-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_254" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0187-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0124-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0190-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0147-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0079-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0064-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0152-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_152" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0353-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_353" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0183-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0177-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0330-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0012-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_12" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0093-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0130-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0128-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_36" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_08" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0056-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_56" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0070-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0102-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_90" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_199" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0188-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0279-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0130-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0098-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0311-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0033-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0088-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_19" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0340-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0119-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0176-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0365-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0119-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_07" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0132-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0225-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0015-0000-0086-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_86" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0131-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0212-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_212" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0101-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0202-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0395-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0056-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0374-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_374" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBC} C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0022-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0276-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} C:\Program Files\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0119-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_119" C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0330-ABCDEFFEDCBB} C:\Program Files\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0088-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre-1.8\installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259711540.tmp\jre-windows.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2608 wrote to memory of 2108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 2488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\486d07b44ecb8aedd18daa8fa0493822.png

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69b9758,0x7fef69b9768,0x7fef69b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1568 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2200 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3532 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1136 --field-trial-handle=1304,i,5743278640739921613,1358230426854012488,131072 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69b9758,0x7fef69b9768,0x7fef69b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3556 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2532 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2496 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3660 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2588 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3644 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2248 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1516 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2528 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2800 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2428 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2780 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=888 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3244 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1628 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4280 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4432 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4392 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

"C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe" "__IRCT:3" "__IRTSS:24068259" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708464" "__IRSID:S-1-5-21-1298544033-3225604241-2703760938-1000"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=744 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2596 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds259711540.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds259711540.tmp\jre-windows.exe" "STATIC=1"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding A552E971244EC0471856DC0081A1F5C0

C:\Program Files\Java\jre-1.8\installer.exe

"C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 158E7481DD3286B7EA8985C4DFBF49DC M Global\MSI0000

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus

C:\Program Files\Java\jre-1.8\bin\javaw.exe

-Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D0DFCEE9700DC557D77127A48C220EA7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 242963570F43C2AA6E24463CC117F805 M Global\MSI0000

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.921.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.921

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic CPU get NAME

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & set processor

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\system32\dxdiag.exe

dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\SysWOW64\dxdiag.exe

"C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\system32\cmd.exe

cmd.exe /C chcp 437 & wmic qfe get HotFixID

C:\Windows\system32\chcp.com

chcp 437

C:\Windows\System32\Wbem\WMIC.exe

wmic qfe get HotFixID

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x564

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2596 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=1476 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4104 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4112 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=2776 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1304,i,14683332293388786622,18332785931424448114,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\@#!!Newest_FILE_2024_PASSC0DE_$!.rar"

C:\Users\Admin\AppData\Local\Temp\7zO81B12B10\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zO81B12B10\Setup.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30653:126:7zEvent810

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69b9758,0x7fef69b9768,0x7fef69b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3128 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2116 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3376 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1196,i,12601203401890863450,11446428098779382428,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140007688,0x140007698,0x1400076a8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.201.97:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 id.google.com udp
FR 142.250.201.3:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.213.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
FR 142.250.201.3:443 id.google.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.213.22:443 i.ytimg.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 img.youtube.com udp
GB 172.217.169.46:443 img.youtube.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.22:443 i.ytimg.com udp
GB 142.250.187.206:443 img.youtube.com udp
GB 142.250.187.206:443 img.youtube.com tcp
GB 142.250.187.206:443 img.youtube.com udp
GB 142.250.187.206:443 img.youtube.com tcp
US 8.8.8.8:53 tlauncher.org udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 e2c27.gcp.gvt2.com udp
US 35.227.159.135:443 e2c27.gcp.gvt2.com tcp
GB 142.250.180.3:80 www.gstatic.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
FR 216.58.215.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 hcaptcha.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.18.125.91:443 hcaptcha.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 2.18.190.81:80 apps.identrust.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.125.91:443 hcaptcha.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 tlauncher.org udp
US 104.20.36.13:443 tlauncher.org tcp
US 8.8.8.8:53 javadl.oracle.com udp
NO 104.110.22.225:80 javadl.oracle.com tcp
NO 104.110.22.225:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 tlauncher.org udp
GB 142.250.178.4:443 www.google.com udp
US 104.18.125.91:443 hcaptcha.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 www.google.com udp
US 104.20.36.13:443 tlauncher.org tcp
US 104.20.36.13:443 tlauncher.org tcp
GB 216.58.204.78:443 img.youtube.com udp
GB 216.58.213.22:443 i.ytimg.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 142.250.187.206:443 img.youtube.com udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 92.123.165.224:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.206:443 img.youtube.com udp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.221:443 sjremetrics.java.com tcp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 repo.tlauncher.org udp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 104.20.36.13:443 repo.tlauncher.org tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 page.tlauncher.org udp
US 104.20.37.13:443 page.tlauncher.org tcp
US 104.20.36.13:443 page.tlauncher.org tcp
US 104.20.36.13:80 page.tlauncher.org tcp
US 8.8.8.8:53 repo.fastrepo.org udp
FI 135.181.139.36:443 repo.fastrepo.org tcp
FI 135.181.139.36:443 repo.fastrepo.org tcp
US 104.20.37.13:443 page.tlauncher.org tcp
US 8.8.8.8:53 img.tlauncher.org udp
US 104.20.37.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 img.fastrepo.org udp
US 172.67.70.32:80 img.fastrepo.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 104.20.36.13:443 img.tlauncher.org tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.253.64:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 stat.fastrepo.org udp
US 104.20.36.13:443 img.tlauncher.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
DE 78.46.79.62:443 stat.fastrepo.org tcp
US 8.8.8.8:53 dl2.fastrepo.org udp
US 172.67.70.32:443 dl2.fastrepo.org tcp
US 104.20.37.13:80 img.tlauncher.org tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.253.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 res.tlauncher.org udp
DE 78.46.66.120:443 res.tlauncher.org tcp
US 8.8.8.8:53 cl2-res.tlauncher.org udp
US 104.20.37.13:443 cl2-res.tlauncher.org tcp
US 8.8.8.8:53 piston-data.mojang.com udp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 13.107.253.64:443 piston-data.mojang.com tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.253.64:443 resources.download.minecraft.net tcp
US 13.107.253.64:443 resources.download.minecraft.net tcp
US 13.107.253.64:443 resources.download.minecraft.net tcp
US 13.107.253.64:443 resources.download.minecraft.net tcp
US 13.107.253.64:443 resources.download.minecraft.net tcp
US 8.8.8.8:53 resources.download.minecraft.net udp
US 13.107.253.64:443 resources.download.minecraft.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 7launcher-com.webpkgcache.com udp
GB 142.250.180.1:443 7launcher-com.webpkgcache.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com udp
GB 142.250.180.1:443 7launcher-com.webpkgcache.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 oceantogames.com udp
US 8.8.8.8:53 www.youtube.com udp
US 172.67.144.253:443 oceantogames.com tcp
US 172.67.144.253:443 oceantogames.com tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 172.67.144.253:443 oceantogames.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 hoixerb.click udp
US 172.67.153.133:443 hoixerb.click tcp
US 172.67.153.133:443 hoixerb.click tcp
US 8.8.8.8:53 doilexmu.click udp
US 172.67.145.106:80 doilexmu.click tcp
US 172.67.145.106:80 doilexmu.click tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 foxmisxdwn.b-cdn.net udp
GB 143.244.38.136:443 foxmisxdwn.b-cdn.net tcp
GB 143.244.38.136:443 foxmisxdwn.b-cdn.net tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 foxmisxdwn.b-cdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 172.67.144.253:443 oceantogames.com udp
US 172.67.144.253:443 oceantogames.com tcp
US 192.0.76.3:443 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com tcp

Files

memory/1676-0-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

\??\pipe\crashpad_2608_SNPBUQNAYNXSUQJY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66248a0ebc490157260fce6a98ee0313
SHA1 d13084e4dc507e01e394c33b6dad41170b974bb9
SHA256 9a4a54bbd342f6e5aa374060ca3ac118ccf1053b334e78911d43075944c80e60
SHA512 879ef6eb97880dcac69ff936d788a4fc223b24f203ed7909cb705b330f010c8063fc41449a2a832c2b2f48c4dd59848fdc559aac0e007b454865365b40ac0128

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 557624eb045f54407fe06ac0f346661b
SHA1 fe5d9372ad5d1300fb2f8d78aa411dc0e740a246
SHA256 d78d79734bad231593e13e2d38d7832aa73bc238bc679274a629ab460a494bac
SHA512 4e2f4d088832ab3ce6f22211eb2ae68fb2e2d4a4d0a2ef5395feb26f70ba33cd460f31ca87ab333e8c74cc08d00046d5bfe7e4944671fff60e07eecd85b81b94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ca6a7a583530d544d045ccbee96f1b6
SHA1 830cbfd338bf4498ddb3a2e5957e1247514729fb
SHA256 ba05dbdb6a552fcf4f5ea6e4f40614eed5568b44e789024f7624e8f6462d3204
SHA512 9b8e82bbbe27aa304f9e1f99ee7c06036248683c37a99debb1887fc145554d6d90b369ae3756eee7946a83c1920f8e0f351531ad1832388ab23791a647c02006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d9ee9c92ef91fbbd2b86df78cff74da
SHA1 43146e6f96147fbc050454b8ef096292ba90217a
SHA256 84ae60a4484d6cc9a63ba3e604fe5b0a168272b3de2279dd7371701b3e1711a8
SHA512 ca08c135acdc05da7f4f93367b19653b0d008b31c4534a3b8f63838c41c11d46708434a4bb43a3a9f53b5eb29a36d5be0631e86bbfe16139fd3732f5b023bcdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76fdee.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 782e8c666c1c6a2ab0e2952b5d645983
SHA1 bb8f9161c36f5c746a7bd10616a65454dbe480a6
SHA256 9d4ec04e127b76bc99be325b37d418e0f2bcf35c3cd510a00b2dec5ead1c8b14
SHA512 748326ab618886a4b3f853172df33f6379686ddc36ae0b39f4c4ff80c7ec97d606977a967e3e6b0f07fd8026e8c80bfea955371b09380e0416e6f4262068de7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 238145cabc4dc699602ad8d2e8bf7a33
SHA1 b0a0a32ffbe670d7f9d053306c47387c761f9206
SHA256 46b9ad82964c944304c89887096030221cb213953a051eb5e4be979e6b10a9de
SHA512 3cd8fc13e9ec430478ff88200aed870c29efeaf3b7b661b922561ad2ee7090b42cd315b07835b4cc997aae053fc2f1757c9f7bccf07b617b1893e47700eb291c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d70600245b1731c9cafe4f896d0aef68
SHA1 0d25f9079b049262f2424b9adb1682c4e7655602
SHA256 37107744306ac34ab94daade37c9419f6ee55b890f8f348a89b95d1454512230
SHA512 5ee3087e39ff8cab7d0fe4e9d1d93faad54ea2f4c81003aa96310911ba3e1160362295a98250a62322c50426aec591333ea51e454069dbfee6999dcbe89ea367

memory/1784-268-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1784-269-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35ee84cc4eb3ea98edc3a49383e46008
SHA1 dd6d81acb912e36e89fbda7fc90e64fe46692e7a
SHA256 30b6aea6a6a3b27e2da5a16c6a514b0ee23fc4b196c54ac3f48a08c6b59a1de0
SHA512 f2c93846aff5098a8972585cb3a43a5957501e01548a801fc4f7ce85bec5a1857d4cf38bed534a8bbf79243b88eb698dad2f6a105009aea763ebd231c8832ab1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a69967a2f77f6ff23450bb6b511da35
SHA1 597d3930a081ddc1c37ad74ae10acef6651e0409
SHA256 3d2164ad7be1e762d92ee391cb862675ac8e58ea94b253569bbd96b4489cb96c
SHA512 8ac464c337559ea58b4b97f7a7b01138be2521f66b93e01063d09dc413c46471fd55262ff05b29dd2766a01e41d2174f28c5ccab6649b502cbaade49f092ac6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e93f88ea3d9ed614b24f39a6e6660008
SHA1 197e1b1f2b5aed90d5c1046350ed07c0f96579ea
SHA256 cd0e18b4786d195bb687f9ff1c9256d4cb2ff42eef46080ce8db94e0c709027a
SHA512 233c238317f35435feaae6a9f8cc41b78e4d032a699162044128a20ee167031054e24f771f77cd8a6639a2688b9717d08a8227f67b75e3d31e1e87b00b63f4c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0b4d878f-e903-4036-a171-4dbdc60424f3.tmp

