Malware Analysis Report

2024-10-23 15:31

Sample ID 240503-zgg15seg7w
Target setup.exe
SHA256 7bde12d17f015c3fbf7ac2633c959179ed820da08274ace5afa5687413c3f056
Tags
trickbot banker bootkit persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7bde12d17f015c3fbf7ac2633c959179ed820da08274ace5afa5687413c3f056

Threat Level: Known bad

The file setup.exe was found to be: Known bad.

Malicious Activity Summary

trickbot banker bootkit persistence trojan

Trickbot x86 loader

Trickbot

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Drops file in System32 directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 20:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 20:41

Reported

2024-05-03 20:53

Platform

win10v2004-20240419-en

Max time kernel

692s

Max time network

703s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Trickbot

trojan banker trickbot

Trickbot x86 loader

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592425256130637" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 0c0001008421de39050000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "3" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2676 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp
PID 2676 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp
PID 2676 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp
PID 4348 wrote to memory of 4472 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4348 wrote to memory of 4472 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4348 wrote to memory of 4472 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4348 wrote to memory of 1668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4348 wrote to memory of 1668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4348 wrote to memory of 1668 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1668 wrote to memory of 336 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 1668 wrote to memory of 336 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 4684 wrote to memory of 1132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 1132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp" /SL5="$401CA,1145856,1145856,C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d604cc40,0x7ff9d604cc4c,0x7ff9d604cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3732,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3716,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4860,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3328,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3400 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3288,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3404,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4884,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4924,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5020,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4728,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5204,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5360,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:8

C:\Users\Admin\Downloads\374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05.exe

"C:\Users\Admin\Downloads\374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05.exe"

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5804,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5536,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4852 /prefetch:1

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Users\Admin\AppData\Roaming\WinSocket\384ef93de2b264c4980b930bb93a1dd89966946d24b924a0b36737e14366fe06.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5396,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5416 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x50c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=1524,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6520,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6504 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6556,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6588 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1808 -ip 1808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 1200

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3692 -ip 3692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1556

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault799bc5f8h7cc0h43adh95e5h78527d814e00

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9d0e546f8,0x7ff9d0e54708,0x7ff9d0e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,2595263991753138831,16042638420017231505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,2595263991753138831,16042638420017231505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,2595263991753138831,16042638420017231505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte11b36d9he09fh4caah8a6bh4e6933335e34

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ff9d0e546f8,0x7ff9d0e54708,0x7ff9d0e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1933965592981708372,13062272805758216620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1933965592981708372,13062272805758216620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1933965592981708372,13062272805758216620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6588,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5980,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6464,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6384,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6916,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6388,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6008,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6476,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6876,i,17303916477716999179,17607221421117403773,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22094:66:7zEvent30383

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32434:66:7zEvent11910

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 id.google.com udp
SG 172.253.118.94:443 id.google.com tcp
SG 172.253.118.94:443 id.google.com tcp
US 8.8.8.8:53 94.118.253.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
SG 172.253.118.94:443 id.google.com udp
US 8.8.8.8:53 www.reddit.com udp
US 151.101.1.140:443 www.reddit.com tcp
US 151.101.1.140:443 www.reddit.com tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 151.101.1.140:443 w3-reporting-nel.reddit.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.201.97:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 216.58.201.97:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 superuser.com udp
US 172.64.144.177:443 superuser.com tcp
US 172.64.144.177:443 superuser.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.sstatic.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.18.40.222:443 cdn.sstatic.net tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 i.sstatic.net udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.18.41.33:443 i.sstatic.net tcp
US 104.18.41.33:443 i.sstatic.net tcp
US 104.18.167.224:443 pub.doubleverify.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 104.18.167.224:443 pub.doubleverify.com udp
US 8.8.8.8:53 qa.sockets.stackexchange.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 177.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 222.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 33.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 224.167.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 198.252.206.25:443 qa.sockets.stackexchange.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.18.167.224:443 pub.doubleverify.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 25.206.252.198.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 6c082f8284cefa0735a5b04be112c425.safeframe.googlesyndication.com udp
GB 216.58.213.2:443 securepubads.g.doubleclick.net tcp
GB 216.58.213.2:443 securepubads.g.doubleclick.net tcp
GB 216.58.213.2:443 securepubads.g.doubleclick.net tcp
GB 142.250.187.193:443 6c082f8284cefa0735a5b04be112c425.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 zeltser.com udp
US 138.197.15.59:80 zeltser.com tcp
US 138.197.15.59:80 zeltser.com tcp
US 138.197.15.59:443 zeltser.com tcp
US 8.8.8.8:53 cdn.zeltser.com udp
NL 185.172.149.104:443 cdn.zeltser.com tcp
NL 185.172.149.104:443 cdn.zeltser.com tcp
NL 185.172.149.104:443 cdn.zeltser.com tcp
NL 185.172.149.104:443 cdn.zeltser.com tcp
NL 185.172.149.104:443 cdn.zeltser.com tcp
NL 185.172.149.104:443 cdn.zeltser.com tcp
US 8.8.8.8:53 59.15.197.138.in-addr.arpa udp
US 8.8.8.8:53 104.149.172.185.in-addr.arpa udp
NL 185.172.149.104:443 cdn.zeltser.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 138.197.15.59:443 zeltser.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 w3-reporting.reddit.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 151.101.1.140:443 w3-reporting.reddit.com tcp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 appleid.cdn-apple.com udp
BE 104.68.84.171:443 appleid.cdn-apple.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 171.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
AR 181.209.88.26:449 tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
AR 181.209.88.26:449 tcp
US 8.8.8.8:53 o418887.ingest.sentry.io udp
US 34.120.195.249:443 o418887.ingest.sentry.io tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
AR 181.209.88.26:449 tcp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
BR 187.19.17.132:449 tcp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 w3-reporting.reddit.com udp
US 8.8.8.8:53 external-preview.redd.it udp
US 8.8.8.8:53 emoji.redditmedia.com udp
US 151.101.1.140:443 emoji.redditmedia.com tcp
US 151.101.1.140:443 emoji.redditmedia.com tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 151.101.1.140:443 emoji.redditmedia.com tcp
US 8.8.8.8:53 preview.redd.it udp
US 8.8.8.8:53 styles.redditmedia.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 v.redd.it udp
US 151.101.1.140:443 v.redd.it tcp
US 151.101.1.140:443 v.redd.it tcp
US 151.101.1.140:443 v.redd.it tcp
US 34.120.195.249:443 o418887.ingest.sentry.io udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
BR 187.19.17.132:449 tcp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
BR 187.19.17.132:449 tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 206.217.139.102:443 206.217.139.102 tcp
US 206.217.139.102:443 206.217.139.102 tcp
US 8.8.8.8:53 102.139.217.206.in-addr.arpa udp
NL 5.2.70.91:443 tcp
NL 5.2.70.91:443 tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
NL 5.2.70.91:443 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
NL 23.62.61.97:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 74.132.135.120:449 tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 74.132.135.120:449 tcp
US 8.8.8.8:53 gigazine-net.webpkgcache.com udp
GB 142.250.180.1:443 gigazine-net.webpkgcache.com tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 74.132.135.120:449 tcp
US 47.44.54.70:449 tcp
US 47.44.54.70:449 tcp
US 47.44.54.70:449 tcp

Files

memory/2676-0-0x0000000000400000-0x0000000000525000-memory.dmp

memory/2676-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1BHO2.tmp\setup.tmp

MD5 3e51fef6b88b0aaba32bdd1d58fec502
SHA1 1ca1f219d9d412668e94220e2966200781d2d83f
SHA256 d31bfb439c98843592b5f567986cdb760edd2b114772104760f301c340460d6a
SHA512 a42fa154abcfd289645e517400f082a88a9a2ba36730ff57ebf98e80fb3b510f9b1bb05d05f361da9bc2affdd304384ba296f738dcaa7b3fed6a6669fd3bc275

memory/4796-9-0x0000000000F10000-0x0000000001249000-memory.dmp

memory/2676-8-0x0000000000400000-0x0000000000525000-memory.dmp

memory/4796-10-0x0000000000F10000-0x0000000001249000-memory.dmp

memory/2676-11-0x0000000000400000-0x0000000000525000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 1028fe3468779e163cc52ba0bd5111e8
SHA1 6980c5b387f82d70b75ff090da626129235c1dda
SHA256 8fa8449c4f1be08e10f5c2a853a07a3af3437366a1b26cbdef2d6738c4f8d299
SHA512 835202a78e2fecae8a4b9e3df588260202b558aeb44dc3b32794b46b142f69bc1ac1bc387c0acc1465c1a6a74aabb2afbaea2168a6795230a47c108f2c7e8dab

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 c374c25875887db7d072033f817b6ce1
SHA1 3a6d10268f30e42f973dadf044dba7497e05cdaf
SHA256 05d47b87b577841cc40db176ea634ec49b0b97066e192e1d48d84bb977e696b6
SHA512 6a14f81a300695c09cb335c13155144e562c86bb0ddfdcab641eb3a168877ad3fcc0579ad86162622998928378ea2ffe5a244b3ddbe6c11a959dbb34af374a7d

