Malware Analysis Report

2024-11-30 13:36

Sample ID 240603-143f2aah41
Target Lossless.Scaling.Build.13165770.rar
SHA256 6b1da4e1d3f7d39a4375a37b118a6553b08f666bd8736d69a185b5fe7f29c1ce
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6b1da4e1d3f7d39a4375a37b118a6553b08f666bd8736d69a185b5fe7f29c1ce

Threat Level: Shows suspicious behavior

The file Lossless.Scaling.Build.13165770.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 22:13

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 22:13

Reported

2024-06-03 22:22

Platform

win10v2004-20240426-en

Max time kernel

532s

Max time network

534s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.Build.13165770.rar

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619265221658103" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1\0\NodeSlot = "7" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "6" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1 = 4e00310000000000c35813b2100054656d7000003a0009000400efbe9a586b64c35813b22e0000008be1010000000100000000000000000000000000000078422300540065006d007000000014000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b453dc33d697da01da5818ebdc97da019008b4b603b6da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\1\0 = 8c003100000000004558efba10004c4f53534c457e312e3133310000700009000400efbec358d5b1c358d5b12e000000f3d9010000000800000000000000000000000000000038c215004c006f00730073006c006500730073002e005300630061006c0069006e0067002e004200750069006c0064002e003100330031003600350037003700300000001c000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Lossless.Scaling.Build.13165770\Shaders\LS1.2_S3_2.exe N/A
N/A N/A C:\Lossless.Scaling.Build.13165770\Shaders\LS1.2_S3_2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4680 wrote to memory of 1516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 1516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4680 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.Build.13165770.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap9642:142:7zEvent26981

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1861ab58,0x7ffa1861ab68,0x7ffa1861ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4636 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5112 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3152 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4472 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4376 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2380 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1956,i,8741397276220984205,830664443899948286,131072 /prefetch:8

C:\Lossless.Scaling.Build.13165770\Lossless.Scaling.exe

"C:\Lossless.Scaling.Build.13165770\Lossless.Scaling.exe"

C:\Lossless.Scaling.Build.13165770\Lossless.Scaling.exe

"C:\Lossless.Scaling.Build.13165770\Lossless.Scaling.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCMsvzmiaTinASbUvDTSZ2Rw?sub_confirmation=1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa18b346f8,0x7ffa18b34708,0x7ffa18b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,5534384409494808408,7678754253900149473,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x494 0x468

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Lossless.Scaling.Build.13165770\Shaders\LS1.2_S3_2.exe

C:\Lossless.Scaling.Build.13165770\Shaders\LS1.2_S3_2.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s CaptureService

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 pyinstxtractor-web.netlify.app udp
DE 3.72.140.173:443 pyinstxtractor-web.netlify.app tcp
DE 3.72.140.173:443 pyinstxtractor-web.netlify.app tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 d33wubrfki0l68.cloudfront.net udp
US 8.8.8.8:53 badgen.net udp
US 8.8.8.8:53 img.shields.io udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 18.245.150.194:443 d33wubrfki0l68.cloudfront.net tcp
GB 18.245.150.194:443 d33wubrfki0l68.cloudfront.net tcp
US 76.76.21.9:443 badgen.net tcp
US 76.76.21.9:443 badgen.net tcp
US 76.76.21.9:443 badgen.net tcp
US 76.76.21.9:443 badgen.net tcp
US 104.21.80.27:443 img.shields.io tcp
US 8.8.8.8:53 173.140.72.3.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 194.150.245.18.in-addr.arpa udp
US 8.8.8.8:53 9.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 27.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 apis.google.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr5---sn-t0a7ln7d.googlevideo.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-aigl6nsr.googlevideo.com udp
US 8.8.8.8:53 i1.ytimg.com udp
GB 172.217.16.238:443 i1.ytimg.com tcp
GB 74.125.105.137:443 rr4---sn-aigl6nsr.googlevideo.com tcp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 137.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 74.125.105.137:443 rr4---sn-aigl6nsr.googlevideo.com udp
GB 142.250.179.238:443 play.google.com udp

Files

\??\pipe\crashpad_4680_XOLYSRXTUMUSJPNQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\83779ac6-359f-4700-86c5-56342f4e6d7e.tmp

MD5 1679222730e6819c489befc874e92fa5
SHA1 0fc2c1d85964dc59aefc077ff1c8ea747d11cbeb
SHA256 24cdfdc87b8f14a3d720eb92bd7a0199c57a746a138bade4d6f2218d3f72a921
SHA512 9e203f12f430286d318cac1093f044b6bee4ea5b05d530b49bc96afc0b01243c863bc2abeeb339a0a595429796b49adce409ede992bc24de3de680e0ce204288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af88a4c4-e78d-422b-bfac-d1140a47ac68.tmp