MD5 994b44d5e9d7560c084dfefd658630ee
SHA1 3454be95104828141b86e4c1c7acea5dc835de32
SHA256 5e4d214c5911a0e882c4fd9f5c1a7d914ddcec9a12a9c36383bec3268f8fe873
SHA512 1b9279c0ed6bb8c485f648047fa4a509a824ef08a0f70da37adb0352e1bf887d4d9bb19c6e9127808020c14696fe176757b2bfaef324567f73df27bcc5791e72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a5e83f9c000b42169035667d98157c91
SHA1 078534b79c29eafe32aeef30be3da494e9b698f4
SHA256 9484dd67e74908ece9a06973cbf4d1d10cee939732da79a55903f3161d2900b9
SHA512 ed781e9a9170081a740c326e70ceb865f198a1187b53fc7bdd99dcb20fa5439191a251a8230fbe06497b2a7ed1e0f49137a2538c61a2453fdca7a78d53929e97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 89f4922a7587a9f92f626d7868051285
SHA1 9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702
SHA256 16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7
SHA512 009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 31390225a4b62c039eb8371070b30416
SHA1 f2ab8dd8eeb493ada6b798ac556f64f9e8d2acc4
SHA256 59bdae85374b19ef28c78cee822ad961c78c83e3616500017a076115c17d0096
SHA512 03edaccc9a3e76fffe157ab5ebc48bedda57cf51202c72a8d1f4417d2466d0d91c16c443a8dd82eb1852bf8c82519221b59fa3bb47b1c65e47908edcfdea01fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

MD5 a7dc3940a6f56f935cda88488c83b76b
SHA1 f14645deb8988f01eef5f1316f48b33f307a8172
SHA256 40de07e3e0e5ee8ad6f560960012069f1cbc0519f03d1327c12893fd923d16ce
SHA512 24b5c16483a958b3dd5cebb789b9da0efe65ee30aa092307d81e6003d0cbb938fc1532e2b641bfe4c1f385e4445aa43dfbafb52795f311c641bcf24ebe04cce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 b63cda2b0757fbdf91da6a3c42c5c42a
SHA1 dfa55a1ca4d1a07eeabcbdedd196758fa19dffdd
SHA256 9e8458022f79d2d9dd7da5a0dd082f825490d0472c448fa8c41f51fb55ea8891
SHA512 6c1437c4a242467fa71d03e02af774af169de14e569cd963f4e598938d6d905ef88ae1c09b4778f7bea9adeea5b3680808779de22e7b3cc8762e375faadc652f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13359024319844800

MD5 3929d7921e146ef698668b2277d61c0b
SHA1 cd11ea9645f916d111c00b6bc49488c023404f86
SHA256 4fa745b109a22b20ea2f790cf8623670ff452544e7692a845366d10e20ec2849
SHA512 2616ed2692d354818f3f27646290fa72df1c80542bbb75f9dc90565bc9cce7d9bb8d61422421b5aa46633e23b8855f09f25027c2068e8483fa46fd305846e232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

MD5 03d881fc5a4ab4013bd1b30988abb179
SHA1 9ad861569715575d7b676e5683b14dd3cffec304
SHA256 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8
SHA512 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2ab61d6f263fc06dc9ee422384f723a
SHA1 5a8660017cdffbb3d772e1d20b591c2c0886a4c4
SHA256 475f86b4b46c80d48c96660704319be44ed09b7df17f2efde5de8ac6a70e8b12
SHA512 851dcecb2dbc86f6959f2d10b5cebff6a2a6699d05fb64dcbe8d68852737678f005f8eb2302a127dc096082922edf3d448f42673237a3debff242982e11200cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 93573b3de6d2125a0a0c45af59b2a8ea
SHA1 e69f6cdebc8c8e0bfe7e20a3cd71b8bd7ed7bf9a
SHA256 641b5997369f4d2f04c5d0c7fb3455e09492fd5ff5436df45125f148c0494e11
SHA512 2ccbcecc0a9335c5db0dc982286228bf1cf34b75a6439f35fb2aba50857c694a00fa51e22f92b260c1186cb6b4308c26ca40882509282fadd732efc802ad16b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 b259df2a5d765ddd2e4401f07f7cf9a1
SHA1 e07adb0723f1f873e3e51e70dbfc0328d19f6e78
SHA256 76fb916673efa66386e1bebaadccc188e03031754b8d0f1e6c19f880be213028
SHA512 cf467e02383d9fefb595efd3e531ac4ae185a2df7d80db49ba592099592d3c5020220f7efa0a31b60fafebf89bac2775ce92174797846c8569fe16acb9a31d39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

MD5 aa87631609c601badedd6861cd118a82
SHA1 085e9ee84089d325e12aecb41b6b0b58277a7b9d
SHA256 32748a6231e42b8eba9b33fcd1ad1fd01210ed64f5c9d34d35334c66eeb056d6
SHA512 59302975182586584e22ea3c188e70c252c0736acff9b1f025fd1c366086fb8ad79dadb8959e6a9fc3ed9f60f18b0b659ec54fc7d0abbe85a4e113a8f7cad725

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

MD5 12275f46db968e27e4edb23a4517904d
SHA1 1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a
SHA256 0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a
SHA512 084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

MD5 8b7cb42c968c0b0716cfeb1ae8ca61ee
SHA1 72c0bf4d80605a0f3d75cf9479059e321419f4c2
SHA256 fb28ad05c73151f24f8734a1128744b5a38ebe3305b4f21d69b76e0d34a688a2
SHA512 63ae193152f4ff2dcba40bf5c3966621e02ba456be4a9d5eebddc5efe6667c9d7ff7e200d7f1c68081d40d4f2be1b4f2caa9777bc483a1595479139227d846c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 f6dc2a9048a40c15f392b66797f5839e
SHA1 b1b51258663d767df37fe8ac26f98ccf780293fa
SHA256 51fd0c3ffa735d19e3e73b46e9d2208352d1b282619a510822f75714e574cc0f
SHA512 32b722a80410aff6f6821ba34479372a3796fba6fd243ab25087063a7031a68dfbf1d9e1e97e8a457ea6cc1b97b9c59866248968b64176155410aed7162e16dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

MD5 1be22f40a06c4e7348f4e7eaf40634a9
SHA1 8205ec74cd32ef63b1cc274181a74b95eedf86df
SHA256 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691
SHA512 b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 b8472f0675d28a9a33204f13fbd34364
SHA1 ecbbf19289487c090c2130b2702f1750dffc0409
SHA256 48518deff8b52755d1795534e56cbad1e608727be6babb93bba01c4f6243d209
SHA512 af6646f6e2c6cea343e06e249edcd34ad8f8ff35750a7dd2aedae7e88276b6794cdd0454eaec3a4945856f190b520a5c1a9a7e504dd5cb561a5962177393a19f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

MD5 cfc022d784912b4d9e633845571f5fb6
SHA1 a278b36ecf534cbe3d47b40a9f2856603eccec6e
SHA256 d7be9c50acbf692311c9673258aa8e7c7dab301c7cd535741af825a075b3c9e4
SHA512 7e348b4dc83af7555f5db9fe72109ff3aace74da4e551ed3092172f376e93edf1e3638a8ef6210c599540d298d49f2fa53479f24cd967fef13179d33b032dedf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

MD5 fe7ac6296a783949264d5abc8d69b443
SHA1 32bca04fb95f953deb38e3bc05c0314362420b76
SHA256 ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2
SHA512 e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

MD5 153aaa5869cdca15f9b99e8f43a25d64
SHA1 ac867691388a103a43f90dc661af3d6ea3338ef2
SHA256 7771bb39cdfc7f24597e69bbf4362b6bf33fff16176eecb722c5d0bc7d03ef8b
SHA512 c7dd1c898573f6843788ba4bd690808fb1b652192f45c5a24fcf0d6d77b6212b647d9022ecfbab33135f53a9305ef01d7b8eac0ec60bca2ebfecc5d8535506b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

MD5 479ca49c2af1f784e2bbfdd2a45452b6
SHA1 42909cb211f3d4abcc6bcdb5f200430245cdccc5
SHA256 387c9f8a0d1452afddbd16bcef099f318e8b4907c0d7dab7f8dccc8930e863e0
SHA512 2080d6a479b0c6edcc380d0868a252fb3b7dee15e980e44f6ad58cc10062ddb3fa1c424177be163317f8295784312873f74b36e5374dc385fe7c797533b3d542

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 6062cbbb367fc6442d9ad7510d79a3fd
SHA1 1622aee92f46f5acd3f32db3035751d85de48d2f
SHA256 014069e0d4e7e42e10cf1e7f365715aaabb4d001f7423ea49cfc71fe71a45867
SHA512 0a2ce9ed9db36bf0298eab96d0288921b14a01bd5cd4e7178d96dbfdcbde100efecce29477f65fe677c2879beb43ef4fa370cb83711aeb26e9098e51d8eb246a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 538f7ac34df800e0cd3b42db5ed4ceb0
SHA1 5b18b941282302a7b727be5469d8e39f190a96ba
SHA256 c65d2d8c725b1d5731debc69bf0325ebf7f4e2bbbee2679d421dc5fd5df129a9
SHA512 5bdcf82e34f8a6e24c85bc4bb15e8de07ad7441c31f776218299fe7a32ecf791792bb129c1932a956aa7dc09df7106d580a856a79b397782ea1e9417d33748b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 03e38e5390866f272e21321bd669ac80
SHA1 f71f9a37b6da60c7789fcc091d842133f93ca931
SHA256 69fdb6438c95e5e44b75a76a81cfcb8f94e429dde8a1b65e97f01a599486f93b
SHA512 f3005287f37c9b68b207a93968e86ff1fcc1057c869015097f8ee579d611f2f292333415b12c6e8f30a8358d84d02c62bb6144d04d92fda2c7734285d8b21511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bad17c9744ccb621661f6e720624b18b
SHA1 f0945ba3d3faf57816fea9d726c3fb0ee7e78803
SHA256 2530a033b2d199dff2442e246c4c24134e15004f1a5bbf8ecb4772b5eeb29bae
SHA512 0663307181f1f1bf41cf46279718225e6193a680ae067638c0c0a42d4403be147f5dd4c182f7849d611c7bf0dd0519128296b64c45c2ed67b01a015fc6860160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 22fad2d1e63c5fd6d0f89f13f763f113
SHA1 0c5df6053c965c16b47debdf16e824842907f08c
SHA256 774caf21fc7cfa5729316385724a75b067110f77fcb3b2a98efc5ede203211df
SHA512 3009a94efab502899f0a0c67cae9dbfcbed41bc04b7f83c70259800e15b4e2a79205b695d017e239dfb5f617774cb8414583595258105f8c86f0828df24cf6de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 70633dc7bf11a0878fec9ad8b5924d27
SHA1 d8698d85d2db42da410a440a4ceedad88c9c40c5
SHA256 318e191786737f178ed7e2419190b1eb13d7f82b660a81db9b9c30551071212d
SHA512 0128e951a63863e0dfac27e178aba328f3314cf21118697cc05f410314a3188464cbbcf638e7bd9f2b59efc4173c9fcd7ce96fa1e13b58bb55f11084132b943b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