\??\pipe\crashpad_4684_PUQBRHXONCCYJWHN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b84121f432ea3518ada4465d57eeb190
SHA1 1a88271679ff7f5a615d6e1cf9ab69cf69b9cfc2
SHA256 7ac6e91dae1c401ab46b4987b37ebdc93704aa9f0bf7b495419264afc6c44d0b
SHA512 06c7fc52f070a537bacb81a1788c27ffb5953d3f614b23d224a4893705a2cc900b91954a786fcbda462cc1565868426daee5d29ffa72da7c0a2802158f2445e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d05b6d618db310538bf5e913ee65c7f6
SHA1 a4adb6b3d66c18e4cb0224195bb033f1ed45848e
SHA256 82c8ffd814d6d725920d54f290d02c6ce115c2c32b1b5b43a5169c7c95fa4b3e
SHA512 4a15e57044144e516f3041935059b5581701107104e72f2a1023fed421f14e598b0bd646eaa60206424cbd87819213c5b60f11454d9856f03d72da524392f75d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4aa0dfdb-1ccd-4864-aa7a-ba97f2c0eee7.tmp

MD5 6e1a7bbdd8dd8facac6e685fc9ec51a9
SHA1 0bb796db97ba503ba42f4dae049a65b478e9c37b
SHA256 b97c45feecce8de75bd8bef699c68fa3d07837fd0a9e892674b3c38df0755ef3
SHA512 82255271e9ec46714b7fd315a77007b4a57b642349f83052fe6a06fa6a559ac2cb39884b8ce08ffebb352ff7e8c73fd52c66954fa4f7d29aeb41631b9c8a8245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49415b9280f5434feef446b262af6194
SHA1 8897ae4790f2256ad9e3906d96aefbe90479e034
SHA256 d93310a4be67fde767bcc3944b718e5d912d86cb7a9ecb4938e0e0014538b97d
SHA512 7e8164934ac8c2f7f0f91940f89e724998801fd21f59a3dfc97554151ca0b250b87440ac48581768848226e0e11813c2fb688359f9f2fd34ec25d318a2928110

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9636861-9575-4cb4-b6f2-a33425dd491b.tmp

MD5 5969492f69035305c21002523b9a2d81
SHA1 486d8250733cfe8730fd5f4c4ded5c2e16a885cb
SHA256 02e73484d6eedd7e2e21c0830b8b295fa0ae14d23879f675c6ffaf59d2220993
SHA512 d504dc3f93fcb0c7c8f606d77b2e36808104777879e82811259f38c2add69b2b29784bc1b7d5653249d8fac200d7d1b48d541b5a9afb5bf3523b8a844f25fe5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 f203d75a70ada036423e83070526987a
SHA1 06e072c8d3880fb8cab740f01308fc44cd211029
SHA256 9eba99bb152b450919ff7bddc78c09e5eb0c857659b4fd593c94087d289ab255
SHA512 aba05ffe088c648093719cf2d25fdf46a7055583aa496dc8ef6b15c2ccae8d82c91d102edeec3bca5d6556a90c6d9cb03d688f5ba83f7fa87e1745c06a6d5f04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 3595b770ed7754b36c1ddd8eb9e8746d
SHA1 4f63a55ad3c22bf08a5e001df69a128fc3504c68
SHA256 02e65b7381b852edba0421879053c315f48e65c6196a589e14076200f79cf35d
SHA512 edbc3478835e70f8da00aadbe9fccaec0089e459fcf80223380db55e84ed99e76f912bb24438aa17faee4bd7b3a58ded31c2d9c6ae7cd35fa0134b2aaaddc66b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 b8fe895decb947f6786fc3d9ead5e15b
SHA1 c56fd23ac50ee3c86dc07137be5a0cbd5ed9ce2d
SHA256 c24185ad47c75a32a092dc78d5e707b4e43e2476aad2073a99d88f7c57832e22
SHA512 bafece093a3e260c8a1fe0048868001300237fa62d4656d047df4d7f202cfcc9da182b4bc59265a88f43cdbd247a4c8363024a0bb9266a5e3e93a79e13aa1816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b959e27cbb5243b18b2b0d03a9e5e8d
SHA1 5a44a1c2c4e5af4441c27ab43e54ee50151c0e95
SHA256 5ed66e13c762a872237d779c07e6a7b518f940c82844de3b3c88041f87b66435
SHA512 8b40e0930eecd2d795279f68458c8175c99627aa14fbadaa8eea9459c9f7444baf77d3cffadce669159c5fee4b563266dc95795cd5c1a17eaada9ade742482c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b6e9e9900c5bcb32fc8bc30f80b97f76
SHA1 150c307f922222e41b07ea2dcc4fff5cddd8e4ed
SHA256 367b91b8d2fb89237e8681d47654e789797be022e7d8838f27ff6505598407ab
SHA512 31873cab29a579dd6ce07e0ff38c95dbb1e7e41541a852af6e524eef634dd0c78dc2f3442b3c9cc18fe90e1c5b8d1fcb18e2b5b1a6e5c24a608dc4dccf2ef5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d15ab5763d547789c58e89b6ac9ae70
SHA1 40fe09302cd6ad414d477b7b424db50964b786b4
SHA256 c2a7be29abec8c3a390f8ae945905778ee0c3135115d05d2679624c6b8adef3a
SHA512 f3a4654d832cba7073dccbc5684a89e6bd078a6b7b57a94369ba91020e6794a6de29d09acf1d390471e28b3fdadcd540969bb1cb70515f5428488cca63e3fa7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5460dc4f1a6d7c42214577f02e9338bc
SHA1 f9742433c33d2e23d9e3e8a5de73fc3fb3bdf2db
SHA256 35cf52702662e106f7e46dbb3c6e7da55dcb1e09970e41a1787a964f88f53a7c
SHA512 76f23ca280dfa3757b62da4767e6ded38b51c5f137fc6083c85e69db8b6980ab14ec65d5afd04428faf522d1ba827d2a5ebeefb0ffc89b81858c8b798f662604

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a49d2a226e28669e1b9c46c74e5cb3c5
SHA1 4422bf6f541975bc709edd3fef16e03132d4e016
SHA256 0a049f48ceaa80384ab82565e5a7b00b672143c9b70f7c079b1fe7626a3f84b4
SHA512 d3b70217ba8fbe68e10d1cf888179077ad99089a0d2fc90ffc38fe406c68832007b75949c709323f85e6ca0a1de88e68892d8463d42e0627b293fe7a4f0c797a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c07865e4f03a1f831812dcde9d7bf590
SHA1 8bc7d4ec4ef5316f6b08cbf454a6003b4abd41cd
SHA256 89cd593a369a4da1005d64563e71608c36e3be5b0307990091bb7c4d4556aeef
SHA512 e02d13a462c7e5e92443c502ac22bf19929b7102b5cfeecd9d7de2fcc51c9050aabd4338d53e837c80d73993e8731a37e7393a5805a156a1b17eb5afb121cd2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9fa5d6d8f8a65d4044e0b457a5d4e6d9
SHA1 7928771d90a02d44b89eb1f7f4e0d916c44b9781
SHA256 a3bd871d43ebe826edbe83476e457bc33fbbac703569a643058218713c713c6b
SHA512 eb724ed8f34733eff175e6be88f4d2e58d54017e8694773d826049c97fb831b571f580fcaa3ed6dc17513465ec4a27e3e68ebf9532b4b49741bde25b3b7ae3ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be8d8cccbb960b99cd5783f705b5fdad
SHA1 8e253225cd12bdd088c3f4de5a478e1783e99590
SHA256 1b6b854de14180fa6d2b3d15c461808cb7c2f79e62102f9b0e352d30e50e7b98
SHA512 f797c3c7f5a143519ac5db71330daaae6a1cf1c013fec764b9a2a4f20c0d1f30677159a0da4736f148169ebdece7871e25bffeb3ddbb2b5535b232ddffcbb695