MD5 13e9f9e36298d7e61f220ebab9590d2f
SHA1 485b85894020f4a68775ed8d43d42b44d39dc777
SHA256 e5a2d8c8c97236d5500d1887698249e6e4715cb2758e54806214afac9129d385
SHA512 7379860356327ad1c5095aa691e4ec84ac3895057fa6af5edc313f0998b4c9a0fe153ef95f281b021c22541562814e76a42a540691f47e159e67cf9be41bbed9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e9123241ad02bc3217ed0b790a3faa4
SHA1 5ceaf645cb091e7b34aa4f841efe44317bf6c3fa
SHA256 3f9ed1306432bd8c86ecd500192ab61dd99fb6bb0cde57cb18f744449f359501
SHA512 5143ef47cfa1ab0e4e890da5a7363cc402773989b1dfea9efde767ce28d9e6f9f2f9bf5d3b2ab4ec7b635a0ba772bafc57d740f130b03bce820dd2b13dbfa211

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8ba427c7843469d0a9d08be477af7cc4
SHA1 e51f7d6c4d00d4036f05941e321ebadad206416a
SHA256 deea1d53650066c390187cdf8984f9abad3665f4088ddb490395a7d06d599e13
SHA512 6e9d87ef4d3ff164381b09237effc37d3681bf79bda8c0bc0cfbd99393ce301d32ff660d3efc48a587dba45ffe09b1b817dcc2f928c1cdf5c00679c018f003b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58f8c3.TMP

MD5 f9cbf2baaef4c8b501102ee46234873d
SHA1 395bf996bb7e3c9e9e968788718e50fc4733b61e
SHA256 35b873fdeaf9964e3359c7490eb1bed47f818914984009e8f995d792f4ac9d6e
SHA512 d70dc6f4d2e32ecefe8589381ced3a026891ab1a040e483b79a5ae44ce0731fb6738c32d33706e34128923010ebbd96fb67186e6c8922f923dc80ec89b090d39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d052f9c40413ed1a236f3ca6a0d0c936
SHA1 cf1ad0f3f8c93843d33051621f6e7a185781abf7
SHA256 8136000cf51a1ad5832f0c6e608a5a9e40e921f7e6c22287a7bd96819eb264db
SHA512 d30f0842ece907d61479aa8248ddcbb8be812a9e084399d7c177afef086cb90f5b99f71fcb39b77756c848426f14bbcbf24719f1dddd30a5acfcbb0e2677fd0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a838babf16548169d4131e2921805820
SHA1 67e40b81f5ce8e3ba90b28510ca1b9f79df57965
SHA256 f36b328f7827420ecfe309eec98b90567310ee31ebd4f28491f928b53bd4e377
SHA512 f299d1f4d881a230265ef15bd4f4a8cb17c56dcd90d737fa95e827acfeba12deeb4571041f9b832532883572686bbf394f7ef3d5403c829b8da6727c06046e75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5f657408162b9b34496ff8b48c26a758
SHA1 8ced24f2e0876e7ca5ffd148bfa3f70f64120316
SHA256 09ab162f1b7aefeaaf744f23591ecf5c1a263877a5023d4c153d372872d87f00
SHA512 6e7e1b04869e6c91292f0047d5fb5533038e8614a1cbb6e3cabd9e8b3322db25b4b9c83372d05c5fa7f2a82c0c4895af3de885eb73e7a8ed0428b5f85ac1bd8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bfa531d1884ab308eded02c39ece8a2
SHA1 2eb84f6d19e205055c954f77a0caa6c77612fb8c
SHA256 fd399cf310b4eab2382efd1b9b695058353278c0959928fa9c97bef1b74dfda5
SHA512 340a0141fab8824f702efd989eea3a4d726466f78f81d63e6dcccd79a748b11424f555aedbfaf32a933ece16b571b2808991f362ea73c20b18e44d61406a941a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49b820b0626e1439918237c3bd78c76f
SHA1 6c2f9c14443a468d86fe29a03d9bec4ab8756d50
SHA256 3abed1206f763ef44c9214097c69b2165e6d2e1fb4b34c0bf4619a99a1e8a80d
SHA512 f14a23a6bd63e280d0ed68cddc74a403f5636b567ece95a46a1c592cd2b7e8b1253c42d8cd23170e264afac5129fab7eca95409d2622f45c293342dad6ef1a3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a21e2d017b18e38756acc535b2254b2a
SHA1 bcc269d9bd0fc06c22e90fb782943e49a6a683d4
SHA256 7b22306f95c1da56b557a76a446b2da3246af1dcc27dcd351ad50cb7814988b5
SHA512 9d31960fd23a97aaa11f9b3edbb4d1ec5bbd1c129614765188fe45c0b1f052214a2d3836033c7380876f9c38d85e2ecfe924052e00b943901a6dd159a291e95d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ceb4624992b2590d94be6986c729e87f
SHA1 08cd26fdb4bfe03a63c5ab96ee96f7739931396c
SHA256 17a0c01279b7400e751afa29b71941fcc77a043bbc4d0f21d9c4fb15f4909eca
SHA512 461a15ef36a0f4c21196ae7bc4c414b9b1e331e831384a685d00c97f4e07f380ba3135c40cbb29564dd08cec2b508dd35cf48e2f22c2a81578a8ac4b78570551