MD5 926ca2a126ab3d47720a29f3f70a391d
SHA1 9833065a68d83c02daecc4c96d5b654bf83441c9
SHA256 7ffea28f23d852f2e357cd7386c98e473321cefc3d53785931f0b3cc3b1d52cc
SHA512 96bea839f1d5717627dc7e67010d494f73082a9db9296662e96007a88ab5fa5cd7b1832d75a25f43b357f775abd2045102f4d40a09afa1013176967cff1e9f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 14534796315bd10d3d726d52380ac4fa
SHA1 8a3d296383291540433411c53a55add4eb331a38
SHA256 d7b7251daa00d9540df64a3b2261e06250d35078f86415e6189cd22c07db204b
SHA512 c3f81f7f919fde4e50688896c922771f221273c38062cfffbeaaa18372f5343f5404e3d9a2fb2e7b30175cb837806f1cb306be47c4fc0de6c873f77332dc2ee8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 9027b8c7ea807002b69fcbb8030558ba
SHA1 984b66c37a1f916f0d9a846bccad60e019b799ce
SHA256 b22dc73f651e44c66d853c71d332853ddd56256084a02a13df8804ecf2e6f97f
SHA512 c7a276260f5019f079128e3a606a6295ff3522789e318656f8700927b8412c328bde2acc7537f7fc537d4037362a07b6f3c6ee7198d1538445b03720ae1d4b63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.log

MD5 c06466d1344e73e191fd5fdc551a55d1
SHA1 a7bded0a188cc58bd02c3825c100289f66c97e76
SHA256 a6b649d8872a8bc3f7e8bb74cb5540640640ac744c32cb4c20e85801fca81f7d
SHA512 ac99d78e491846282d1f1223f66ce81972ffbc65c7209de6cac5235169ec0857ecc7626c841c9e168911a835a9a13c01f808386965f70c304e6ac7d41cb114d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 e355668fb229114d140539a4316ce73f
SHA1 4e0008219e2cc9a8cccbb6f1926d8e35aa85c21e
SHA256 391ba7de860c22e0a8f0d07aba303951503a4a99f08391ca0cdda5f529549a4d
SHA512 a7b17f6316dbf0cb2d679cd43d1100c501fa4a140115b23836e2ae283df8ff504d235a1b2d1c19758c4cec510168b0031c672a97a882c27668997f7d84a8e83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

MD5 b6d5d86412551e2d21c97af6f00d20c3
SHA1 543302ae0c758954e222399987bb5e364be89029
SHA256 e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191
SHA512 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

MD5 78c55e45e9d1dc2e44283cf45c66728a
SHA1 88e234d9f7a513c4806845ce5c07e0016cf13352
SHA256 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec
SHA512 f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

MD5 859d490e38e7ddceb44bcc0668a4543d
SHA1 f916d95b7b020b7055b76bf5d66fb00d82b30e3c
SHA256 d0e76b7d291eaf628bd7411f50ad82f43fd0c147246231fc2d473cea752f995e
SHA512 a2a288558d07cb42b8be79d9c56a45209896e6cf3d11e31830d4903d22d86d240568fef0432c8bf4500f46d8899f632a91fcfe1d9085ec1682ed4e3b291c90c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 a9a16ac9328ff89ba9f030324a505bc1
SHA1 fc8b14eb5e230a5b99e0bb1ea29cde1da5ad5510
SHA256 f3c805a326350a40f98d7d683369c74b947466f01adb24982efb40f54d31c00c
SHA512 deaf0a76189dfb93888bfdb9355f2585470c379efe645a8ac0a77634e99fceb75bef2cf187a54c630256bcbda454f4b97111025eeb708b2fcbb74906a39ef785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de26b900b129480f3f2673afeb5b7910
SHA1 fa8000284b38587e1632e5077b02946d0b300189
SHA256 7732d7353bae9570d333324983bc9ceafff76ed26d43425d3be8cd3e1bb36672
SHA512 f031da5fa2ba8aeccdf54c13b497a5d1570716fd65a03a257eae386ce6fb46cccee322f7bf1cdb9ee4871bd8d6046c6129dd3da79d9887d772499b2a37358f47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfe2944b9c853e52194e3adbeaafcaf7
SHA1 f192cf83dcf4ee32f564d20f375b5554295453a5
SHA256 7af174332409fa0af338b9c137ce493da755daf506280747a21806d71748fdbc
SHA512 dc2d5e4f0fd63e142ad0caabaedea46b085e738665353d536903564163e0e8456d19e71cdbee468aec6f07cadc58e007cd2fd4afa45ad9134e0191185f59830b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ee4e80d88f2a3ec5b8184d2c6c0c9fc8
SHA1 da4f3f98d3b6b13df23de1fe46122da4db6d3441
SHA256 0bcff012d94a4ea52a84e1684966a1a9f59b5bea86b6cc6d35b70ee3b47cffdb
SHA512 5ad1051e70562b3b3bdfa5b2308065a76d44ddaa418d3379c0d507fa160420442968c29a61c5c7f42e1a12000b06e33aabffb993f1020213cfe5621013f630cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9616b798fd52b660c139a237e0fcbf5
SHA1 cb30b40b09d4ab2e6508efc741cb05f401a315a3
SHA256 273f16598fb62bb0043bf02d4d8464050112adfa9e6499598ab76cd0ea56ce03
SHA512 caae92f542f94335fd0236f2d5b31a7e911f05fffcb82270d4b26975162b06d9f941c1e9284a034e15b7fe88200d38060a01d5b2f97d8e027b6e3bbb3212ac2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b012d41f2ffdba2c4fc0ff485575a4a3
SHA1 b4a497a314743db18f956851558e71e4fcb6ec7b
SHA256 11e6ee2a74de3662444e46c25ce4f7218d4afaf4cb6133ee78128593247ead0a
SHA512 5582258668c7e8c3343180c24b3c8c929b98988d0cc2835681238253148da69cbbf399f9615547e2653d0bbd94374cda1a3ecfb67e92921cc520dcc270d0e611

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 eaf3a16c04016a8a80cbe2c9ed356d7d
SHA1 569c26c75b3b12a820962c4697f770072204346a
SHA256 de2884abeb3c624e5808ba7eb4c21c7a4d9522100998d553abb5c78e1e7d46fb
SHA512 202e8a937e25e094dcbb6800e7ebbbd024597771d70ac561296058a39a6f0851a3671c64fa70166014c6d46217818565e0ac73f599f1cd4c407c0da2d7fc7341

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 076f86800191e2aba6739819032e528a
SHA1 fbf7b4cf8691286135aa386f7c10b277e10b433b
SHA256 0164a345d2d5ebf017232ce39777a8d5da5f22f91d97675bdcdd3a2d2630ceba
SHA512 de63cbb5d41b0b6b48e0fae702d90e4c8acde2a37d8193641e8c2ceda558bb9cb693aa5bb0040850df86f397ee0c2a722173c0551b1b986c480aead6901b9207

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ae24fb6c79023128b473f693696025d
SHA1 8423abf7d5895b24c0d2b434bb409e1825bc4067
SHA256 4fa3c710f84f75c88fe263ccbcf7fc0b5f9def7866aee5033ec8247ade5bb02f
SHA512 7cdf5eb115fa771796eab08d8722d04e6ace2ca510d000e0665849d47e7ddb81726973bd4fa5bbda96e1e00acaf7b4f1773680e89200ba509eea3ee7bcfab23c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0171a4148c37aed0c589293e1830ab90
SHA1 d43ad12fa2aff5aea1dcb8d1ff3e338518ce87d0
SHA256 3692ddfbdb901eaa349c5980a69f7f83445780d6f928aede1e6446949c5044f6
SHA512 7e91b067e12e747c9c8c2ff199537cd4f2d9529dd66db1e491fccbc05976b8dd3b0df966d8c5d2e2f3af74acc2a33a4ac15f82ab556f8c4a0a522512a06c209c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8bb7086587c8b4ab97f28214192d46d6
SHA1 9d29e9cf2f9097643f84da76014677b4146914f0
SHA256 d1624234f89db948002956086015c76fa98951d8fda1e5016ac6ca1dd48d3a8f
SHA512 bb9173c2facb357df6956f0b804c2f05d2eb776cc8a6555aae0889d7c6d333afa9d4cdf1f002e1d09a8f907f3caa355d456d8566bfd906fdbb8ec001691ed373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf78b635.TMP