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e521e02debebb17e7c3f0fd44de1090
SHA1 01aac88eaecd7db73809d7a41d8d597297733c17
SHA256 2178d055707a45c9178b76a7b436f302e4bd664cd3f3efd6d0dbf780dd8bf422
SHA512 7278e7bbace1348b28e09a188bcce6b880fa057f9ae8d2578638cbdb94d4c110d1d1d74e6dcdee36e40bcdf2882413a1bbbf3a49cd18eca52bc7677270aceaf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f99b4aa8ac014c3088c35748b08f9e70
SHA1 934d07a70d609b15f0cc954069de23b5d73014da
SHA256 35682acb1a3ebda23b44dd5f6e166cfa39cb6c60fd31088f65eb3649dd0d1797
SHA512 c6fa50970aff1533b685258a582424ce118f684556576adaec92e329622b53166476daf1f25c9366a7d1ccae6be25167178bb13d667b8832189c187cf446ddc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b7745f379291752b934e033ad2aafa1f
SHA1 8b82e17d2dc7ea10a4f67ab65a9946f74720f959
SHA256 ed07256e0d7a5547e75f75cf56b9964cb98a8f385448e9785799a17386f4e251
SHA512 41af48ed96b5a6d57e683ad1ee6a0454e6c02ce7193446b3e8f9f814f3bff8eab7a6afa2fdd1e779f2508364ef25c4211f3a1e5618800cc1b5f1b5a782ab96e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12ef3479896b073d27f93ba58ec8c8a1
SHA1 8e0e73e49bd378443485e5b62e3493b3af5cea98
SHA256 6558fa5699348809c72878a1850abb3ff4a80fc9de40b0ef29d6cc64e34aa67d
SHA512 a4e6089abc636598217ffcc03e9650b163f85327ca6887f4a7259c10e8806a62fac7023360777501be2add68b740cd4a5b9ccd97e05a6540a549ff5c10b5cc2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c6e8217f39d125af770f54120e0a03b
SHA1 1d8289e53d41c0ae8493dff14de8b02c66628071
SHA256 3f13d3a64c9079ed9c10894cffce525283e58fbc549801a05fb2a6ff6e8b9392
SHA512 9437810be66a5a1c87d34e26d8486094ba91450d4aa49c9173003f1549edb69f5e6df55aecf75ecc66d1e029f0e95dd5399806cae44f35f51f50d32794dfc9be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f0d8f7853928e55a34d49ba1157a5093
SHA1 76ae1c8138eba5459e1d6589edca260644ce6e1c
SHA256 7ffefcd5e39b50e42743a2980964cd2df3e36bbe053f768661024af6da838ab5
SHA512 311498eeeac2b10162db0f89c99cc1421776c7dfebec888d79f6ee06d0e2be8bb122c62e737f1742f6017ab80f03d68977c1bd9538cd23d62cfd0a99960d9ccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7abe2b13339c2d1c9b6394d612086557
SHA1 10ee9981aa9c36c503da7cf9f5ffb7eb17f56f70
SHA256 09cc840e42b38cfff6ad37b124a6aabaf2e1f15686df864ef68349c08decb8b6
SHA512 08b71bcab15965655880b65e2806d3ca0dffa56a7d95a37cf1c4ecabadb949592071211b113ef9e64b25512208737b7d2b63a2d8e6e7517bc4f5b568ba60e587

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27d65262ec2c44278eafb8844734e12e
SHA1 5c86824b5158f761abed84e43bac0d93f08911a2
SHA256 392f6b7ca33109dd9f5da47c092fcdd789bc9e050cefc542eec74e9fc0a6182e
SHA512 4de70dd885d9803985cd1d8842430146adf39aa2fea784bdebde3c5007120753c9036ae2c9808e93e05382f6ee612705f30c69fccb3b7a8dc362fd8807bbf208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f29f61abeee0c59b0319e6ab271f2025
SHA1 3a4a565f86b71393f54f0ed1f2d88e54016fc8b2
SHA256 5f60791122844390408a49612c88a92ac9abf9ac26c7a4928895681b856da7d1
SHA512 2c740a45a8627958a13ef783340610a1df3072d6d078eaccadbe7afc4ceadfa53ac18e02c8fda753c461fff346a51791d367098ff083348430492a8e9bfba916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 700862bd18faeaaf0cc118245622ccee
SHA1 53a4a3eb853f1dd62f98883ac6580385c30a2791
SHA256 e5a1919aabbd1b2de41310f7a74eaf2fc75a9b36d3a3e2225661b7908d4d7f78
SHA512 c4b4ba4b549330b9725e7d86c0e0f1dbdf8053cbc3f47646d669c006f58dc9ed6eed2c908b639bdd4b45814894b1e3ad86c2c11292bb8a106beb2e6e5c178bcd

C:\Users\Admin\Downloads\374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05

MD5 b855b1b7b59668ad991cf0501e4ff4cb
SHA1 581283899259e80b7da5d8be25f6ed1de58fdfac
SHA256 374ef83de2b254c4970b830bb93a1dd79955945d24b824a0b35636e14355fe05
SHA512 71e59b09678df1dca36caca3280687723406c2ccf638e2d7e57a34ea099fb269646730966c96d89dcaab23914f1915664fac4491f09bb17216ed3f3c6acb64c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3e8109844435597e4e0dedfce653be6
SHA1 23bd11db65235f00d9f54d9f0e9c48b43382df47
SHA256 c7fc1589a69f2ae0435e49ba5c83ab69ef60dedea34d6e60ce208131c9f74756
SHA512 0a72a7ee7163f0cad3d6903f5054cbf7fc4390312501635b623e9ef7cdb22f9394f853735bb0d2ea2a063ad1a09e8a594d9f7e3af80c73cbc84e911964d5c77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83cb7277f6df719fa931d53f19149bd3
SHA1 60dc33ad27b2d96ceda3e90c08e595d2ca4d439a
SHA256 0d12c57161b887a095208446b57b326257f52d3857e6ffc0921173542f101df1
SHA512 0a49889e73a4760baeba707666f3b2e640a12fa16f70a077b7a3975b43879a4fac6915418f5de4922b68e0de6c1a44375bd1d00af501d8b2dae51eaca602945e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ab96a278823165b55ab9fa2e84113cd
SHA1 e6d7fd113032235d1f2d4caae85181f21f80e740
SHA256 1e63f3197d20c86d1fa58d2e41dcf2097d9f786791794148535c3bb567600b50
SHA512 3c43500f1d80f5adb8ad325172aadb782015473bfdcd20fbe55703f74c32de90c49e208b8c7af4d8df3f602db3ae7ddec4ae96da3f66df86056b40b23904c53a

memory/1280-753-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-755-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-764-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-763-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-762-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-761-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-760-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-759-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-758-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-757-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-756-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-754-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-752-0x0000000002140000-0x0000000002141000-memory.dmp

memory/1280-765-0x0000000002270000-0x0000000002299000-memory.dmp

memory/2284-775-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-776-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-774-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-777-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-779-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-780-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-778-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-782-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-783-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-781-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-785-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-784-0x0000000002260000-0x0000000002261000-memory.dmp

memory/2284-788-0x0000000010000000-0x0000000010007000-memory.dmp

memory/3712-793-0x0000000010000000-0x000000001001E000-memory.dmp

memory/2284-797-0x0000000003060000-0x000000000311E000-memory.dmp

memory/2284-798-0x0000000003160000-0x0000000003429000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2ce808b200b3c6dba64dcc5d897a5fe7
SHA1 b763f1775d8afc6b98e3904eacae9117caa78970
SHA256 db41830009ea9ab0c39d58329c68870cf96f2a548056e1614f2a40402340938b
SHA512 9ed0504ac82e2e8e9a48723f2477c00fb686585cf401a1019133c03aa666918ec4491c3797a2c49b3ba4901c9ad8777d978d806cf2188174ebb608261bdd2d2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a83f9370f79d64599886fdb84a3ee27b
SHA1 a10f52f54669d225e03d74adc10d643979f0f705
SHA256 58c999afb88942038c4d08f9e0b82231ad41dbb1d7edef693609547c8fc310c6
SHA512 d4e8663b488adc3ebac111a271eefd50da5222b29409f772b872cf63ffbe5277b84a7eb512b68065a3902552e143c407f5c6a2b8bd1128b469d7e90f1aa6110e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b368fd4aa11f2975bdcd0ca5bc17c570
SHA1 98c24ac421d00d1648fb8311764e7c1baac88b92
SHA256 83f13fc907eb1d82ae766aed28e4531dfaaab66f545782ba73d2188e9f21c0c8
SHA512 1e300c694640bf451eeff87f0d40677a5529ba3f15adabeb7d491764de941bbb1fc03b906ccb957e73cea5da2fa47b6316d53f68709b5bb99508429c81be8e5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c6d181f53a2c928435b716f5fca147d
SHA1 2ce2917aa4c5d9dcf1f71cf91c1b5fbaf54b6e20
SHA256 4d95b8d51b0abde44484a396ef44063f159404aaad59bed66253396101dbc597
SHA512 09bbcb0ca5254a939ac365eef472df912da32efa12f9d96e0a0d8ea48faf0dad390b8ce4e409878ebc20ab2742ee8660d9d06c1d3347f445c125315c57bb7a66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 153ebe84551e468cf4c0349f6254f015
SHA1 341c6e001bb73385a39c424803c6a5d6681b6bfb
SHA256 689abb70262fcac2e063452bf8bfe6fded5f00640b1e848ad7fc8b14b8009c79
SHA512 514dec6be6f36626810f0654ba423d803af11cdda33c01f1ea074c4ab9f1fbc489ef2aa1f098b2a49df4299dd9c4f3fc758f9885ad40d6c9aa9f277237becda6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a2b2f3bb227adf2c2ff9647d4b36974
SHA1 8b4a71fba9708f5a9ff2cb43abd5364981e7221f
SHA256 f6a3e69c96e19a0c1ee64ca443bb63155a698c4e71d208e2276b3d785b37386f
SHA512 af81e774cc86336565c02bcf17b78287858a1d3f8a82aae5d61a2eee6090ee7ae9615a5b56b6b7bdebe086c8c1eee0d3070ad23ac5ea3e8b6d9b866ed923e8c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fa8031531020bd12d2f698e8c050567
SHA1 44bf0fabb83d6e51fbd1cd4aa70c50c0d7b12d93
SHA256 13f4b8fe0b2a8dff45a486bd8898231b486921cbb8fa65457bd2b197b829029a
SHA512 8e6a101f240e315be50e98e59d12a779f4c8be08898a41e95f139ab539581fe8b68a75f98180e458c4c34079aa2c2406d591032344e2560e899d97ad858f6cdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8fa7a2ae00a5a50458b36190a463503
SHA1 6b8539982a3605bd7477c8164b5f7e3acdf41504
SHA256 8bf7987b843db58c9d820a9b9791685204b99efe45ef29e9bcc7f52abf58f296
SHA512 85ed0129d90710a9470dffe9a3f7d0d0c1096f1b54b92f8c15ef643c48c72e5ce1263af0af8e4e8e11b50d18de7baa53bb7bf89e0f93a34271dcc23cc57aa772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