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fda8aa6e636f56124e783ca3de3ba693
SHA1 5f3b8cce6ce5832cdc0e87dbabe0d6f76ac8ba75
SHA256 22cbf4a16a64c6e674f0c9467fce77879dccc6783a9d309e38ecc4fe0d9b5a9c
SHA512 797ce27c86f091879491325853508e27338425992f910bd7ab0e499b1da26eea44c7dbb77cfca938f91619edf13428f3af3d27271ea03ae536cb3a3d6e1b7b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 47a3e049a0887acbaca51f31165c99e3
SHA1 c8292c0f2e0b5525fb4769b19678541754b4e460
SHA256 b0385d2850c543808f7681048b1a6ebff7482841ad0ec9ba8618f0739f94c674
SHA512 735e2db0bbe6e4fa8618d40040124eb887792eb1867fd27caabc29087c39060cb795bed8815da23c442bc04c49ca2260cd770f4f60eccd2104ae45ed3493b746

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ae996dac-0324-4639-8725-5f358ed36f06.tmp

MD5 f8b9e0d49881c20d51bba1ba5a6767d0
SHA1 8ec3a448086a0897a0aa7f0d34d66d50777f509b
SHA256 94f9522ac63ae58f0f44a8f427603cdf4d517f5cbfa370285a6bbac32949dd97
SHA512 87a616e895f81fff09f433462054373e3ad45f1f6510fc0b657a8a0411953c2b050d983c0a3a8b388eba179d315baac68af5fe56a7298b9e4b105e973f4d2de1

C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.Build.13165770\Lossless.Scaling.exe

MD5 02d862d95d0128b0ac29720219f769d2
SHA1 3f92888fd213771f28e088dfaa1f6a82a86d2a8e
SHA256 fbd89c8ff6293241de93e12705bdc65701198ec437a5010874d0e004eed9a548
SHA512 55932f62aee3d62008da31ec18c4c00abe1733247e151f882aca3a5f4cd8c3deb1c773c20a56f996596346722b2ebc4502a90149901e3527419f8af4a22ce0a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a66e23a521797c47bae7baf3761e26e
SHA1 d1d90c938e8ed7fe3eaab6758ca0956a4efdc935
SHA256 c24dffe94a2eba4614c29d3e86848031c9107fa58c4cbe16bef7e91aeb3c9230
SHA512 d90098f106e21f3d2beded3529bf34b28d6d274c2fcc22d79cdc79ce2dacdedcca7dcb06a881730fed976788a736f3b4a7fac25c9ff001ccc6dad4e52145cf3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6358cb93948f3ce8666141c1464397b
SHA1 2b8549911db04549ea87179316dc6a387efd7f15
SHA256 c9377b5f33e20210a0ba6614327de278dc96c6267ff99c7a60fd9541bc93fb3c
SHA512 98efb896e77c6679e24245eb0e475a7cbef10076b05af48ef55e8a70e0b474091d553b9ca29373525afbf89b2c6002a358a645f31018ce1211f7711f31994fd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 93aff94230b64076690bd98b6dd3f74b
SHA1 bbbce6dcbaa7fd594d1480395d65c9f88fbbae84
SHA256 5cf3da73832ac0b155657ae8b0b4a221d46b32dab5e8684570a1029fecc457eb
SHA512 524e8c92a58dcb8bf2a5d7b9d999fd2f5ba8c03776066014fa5c824d8632ee37c8d54027854fdc9040bb512564810790b5256d6580611ea2e3bcf88da28a382e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7eabf9f6ef169a10156336773acbaf58
SHA1 fb3d06cc463772e20bb3c7221f98d3c10226428f
SHA256 6cd2a1dbe23d4cf8e0bb27460b7f4c142300309dde63d80ae13b6a488d635b39
SHA512 3c07c986eeceaa17d34ea2f400016a918d12ecdbf57442341b8fae85bafee456bacd3b583c4d496b841bc7608d3752c76fc8f0831abb32493447bd50469f7514

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a106c.TMP

MD5 aa2f1acd1f99237e0cb89ec121fb391c
SHA1 8b24eb88c783fccc5d57bd2fbe3f371282b136e4
SHA256 2619f0ba5d17ff7e6eaf0bea874153ed0e44a695839d214242cc6d9efb8b4d9e
SHA512 f4776b2a5643d57ca4a2a45ab306afcd33d76c03d8873fd910033c31ee8c0ff92126c0a9004115c59b43924f6631b4a5e14693becf61a7b4a7d7f122b40a31ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9433a0a16b1c7cd14331c6654169bedb
SHA1 9fdbb41a7b294becbdd1f3b7cc030a36359a913e
SHA256 26ef41d92a2b2382f7848f1f1c75f2dde8d219ba15ddd8f40443d648bcf85f34
SHA512 bdbdab973540a3158c47cf927b3ddcc8045d597ee83b78e3fc9fd5aab3810147cf243a8c9df1c1ab40817e29bed42acd68226bb7a5c2e4073fa38814d9420439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ef5d5120-6f55-4817-9cca-4ec045b72611.tmp