MD5 5e0efe296c9941087299db94470f8046
SHA1 6d3628bf8c685902d5da0e671614b595876e0fcd
SHA256 3beb7e8d2d4063e47e3e946a3670a3c34187cec077b52b958220e0ac334b4a80
SHA512 5ff7897fca07aebb0dbef62d9c2dd368d901881eddc286011cadb522ea0507bd5f780400b891100ddbef2db621a56c2810db681d5a481e0d2d15c428844d78dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39f5b823173b0cf354e7368a3dec3c27
SHA1 118b5db30ac3ebc510dcb5abed13775dc4217e12
SHA256 a55c8ba9c3c4e7c4f7d0320b949a10c5c7a52c8ef919c78f8559a8271f92684d
SHA512 73b4e9531830e49e026eb1a190a61ebc2ee5189dca705f4b9ae27b3e399878eea72cc713678e0449a7b839676fccda0ba4a200fb8ede68608a64fef479f9a356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2024cdad299255a42b88d4e9eba13d12
SHA1 66ee48a01bff7380aa51a72c13cf5f9e182c4b72
SHA256 e21253bffbb064f34162347ce543920309faf49e797d1e4cbc194265a6cccd6b
SHA512 6cf403d3185e9bd8a4d31e14ddadf14e19c44ea8e0fa3bca4a6780c0f271ffa6658907e2f071d5f5b8636e550b865f3d77eda0b1323d14e56718b72801cc0a57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 806891d2faaf0f078213acfd16bcc346
SHA1 7070f4a0c40d72ea90f69d230a8f1a9411d8b746
SHA256 987298b2875f61e43f04b7f94b6b8f3a2584408a4801aa7166a1322b4017d7c0
SHA512 03fc18fc0405e9d97cc49056a6be2399ced9a2222a7370f196c56ab16b329f5c28311986596900f604ee54b829d07bfff383f5299640b418d325e82cc27c7024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3EAD.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d6dc0d8b68176c6182ad8768e2a898c
SHA1 287d9c38f9a796f3021bee55a9594599b20df1c5
SHA256 65c7273af0a595f11d4c647907cff2443e1280b578b88ced21b1180e5808ac49
SHA512 71ad708a1d66a3d8be5c39ef7c651558c5375321adb878765d6cbca16da38f9118e324d1e0972230abc9194947230fe0fa9f2f11cdca75055611b14ad4e1457f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3acd9ce9405ec3cc578df797936ca7ba
SHA1 dc477c7fb0ea028415ba9395c9cfc1b2d699102e
SHA256 cf2e41115b4bf9725965b1cabb0248702a47da87cc084408b1d39dd7c7f491ce
SHA512 f806d3255412e78ab96462d655daa78bb65f58a9fb5bff9ec71cad5dbd60eeebc554cea5792519956534c3b521601d674a614740b14dc42a50bd9fd78f6039ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 482c8dd2963bde5e3b0e80d3937df181
SHA1 1d9c7722159c863e1451895bb8610e771a5db203
SHA256 3a822749a7117a8106aede2e78bc40a6dc315f9254b04a6042329f4cba401cd1
SHA512 d7b99d0b80882758750302843d1232dc30470b92f3c591919311d892c48b3584674d37995cc6eaf2e2af4baadc458a5e01f8b04a88a30e00d2593f8364cb7a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 90121a240df519ddc0843ad947ab7050
SHA1 99d7bcb980ed522bcff1d13512435d57df8f3232
SHA256 c85606f1a8e13330ef402d5830acc31130a65ef927df22dd57ea24b11327064f
SHA512 0c7e3318b74aa093f28e1738cd321d13a97e51f309f68be8d7c5a966aefb23efe183358e92c4c29b5ed1fcbdb2d675651ee09859a5b720105c4cdfc2290c48be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d51bc0bd9d4d5981dd8d515e7763a2e6
SHA1 14ee11fc233bf47140239e04f1ca42e84a037695
SHA256 b3e2b6bf83c6d31c441f15066c813ad98a5f7610a9bcaf51f4f91ae0d47d0638
SHA512 58e72b04d32fb01c73f99305881485d3e2b9c50a253c00d174152b7d089538940df18ee78e00e994c0dee4eb258ae124f6f5d66b05ac5f10257ee614569141b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b1640051957f7d79e056bb9f66138b5
SHA1 7e5a51c24c58af2b4c752ad3935ca57cbced3cd2
SHA256 4ff62b01d230597726761f9689638d18b57fc776b910757337de0a877956ae53
SHA512 decfac0aa739889e6269df115edb18124c6363306fa6c72281842aa8f23b8634d8aa0f06113b88ccfa7780f870317750d1da8a755f27bb06a9fef7c9fc6c271c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdbb227129f8264908e88589f7547ef7
SHA1 1d97b51dacec34570c978d0a5d7c5da3ef0afe85
SHA256 ecfd2c3e21c67011aeb8d7f3527d9d5735b9eba5d58901179e4ee826319cafad
SHA512 ab560e948a75afe18dc149bd08c26c8f08507173894ea2c9843daa27aa4fa1548e78b2e1d79f43bcd2fb4a0755f88b8057548372ff4ce4733453214721c7c982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f00e1aeae2db824f53f6800ec5c6f518
SHA1 47ff9c1a7815eec8595947bdb3c5137c87bf6c8e
SHA256 7e52c5f1fce3cccb8757502504b3146df98044a0bac1137b02f7c8cc722b5143
SHA512 cbb695d5454727af32f939e5646ae2ec01760c0670356baa3f205353aa176517b775d1a56efeba91a59eeb15ad010eed7fe2f33c14898741000f667bfc3c3f13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 ba1cf1214e37c9bc75bfb07cb3be3f19
SHA1 ebd71aeed5605f5586c9cf881551f9c2c52d88ca
SHA256 b539b08ca7cab8058637753a65cfb6d4db7d3ae6ffc44fbf4bba891e7f7206ee
SHA512 ed07fb59a32860c99b7103d11c50115fa171cb27b65fb279f696d44449c012c45b01ed4dfa6f11652dd54b5ec39b29e98de4bc05d4222ead20299db2a68b53fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d64f4ada32d1d2187892fc45913a272a
SHA1 36a9133701f0bc2ef51a86b03c2c85c7336b6693
SHA256 a1aadc22c08f0677087ce5172b451386ff4a5a885450f442f0b9299e4f67fd9c
SHA512 67a1ef905a9cb73f4b03f417140527d7da9d188d586d995bb6eacefeaff3b0a4947826f976b3231f60d6bd4fdb53652ee5fd978a4edf37996ec6b40e8be82b0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1280ede3818b391f2b1b721b82cfa76
SHA1 21fc683082515a3cad370585d662b8bd7a48507f
SHA256 0dc4d4bea1de342f8b824904ec8522d1e7a50faa16c324bd06e17be9993eb9f0
SHA512 8f66672486b17efe8dd0c4ba353f188e7045e1d2058994b3505b2d248641f270ab735cbeff37ee820a179b326ec3c7d0d39cf1cab221d4a3ee439a6ce596727f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 aaf07da1a33681288e5ba62fea2c53c5
SHA1 d8697d34093fafc8e062a11a59ead8f16a659f66
SHA256 df605d33735426aac78d4b928c5cd14d3b760fb61322678a04051e1238cfa187
SHA512 f245a2a3487702354a49ba9cc9c17021e9d4b35fd970370025f2b56d1a156371f81948509727c6f641781f76812c5e4660014b48a5eda10c8b9bcce157f71522

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1053e02ded3f65342ae29dbcc41b311d
SHA1 028b7029642db1587d5e71c35610ad61d24a0674
SHA256 81558eece741ea79af90b38520ea0c9fad93c0fb8d47b6706fb5b48bdc804f7b
SHA512 a54ea142c35de2e6a874438e2c3088519710f255c636f672588a761d10c665798afbe45b12332364bcc15bfbea278f35581464fdc87917404c368045f13a5b2b

C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

MD5 1a2ce8f6f111d438d4467a84d8c74351
SHA1 6f2b6d316eb820ae6875b84df9615e412ae0773a
SHA256 9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856
SHA512 8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193

memory/2992-1373-0x00000000033F0000-0x00000000037D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 d795ef2a7b1d60d78cf3d4d083346a7c
SHA1 68a623b6b821476e543ea8dadb02ee3a78c55762
SHA256 c367e0f3b55b16ff6f167f19a3885b9dc7e9e34c0ccdf1df06af5ce7656bd61a
SHA512 bbc4161586240074989c56c9abed3bb36cc68516f03a741438a07633c21343a2a3c2ce43d741f83096e28a541ffb58e56c348cf8ebaa3dc91ae8953bb72c1666

memory/2992-1379-0x00000000033F0000-0x00000000037D9000-memory.dmp

memory/2992-1380-0x00000000033F0000-0x00000000037D9000-memory.dmp

memory/2800-1382-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2992-1381-0x00000000033F0000-0x00000000037D9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 353ce4070c59be9e23330325e93988b0
SHA1 9e591fd42db0d29c0a30b2b3bfac3ceb58ba21e9
SHA256 0e9e6467e715e17ef8a813c33052cf6712148b382430a5413d58e70e7a5f7ca5
SHA512 f68fe2507ab6949e02724ddc803b30d5f8a19184ce496185e4124085966de25c68c8c222da1fd5bf8819ddcf09b11a1cb670751963bd3961c8a154e4cfaef44d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

memory/2800-1964-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cab7e5a55aca10ef192ecb0f8b685c63
SHA1 746a3701bb89d90620234c682f10a79fed0e25f4
SHA256 93d6bd5b72e0a510af5e8a6f451e8fc43cb88caa09723c56b9f4e333e75b1595
SHA512 01874534cbf5f3ca701acd457c0ae792fb8c8f4af7341fdf7bfedd8c2fa091f95f3e8612f55c809bd0c56ccc83e9f0b5bfb2f8af2f001d349ae93a3adbb5f19f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 83a8f0546164c9ba1a248acedefd6e5d
SHA1 7652f353ed74015e7e78bc9f9e305a48d336b6d1
SHA256 e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9
SHA512 111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d49ef964f574f1fa41c4f4d785995a54
SHA1 5c91d95c1ffb92a0fb1719a7fab7e3a9d2c5418a
SHA256 bc735b1ddf833d6480c58db664781b4ac84dd64bfdd15d5c3b5d9d841f150bb5
SHA512 77b1b021167895750f1ce5fe758b8e742f008a2d6f26bdf2587bcbc577644feea086f17b420471be4b16f805642f8a461283e64ecf497f8f8450d36bc15fd4a2

memory/2800-2058-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2800-2057-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2992-2059-0x00000000033F0000-0x00000000037D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

memory/2800-2084-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2800-2085-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2800-2095-0x00000000030B0000-0x00000000030C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

memory/1700-2118-0x0000000003280000-0x0000000003669000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 a266e0ae1001da0023f9664afbcaee99
SHA1 f943c180e5221a5943039c21b21f394dd99cbe14
SHA256 819b9a02a788445ad6c4d8f38e05abe911e289e71e4d2c2e37923c9f66f576cf
SHA512 525b8473b17732ba94942df63b0e43b26ee0157b137a1a39f52034b04ce686097e92ec8d9ea422acf02edc4385863c0179a6af73af01dfcfc1cb6d7c9dad1e7c

memory/2184-2119-0x00000000000C0000-0x00000000004A9000-memory.dmp

memory/2184-2126-0x00000000000C0000-0x00000000004A9000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 fa9848f3cff6d80b5704c6d2ccb10c2b
SHA1 714c93f3fc2b915efae0cac6028d317711d59264
SHA256 63ff7897d3a90de887c1baebb2ef7b87e596f1749e07322090786c902bdd8d16
SHA512 9078f5e3583a2b2cd43f63f023908f652a4c6eb647b1bd8988d33e8f2f1d34d44192ce50b795ffd9764d94a343bdc2ecdb94483ceef79739a92ff8d6a0f9a41b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

MD5 d1172f72e8fec2b8ddbfe964b7197dd6
SHA1 91b86d380b4cf7f3fc6dba2be364551f0194ceab
SHA256 a8f33799d6ea706548917b5686b7bd1c6f077fcb344cbd51e9af8d7b4ffbb7d3
SHA512 afa1b94831188a4d15314a9c2a7c528e7c748a51030bbf6dfb735de5288f5a5fbcd6db3c275a0346c69dd6e999b50df81c7bf63a0cc5cc5c563c49844d363acb

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 9d399665b43d4310c637b43ae523da04
SHA1 5984f23773322e93fb762168cc1924fdab9cca0b
SHA256 c64efebdbee0cba76aa97b61953cfeab0097443bafdddc840feeb81ab0b4f2f7
SHA512 b881e136b499b8a32a68273d476daa5b258823cceaccf73740341f2af366458e66e1e91d5da8cf8bb07dd8f67665774caef58f15031c3bcc0a2ddad41d0c6145

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

MD5 b0a5a3db3901023adfc16cff5a381ead
SHA1 dfa2662d731eba223ede334a6f875b33e0da964e
SHA256 88812d618bc05aea2f43fe26cc7fb24953883418e51d6ca14d6a57fead9b97fd
SHA512 8eb6e90e6884b6ae0fdf943f4326d3ecf34eb9cc5e73d87137ffdea7caaf11cbf48bb7571096d7ed1e0de6c5627cddc9e018eeab2bfbe6639b573ac4b5209960