memory/2504-1000-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1001-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1002-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1007-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1009-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1010-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1008-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1006-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1005-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1004-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-1003-0x0000000001690000-0x0000000001691000-memory.dmp

memory/2504-999-0x0000000001690000-0x0000000001691000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdd9397bb05c6ee69b71be8a56ecb338
SHA1 3c4a82b5ab48a349ec6a233dc29911b55f215671
SHA256 1f1243101a99ca9e66bb7308121fc642a95c80a4060ac17ef213a54fd03e26dc
SHA512 4f1e899f290f7b9bc2d564d72db61a9fd334924dab6d31d13717bf1088fba1e9f0e5f6c6e66dcea3bb7b4037e5d9a541d5ec4e37c57982c2b42b79ef5e1f3701

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a75e5434e48be23fc1dc4e630b7dd53
SHA1 470825b077aac5b694e7fd40e358bd8d989e2b57
SHA256 2fc938e5c7cdcc48f920298190edd0b03346ebadd65f489ed6a016fb3c8d4e0e
SHA512 8bcac193acba79627364f9425617b01e6210c8764d16e2c719e19aa4883e8ab1ac8e1860a2e4704dbf1e8b2704ab30de920746d4028b1dc23b8f2d32870b5cc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1de4982c0b3799c6f918daa86aa552db
SHA1 84f15490d8221d26caed089864c1bf4fdb189011
SHA256 4af55c97032b0815171be7eab622daef8510642cf0782dc663b5a81fc056e864
SHA512 dccc6b6831601fe17db9067277f5005071b984681caf02e6ee8541daee5b7ac4080076f339e3064541e10e1b5a0d45dab3eb62d13aa5c1efc3cbcf54d3875ce8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 1b2291036a99e081b29c57d425913aa4
SHA1 367fbbdb821aea2cbc99315d722a508b7f8ac5fa
SHA256 3fb17949ca1db76bbce24f006fb3317ed568690e25c39a0084592b3230f8fc77
SHA512 1ae457d029363f13fed6d452a8e1fc720d7f14d84f590c6cde82b6b30b7c644acb2ac77432ccd95f400b32ef9b048b20cda5c12228c66a227bcd68f21b85ad5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3b95d7d497c89b77c3b71478a67c8f5
SHA1 03cf60a550ecf97b4d65f1b1f78bd0b241f09a29
SHA256 ff4e60f9d683f1a90202e6865b5e3b00657ad5a77ab77a4dd89d18578e6778fe
SHA512 ab59646a3bb3ef711fd01a5edd12fee7d7249d0a0fc9e365b3c8ba203a9296caa6feb1a636624fd5277cf1bbc1e4db98fb72ed1b8d69847298b578e328c4efe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1eeda20ef1f48605cac8bc319845634
SHA1 96e0813c1ca0c4193fbd42ff07e1ab1aea8ade54
SHA256 105aacebf94a4fc124696db03e0c46b0bcdbee7030e9ea24cb531629b8f2f37e
SHA512 bd8d8176e2921c0c716d9fecd9d3ec48e12a110b4ae2b8fafe917eeda50a40ef4e106021d33cfb214c07db011c6321b295bd0437cf0e89ca6e5b63b5d7bd47b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ee3fca9bd3b2f838c010a27650e84af
SHA1 11b7eb12c091a39efc71724c0f62fcd7ba8ac366
SHA256 1642e727581734dfa3f2a6f0f68ddfe32cb72b21b26c53ec84eb6a84c7e241d0
SHA512 3e2df4790650e78fa9a5e561d4a34afcd3e8e89dbf1c4c02a99be72be52c406a5a65dd263117ec53baa5befbca0aee739bb6bf1bd1da4f625630dc0e346f3264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 749867385d37d64ae88748e7ed75910b
SHA1 d03eff06b64f11b1bddd8ea1803285962970773a
SHA256 5e624a0171b7137f21a7af1dd7c0ac704abf66384c35c9eda7c9068290c685bb
SHA512 20a9fe5aba8a62f362432e225eeb77a3cc90e70c5ec485402b04b48a7a58977717c5ef3e702592578756ec3a87aa51ef8bfc39cc51280887c717210c01cb9731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16b587bfcae86cadb31b67429742b1ce
SHA1 893806f475e40e388c478c2f1c841f217b97cc8e
SHA256 d2ed22555dcda6b0f3dd919157333a254ea5a5a6033a2327008c7510ba95e6b6
SHA512 eac0972303736da374900b68ef8b08546b6ba33a288ca4b85df03872f97edb41ee75c0ebd46d61c750f24370040e14340b30b24b01bded9d35ff54a1ad1c6474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c80afca6927da008063daa53767ea75f
SHA1 f3c9e76283bcf4f14af21e128d98a631aeb9f509
SHA256 b5ed51ec4d85e6b9bbab8093d804c62dd9c20363655e6d1da1e1117a7026cc3a
SHA512 746a1fa8682a5c3b7da11392d3aeb3e59cf6d336d7a1663d5cf03d69a98c111e913f1363d6c59a12b09a82805acfda23f8ace0e782c2a6d6c11b862a6577f904

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a36624d2c6579a95484a8f0b9dc5b3f
SHA1 69556ff419929f09585cc09a93152403067f3a1c
SHA256 76233b7ca9fbafffe0191e68ce9b666f599e8e667a21e713b7835508e5b11c83
SHA512 00f4d723c48f577ceac4a6792a19efd03350026b2745eefbb2442640a6f16a960e77cc78491e22adc1c03fb2ac101a8362d34092d014647ee637094bf2f8d3e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c04d5132aa59b279fb0c1fbe3f5ef60
SHA1 f56d645830e1c2a160ba779f261807ce556705c9
SHA256 b3fc04b74e54008d1bec00ee6535fbca6d8448ab0db9eccbebb8b78de8ae53d9
SHA512 136fa0890a9fd7197fcfcb2920a7741d2e0cbd0f3ac7faa68a005f143244c9757fd01137bd9715845c84ee09936a9b7fc08dfb7f9fa75e01d43f8df8147bc725

C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini

MD5 c2236c4661a06cf446ea8dc3454e0641
SHA1 d3428639c280a2c03464f0741d01943eeb5e6d71
SHA256 42bd90b91a90093892fda3369e5375f0b6fd3a7abdcb1fc439a37758673fc684
SHA512 9d52a939c3877960ac194851a66eec787b37beb0cc041ada10ead57ea611c6956332769a2a5b135253718214b54aeab7e0a32f6256e5815c622a27bcb467dd8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34c117c68d1a44e391ab44fa95c455e3
SHA1 a6a645fb22cbceaf07ebe0f40a897d904d48ab9b
SHA256 9c9b2fd2d7907c396347029950a8e7ff1ceb3eb94271e92a5c2870e639fc5b3c
SHA512 9732e9e0e053cb42aa8dece4fa14d0f877c3fde821dc671fa95f71fee9436cfc3dd63c3c1780ac369bd5f197a57005fc111d8066e27bb3b46de11e1576920105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d35fbceea46e60e345b8ca1911cdbe1c
SHA1 32519f105045ce63f546a8144a210ec7250e4b9f
SHA256 5f1921c02886ec8765ee6b7121fba8e0e7d0693a8e6c924ceeb12e91e3f6ffec
SHA512 ba84919df64f6e5f9ee64b18371ea00a81396bae09177f2c2f79ff221c8f3f56d8f2cfea213d4ef198bc63e68d7aadbadbb2616b42744a0ddb5813f7e62aabf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afed6b197e5b84377ff73334c2093d61
SHA1 a7a7fd8b7b48ef437cc2b9a3593bed9affadeb22
SHA256 a9ef94e1cee41e382ecd709d2ef6acb4cbb2f5e25ef4f327ec9347224ea5c3d0
SHA512 c22b1c9fef11868dbf64c91284279dc70985fca059c10abc675382dd77ede6e0884e5cf92ae5a0c32f941e034f98f530c273ea28c282db901d7309971009bad6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5eb32ce292dc366e114e3d83eb8bff6
SHA1 bd4a7fd3319611b815ba6ded771d7a8e9c34fb11
SHA256 59966248eb89793d79d1e569e3cbe1ebef5bb2ebe631646d71632fbaa79c9440
SHA512 332e7033831ccd8b5c248b4f09da8849a20a27c7a9f131c756e9c672ef63dd65ff733c0856360713447ce9be224aebf0037c675856dd20b54d1a9a2b016918fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bfbf8e407e5eb5bcda15a792869714ed
SHA1 015170bdc51ab0a83a775fedca412d52e19c4a6d
SHA256 449cfd781d0a3b8dc29ac9a0611cd8105ff111322983d41b2a10f90794b51840
SHA512 92885e109ca4f5249f135a37bcf2a11f5bd3383b64bc190ff08f65361636831d0387f173a23590e2f0eea744bfc6771f56ea1f11d3c310327c0be0cfb3c1d6e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