MD5 4ac2f7e58c7edf868ca1eec2da835f60
SHA1 c80eb597c836f88b36a2a73f583ac4d5e6a5f19c
SHA256 ec80db259020024a7c8f2b7a210429dbacfba2396ca0843fb7d033930e70861d
SHA512 0f7e91991c3bd4ceb727ad915ecb59af98a8751a77795b8410dc3cca8139afb0b21d6f9b0a08562ad8c0b07a9ea9c560cc589c765a4ed657c6b77ec108a8235c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 003565b583a2b341be6b808a1441bc37
SHA1 e40170c176da0322fddf386efa38e0ad0913ffeb
SHA256 056075a35042bc7a79eb4154a7e09097685066308fdf7683e789594055f03c57
SHA512 61b4287741a5c7a1b764441639df2c1b00b0092ccf6199fc7eb54f417673cf9378590306dfa23403e05109275840d93a42b0c4350a60c4eaad0ce9b634ab732d

C:\Users\Admin\Downloads\Lossless.Scaling.exe_extracted.zip

MD5 59e33b94c1f906b86f115ab238583532
SHA1 66f39cc2188f983a98a28cbe31b788b22afec8e8
SHA256 6d973332a60d33748293a13a1cecceb6125fa4b0369bdc32510c93e8518c303b
SHA512 91cfba675a59374d8b49ba6d3b85fcf7b9116edfebbc7b0a677706d0560ce979bef853aeaa785d3478fc32a417465f711607a63dd1373da12854f6c9a8d5d609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d41475e1e3f4346a63664513ccd769ca
SHA1 2b5d9859d7c4ac7e7cc003257b33aeba447cdbaf
SHA256 ef202564c776062506a61512537f2680d1160ecbbf6c4dd766cd8d667a5fa950
SHA512 0fdaddac762d3415c8a37dd5a789114cd3286b04adefa95e3013d24e31280bd6a64f949d041dd2e516dee2f61d3cf51e14520c39fc781c2c93f999865b15c14b

C:\Users\Admin\AppData\Local\Temp\_MEI44602\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI44602\python311.dll

MD5 a72993488cecd88b3e19487d646f88f6
SHA1 5d359f4121e0be04a483f9ad1d8203ffc958f9a0
SHA256 aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038
SHA512 c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

C:\Users\Admin\AppData\Local\Temp\_MEI44602\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI44602\libffi-8.dll

MD5 d86a9d75380fab7640bb950aeb05e50e
SHA1 1c61aaf9022cd1f09a959f7b2a65fb1372d187d7
SHA256 68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b
SHA512 18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-util-l1-1-0.dll

MD5 427f0e19148d98012968564e4b7e622a
SHA1 488873eb98133e20acd106b39f99e3ebdfaca386
SHA256 0cbacaccedaf9b6921e6c1346de4c0b80b4607dacb0f7e306a94c2f15fa6d63d
SHA512 03fa49bdadb65b65efed5c58107912e8d1fccfa13e9adc9df4441e482d4b0edd6fa1bd8c8739ce09654b9d6a176e749a400418f01d83e7ae50fa6114d6aead2b

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-timezone-l1-1-0.dll

MD5 2554060f26e548a089cab427990aacdf
SHA1 8cc7a44a16d6b0a6b7ed444e68990ff296d712fe
SHA256 5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044
SHA512 fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 9ca65d4fe9b76374b08c4a0a12db8d2f
SHA1 a8550d6d04da33baa7d88af0b4472ba28e14e0af
SHA256 8a1e56bd740806777bc467579bdc070bcb4d1798df6a2460b9fe36f1592189b8
SHA512 19e0d2065f1ca0142b26b1f5efdd55f874f7dde7b5712dd9dfd4988a24e2fcd20d4934bdda1c2d04b95e253aa1bee7f1e7809672d7825cd741d0f6480787f3b3

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-synch-l1-2-0.dll

MD5 dd6f223b4f9b84c6e9b2a7cf49b84fc7
SHA1 2ee75d635d21d628e8083346246709a71b085710
SHA256 8356f71c5526808af2896b2d296ce14e812e4585f4d0c50d7648bc851b598bef
SHA512 9c12912daea5549a3477baa2cd05180702cf24dd185be9f1fca636db6fbd25950c8c2b83f18d093845d9283c982c0255d6402e3cdea0907590838e0acb8cc8c1

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-synch-l1-1-0.dll

MD5 6ea31229d13a2a4b723d446f4242425b
SHA1 036e888b35281e73b89da1b0807ea8e89b139791
SHA256 8eccaba9321df69182ee3fdb8fc7d0e7615ae9ad3b8ca53806ed47f4867395ae
SHA512 fa834e0e54f65d9a42ad1f4fb1086d26edfa182c069b81cff514feb13cfcb7cb5876508f1289efbc2d413b1047d20bab93ced3e5830bf4a6bb85468decd87cb6

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-string-l1-1-0.dll

MD5 84b1347e681e7c8883c3dc0069d6d6fa
SHA1 9e62148a2368724ca68dfa5d146a7b95c710c2f2
SHA256 1cb48031891b967e2f93fdd416b0324d481abde3838198e76bc2d0ca99c4fd09
SHA512 093097a49080aec187500e2a9e9c8ccd01f134a3d8dc8ab982e9981b9de400dae657222c20fb250368ecddc73b764b2f4453ab84756b908fcb16df690d3f4479

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 772f1b596a7338f8ea9ddff9aba9447d
SHA1 cda9f4b9808e9cef2aeac2ac6e7cdf0e8687c4c5
SHA256 cc1bfce8fe6f9973cca15d7dfcf339918538c629e6524f10f1931ae8e1cd63b4
SHA512 8c94890c8f0e0a8e716c777431022c2f77b69ebfaa495d541e2d3312ae1da307361d172efce94590963d17fe3fcac8599dcabe32ab56e01b4d9cf9b4f0478277