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 4f5ac42d8a07ab13f607f74e65968f0c
SHA1 c4427d15ae60e8b2d69606d98ab0988313e869c5
SHA256 60c385efae7bc4f7ddd6c934c227f260b969c42ad3c578dc4d0ffb037b66e01f
SHA512 a801cf785703fb2d75a4010f62a165555e2c36ae516786408a1f31f405d2e10a7931711306c289def96a690566263b5ea0735939179fe178695694ebeca519f2

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

MD5 982b81691cac850c2b98b252e4064660
SHA1 0c284934268046484921afa55587d863a3a241a3
SHA256 3aca81c52680324664bf3128976503ce73931444b956cb3127810661dccd1687
SHA512 5be188c92fd6dc8ff014f4f4ff3195edc69edb6142833a42ad49d45807ccb6bc5e7309a91d5a7f822f96f2951872f85d7a48328d123d2df59158af64a15e9f69

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 a6e153b8f74212040661167b48918ca1
SHA1 5a83b13e13125e8cfa015b920b45e5f3dc93fc43
SHA256 b30f444755e085726884f97bfc4a493d0012c4f782a6a67a771e1f7563d5523b
SHA512 0a0c55c4dacfae4280fb35ef3b726dcf6424039573ba5f1f62282009ebf95de62d3e15438e08fdaa90ffff9df919737f60744f98adb63a73197d450ac6772f3f

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 b1dc26eb82f26ae725344bf90573cd64
SHA1 7224e235ba1e6043b1f4fe3b398d3916ef1ab26f
SHA256 942699a06aabb3099a1978ac3b67fb45254109f97ad950973e82e918454d296b
SHA512 dbe37a4112907cdfb7d58d4f5e208162721076c5889051ea3471397b614d4b2c34a634fac2475e7269d4f79bd5e4664f706a6c44335a63b5dad3901c0454a4ff

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 354a4484bc25a051a5abdbadc2180ce2
SHA1 ab37279f2df471c8b8031479a4e46c55a05136ec
SHA256 d0fb8ac730d9986e348e6ce1d5fd44c2559e9ad5fc30401c8be93319ed3bbbf7
SHA512 055ad400b2799927b0646ae0f1beaa87fa141610bec9d4eadcce39b333855e8d9f3c9d7668d4c40bc1bc0a20eb371ca1f81972aad2b459cc692d59c28748303b

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

MD5 2fe88aedf465ed13678cdbc685e44fa0
SHA1 624f5a00e7cb017e9bfdfab79f6594a7e02171db
SHA256 4351cce19e5189a474a3e5dfba8c1c33e51bd875c1d574e5069b49a752f9f665
SHA512 6fbff486e7064d083ba8d12d0bffa102fdd61a3f818bc85516ed12b287b582adfe7d358d6ace18b45978bbafd9d9a1df2e08dde8291cabb35677314e99ab299c

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 593e984da561b2dd8b0b4bbd94bb6453
SHA1 ca001ee68c92464491a106aa811120687d3df813
SHA256 b145322faee2f6e7926b1f69876f191e84901eaa3c1254dc8d693d64926c077c
SHA512 eaa7a9efeef2d37ebf3079b704ae06dcdd5979530c8da2d32ad17e034e22a19df6e3750e48b40c0be1ba932633f39ebbc4ffc2f65a302e07919bdbcc6e78b641

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

MD5 b7b32e3aeb677124b236d776ef443489
SHA1 3249a596e03148836131988b8ca9392f677a7470
SHA256 f60847a54bde74835d80bb41bc3c57ad211ca30d69c2eb48ef7bffc7c6b44d0c
SHA512 f9044d9da82099a0747b3de0382db0999a9f80cbfe894ed9c4961498c41c5db9055c32d699424b6c5835230a2d74df491151beb90f0ff959b580164b2defab2a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

MD5 7d26a524b09feacb9db695415e1a66b2
SHA1 724f925c2663b623a9755bf722b3f297c8ff605a
SHA256 867072872533f9000508dafdd49f5b83e03de7b611b454290e062034a423dc74
SHA512 6adae2bb7c7e390f5e50df048fb3417c31b025c4d32abcb97ef8206ae3f0769997650cdba178bbad8c34f07a4e613666388e4b9bc465549b47a8f01f0dec4a57

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

MD5 859d53eb6f971993774da3bccee533a4
SHA1 c51f8e6a9cbd749b77edfeb324ef18ffdfc8e4fc
SHA256 768c5aa62161f6ddcab82911e727bf7d902c8d3d24d7c62726542b32ae70f3e7
SHA512 5e2f6cd3ffd37a02b5d198046e422bd7c19acca91675a6c38f58d0a985dcc640aedbdab969df9afbc8be6367df071d8e77663c42d5529d9c798602e6c97d246c

memory/2800-2666-0x00000000010E0000-0x00000000014C9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f160c383daf832d8d0e653ee2a72c84b
SHA1 bd61cba81edf6c4810de36638c389f573f996715
SHA256 56f1b07ce9e0facf0bc17fa690fbc76b818d6dbb44d99c52178905982612a679
SHA512 cfe1d5cabf71ac90d757a21d2150d744bfb4b79853a3c339c32ec30dba424d46dbd9e2af53101c9a33b7652d5b46c7947ba393c2e6d87ee04f7ff92428ea6dd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\14001eb2-648e-4a79-9dcb-59aac99a3feb.tmp

MD5 ca259febfbac7e57dfc344f379c2a84f
SHA1 b16b44b38e1b88ff69293918df9e726eab92389f
SHA256 5cfad3be7678fdd49c7ad40f4818321c1d9fc4a7a3d2aec5a740f560b75f6fc5
SHA512 8c84ee2239d50e8f271a7b609d85162b9b9d18da92b248f72059e214171efd0891ce09cd77fb1f09d82c2d7dae93e8e790306e3295055eb41606819b4ca5d32a

memory/2800-2703-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2800-2702-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2800-2704-0x00000000030B0000-0x00000000030C0000-memory.dmp

memory/2800-2746-0x00000000010E0000-0x00000000014C9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c9dcef54b075b8ca0ca7fc5b0a83d904
SHA1 ec92e56b61d89650658d5b6f4c8c5755d58b8936
SHA256 df545a819a6df91067d28b835d5e6221bc935d00a68c199b579b30275a7c91de
SHA512 fedfae87738cc19806e027e02fa5f5570802bf07790f04f6e57893637eaae0d5c27b9ec623c39974675abd22ef2acb7ca9da49fbc63324823cadcc8a9ee151de

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e4d075d9279db6d73bb9439a62716323
SHA1 f453dba62c4ba6a8c9145acfc65cbbeeff59d2f1
SHA256 0fadbeafcffaf4a73ac7d4a83bda118de5ce7dbeb14aa3af4306fda5840e0020
SHA512 2cea25edb8ef9d80df4bfc23c501e8d16c82fba831412bbc973c5f09fa21a01f51999446e586e0f6964359b38620476c2f7127769bca26b767700f61d9930290

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 2a1bb1b1148061f372c632bdd019802f
SHA1 8681372d5f762279418126c921ff924a3630e692
SHA256 77c4db15c8d3bf81bd561be3046e66704e5300f278d19f234dfafe56167359fa
SHA512 203adbedbf8c6f669ae8f655d7038cfe514547fe8d444c991c44bb36736ccdda6f23fdb83febaf77c29128b95d34fe3a342bb6bf6861d5dee1aadb8de2803dc0

memory/2800-3018-0x00000000010E0000-0x00000000014C9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a26fc855ffb57e2ea01b61c13d85897
SHA1 e75cbfca367bddd70eb8777fb592fcdd7636f419
SHA256 469f9f67db686e6a5bf823d382ab8495189661a41ce4c15e35df2cd84799d5d8
SHA512 4c5c1d119988bbe815820403aa4b5618fa39a86872b654231dc585ebe4b723a442379a89b3b460d368e2923c2f52cc3f9558fa3d7ed924e84a1ecf0fb41a9365

memory/2800-3037-0x00000000010E0000-0x00000000014C9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4905c75438ca43d08720ae1dcfddccd9
SHA1 bb6c491b5571441c147ce756b6011fe7c08ae371
SHA256 9a5328d35c6485988c2dbddc462a3d207963b9393bc5280c54ae109e8336bda8
SHA512 326a9efce897cee032d13fb8cbca292136c7654d01847e31132f58fb6da086bd152792d88775b75bdce8bc2e3e2b92083722c57d7ed564c5c00317cb7abeadaf

C:\Windows\Installer\MSI3D47.tmp

MD5 64a261a6056e5d2396e3eb6651134bee
SHA1 32a34baf051b514f12b3e3733f70e608083500f9
SHA256 15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0
SHA512 d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

MD5 69862e8a82c503fbc5cea0c9e8a33876
SHA1 a69deda06d6224750bf1ab941bf934bf5250fe4b
SHA256 8fc3a97777dec1ab22f74f069354cab4880731b873452694921cac9814059858
SHA512 db86fbd4e1692de8a2dc6816d34e28b12badaed81ad07a7ce4fc225a212fee63eccd1f51c5ebdf7485ee8c0db716f9ac649cd2a4aae92218372582e7ab3d3951

C:\Windows\Installer\f7b390b.msi

MD5 4b80c230492aedab6757f904167b4e17
SHA1 ca169fc089c12341ac8a023e98e5f7d58a1d5d90
SHA256 0d961da2bc9f0fe029c31beb616d5069b718abd7f494f28a86fc6ace8e4718ea
SHA512 fcfbaa9c987bda1143f2596aca5bb3c04eebbb8ff7cacb9f855ef66d4c1b433a0a07c9694dcaff56f481df0234e8cc833e0c4b66aa52c2541db5fc562a741aca

memory/2800-3544-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2344-3613-0x0000000000140000-0x0000000000141000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 625bd85c8b8661c2d42626fc892ee663
SHA1 86c29abb8b229f2d982df62119a23976a15996d9
SHA256 63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a
SHA512 07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 6684bd30905590fb5053b97bfce355bc
SHA1 41f6b2b3d719bc36743037ae2896c3d5674e8af7
SHA256 aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20
SHA512 1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

memory/1808-3784-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1808-3797-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1808-3800-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1808-3825-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-3837-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2800-3848-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2820-3850-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-3853-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-3854-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-3868-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2820-3878-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Config.Msi\f7b390f.rbs

MD5 c9de4ac142899056354535e24742a25c
SHA1 207ac5172ada0778d1cd78150cb8a637dba39df3
SHA256 d54f88cfe96e33906a95683b576333b68443553ac77a2cdb34a829cc5320d646
SHA512 f4137a2f216d54dd620265f19f73dbc1bc9017bd7160534deff028773cd3ccb0f7f8b290e3ca33dff43d2c85d4ffdefca10b494595af09674affec3adee92d3a

memory/2456-3944-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

memory/2280-4059-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2280-4061-0x0000000000130000-0x0000000000131000-memory.dmp

memory/2780-4073-0x0000000001F30000-0x0000000001F31000-memory.dmp

memory/2780-4075-0x0000000001F30000-0x0000000001F31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\runtime[1]