MD5 a3b7a98349eb1352f0d34b9815e3bb5b
SHA1 dee750b66f49c6508f569f8d380fbd7d74df2f95
SHA256 594dda6657103a97aa35baf8a46b66b8cc65a694185952d733b3e02da74328ea
SHA512 f7f5ea85e526f19bdd41d1467ed0aa052493de518d3bb0f7782f407c323b9089078626fa4755063b0cfff5c2fe6b9e27cf834847dabaf519378cfe0f08388d8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

MD5 eb49e418a3d2ff041a180680013de25f
SHA1 c7c7d29ecdac4a28d5e5cc84fd545423949cf3be
SHA256 a16e86f415f363e76294e88e929d317fce44f08fa177f721244f1d19a75e52a6
SHA512 f4045f1f39f24538180e637d9c72fab2a5e47ddbf694b1e05d9a26ea8762cbb98388b5f5e55a09f604d2964eae92bf415ecedbd47a99f1ce30e0390c50d6d2d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

MD5 62e6ac3a8bef00817cad0a4925f70f51
SHA1 2bea05d5be2113c29b129f95a57f2b1a63746d3b
SHA256 5b23d03c1076d856acef878e66c75e78bfaf26f346276c1043f1112aaed6230a
SHA512 558151a3c27022dab0d8a6d7bc10168938dcc9c59320683c3ec8548facd2d19162e489418070c85e31f5f09a50ea95b687d34406783f5e845a129cd8b8df87a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

MD5 3abc47b780a1020d7126888b7daf35b9
SHA1 23d49795f98d4cac171755e89b089824748a63ca
SHA256 4f1fed0b5d6baab07dfeb91919b63fffa77f3c8d92b4a3876689e58642c45fef
SHA512 6621169858b4c3bf5d5086c62e02d758f32a81139d27d70770e10140b993371fe0c870b87cd3dbec3c32150e85b27a7a8be4ed5c7631aaf7428b4f51554f047c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d1d15ccfadae64f6b2046655f6b51df
SHA1 15836b119f5bc41ec31db97a38aa0e688e102cf5
SHA256 77ebf5f5671959d93c10da92c2bbb5c31d05041f97f987fcd438f3aa48903b1e
SHA512 eaca2aabb9f3bcd0e93c7ddc5e20ed01a3c9152fe7ad15a5a956964c47d694be34070d724952a424013946a7a0b7776d4ee8f6e33c08096e6caa8ac38ec05565

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87cafa0a54e2e433237372dbf50ad9b4
SHA1 da5a62f1cdc820de814b0d88c32304e028b91e2e
SHA256 c03651975f622b7db1a1b5c94b39cf69be92a8383e119544a00267b2ec1ca914
SHA512 bfa0008f1733506222f3d562865071362a41ab05ef52a80b51413cad1596d07cebebaf3a4aabb432452306cb7ac6cfcdc927d04c86d49203e9b227f2a4498efe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd8bae6a07c5f3d5_0

MD5 aef3a2cff01382278e9d4bb2ed7e64a6
SHA1 9a6fd86e9f8148d89526173b9c22d5cd6be0e972
SHA256 b4e23ac3092301aac59d2d03df5594bd80bb6d3a924b77982b0d2e60e58c78ab
SHA512 1c3b7debf38fbccac1414294855f7dca967c7fb1e3fb462a50bb6c365e49fbdf72ef4d4f680de91b650fdebec43967bab28e7f3722f4d6adfc17120d19cbecc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c65ca1b9bad091c_0

MD5 d9e6f8f3f014114c5e17f0bfccaefd98
SHA1 80ff90d7ffb28df7c10f005860fb975dfec186fd
SHA256 c5e7c7dbef2ca4661e95894c38f7d9e20bec65d2f2fd8fe2b73ee3c11725054e
SHA512 5048c0d1cddb334cf778afe3cbdf2701fa3a0bf17aaa11eeb380bb09ecf05a5107f5602476a2fc20092983e2abe7a1428e229da06323be94a0c5946507679f08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1fd973e610ffde229fcc6a73a556b39
SHA1 01be6a36ce49af20f5f37e6f736a16ba29d505d1
SHA256 c1d9aac46634d71284c21747b28e7568e7b3afec513fb66966d015518bb1d0c4
SHA512 8d39972569a1a7bf99e9a1480d4a63876e7c9f4ea940fc4bbde5207f10041fd3a01805e2a17895aa9e1a06be6a91b993f7b585ef6b13b105116af00275316f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff3f27223f128bf4210e5a77e0559d8f
SHA1 46a8fc71a5008b43e5c20729e803a498a10241a9
SHA256 65484900b180743c94d0f9145401c9497d8a75510dd30f0a9ee25cc945498379
SHA512 53cc0fde6ae965c2b1e59abf018c7c29c36c381584c6c8c155201b6101b005b6114ccf815afadc76ae5a27c7994d50d322fa20b04148740bacd49219992f1352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3878f1863a99ef808a590674c9984a1e
SHA1 38ba865bfe68e40f173ad725968dd212e0523ffe
SHA256 c2af7943f57464a453cf87952acc29fcf569dd54bbf02e9ec8a39126ef06368f
SHA512 079bde08252f19e539d2bed27998d682f60542fb504f9f07e1b4b5c4eba01aa890c4a37a374a1ede35293f17deedc0fbbf11eeabce242ecf7142e8cd3748a8b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bb0b34166232c807120b353e35c273e3
SHA1 9415ee1dc05ccba4380234c05bb8a6fab53ce639
SHA256 2f4a1c07efaca34a715aacca2cf0b57f30ce4d37020f9c841f276d7bfce14946
SHA512 f4a5730e96c520f69647ad8ed47af76411aae0600d73d582acc5f98464efb0f6cd3df7b2fc3e7e969f1805af90851995b8a533bd167ea0452d62409a7497704e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d901ada808ec1830036c563f32c5f6c2
SHA1 a4bb5217a3e443445fd06c1d84396f59ebe2ee8f
SHA256 e815671eade19bd651b0543a541e2c7f3550564075b5534dcd7f1a2301ffe07f
SHA512 02f9db380fdc39bd97e413916664ae49bfc352e45181f2e2d27bc729d777a2d480b4be94301f43399b55ade9e1b36ce85e7ddaff0e3df8a075e28958d2b7b8a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26b6fe90173c13ae8ffdc39be2a2f826
SHA1 fecc51e969e4cf464b2a09fdc46f4938d848e3d2
SHA256 a6f50e71150705bb122c15830e19efec48862f91b9c0aca08d2949b864cc9b75
SHA512 fbcb2bb5c0b7abaad69316ef85ed95d9ca9a7c9c9fad9d478b19a5dd1634dbb045c36074e6952c18aeab75331dba8ebd41cf3189cb6c1af6e07915134274b580