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-profile-l1-1-0.dll

MD5 9082d23943b0aa48d6af804a2f3609a2
SHA1 c11b4e12b743e260e8b3c22c9face83653d02efe
SHA256 7ecc2e3fe61f9166ff53c28d7cb172a243d94c148d3ef13545bc077748f39267
SHA512 88434a2b996ed156d5effbb7960b10401831e9b2c9421a0029d2d8fa651b9411f973e988565221894633e9ffcd6512f687afbb302efe2273d4d1282335ee361d

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-processthreads-l1-1-1.dll

MD5 4380d56a3b83ca19ea269747c9b8302b
SHA1 0c4427f6f0f367d180d37fc10ecbe6534ef6469c
SHA256 a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a
SHA512 1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-processthreads-l1-1-0.dll

MD5 8e6eb11588fa9625b68960a46a9b1391
SHA1 ff81f0b3562e846194d330fadf2ab12872be8245
SHA256 ae56e19da96204e7a9cdc0000f96a7ef15086a9fe1f686687cb2d6fbcb037cd6
SHA512 fdb97d1367852403245fc82cb1467942105e4d9db0de7cf13a73658905139bb9ae961044beb0a0870429a1e26fe00fc922fbd823bd43f30f825863cad2c22cea

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 8711e4075fa47880a2cb2bb3013b801a
SHA1 b7ceec13e3d943f26def4c8a93935315c8bb1ac3
SHA256 5bcc3a2d7d651bb1ecc41aa8cd171b5f2b634745e58a8503b702e43aee7cd8c6
SHA512 7370e4acb298b2e690ccd234bd6c95e81a5b870ae225bc0ad8fa80f4473a85e44acc6159502085fe664075afa940cff3de8363304b66a193ac970ced1ba60aae

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 eaf36a1ead954de087c5aa7ac4b4adad
SHA1 9dd6bc47e60ef90794a57c3a84967b3062f73c3c
SHA256 cdba9dc9af63ebd38301a2e7e52391343efeb54349fc2d9b4ee7b6bf4f9cf6eb
SHA512 1af9e60bf5c186ced5877a7fa690d9690b854faa7e6b87b0365521eafb7497fb7370ac023db344a6a92db2544b5bdc6e2744c03b10c286ebbf4f57c6ca3722cf

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-memory-l1-1-0.dll

MD5 c4098d0e952519161f4fd4846ec2b7fc
SHA1 8138ca7eb3015fc617620f05530e4d939cafbd77
SHA256 51b2103e0576b790d5f5fdacb42af5dac357f1fd37afbaaf4c462241c90694b4
SHA512 95aa4c7071bc3e3fa4db80742f587a0b80a452415c816003e894d2582832cf6eac645a26408145245d4deabe71f00eccf6adb38867206bedd5aa0a6413d241f5

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-localization-l1-2-0.dll

MD5 20ddf543a1abe7aee845de1ec1d3aa8e
SHA1 0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf
SHA256 d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8
SHA512 96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 8dfc224c610dd47c6ec95e80068b40c5
SHA1 178356b790759dc9908835e567edfb67420fbaac
SHA256 7b8c7e09030df8cdc899b9162452105f8baeb03ca847e552a57f7c81197762f2
SHA512 fe5be81bfce4a0442dd1901721f36b1e2efcdcee1fdd31d7612ad5676e6c5ae5e23e9a96b2789cb42b7b26e813347f0c02614937c561016f1563f0887e69bbee

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-interlocked-l1-1-0.dll

MD5 4f631924e3f102301dac36b514be7666
SHA1 b3740a0acdaf3fba60505a135b903e88acb48279
SHA256 e2406077621dce39984da779f4d436c534a31c5e863db1f65de5939d962157af
SHA512 56f9fb629675525cbe84a29d44105b9587a9359663085b62f3fbe3eea66451da829b1b6f888606bc79754b6b814ca4a1b215f04f301efe4db0d969187d6f76f1

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-heap-l1-1-0.dll

MD5 6168023bdb7a9ddc69042beecadbe811
SHA1 54ee35abae5173f7dc6dafc143ae329e79ec4b70
SHA256 4ea8399debe9d3ae00559d82bc99e4e26f310934d3fd1d1f61177342cf526062
SHA512 f1016797f42403bb204d4b15d75d25091c5a0ab8389061420e1e126d2214190a08f02e2862a2ae564770397e677b5bcdd2779ab948e6a3e639aa77b94d0b3f6c

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-handle-l1-1-0.dll

MD5 d584c1e0f0a0b568fce0efd728255515
SHA1 2e5ce6d4655c391f2b2f24fc207fdf0e6cd0cc2a
SHA256 3de40a35254e3e0e0c6db162155d5e79768a6664b33466bf603516f3743efb18
SHA512 c7d1489bf81e552c022493bb5a3cd95ccc81dbedaaa8fdc0048cacbd087913f90b366eeb4bf72bf4a56923541d978b80d7691d96dbbc845625f102c271072c42