MD5 5d4657b90d2e41960ebe061c1fd494b8
SHA1 71eca85088ccbd042cb861c98bccb4c7dec9d09d
SHA256 93a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0
SHA512 237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\host[1]

MD5 a752a4469ac0d91dd2cb1b766ba157de
SHA1 724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA256 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512 abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\l10n[1]

MD5 1fd5111b757493a27e697d57b351bb56
SHA1 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA256 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA512 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\layout[1]

MD5 cc86b13a186fa96dfc6480a8024d2275
SHA1 d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256 fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA512 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rtutils[1]

MD5 c0a4cebb2c15be8262bf11de37606e07
SHA1 cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA256 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512 cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\common[1]

MD5 f5bb484d82e7842a602337e34d11a8f6
SHA1 09ea1dee4b7c969771e97991c8f5826de637716f
SHA256 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512 a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\masthead_left[1]

MD5 b663555027df2f807752987f002e52e7
SHA1 aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA256 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512 b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\masthead_fill[1]

MD5 91a7b390315635f033459904671c196d
SHA1 b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512 b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

C:\Windows\Installer\f7b3911.msi

MD5 d7390d55b7462787b910a8db0744c1e0
SHA1 b0c70c3ec91d92d51d52d4f205b5a261027ba80c
SHA256 4a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a
SHA512 64f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434

C:\Config.Msi\f7b3915.rbs

MD5 a8c928e397f7f03ccd69c29cbc7de443
SHA1 45bc269ae498da829fa3257df67e6ad2d24f8e82
SHA256 ad2415a7c0b324ec329539cbe22522fc6a8d1360ea138531aa33330f8041ecb0
SHA512 823fb606bd526e85c8d9e911d909becaff46065b2b7f6a23502b780660d7304087af4fab729976f6930df7334a50acd56efe07d45b54221cc704d4685d34476d

memory/2712-4295-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2800-4746-0x00000000010E0000-0x00000000014C9000-memory.dmp

memory/2908-4753-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2908-4761-0x0000000000470000-0x000000000047A000-memory.dmp

memory/2908-4762-0x0000000000470000-0x000000000047A000-memory.dmp

memory/2908-4764-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2908-4784-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2908-4785-0x0000000000430000-0x0000000000431000-memory.dmp

memory/2908-4803-0x0000000000430000-0x0000000000431000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9491e87761aae57be649e34684e55673
SHA1 74558b53fe1a395f607669bb5bebd09fe9bfb7ec
SHA256 5e8b3db1189c4d587e826c57d7bf8838790e6be289e6f216d3d9dd6429e6f88c
SHA512 c9b32c5355274d46a685116ce7b0d854d49e2748f3735fc7bf29cacfbea28474583d305f62ae8b56699e142d631d06d46ee0ea2d87ee0c0d6bbe38712ab7a8cc

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

MD5 91db38ec63d5ba27c2d84d1ce4f5950f
SHA1 0f981c54c5dc136c271387b919d0da1c043484d0
SHA256 4a21a1eada9a254e366a32670c65ae5e1fa9b12ac72b1be4e55be54347a1f38e
SHA512 299ea4bbf286e7f4d1eac2b9ed5e06d0deb25a79d3d8effd8524154b576c16b14074e6d6d4c8225cd633e2cccc74547a3ebeff1ced03e99b6879cba08e330356

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\dependencies.json

MD5 dd4d9eb42e26f86cdb8f58ac1401e217
SHA1 24fd4a27ca650aae032ad1ecc15f1b7560803822
SHA256 22127b008d98bf65a5fe9f846641eae124975eeb91b0af0285be977037c41993
SHA512 5df828b723041e41db19a58a20c8446a791a1dc07d3669b080c4d128b229dd8fa5b43f83f445ade20545339bc402372d7924861acdfecea1e609dbe7545fda1e

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\resources.json

MD5 d892039e33a914bdd174cbfdfd0e7331
SHA1 42754a8f3d087d09999d8b89ce6ea4eab522f1f9
SHA256 5acb848f36f188765ef517f67d90fda54892af1d5db3612ba8ed5d3802e2fbb6
SHA512 f21dd600db9140adc394b749485102a89723a7696101cf19ca6e365f2be9d3a7b0ad54a335985065165c07122415afb9a85170cc1144b8acf237f07538865511

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

MD5 e2cbea0a8a22b79e63558273dded5e6c
SHA1 bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61
SHA256 10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007
SHA512 a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 646f92a90677c9e7a9996c5e38d4ea9b
SHA1 5e9d554a21f0f87ee02b39c14605e98730da6edc
SHA256 6df1dbbfb37d550f73bd0332ae000ae043629e5e2eb5d288fba99c814a29c3de
SHA512 06e3cc44030e7f2d470b87bd1641f1bc755d1149b950a5d44f8c69dd0eb6ab6aa0b31895bb6aae28a92f4f7aa528cc29a10cf042dfa5785c2f7e18486166e896

memory/2908-5198-0x0000000000470000-0x000000000047A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\432a088d-25ee-441f-8bf7-006859d28f14.tmp

MD5 81e9b366c3b93eeb74872be7a03116c7
SHA1 d54585093177da955607c19d673c9452d539469f
SHA256 c4cad37cc50378a48e3af12be726b158141a4d473641bfe67c47c834d79535ee
SHA512 1e5dce5989ee1ab6ff571ec30bfc24d44fae29365f89a6428d99be8414e2f95f24e1c988b108e2b34be7ef9325d1c4b33f7601c7d588b77f43762d4e069ec4e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d523455112baa294cf9bbba2fa7d6c9f
SHA1 bff50ef709d5698702e063aa48390967bef71262
SHA256 e46a4ea28225b07c59b1d255ad52d47f160610687a0cad763b6fcdf61d966178
SHA512 d25ad21d0c9d0e9c8e941f1d26043a54ae44e999c4cb7029eaed9977c01df9a5a53bcfaff8efa8020f34b47801dcb2aeb87820344823866c68369ad782eca029

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

MD5 494903d6add168a732e73d7b0ba059a0
SHA1 f85c0fd9f8b04c4de25d85de56d4db11881e08ca
SHA256 0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4
SHA512 b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

MD5 c62a00c3520dc7970a526025a5977c34
SHA1 f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848
SHA256 a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0
SHA512 60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

MD5 f815ea85f3b4676874e42320d4b8cfd7
SHA1 3a2ddf103552fefe391f67263b393509eee3e807
SHA256 01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105
SHA512 ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bf625d7767e537ef50a5ecf266e83b3a
SHA1 b45bf5425c029fb99d0976049c61cf182fde5304
SHA256 cc3d9701fc0aab2da7a4d6d0c99e063f39d4de131c90c4c7fbba83c3806e2f2a
SHA512 5c0602298bfab121818b0f6322aad5c8fda626c804543660cb4104210eb344b71afe2ea0fc86b941fc16b21bab3eafba558bb9171e89d9084e3bd1216cbf82d2

memory/3432-6260-0x000000001C150000-0x000000001C15A000-memory.dmp

memory/3432-6259-0x000000001C150000-0x000000001C15A000-memory.dmp

memory/2908-6585-0x0000000000470000-0x0000000000472000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF10711506172565550399.tmp

MD5 afa7a91dadd77b23634a0fdf18c148f3
SHA1 6cbb57ba2355cf442e06899898ff5af55867103e
SHA256 9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70
SHA512 84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

C:\Users\Admin\AppData\Local\Temp\+JXF16261016623253492544.tmp

MD5 54a91b0619ccf9373d525109268219dc
SHA1 1d1d41fcadc571decb6444211b7993b99ce926e2
SHA256 b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f
SHA512 7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

C:\Users\Admin\AppData\Local\Temp\+JXF7698762062476785704.tmp

MD5 4c41e856744eb797e9936359a6509287
SHA1 0959e6f4dd535eb6fae388b6b9ac179dcf3afd76
SHA256 83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7
SHA512 07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

C:\Users\Admin\AppData\Local\Temp\+JXF17859702503759809978.tmp

MD5 ec5d243a9958b3858b5a71fb9a690da7
SHA1 d80b02c91addef2ef58136d1a7df0189f453388c
SHA256 a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b
SHA512 479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

memory/3432-6679-0x000000001C150000-0x000000001C15A000-memory.dmp

memory/3432-6680-0x000000001C150000-0x000000001C15A000-memory.dmp

memory/3152-6683-0x0000000000860000-0x000000000086A000-memory.dmp

memory/3152-6682-0x0000000000860000-0x000000000086A000-memory.dmp

memory/3432-6681-0x000000001C150000-0x000000001C15A000-memory.dmp

memory/3152-6686-0x0000000002430000-0x000000000248C000-memory.dmp

memory/3152-6685-0x0000000002430000-0x000000000248C000-memory.dmp

memory/3152-6687-0x0000000002430000-0x000000000248C000-memory.dmp

memory/3152-6693-0x0000000000970000-0x000000000099A000-memory.dmp

memory/3152-6692-0x0000000000970000-0x000000000099A000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\TlauncherProfiles.json

MD5 955450cd2149fb94f422dd601ac53e96
SHA1 97cd463b77aee82dcea8e1e132aa6111eadd3120
SHA256 b08d1cfabbe08efd75bb8764360df97f0a583716d3963785f4116a93d438dafe
SHA512 fb25d69301be80db84dde0500d0dfaca80b0d557fbc616ce20a1113b2af89c9892a44d4e242756cf4727bf49a017aac4bedddeadeb74343a48e3b6bcc5f94dda

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\net.properties

MD5 385443b7e4a37bc277c018cd1d336d49
SHA1 b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
SHA256 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
SHA512 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\README.txt

MD5 3d47d94bc4f19d18bcc8b23f51d013af
SHA1 a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
SHA256 6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
SHA512 68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_local.policy

MD5 6d7b4616a5dba477b6b6d3f9a12e568f
SHA1 7fb67e217c53a685cb9314001592b5bd50b5fbb9
SHA256 2b2627548e61316150d47ffc3e6cad465ca05b3cccd4785eb7d21aa7baa0f441
SHA512 a0b98cbbb49184df973bb2c4a506e9bc6e025a696bc0c8054a6352cc3f9b4a38e3baf117c6834ddaddc38498556607ed4eda8f1bc683f662d61da50e0db0c8c2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\default_US_export.policy.tlauncherdownload

MD5 1a08ffdf0bc871296c8d698fb22f542a
SHA1 f3f974d3f6245c50804dcc47173aa29d4d7f0e2c
SHA256 758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9
SHA512 4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\limited\exempt_local.policy

MD5 4cbb03f484c86cbea1a217baae07d3c9
SHA1 ee67275bc119c98191a09ff72f043872b05ab7fd
SHA256 8c3d7648abcd95a272ce12db870082937f4d7f6878d730d83cb7fbb31eb8b2c9
SHA512 2bd70518aed6b0e01c520c446830c5f567fa72974548818cac3e1e5c2be6f03db78ce6012f5463b1e19c36243d04cbaad38ec79524635eaae2e427eb1875ccdb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\sound.properties.tlauncherdownload

MD5 4f95242740bfb7b133b879597947a41e
SHA1 9afceb218059d981d0fa9f07aad3c5097cf41b0c
SHA256 299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66
SHA512 99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\ADDITIONAL_LICENSE_INFO