C:\Users\Admin\Downloads\YouAreAnIdiot.zip

MD5 a7a51358ab9cdf1773b76bc2e25812d9
SHA1 9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a93de2efb3363c31138f6775dbed8e97
SHA1 1c1b8c0a96d5ef97bf21d0f014f60078494d0bf3
SHA256 5f3db1ecad25709165d8fa97838336e501d3e15503e9a9e1d9521512369e967b
SHA512 f22a11a274db91e21c424da5daeb23310214ff654274cf891b7ccc72c07fbdabf4cf3b741b1b3530f9b651c4c4d17cf200c2ee82074093bfebceb2be4d7f78c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10771bd8996166d28e009aca93b40771
SHA1 692985c2c1eb99f0b96ac1291db5cf84066ebf29
SHA256 c1e008cca3ddb874a4e176dba93def9f10fd689d91448e6142ffb567d6db2fcd
SHA512 eb36ab1abac540ca2724a64cc633001d9d3d90b57256ada227c1158216fbc740f594424f3f1dcfe681dd1256b58d8ef24bb02cfe888a7d3c6d4f5691ccc61137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c063e04ecbe565b4a0c6b06324c035cb
SHA1 9188f1545d1831606e43dfeab70d4c8169a731cd
SHA256 1283459cf79820df77959925bf21dc18bd6a7f0c504d9d80445bb269ebf71906
SHA512 7bab1822db6cdbcb0a19679294c871f4c9908c96e9c515449cc71e325a40ceab35d3b16c072c266ffb01d285464b7ea77fadf15af61f2fb7877e4510504ef72b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1e26beaf633ca1ab4ef5f200ed54540e
SHA1 65453ddd78a1e9e1ee052195b20bf4317772c690
SHA256 9832ddc49141d0ff9e71180ffd488f2a0d65b1330eb7bf1d633456126423b453
SHA512 dbfa19f3b82fa0fcab39de841a8c910157933be6bbaf310f0053d64911b8360993e482af2281b80ffebe09490ce7d491787ac63646df81572c0d1ddfe9f2bb45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e449a755fa7fc20b1bf61d4ed1a2a2b1
SHA1 57ab5aa92d435e322b7a549c4e2734452a30979d
SHA256 c6d5fcb0e9eba870a82871214dbe7656b4dd46c2926a6e8f692cacb627b56225
SHA512 86f7247fa6acf85b1398ed684c1a6289f6ee863e6b4ce7ebc2bac4e22fe87d0a197343c4dfcdf5ac01fcb773b679eb475179ca840385a7de7ae693c7a1efea92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4dbfe1126687af7c4b5cf5394bda1e52
SHA1 611af993b0b5bd1c3e62e6e492872130ecbee7fb
SHA256 ddb57c9f6e61748ea413ec97b2949533e4ae4691208cad03aa2f7f96b1f04e86
SHA512 ccdfe68c5841a76a5534051451ac16b03b6b5ea95be14e44fc03741ddd19bcaa68fa50a805247d25c0586d0d3fa5ac777ec2ea0bbc6fbc06fc0694638f57c3aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 681ec5e2d7c8c46b42554704b3013933
SHA1 b05f54c5bdd02b9e3f41ca7eded78e96c32f3f01
SHA256 b13d6f6cc3674426ea2096a0a3379bf8e1bde77ca01ab785499c1cf45f19d8da
SHA512 93fd8a70217b1a746a4842b8efca179c496825059bb9b8a093f13d394a9d69ba14ae781ff2bb0feacb08ef2b17b9ba9b05bea5e84384f6172f5364cb7832af2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fdef671667a82a1525c1e2b53689b57
SHA1 b471b028360d02e8dcee9878f5858867d25bbd8f
SHA256 120651ae466d783b918f6df70704862b82c1ce3a81bdca08c1f0d89a03779264
SHA512 e58faa3b25325c1eef8bf59ac987b6d563ee438d6e798676f134c9a1be21d0dcde3917d7136ee35d8711b7855a786a8fa0dc47781ed9eb8ab84e26eeb8442be1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05b22d06023ba4fbc748844887b2e4ed
SHA1 6fccc6c904d0c332402d91b4434288abf1a13bc8
SHA256 402ef4d4d041d4a764fd46e4c59be4ebccf3d4c6d2b0a452b0ac667108b4cb3d
SHA512 a3bd055710cc756984903ad19a7dda4f829431baba9fcc521e792dd0b13e3cad3dc051332c8929b389fbace8e8e2307eef862fabe674250ef63108285e350507

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbf14483f6d3c2c7ef91a29daab23012
SHA1 a360e2c748e8de3162af8ad574dc8278967c292b
SHA256 71e0358dce76216e0ea1b69ffec7ed3c62b16a6e980923a7e8d15639adf7ecf6
SHA512 bb766ea4ca7b304987921a3cb7fe8c4a03aff8a12a0b0fa4c356d80ac931900312b9b2ee2ef19a8089ac7017f85008c0decbd2b48a50101820bc15b128d1c681

memory/1808-2209-0x0000000000520000-0x0000000000592000-memory.dmp

memory/1808-2210-0x0000000004FA0000-0x000000000503C000-memory.dmp

memory/1808-2211-0x00000000055F0000-0x0000000005B94000-memory.dmp

memory/1808-2212-0x0000000005040000-0x00000000050D2000-memory.dmp

memory/1808-2213-0x0000000004F90000-0x0000000004F9A000-memory.dmp

memory/1808-2214-0x0000000005230000-0x0000000005286000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f31a8de2feb14c478162bc1412c66b18
SHA1 e834b4ad628770a6940bb78ccb025263b7070802
SHA256 fd6a6e8e1b3ead333ee8796c987a261d3fda0162615f5fcb873a8f156961f585
SHA512 6abd850c77eb2fa85bae06b9fe5aa4a7004574a35f3958131aeb7efd5c245a10a566738aa8e0acab91c50c18dc570ba9148e012502d9bb90a4f3ce72457678df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c3a8815a762df45a8bb68aaafae6b1e
SHA1 7e3699f0b5d3ffa2bc63ddd2667b888408800413
SHA256 729927f6333d63b5327b9d0b4875e2102b59fac6891ea9d63b5c8b7a7c97cb82
SHA512 066c5aed7daf95379270a3c3c1f1b0df420b64efd56165d64bdd5e898a8581854b2ff638d8b3c04d5f31b82a5bfe9121ab2a71c938eb0afd162c3f2f92f46b83

memory/3692-2233-0x0000000005430000-0x000000000543A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5cf3482e83d2af18b6d6215287e0535
SHA1 71ffe9a28617a3f4b5b061fc4cf25def1dccca7b
SHA256 c183f286db79b0de725b940a344507301b49aa3738d7f4e7e9ae0973d4b47a93
SHA512 f21a2f7c3a8343af2a4ad2c6c2aaf6367484bfc1ecb1039a8065dc4aaf145e937b2aaed83af918af071b61c906b7057e9fbfe02108fb3e547ba5e36d913831cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48a3a179e33f59b416f28d6372bf68c3
SHA1 8c5cae3940f490a99878b492a0b4723bcb4737fc
SHA256 79badcc5fd5ca4be8a00e02823d760a9be2b5574d50b1f338195e97865a2d9ba
SHA512 df30be0050a292c6b8513d497ffacd5b5486f038b996b9d1cf48a125fff2ff54d62aed92301582c19dcc4cd065acfa7ec34d67c259dbb9e7dba9be00ffed437e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1cbd0e9a14155b7f5d4f542d09a83153
SHA1 27a442a921921d69743a8e4b76ff0b66016c4b76
SHA256 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA512 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb3ff277d2b10f1527ec20e778c0dbf4
SHA1 18dc6e6c2df8aa8159916d8f318f3d43c8291eae
SHA256 c2fdfa7317af3049fd5ff52e3124deba5c86faba040a913735eb5e7a395159a0
SHA512 4d2a4669bf5b3f21452185dba02e0c2f540c82cfe7f8d5f74c46f46fbfb99aeb14a99544a13c636f179a5355776ae233695b5cbfa6bfb30576564b3c5078c5bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09d1052a162c2bc53eea24b5325438c0
SHA1 88ed67a39deb34115ac9768dc2f432e4601a55d4
SHA256 d57cd934a51ad0122e66683c7d2d544ac3172b72bc1ac00ae62df44996038287
SHA512 551ca113e14793436c55c422572ea101329bf2710822442c67deb320969bcd9fc4c3cd06ddc63eafa3a7d50d94ba04990bae7486038d01cf46d77ad492741dba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1559461ddc04d8ab847af4c614ccc0d6
SHA1 6837c0aceab4b95074da22b32cf7bffb92ae8339
SHA256 47fa127f8e116ad63a2968ef9cbf4c1f90b7ba15cda5acad344f8f1806a71697
SHA512 6e01d9f3fe45c79c79ae984b8d9e2c32bd185f86479868f612756e1e182c2b88e6a0cfd5e45fcd4ab7891743af96108a59b90a19e161d99dbde3138215517c65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4e96ed67859d0bafd47d805a71041f49
SHA1 7806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256 bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 5b851aa6bc3800f1c3e73065b98a26b1
SHA1 9c9a2dd561318d9e20382f520bdf1f2e09a8ff26
SHA256 22f85d879e6181a40eba3655dd9e92a9ecbf7d4deb578cf3d4d3b31b67c772f0
SHA512 8f7f6f6d57a1417a31f6ea7d8ae44f578e9d17ca4bc6314ed16b8dc8d7d28e214af2a39bab9944d7b1a9ac430f2678ab24966fc6a867079228961e1452413c57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f5a0f70-9d54-4def-8a04-08460c4c8c2e.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 500c17b2810a3c18341524358c69605a
SHA1 3b37b202bcf37ff503d4dbc1280a9158006acdad
SHA256 5f2afa1633e750b2a037534c1de49fbc83bee45101e5ee54f89c58df9136d8f4
SHA512 de78f8d0c92d7e9bfb5a51d6f8e01602a9333f95c4369286a40eaeb77ad0ca10f59f04d9dd68088ebd4e1208ff5cb09756840c64cfc12b73a2e6d6e25a5d1208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 429816e7aaa012cc46fc6be1dc248a4e
SHA1 102fdeff789ea8c4bb27fa730d7139a25f45efca
SHA256 d7e0a3f961126fabdfd4e81fcba3f7947d518832142dd25d06f1ce99a235157b
SHA512 c1678f0428d281df6d04640017d0ce9180abc0ae55aa2a1e93de94008fe8cbd0b94fcc6a61868ca9c8ba9175bb50f0840c333db32b25c148327eaa2290c70a0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fde845e9c258bae3e5490f222c5d8e04
SHA1 b65328bd55d8206077f9b4a935f397eba04e1fc1
SHA256 d340c68c71db5fa920819669d4b3716406cbda8a586cfe0be2a71764d34e4272
SHA512 8110f866cb3e4883f346eac0c754a29acfbdff23b2d4b62e0031cd7a1a388a9d90b93df0da37f91e49c3a430afcf7e957c86244478a1adfca6b026ce36393e6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a00af03e73f5ab1a6cb02c99d71df579
SHA1 d2ab88bf4411361432712789c8002cae4dcdb6a2
SHA256 463e7d2f92c4365756aa3bf3430b379e3bf67b2a2c7fa4c65300dfb47636eeb4
SHA512 21c429721d927e3c8edd5e502bc392b03144b3da583f1fe9c6d3cd8db3342d96b6377d36e6c4d1e6f38435c92d8fcc941bb4979a664221e26e07aaa802338323