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-file-l1-2-0.dll

MD5 bcb8b9f6606d4094270b6d9b2ed92139
SHA1 bd55e985db649eadcb444857beed397362a2ba7b
SHA256 fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118
SHA512 869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-file-l1-1-0.dll

MD5 ea00855213f278d9804105e5045e2882
SHA1 07c6141e993b21c4aa27a6c2048ba0cff4a75793
SHA256 f2f74a801f05ab014d514f0f1d0b3da50396e6506196d8beccc484cd969621a6
SHA512 b23b78b7bd4138bb213b9a33120854249308bb2cf0d136676174c3d61852a0ac362271a24955939f04813cc228cd75b3e62210382a33444165c6e20b5e0a7f24

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 f1534c43c775d2cceb86f03df4a5657d
SHA1 9ed81e2ad243965e1090523b0c915e1d1d34b9e1
SHA256 6e6bfdc656f0cf22fabba1a25a42b46120b1833d846f2008952fe39fe4e57ab2
SHA512 62919d33c7225b7b7f97faf4a59791f417037704eb970cb1cb8c50610e6b2e86052480cdba771e4fad9d06454c955f83ddb4aea2a057725385460617b48f86a7

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-debug-l1-1-0.dll

MD5 71f1d24c7659171eafef4774e5623113
SHA1 8712556b19ed9f80b9d4b6687decfeb671ad3bfe
SHA256 c45034620a5bb4a16e7dd0aff235cc695a5516a4194f4fec608b89eabd63eeef
SHA512 0a14c03365adb96a0ad539f8e8d8333c042668046cea63c0d11c75be0a228646ea5b3fbd6719c29580b8baaeb7a28dc027af3de10082c07e089cdda43d5c467a

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-datetime-l1-1-0.dll

MD5 c5e3e5df803c9a6d906f3859355298e1
SHA1 0ecd85619ee5ce0a47ff840652a7c7ef33e73cf4
SHA256 956773a969a6213f4685c21702b9ed5bd984e063cf8188acbb6d55b1d6ccbd4e
SHA512 deedef8eaac9089f0004b6814862371b276fbcc8df45ba7f87324b2354710050d22382c601ef8b4e2c5a26c8318203e589aa4caf05eb2e80e9e8c87fd863dfc9

C:\Users\Admin\AppData\Local\Temp\_MEI44602\api-ms-win-core-console-l1-1-0.dll

MD5 40ba4a99bf4911a3bca41f5e3412291f
SHA1 c9a0e81eb698a419169d462bcd04d96eaa21d278
SHA256 af0e561bb3b2a13aa5ca9dfc9bc53c852bad85075261af6ef6825e19e71483a6
SHA512 f11b98ff588c2e8a88fdd61d267aa46dc5240d8e6e2bfeea174231eda3affc90b991ff9aae80f7cea412afc54092de5857159569496d47026f8833757c455c23

C:\Users\Admin\AppData\Local\Temp\_MEI44602\_ctypes.pyd

MD5 df6be515e183a0e4dbe9cdda17836664
SHA1 a5e8796189631c1aaca6b1c40bc5a23eb20b85db
SHA256 af598ae52ddc6869f24d36a483b77988385a5bbbf4618b2e2630d89d10a107ee
SHA512 b3f23530de7386cc4dcf6ad39141240e56d36322e3d4041e40d69d80dd529d1f8ef5f65b55cdca9641e378603b5252acfe5d50f39f0c6032fd4c307f73ef9253

C:\Users\Admin\AppData\Local\Temp\_MEI44602\base_library.zip

MD5 9dc12ea9f7821873da74c772abb280f0
SHA1 3f271c9f54bc7740b95eaa20debbd156ebd50760
SHA256 c5ec59385bfac2a0ac38abf1377360cd1fddd05c31f8a8b4e44252e0e63acb10
SHA512 a3175c170bbb28c199ab74ad3116e71f03f124d448bf0e9dd4afcacdc08a7a52284cf858cfd7e72d35bd1e68c6ba0c2a1a0025199aeb671777977ea53e1f2535

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 412338546a06129505c89339a383de3c
SHA1 e9d57588831acc9d2204468540396ed560f6ddc9
SHA256 dc440a5619c81013dbca3c763bebcbe51637c5542744b41772590a1a17234de1
SHA512 3842d72a7b250944a66afeb8d380fb63272576639b5966e69b0b8ee99141f0a8f22f53443b371dd991368c7d67858fb02be651af3701291763a2675b5f3a9dd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 36dd4b7e7347521e2581690210bf019a
SHA1 d0109030a859f6c584fc82cb8d83190fd302126f
SHA256 11615d1fd6d4bc8385a7757b58dfce522711dabd140e539d55508ea5ff68d5d6
SHA512 970b16059b9325a7f3579a91463237bf9c4fc680ba5c88718506e00708a67f54e5a71d0d4d32934261b7ffc9b809778640493219771431460bc233fb5976a4f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 67d57505a73ac371dd0a2c7a71307047
SHA1 659c70ada415b0735767ac8d7d5139628a3a8a74
SHA256 886bd6fc6cea77e83931a44947bc355e7d5751f2f05722f5830480fcfc409779
SHA512 33d3f139d633a290e442f990e24e811c74a5a73d50eb6eddcffc4ed4ce256889cac60c79c204ab8bfee3fbf982d6e3e2e6e9b83166462e61c9ab35877572a335