MD5 71bb3ad0017bf36d14bb96a8d4b32c45
SHA1 1a5c553e71bdb7d94995b206bc9eaa49abd1e888
SHA256 a69bce275ba7a3570af6579cb0f55682cd75fedfcd49e0e8e9022270c447c916
SHA512 9f658dfea71bdc3cc1549edfb5ad3171dbfa0082b2d91e820c09abe0b376b6bcd8b5170442a5e25e72274e98f130176bbdecfa7997c59705782b214f02136a20

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\LICENSE

MD5 3e0b59f8fac05c3c03d4a26bbda13f8f
SHA1 a4fb972c240d89131ee9e16b845cd302e0ecb05f
SHA256 4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726
SHA512 6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\c-libutl.md

MD5 2e89a282a50f8702e52703464e6937ca
SHA1 cfc22a6f5b17cd539234d5b3160a5224abefadb9
SHA256 bef40679922d6fdfb7e4ddb223ad6722300f6054ba737bbf6188d60fcec517f9
SHA512 ae459d8ce5581ea57e203088373c1ce86d122d0e27eb871ee1383e0e64cd8a184fa207eee0e835347316e70afa24a1c95aec30def3e09d15ee19a0b2c3ad2095

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\zlib.md.tlauncherdownload

MD5 440321d71d082c9f04a9995b613bdff2
SHA1 9af688d499b3026ec8e5a2e266dc4b9b4884a87b
SHA256 81518ebc49d23a7c77b2e08eff48664ea0c7dd90957a0caf22fd9654985d3285
SHA512 c516403a109630b79998f3bea6b698247a0b5367cc9873defa75014e8c98c690d34d0810d32792d80fde1333980ac6c5f19324743795cb6455ef0ee4979496bb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\logging.properties

MD5 0f00ec3e7a7767a4efeae1875fb5f3d4
SHA1 167808418571e9209b952188ddab2f4e62920e68
SHA256 b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f
SHA512 e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\ADDITIONAL_LICENSE_INFO.tlauncherdownload

MD5 512f151af02b6bd258428b784b457531
SHA1 84d2102ad171863db04e7ee22a259d1f6c5de4a5
SHA256 d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83
SHA512 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.compiler\LICENSE.tlauncherdownload

MD5 663f71c746cc2002aa53b066b06c88ab
SHA1 12976a6c2b227cbac58969c1455444596c894656
SHA256 d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80
SHA512 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\giflib.md

MD5 867001e2a577f88cfc856f45959502aa
SHA1 109c11cec13349212ba94b9f3eb7d0943229938e
SHA256 c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8
SHA512 dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\ASSEMBLY_EXCEPTION.tlauncherdownload

MD5 bd468da51b15a9f09778545b00265f34
SHA1 c80e4bab46e34d02826eab226a4441d0970f2aba
SHA256 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b
SHA512 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\conf\security\policy\unlimited\default_local.policy

MD5 2a0f330c51aff13a96af8bd5082c84a8
SHA1 ad2509631ed743c882999ac1200fd5fb8a593639
SHA256 8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a
SHA512 2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\lcms.md.tlauncherdownload

MD5 04a8a77cafdd6185a3506eccf7a83346
SHA1 1acbec21e9eab8bd2bee9826353c1e768d5457b5
SHA256 8acf00b5efd25c1c055927222fd3c26b0c9fd02ed02e478c225b64e7a24d9782
SHA512 a91faa243a09bdfe62714859b9b4420e8434dd09693a6a280e1c8ef6694fb7858d0171fae4ca36721b685e3ab8bc8000c5635bf3789250a5b9081130eb4ff57c

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\aes.md

MD5 2e33468a535a4eb09ef57fc12a2652d0
SHA1 e64516f3fa1e72f88caa50f14b8046dd74d012b6
SHA256 45c6d4da48325edfbff3dcf71c704e504c057904435ed23c6d57046d551eb69d
SHA512 4d14b5ddbb4d09797264ed29ba71fab6986b4a9e75efb9402c1476e0a9e2884813d6a922dea125643b4f74e1f3e458f4e48d6c840e0f4d16ed72ffbc4611dbb2

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\wepoll.md

MD5 cef1d92ff8ace278bd32ac5e18735b86
SHA1 6c7d15e2b8f3e99527458c8ea33420ee1d34af7b
SHA256 3ac2992770080453b98c42afa807ba4b2c1738ef756b92a55c645f55e7df48f0
SHA512 12aa61ae93fc626a230f39f44ca11c75086fd9bb50f2794fb9fec29b9bef924545fc19d9cb38fda631560ca78ae8e587144cf3cf3c83a6b336bb4711611393bf

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\colorimaging.md

MD5 0889fd01a6802a5a934572d9bd47f430
SHA1 7a7e547452ee1c72e8b0d96dccbe315f62d5b564
SHA256 04d61e3e8e71dd452ebe52008af5378d9f6640d14578aeb515dc5375973b0189
SHA512 f5872960470810cdbdc2db1dfb216cab88203b23400b16e157c8654c2eecff8d9b26ce066ec18718c8e6d54ee1c54533fdade395c454210fed5159fd4a7a0adb

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.desktop\mesa3d.md.tlauncherdownload

MD5 c7e0d19c8f4eff11e97f0eb9afd3f7f4
SHA1 6a98ee2703132e181f37d162452f073fb64ced83
SHA256 63f4e6f75caebbccb95d903fb43e46ac7111b3624d0a34f146b276d7d9e7b152
SHA512 9c4111728ab9472f0b160cb11ce1e4ebd75a83cfddca0b3cb87243d15afc5a7fa34dc6006e6b92084648cbad1426f70b405259f589cdef758442643e1618dff4

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\dom.md

MD5 13952c46b3867103ad7d1e9c6c9e906c
SHA1 4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb
SHA256 6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148
SHA512 8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\jcup.md

MD5 d19594fbf6eab2242dc29257905d8ded
SHA1 fbdcbe5a7e7d91d440c200f5fb00e0cf6a81976c
SHA256 8d5dcfdf50455a3c34c753a98f21e953248af200415a9084e3f102cb6c43b8bf
SHA512 7ed3e58f189f2922f7543d4617308d0c35f8adc2e7cbbb6fbba49d33cdd5da64c6edc022ae9842c28e58d97b056a245245c816003978f1e0152236636ca72ba5

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.xml\bcel.md

MD5 daae908a4dd474afec9c010d416acb2d
SHA1 a59717166af2e8fa9ecd6d622fd6b82b835acce9
SHA256 853a1e7ce397bb10de0e2b3bde0844bcc651f17d983decd07d2d003c0304c311
SHA512 25f2189643a113616f53cd87fc96df01b55602bfc3f6653e48c310de03f6d79ccbbec58936d54b88052e32d68c646017bf75b8a179f59fb9d2c5f6938e351a4d

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

MD5 fa24b7e2a61a7045cb0c6c385000681b
SHA1 869fc0b687986ea26b8ff63c137e03c92234a5c8
SHA256 262802e081760b38b3748c8b194353d340e39bc936ac22e17abbb7158d895811
SHA512 2676cfdfd61762c7b6171985e8cfe1068c36683ca43753a1ffb10241ac61a74c9be1c00be22903df85ba6954fd908d77de60903c316506fd88b9679672ada968

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jquery.md

MD5 8ef4ab67241efd69eaa3df9871fa0dbd
SHA1 a20a019c3b06d4263b00f5e89ed394a52b8c1981
SHA256 0716943682c624fd2f49b3a718a2ed4d6386e872fe741f1c759573ae24509d3e
SHA512 1f85e70e166146d81457f05be906f18b9b16ed82bed5f544f090d894b8d0cb1ff4fe5fffd90022f06f2024b2dbf74a30f2940a21941871358469b1f9a1a19998

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.javadoc\jqueryUI.md

MD5 86bfe7b4e5cbedc085060a2c3f13febe
SHA1 a98cfdc7d73e016ce8b23c1d00daa3d2d3c03a3d
SHA256 bb0a0e89ebd824df714516bf64b9101c62081e4b376f00f929a58c09555bf111
SHA512 2656ab0100db997c9306be156af613861c9071a3be1b26f2882a68424e37d1b17674183729c1ba1024302011d42658058f024ce98db5bbb4d528c498ddd21d6e

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

MD5 b77d1951df7a8488eb84ce1d25486a14
SHA1 e35415235ec3bbcb92beeceb03a9a8e7c13a6fce
SHA256 371974b1fca3744a3892c7ee1fcc593b8b4281fc218f4cafd2f709e9df5fd81d
SHA512 759c75f87309b67c56a5b7088045e04be7c023ecdbaea80842e22b81b0bfb36026191070471f8b08fef47ec73664611ce0453b4a9818f7708c95663733ee5ce9

C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

MD5 3bbacc68dbdad222c3a08f2872937d20
SHA1 49dc161c003e30233c6a49f131b0fed6739a442d
SHA256 97512538fd8d8da2a2cfcbbc0949c7bf4ac4b34975457b9a0900956685def482
SHA512 22b55afafcec2d777e7491e3cfc1cab3f1e8ab4dc17a92f7453d5ef9fd27358d34c1d1182e6b650cc41b4f9bf966ade2be0d9a457e049381b187a12849916a34

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzdb.dat.tlauncherdownload

MD5 2fd920c56de68f65493ba6962fd079e1
SHA1 1e79bff02711d3dab3c75e90d4bb08f8086c9626
SHA256 b7dba25abdfee317daa042c89b01e5711f5781d020dd733ba411760b72addb93
SHA512 958f835407e4a10a268bf76bc2ef0196ecd5fa92e139de4c3760544dbdf76f95e67865bac22406aef8ac5ae7508fe63cd1a688c8328e46b73a5867efa4f18d47

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\tzmappings

MD5 4c30d7867505379a18a27d0e8f03198c
SHA1 0cc871d5bd91e061d676a861749af68bbc0ca9c6
SHA256 b41575b332809b37ad423bdca30c7c48cdef3d82f82fa9d534781a6f15d6a2ab
SHA512 873d329682ce67267f438b88eee0fc25cecbbcc1f7d694118417ad12756ec2b6ae7502ec4eea0cc9b4ae8b9e68f5f8877762fa13dea89c4a6dcd54fd8bf82c56

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.internal.opt\jopt-simple.md

MD5 4f3f190fd212329afc39442174ca4b3a
SHA1 d7e25adf223e68d06276ae7666bbc96590dda442
SHA256 99bc67f93cf57d6d20e6047731c93fbb267d70fbdd4115d119e0f85c6efe5c05
SHA512 fdd3d2fcfd865f62dad0ba2617ea816c78a3dc9d99d8991ffb5eb479fda37317dc3f70b0dcdb1847ffe4432947690436ad4046bfb056c37e2991e6fefa8b70c0

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\jdk.localedata\thaidict.md

MD5 2ea6eb55ca40902554aaf2fd20a76ba8
SHA1 e5b9e88e174c797c313d6739e7e34772b723bc4b
SHA256 c326144a2351c9608fa708b5d7d3c5a3da03e82b66479b128e9db4969539824a
SHA512 5221112cd8ef83b636dc4364f53b72c5484a5885acb55c2c071c88d23058093caee38578f7e424ecafdb483ccc0bc8e78d7ac13add536ec824a8eac171a576cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 920f9ee9de474c5b57489ccbd8b75060
SHA1 26ee3d939aca7c9f570460e1c81a73ff999754e6
SHA256 2c81cf4ae943d367d2bfe61acc470f5f59e0c686d5f6754b6176844e77230860
SHA512 801ee877c721ac6f92e345c56622ad0eec258eef38dd51040506b9198c8ad1278d715775a1429f228acf6f630a9ccb78b6b379de2ebac4b085e5d7877a8f428d