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\65108fea6088b66d_0

MD5 89631b927c9fcb760ac625aa46f2ff36
SHA1 799a647afbb1a7222e968d06f6e97e51e9e7769a
SHA256 c2ba1b354de45d73dd4ef1e964711674a251a4a859f264d71861f3f0cf1d437d
SHA512 a131075f7ae50c9a02d8dd47ec623d021fa3d3f9b5b255447e6d46e77376fe281d12d50dda2107fd1d0602995f6b9dee4effc59f55fb32ce7a6a63f9594fd291

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4028435ec11a506_0

MD5 3b1467c9e0690911402d785f1af565dd
SHA1 640b46b591aad06e6da50527e4c2c5c841627251
SHA256 02a19a1238e3c0e1ed69a069e62c9ec98b676be4ca02bfaed496f7f3170204d5
SHA512 68f98d6fda287a3a950a0472b1764b44562c2f5e690b3220f6deaddc1b082af84674081e77463683d850111e44d628bccd90d2aff134fda63aab16ace1e49637

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f99e7bf164bff016_0

MD5 d08924b9dcf441560a338a95429c3bc2
SHA1 3aa3c6d9b209a8a6a2ce772a5388e91174610ee1
SHA256 70e57175827aafeb0a9bae8ef61561579485f121299e957777eb0a6673aff967
SHA512 abbcbcd0512bbbdad00331ebf2ee84123c41590b0ad8df197bb9daa029f4406310f536cb51fda39d779bf6b27c8093988db5c25054ed8e15b8978b5aa42aa4e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4500f5c0457472bb_0

MD5 b278c0fe89f233e705d1d17417860521
SHA1 2c97a30a0d64ad54cd251288b416c5532981110d
SHA256 441af836ef388173b3b79eb8a665ea2d95c95d1167c32decc13ef91075acb714
SHA512 e9c87fd5465b5dc009a6373ce65c621276ea62961081427c1521f6ac4c22b4a80f3d2cc9b5b4fe2ff18c99703195f78bbb279b3490f816bf763c424700c859b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73d2a8ceec569e97f341a042e1ea7df7
SHA1 e711bdf7d5580f570b9bd5dc6b0f5057e5c2bfb9
SHA256 409f055a81d0c2a1c0beb83b387d726fe9be836b14d8741b575ba35afbe17227
SHA512 8281cd74073c2710e8a95aad4c5940e14b3627786642d4dff2354befeeadaddb7d7f01281aa850a6e60637a82556d2f92d2d539096e43396a001c1ef56fde24b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

MD5 46cb7641be727eb4f17aff2342ae9017
SHA1 683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d
SHA256 944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e
SHA512 dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5fb37a.TMP

MD5 fa76e919b6a4d839000fdd1b0111464d
SHA1 bb77ae438038d745745606efb5551ab5798bb65e
SHA256 2494c6d62ca72828274dc9e7f0db7ad64913fa1466c5a0b66f6254db12ca52d6
SHA512 94f7003dc30934d47a4cd1814e88e99f57a7fac74a950d9f177adb7ea1ab17e433af522a38e4624cdb167b893d0fb894e6586a9d8e46d0caef1efe5a955cb4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 842e9133923b8cc14cb3b667f038a9fc
SHA1 dbbe99fce456f34026232f6ebb1ce3fe6929fbb4
SHA256 2624b31ec5ced2853da590bae33e2c166522b578449b1af355126eb48699bcf6
SHA512 9c019967aa70164ef7d815bc328259068233ee2afc826c2965e3572ba2928625ff6850e044dd1661c536fad90b46a41c855fea5223e27757dc7aba22fabef787

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

MD5 23add5f5433db672914584c19a347c36
SHA1 aaf5b57bd2c1cb69c05fc4ac49b657239608b650
SHA256 88f2082ff0d47e6613021e1dd6a7b2e08d5c3d9bf4772c7629b8bcc9cfce2d74
SHA512 d8abcca61169d81fda7ef2f9e31fb23e910eacb549ba4768f716ba973caf8cb52aaf769e904a67a370274f341647466eb32d28f9084e4be1b5a2934f6652d566

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c538f66908b991d8395be881cbc675bd
SHA1 7ba2df7389eab87c9e968b34397e031f286c9623
SHA256 73c529976df9f017786ecb2d8fdc445501f993fa4e4be6376e2fe9365f049662
SHA512 86fcda3de294b87016abdc243b79021ae65fe9b7887503d9d469c9d9cc532254777648579e515e8ace48f2640545b216c7511f96c639dfd898273fe191cc25a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0e646700dd5917bce43fd6641a4c25a
SHA1 5cca98fd4fdac20324d73bd5515b59602fef37ba
SHA256 01bbb2fc6deb6baf87ef290799d3bfde35e266dc1a3a12cc1827fd759b1e0fef
SHA512 3e17f6f2f5d8fb045b80b91a83edd94a6ee8b994cdac9c567da4bf8ce37eaf8febea44db0dd4c79adbbed1026e92f91a855e5130e6354bbc5b7ecb471e40feba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4fcd0c90567add89c3f2baf48a7f417
SHA1 0aaf3d361b85553bcad77a803b1073235578d527
SHA256 cf76753c5a5cf9616abfd1f95a346403085a426e89d3a26ef040cac3485f02e8
SHA512 2bf7f6b02cf1eec6c2aa663426749d0a4bd831630983b16379eeefd67be4fbce9c771f4d888cb41c8d13b88725bc10fe403ba08e977e04ecc744c7b8c50ba739

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

MD5 addbac3228beeb9b91c6c82ceb5d0927
SHA1 56a4e1fbe3ebcd9ae8a3d9612716675f5a7792d1
SHA256 22911a92291696a97bd934b37bcb65619dee3548cdd887ab32599e13ccb736e1
SHA512 280c10dc7db1e162234e22e0c922db6939c8b8cb4b12407601baca8df5b762ec9b3866008abf57a3f8c8c0ef9ebc8a8d2e20e1f35187bf046657efcf92c32515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 8278023fac368f67d8b83512b48cf0f9
SHA1 cfbb90dea9e8a9df721806c7d49eff44166b2197
SHA256 1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d
SHA512 e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 e1831f8fadccd3ffa076214089522cea
SHA1 10acd26c218ff1bbbe6ac785eab5485045f61881
SHA256 9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac
SHA512 372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 0c2234caae44ab13c90c9d322d937077
SHA1 94b497520fcfb38d9fc900cad88cd636e9476f87
SHA256 d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912
SHA512 66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 c82fbaa7e5113d3ed2902a3500ec8631
SHA1 c9b4889980899c0f2aea9ac8d0bae28b59e6add3
SHA256 4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278
SHA512 fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 a4b04ba2b9a56f5911fee0c29629e53e
SHA1 939e8e65e22ae978a6b63dd1400fc6f58c5015eb
SHA256 523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025
SHA512 1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 7b9cb0b6c9837bf7d7529689f6b1af8b
SHA1 18fb7b11ce3f7ab9bc9b339c3bddd0adba256ac8
SHA256 40bcfc603a1d58a67b524342a9d2b2cb327c54e96dcbeaf1e25b490f7d9243b8
SHA512 2e03cb144295410dd3e0515db2203b2d4d7c44196c5776c98563fe9f32071a6c6319be03c3f98a508587778beb0a0de6d8adf95e8b3dca20e35e7beb71d7b2d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 279a08187fe6dd2fc9af819e4a104b4d
SHA1 9d3cd1b396cefa97cd2de96a327da6daa457950c
SHA256 ea3b8ac34dd2156a5c83cc7d282db609ac01c87e45d129839630580e7cfefddc
SHA512 9c19e345474f6535253fa4c6ff1a230069752b7c34141924a90c1c54975c26759851cd618d10af601c3b169593b935364fce8b0662d3282ef4520e23c3b0fe37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 7739350f11f36ec3a07b82584b42ab38
SHA1 d97e0e76a362e5fce9c47b7b01dab53db50963d8
SHA256 d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75
SHA512 2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