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4a45d42bbe9880733555a4a5849a2a0e
SHA1 40e3816ab7855692dee2912a9645fb2f3c9f3130
SHA256 28db88481e07d87d510fcea5e306c7e5cf480c425c658da117ffbaca79fdb417
SHA512 d198f2fc2984c000dfd710c77623bd58865f1f32e10c06eec531d738163711b014c91a4bde8cfe0edbc8f4298d82002cb83dd94df528ddf3c754d359c90e77ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 050590e7b73c521f0311d31de3ecea9e
SHA1 dcd2dac1cb1301927283ded7bea6d6faa9e41708
SHA256 9f0a027811832d12dce7b02dcaf4ab0bfd4f9613afaf8d3f5984b684cac1070e
SHA512 851d3b1f8f4a4e129c00bb9605b5c0d260616bfde6e6a600120137d1fa71ee610d3579e730badeeeb15882a5de09909fb703bcf754b3f3b0f1039bdefa2dcbb8

memory/2232-1067-0x00000221CCCC0000-0x00000221CCDB4000-memory.dmp

memory/2232-1068-0x00000221E7260000-0x00000221E7346000-memory.dmp

memory/2232-1069-0x00000221CEB50000-0x00000221CEB76000-memory.dmp

memory/2232-1071-0x00000221CD240000-0x00000221CD24A000-memory.dmp

memory/2232-1070-0x00000221CD210000-0x00000221CD218000-memory.dmp

memory/2232-1072-0x00000221E76E0000-0x00000221E7792000-memory.dmp

memory/2232-1088-0x00000221E7850000-0x00000221E790A000-memory.dmp

memory/2232-1225-0x00000221E77D0000-0x00000221E7808000-memory.dmp

memory/2232-1226-0x00000221EAA80000-0x00000221EAA88000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 639ee2665d94785396e59a212ca4567b
SHA1 1a9c04c93f799d121a7f8447a16635b94ae48905
SHA256 8ee15e4ad1571f730128cf492442c4f5ec2e5b644e99e7052619e1f54ccf999e
SHA512 b167bb390e9b51370de08654579240b9e46c075ba97d2255b0f2ea5e2faaf1d97e62b46c893255c0a40b8e7d3780648f77ba0028c26ae9ebf415c50669d231a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 094dba976ead3e0d4b1bba2a16c22a47
SHA1 2e56a3347096f645ff6bfef987db725d34763a0c
SHA256 24818848a5ad7e6e97eb5abb6d7cca1d3c00759db3630e74f57987429b621463
SHA512 03af6d66459a59c54c0bcac5bc9c93262ca0597f61d9592e0553ea154d6f2b49e92744139bab3a9c8468f31733ef37499dd8d5f00bb7a39fe5463f78a400170a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49d6c7e0-eee9-4a62-85c6-146ffc067300\index-dir\the-real-index~RFe5eea4e.TMP

MD5 1821f2488df0fd88342fa6389c724ba0
SHA1 9fcd1859b00d6b7cb8e2079c409e94c1009ec041
SHA256 e234a56bc76d4ea98e618846dc8121e5ec3f72e03af32c6bb4a0f6e2dce75a52
SHA512 fd728200cdc40cf471463e65820f5d7d7a001eea462ef88ea0908b67177e859f8b910b6dab3966358b8dabfcaac58d9ddd78f5193a8bfef738c38298f20eae0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 339e121ed48a0a92ee964f04e10586f6
SHA1 918bfa7b9936c53f7e7250859f3804e9df9bed9a
SHA256 b0f438f66351716ca331e20c807bd4d2156cb7ede3e2b945c1094e80394d63a4
SHA512 a15a92f76146b74735026ba1d63d245244642d0ca334a21f3bf8fe6d9b13110e20c46c845aa91da957ab0af34bdd8b406963df2941963aa89f566abfb0b9b84c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5eea2f.TMP

MD5 e423961f9b17a381b208102cb72effad
SHA1 adfa8001acd794493b39300a47fe2c729dc50b37
SHA256 ddc47e13741d72a2363182930ac3aaded8f1c4a97370520ee5db5d0efe25bec1
SHA512 efd819605ae70994fb68e1ce21c7fe2e5b3a55afbd5cc8197da9254eba01fc0487e0815a3e72821c662d90caf6a550f7db6932fdbce7f4f265e4dd763baf54a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49d6c7e0-eee9-4a62-85c6-146ffc067300\index-dir\the-real-index

MD5 27277088b8d7dd1b3b20a3703e3f20bf
SHA1 7dea23f7dd1e0e687b9026c4ea0a49dd914b41ac
SHA256 534bd29c8117a57cf66324bb05c66da97540f5a0f0fd26bd1429c98659821ac4
SHA512 17cf25ed8624cbcf6e2a021bf0172bdda4a7af521f03456057303aea1f383d6562faa1e0fcc4e581535ca6e6b1f2f12e9b0321a22d5178f705fe01427d56805c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\69a4e7ad-d92a-42d4-9563-6a48468d63f3\index-dir\the-real-index