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\jvm.cfg

MD5 7ce21bdcfa333c231d74a77394206302
SHA1 c5a940d2dee8e7bfc01a87d585ddca420d37e226
SHA256 aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0
SHA512 8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\lib\security\blocked.certs.tlauncherdownload

MD5 8273f70416f494f7fa5b6c70a101e00e
SHA1 aeaebb14fbf146fbb0aaf347446c08766c86ca7f
SHA256 583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58
SHA512 e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\legal\java.base\public_suffix.md

MD5 1411e0a639389f2dbb2b21490a5c0713
SHA1 1706fdcd0dbf23d793f81f4130c81a8d16b4f765
SHA256 e662969300048d914f80265eb516021ad2b0015c7e7eedd45c93655f11f256d7
SHA512 cbd16c4c29a51669f51ff9817ed33e29b871df215fb252a946c3b4e80fc83d4f0e4e1b32d46c2998924092e4b14585666f748b598708773dc6d2432701d6f627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d51a2c5-9ea7-4593-8c6a-e2eecc9c6c15\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 daca8a970792450bb3fd7934f1d174f1
SHA1 8f8f0745c3c09cac6650d809b3242bbc3d9c9431
SHA256 0b1935fe4c37d6a421496575065e9c9ffb1aa052bddb4bd41fd754653cd8785a
SHA512 f361bc62e5cbb489a0bad71a96fa0e93f078758c2f85e9f655bbf09dc7bd845163e67914ea8661b53237a37b40dfec79491e1ee9ede6fd933da9c14d2e2c2294

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b3eece9f7aedb6e2928f188c600a0d1a
SHA1 5cb87acc213437e8f06edcddc14b5f11920682bd
SHA256 eaba2ac7861e79f22302113207c67faece4c47d69b61d81a38897612d406d7a2
SHA512 9ed86ea912fbd4aaca0df63df0438129431472e4e8cab615f29fcdef49db140fb1f1e006fa78eef40f00ad9ef2ad759d72904d0abaa08507859fb6d72f4aab57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\efcd9e80-4dda-4666-b89d-5e3576e4e077.tmp

MD5 e6639fb5ceb3508c524bce8fc64a97cb
SHA1 973bb18b781e7a4a40be9de04dfca851fbf438c8
SHA256 016c480ab968ea0028b14f808cfb75b745747df3b98b8dedcddb379a1cddecf7
SHA512 2bb241ec65bcda307117402a8e635046599ba12ed5775f3f8961f203a8dc89462bfc4c7ea6e24316e6ffb13d29060c4684a8c86d6a7fb0145f788e4d7d14cfa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77718b05cf44ba24102b0569351e2c4e
SHA1 0b3df548b3f874bbd206c102111b9c08916da7e6
SHA256 1d10ce81cf0c842ce5e9ebf1ea60751f0c2258acfb100da5bdb45b99f3f02030
SHA512 c2a4f394d52ff127cb908331336cd7eb4a26a7bc3440029b9be389cdf8b93baf7616129110f8ee50af2db20785dff899a06a2cfb48e85e2d40617b9dfdc82877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 93e7db96090aa5242270a640a7a551d5
SHA1 85708a3ba0e2c564420b52739b687d47354898fa
SHA256 6eb604040cc37b44ee97c5b0aa6c0cdd987e0b2563afa07a977e006d33d9cc7b
SHA512 30f1a247d5434ad9dfd44f6e5b6ff08de0c367ca266ef0f327c33e23eceac31d54a2c41ccd94d5beb351ab190b8eb9ff39363b3f97b4d3c954faf7d275c345d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7f44cd.TMP

MD5 b5e93f7bd19e9c47e3a7b6ac99d0d16f
SHA1 e7fbe9b71b1c429621ec91ad7342fbd798887a2d
SHA256 b3467f77ee7a97986704c7d1b52a951520fe6d167a11c630d1a5269ec80b413e
SHA512 9efe0417b0d50e3a03a6b9cf79428dcc85cf956b17a504924b428be064a1908940834effdc9fee1ff8796abe52c96846a71feb53df807d2d594aad84965a1112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a5c79e3a86d1b4daeca80eb0f7ebf8ff
SHA1 9a8f4ff8954c0ef12ebea36334edf694ff5b274f
SHA256 1690118676e25d224c241dba6fcf037826758a29a971ced77c64e296cc1ab6d3
SHA512 1e105901633dd8089cc56e442362b905b7625c2754b5b6765378e08f00be703169b7ee19af93ba1f7b0a416fc627e9fdcf22633cc8218c3a09711b7120ec09bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea7b43a0f83db9f5babc67c1a76d3352
SHA1 b427a62c455f3d7d07423207c66e89b8810a5ab6
SHA256 c0885d44a102eea9659bfd361768ee4744160247b6cc28a9d673239adf67b660
SHA512 c9216662ae40febbc903ba8255e91e0dac1c17f36d736e0dca440c49537dfe6d593db5b58980149fde62ce24c7fd262b2c8f55399cde6f0d77ace7fc57a86b7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c47b3f6a1a126fe1699f5582455a7edc
SHA1 70e9886e95ab21444f3b54fd85e0e9f7d3ba0751
SHA256 c332ba99c7ed1a2d2a913855e7fcffd96a981099cc2a238e0ebfce2972ce6b47
SHA512 70b1d7f3f4e7f707e5260d36dce88206dc574dd08facd0c1e48598e01e2dc96ede547313c7cdf94a7dd408b6007ffde5e5b05a16dcc5a023f9a79e9533348094

C:\Users\Admin\Downloads\@#!!Newest_FILE_2024_PASSC0DE_$!.rar.crdownload

MD5 499c8489f689878d9d125ecbca84338f
SHA1 001272206af504a522d7f8a138ef0a26d975b451
SHA256 e1b282855485c697ea3d4b8b56b19ec65f6d0e65d039aa4f709e0634c45e5189
SHA512 0a5fcd24c0c16a10910626054d3e8e2673cdbcbb9892fee6c8e5f1f0646ee680e3259410943af52b35c0f2715bad4986886a9b9a9803a0c72c3e255e244fa397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f6d9303bc0c7915ea6614a9d0fc7260
SHA1 c1c2eccf13067107f9ea5a7794207df2232d2151
SHA256 c8f1dde047e61e8d2da522b26a88bb68fdd7ff792482358c98b863f99d3c0364
SHA512 6bac7c449be7663fbe59c416dfaee39857e7b4d3beae9fce9d88f066fe47ce49a9a0d616bf49ce52b5ce02a024655b6743dedb89ca9ff49a770c82724c22e1c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03a87484474cc875bf72bffd95577072
SHA1 9048b4ac9ab42597a35f4bdcde79fc7ad86d4e35
SHA256 8c0d8ba6a406b1ac664e9f2a89520d59a4043869177eafcbce667ec907cd03ab
SHA512 eb41adfd4f1be2b84f9d165a8f2e96e7ee0ac4b287dc29ec3f4609902ed3ff4567abc632321be5dcf05f496a595b5b906797cb4043cb01553fe683d1be8f5ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\15c7859f-a05c-4f68-aa60-f220f5d957a5.tmp

MD5 c30a694402daabb2d5af0965b64f4897
SHA1 b33189eaf05ed94a956398b7e6f19e3785f2a937
SHA256 cd4f3d2742b25a8f3de584d8a9d9e8d4e622b1b44437edb99e1159b3ed0366b1
SHA512 1df4333bd577609390dc4086774852431b4ab66a242e9079ddabc9588f0a80587415c9478aea2a536b0fb91c74cae320facaeeaf0122a6ec196c893b8fda626b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6d6191f546499a445cc418ed9126a85e
SHA1 b075e8ebc77ad367bbbb943a94279f6cb4bd08ed
SHA256 9c6f5895cdacf5a161d31e20c10d1f50707b2aaf2ad56ad4857651b99c986535
SHA512 cd53dab36ee0ca3120366a9af5b85395446185330f913ed6ab281011e6fc7eee15e4677b27ad15f4bd092afd29f98f548e1ace159effdb06c2035c405b9bb2c5

C:\Users\Admin\Downloads\Setup.exe

MD5 5924ec85948544ceadf7d1721fb5fcf0
SHA1 52a89fb0a90ac1c545f019c476728369ec5a9dfa
SHA256 f46c8174d101b3b16983cf872f54577790326f04390e543ea5b9ce5730e9e4ae
SHA512 b22cd9b2bb4e32f98f4c6cfe35050a6d601f21162b39502b9d32558c015d9e2a20ae5821fd5fe7ae2f6fb72feba4b3b03e71b76a77fd5485ad20eae3df6cc422

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\df9f8edd-4c0d-439b-a9ec-604f2b09bed4.tmp

MD5 8666d8689d63991d66a36f71f95590aa
SHA1 38d830f28d34a79758da08e092232892c1d790a8
SHA256 0fd0a2db2a7fde3aa436217a62c7cfb25e0d2a27bca85f7ebec0465bb3408760
SHA512 4294a34789f5e0ae73ab09c2bef966290b0d721127b1b765de8e3bca483b795d6aeae6136370ec2968fef91795b4e9b35679c5e360bced6edce4c66ddbc44985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 356b132855e25dd28bc3641db53cb3ae
SHA1 6d0a5c59d2fe96c6c62bd8fceaad1cd7fdb7527e
SHA256 6709d9e70b1a7bcb6406b92399b84fb2114bb5e5d7c39512d83d44b4ecc8ee32
SHA512 66d142a6f2c72131cbe42370de5df5e8209ede1f15c20213353be084d3656011ade4c3267d5a4559dea7abe2a17229f4421ab10355787f5cb4074ca3fdcd2ea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84528be2158f66556a191d8257d5b3b7
SHA1 62c3be6b6f412c70d8219a97dfacc60c7f346fb0
SHA256 d5c5eb33abb98bb20fd1fb650de0d75895bca6ad3d9b9417ebe13398f87a5e43
SHA512 41e1c9209969294a010303d96ee9b6206a627c58d174fcae4de1c74fcd91bc2e7e4392834ea9430398cdd0911ca1526ae64474a3bd74fdf708a933c764e8a23a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0e04d456-97a1-4e11-a839-06045f0e03a0.tmp

MD5 a73acaea25f623f15a3a5554602eae6e
SHA1 35c15447d041c956349017229c2cec5b929c2900
SHA256 4d5df5696b77fb7764c63b81a62ff1e01d40dc53e93d5b46d117b9f553d2decc
SHA512 3744309c5fe74469a380233870f9dc28607b3436699e5290ee170eecde7c9e6fa56a2b8dfea0dfe3eace583196fdd112f9c96ea2fb0a5152fc2d380070a9f598

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b76f10c2-14eb-45df-9e1a-37c3541632f5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp

MD5 a6813b63372959d9440379e29a2b2575
SHA1 394c17d11669e9cb7e2071422a2fd0c80e4cab76
SHA256 e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312
SHA512 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2