MD5 9ccb3e387ecf1d1c32d33a33b61db8f3
SHA1 9d6625afcaa4d6bfe223268ccf82ff32ea9532a3
SHA256 3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b
SHA512 05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a00a1760e8bc39f_0

MD5 ce7ad7c51c761fb24fe07cc35c6b59a3
SHA1 deb53e6cbef59d9ad0a248b7def1eeb11deee26c
SHA256 8fc64ba7c49066918584badbdf75bbd31c4eac98fcf9436a665d9d0e9261e712
SHA512 559a517970f7c523916908bb23c897c6b90021c91440f70812662887eab0cb0844a95fcdda93c0f94edc03bf6c5e61b0485c2b4626a84b188f172adbf7ec76dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b88f65c875df9e5a_0

MD5 66982595b79e57b9bd895def54e05eab
SHA1 861f9bb6eb1db8f42b204776ce7a168b34d3b389
SHA256 6af5ac5d315fc0e6882ec872ac05fe05860bac90389bcc4439b253a1ae3d0d5e
SHA512 9d786835c11a071bf76ff89adaa6e01515fb8e57c034902dd8cc1ff539cbb80c4bc7eeb81a33816c9f9b39adfe446cdb8d32c12324a4897702624330d561a660

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0

MD5 47bccb5f14ad207d34fb71f38bb000e1
SHA1 a5fd725dcba910799d68965441c26e3936075879
SHA256 cbc46069855d6c80e0d2941899448d178d084f747ba4ad016c68c9115203d60a
SHA512 88286faa7904f55b020db94dcd569a06074e93f225ebddd0572e909db1d35fb6c39328a90d95230cbbaf32c834461253443e6abd5f65927d598179a1fe577a51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff1c2cdc18ed865a_0

MD5 b6e2db2a81841884ad77e57e0e39e6e5
SHA1 250723a8f4f7a972803f06484771adfd04837d61
SHA256 f4c2667e46858d5b1dc9abde82dc19e332c222abb698522897d7dc392ce7bc6f
SHA512 521299cecf3e038ccb3374a205b9948a73faecde791f5cb726fd77a792f560f74f1cfd573763299a29f66f9d8211ce20e18de5ea9576bfaabadabe3409cd512b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 af2a94a15cfc70b46dab2757201adbcf
SHA1 577ed407721aa8ed700d7efd91a9ae4abd88cda0
SHA256 2a36ee45320b297ec23e9f2fb1f35d224b08a3f767264241e30198359906a555
SHA512 0b33d31fa94738e6502ec94084aed66abe5d36e162d20391aeb5bb2b260c38ba30f9e5cc543a1dbea5c0789bde20d7601cca97d778b533cdb12fd3be35be8db7

C:\Users\Admin\Downloads\42.zip

MD5 1df9a18b18332f153918030b7b516615
SHA1 6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256 bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512 6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e9473ee9ba3bc8d735b56ebba523894
SHA1 99c08e322e819c8a380080b8dc2b71952712ad90
SHA256 039e1ed14f2481334acdc104bfd18926ead5ca99c82efb6f36a138ea22021c9c
SHA512 40503251066cfa175c7649c42330f3ecd202bb1147af75208245b61413e4ac2d0b04cef3415e1fc7b1f43b4c71e86207b856ac372b824d8114c6a74c55c61e30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\74f26f58-998f-4b55-bf86-11afe6904751.tmp

MD5 ddc0bbac2d7148b14f19a86082dd33c0
SHA1 f2c7b8170ea98766e2690d4a663e681e0acbc581
SHA256 099055fc9476617841eda784b06b421ed0b7805f703b5a45fe0937fd0e37ac7b
SHA512 616353bbc478b49b7a9422feab3fdcdad8c4b603049f8bea2eb44feb8df836bdac23a481469aeadc59698fc101c05fb07876657d9e50b8954a0a55fdbe862b43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d50a992fd2cafaa7d5718e2edc8f330
SHA1 306a5f658c7085b141ea5437cee55052e9c55247
SHA256 8ee5363aa4c583262d84bd3782efc82016b1596051357206c44b720e6191ec0b
SHA512 98320863bbcacb6fc062492eac9a131b2ff8f26457d639df8c73c2896878ce2b75408aa90fd42ee0cb207d8845f226a40ffef091a6d9b7f4fb741b6be019a0d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 045a0c6ef70b656af63f66f6243b7451
SHA1 81de9990125b26eb731647f1ccded0185ecbbb42
SHA256 c3c9761f9bdef4f41180131e214a8a4c6c395ba10d52d4616a08fa6884573c36
SHA512 3e92380c8ac71ad455f135e2276a690185a50893c991c49f46335f01a6b809c77b7a31a62f3b45245fc9e91b52454425989e32a2b4789d91307842693586e96b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c45edc20bf6d22297e32bc2a47e8c2e0
SHA1 98818b1838159c792db0213013a7e79872d36f64
SHA256 1136ca0d8ea5ed2720be204d1289061b5c2768ea93c3ae61ca14ace5021891dd
SHA512 923eb9fbc6ac9a1f0f6d7f6f28e4b730723725402ffb2b9987a3ffd403488981052bd1345e97a534556e4f2478a4491677f4481988f0044dad028f309c48470c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7e5c9975049340196c37709abbcc798b
SHA1 12ca5d7def85fdfcff68e4c1585896ea4516d072
SHA256 b19ee0c3eb65c9a53e1eb4aa53afc78407ee51c4f7a6e14d8fad71567afa55b3
SHA512 d7f754f45ca3c5c0318fdef7aa747745c239ffd40af8897c309e516f031bb6f08750b1d168e4fdbfe56de43e70952c92ea4d65f0fcd431c65be1b41ace9a12d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4607a8c237aa73a13e58534d95d96a4e
SHA1 bb212ba490a686afb4377a44e2a581b6e9ee07ee
SHA256 6dc177684ed8da12cf0f7b7c12588ce365d3e30e9dc54ff9e6f5268c164940a0
SHA512 8664e4bbde819ad02ef30b8adca7d096f31fbd9ec0745632537f16b7e4bc72cbf4ec6425a94bc23c922b08cd18cac27297c4f28e036dab25b45ca5bf287755a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb7d2f284a9b3285672f34dd1362f3af
SHA1 0355491ee57efdee34f0ac97ee2b78a0fe1fc462
SHA256 4fce64f86089c100e3ccf086f7cdccc45fb360e78e54915846874f11457def54
SHA512 db098600d6a13bf11bec3aacb622b649652c2315d89613ad7e32947a52d253796553f4c66381902f6c5160f7048b8b8d9b114a8452afd2e383f3433f82754c00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d35820e3d448c84b050996e99ad9be8
SHA1 8c0250d5a0db303293770c52cc898f4ff1635842
SHA256 56f4b8b942f02d8204f825633abc9ccd143a8165405c52bb85762817c013c44d
SHA512 20580004cf51981e9050f4dad6e9198ffc528ee2908fe01b2bdb8ea349d1ec80a5ad4f9e122deeed890571da1a62bab819a59c1041ab6184afe061001681c40b

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90f0cef290cad69d02bd4a40d5f42c44
SHA1 df9930b5046f3a52b3d9cae075ab1d8eb2f2f822
SHA256 a826b1c9a974de43b3c2433c771b2921327eede0eaba34a58c1c94ab3fd80961
SHA512 f73dbb581100b398f63485b4b1e77c0e0d65f262bb054270c54ea1cff152211cbb5822370d23eec6a7ae52585b8f6e163899076ef770233244ce7cd0f0901794

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab03b2006360fa0cefe856b7c8ba6b4e
SHA1 002571093a0a199f95bb7c6267edf7d236756ce5
SHA256 f08a5ac75c95c7919c905553cd5f66cbf1aa23a3f279d1cdded2129ed7ef361c
SHA512 0fe68d845ec37ddf7be60ca1f65e0f90ad64922b63c000d662ee9a15aec4c7c343106a214ba05d659b9d404e18a36668a3411b3332739282215a946fd62255df