MD5 8cd6872f06ec6493b4a05d8d3a3a8c7e
SHA1 e9140593af0f208668230080f1c5a38ca8552a48
SHA256 fc15dc1d4a9b21a11e46d68ee6f0014d7fa8a31deaf012f22d008c2cfaf83c39
SHA512 fb4538085a878c6dd0ffdb33e6c62677a41d53588ad4f8642df5174858df2b1a9a00540551fbf4e0ac65edc52b386d685aac239357b627d0820c07ce3b6f092b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\69a4e7ad-d92a-42d4-9563-6a48468d63f3\index-dir\the-real-index~RFe5eea4e.TMP

MD5 f5ffd6ee8680ba0788ba437f5637c8ce
SHA1 48db19ad4e39295d70a7ea8ed59047b4ea7c55fb
SHA256 04e285fac127358865284c06d6fee83315159d62e013d11799741f125c539ed0
SHA512 e07d1d721e74de709fd05dddac6154ded571bd4c2a289cce2d12ccd1312148d1f2d7268d85d80833739e6a2dd261cb25103da777b6f9a7f6a7b895d2c483bc4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b617f9418d7b9c535a5f2fba97acd5f6
SHA1 69ae72f96c66a6a18877f91b699ca90ea7522525
SHA256 d4c18c031015a115fc35cd3e6654ddfc49c3353780e66f7ce0a0184965ecfa7f
SHA512 e9f1ca41ef9ad02a150d327f55c6bfadf4ca474a393da1bd1403a41bf51c87c259193e1866bab61496c5fa9eed754e415e60dcd493f2d78b1e6cbf60b4434a6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77e6beb865f6e771cd6c0b6a408bcd9f
SHA1 7489769fdc19542cde221b59024f80c6df1b7cf7
SHA256 0ba76b6f0bc0ff859d936e78b8c3cc49d6d2f148e3cbbecd77b10eba14f5e24b
SHA512 4c088b86863561bebc1205557238f8d095bfec9cebc64b5eabfa5fb926deee19462892223d60995a838e74fb2cb874070ab993717ef4c0abce94e1fb0d25725d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 79cc0f6e7871704fb4d9cb20ce8bf382
SHA1 6c8a1bd6cc6142cb97ca55a54ee1031de668f563
SHA256 4c03c89aed589a4de6bd4de3d0bef6f594fb735cca39b51dd7ce3e65188b035b
SHA512 792a0f7fc134c35efb1382d1316c25e8622e9c7ba5ff461934e61199baca2d7ed5644f1aef00d5ed5c5af3121f71b0ecdae097167eee30bc90da2b8b1a1b241a

memory/2232-1372-0x00000221EA9A0000-0x00000221EA9AE000-memory.dmp

C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

MD5 d166d7472c7d0bfd76fc0bcd61dd43f1
SHA1 493173eaba2d1a45a7e1364df9c310f227c3bb51
SHA256 bde0959d6507748cf0fd6ecae2a9d7d0e2cdb123f223958cda7f1778939fceef
SHA512 41887a6ad94f491d8dc7d749a89b8443a8aa79452819898aaeff628c92f7369d43bf4224daccf5fa8a020161179f747c1fccec6d82b2eec6dab6f68c0a442669

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 158310041466dd2cfaa3877741689eef
SHA1 09c722fe9ac70131f1198532fd0ff89ff99900b7
SHA256 b8352d989d2d0da983c4792ca84b93227d3c6e012e65314f29ade7a7b7f7be60
SHA512 ad72b117704a932cf69cfd408643b0e0f40b10c1d546f6fd2f9b7be649b0108d13ffc51a92cb9eef998417cdaff543bd922b5fb73ed642f35e9dbed417e05cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3c6cc3962b03490bf07840dd30b3ef69
SHA1 9bde053857ecb08b59389abb6cf9fb7bdc2acb91
SHA256 6e128be5c2d41b68289d51fc2ec6a35bbc9bffdcd20ad03b16499fc95b2714a6
SHA512 ccf4cadf267eb734a4c323b4a6f565c533a20a9009412157b5f49b292489f6870d4c71e4914148c558874f98d4763763cb866b7ecb80113b29c5a2b6a5a85ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f99fdc7781ef9c60cd120e6288da880b
SHA1 d296bf359885b8392643db08584eae4d8a39a8af
SHA256 f9452d7d1dd5d528ef3314653356c100dbdd86b274fd8ddcec0278b042db1ec2
SHA512 28b5809ca74a4e6ce346dc8b25c25289e098d231ad5f36bc3264fe80ee7c426961fd0518aff2e22a9ae5d875c7f3fe0fe0be75e2a37511dc2e5e9ad951f6426d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d19f86d166e0d309dd12b680f9312d95
SHA1 fbf81140860779d47920bc869425899d916969bd
SHA256 a16ebcd82a4bc3a4ee08681e7976e0260eadbb00a3d245958aa28f8f06940d73
SHA512 058bf004c834f8ef13957c4feb311d80110adfd327562818cefd6386301775b68a0743a4c26445d6d73dad273c5e9bca8e4bc0d2cd55280164bc828d33a0b8cd