Malware Analysis Report

2025-01-03 06:16

Sample ID 241125-fgk81szjew
Target Discord.AIO(1).rar
SHA256 0e4eb858a365905513d5a052b94a350f257a968cbb2c33245e18df8f7e36d9e1
Tags
stormkitty discovery phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e4eb858a365905513d5a052b94a350f257a968cbb2c33245e18df8f7e36d9e1

Threat Level: Known bad

The file Discord.AIO(1).rar was found to be: Known bad.

Malicious Activity Summary

stormkitty discovery phishing spyware stealer

StormKitty payload

Stormkitty family

StormKitty

Contains code to disable Windows Defender

Downloads MZ/PE file

Reads user/profile data of web browsers

A potential corporate email address has been identified in the URL: i|Q@wizSCql

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Looks up external IP address via web service

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-25 04:50

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-25 04:50

Reported

2024-11-25 05:23

Platform

win10v2004-20241007-en

Max time kernel

1811s

Max time network

1158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stormkitty family

stormkitty

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: i|Q@wizSCql

phishing

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.dyndns.org N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaGXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133769839612990293" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000005ca376df9718db019383886ca318db0168e68a6ca318db0114000000 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000000000002000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{3B63F0B8-A7D9-46E3-BBE4-D321512E4B13} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000030000000400000002000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000030000000400000002000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Windows\System32\sdiagnhost.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A
N/A N/A C:\Users\Admin\Documents\jjsplot update.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 3656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 2388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3756 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe

"C:\Users\Admin\AppData\Local\Temp\Discord.AIO(1).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa28fcc40,0x7ffaa28fcc4c,0x7ffaa28fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1772,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3404,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4976,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3368,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x414 0x3e4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5564,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4700,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5648,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1180,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4892,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5192,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5276,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5584,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3512,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab9dd46f8,0x7ffab9dd4708,0x7ffab9dd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17936030272211464456,10356866665934954355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5488,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zxjkafuw\zxjkafuw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB4A.tmp" "c:\Users\Admin\Documents\CSCB3CA1BEDB8E4C48B2B3F776BE2CA8FD.TMP"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6260,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5436,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3552,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6544,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5424,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6580 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m4oq0oub\m4oq0oub.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESED9B.tmp" "c:\Users\Admin\Documents\CSC1D29784815A4F808B9C28591817A3A0.TMP"

C:\Users\Admin\Documents\jjsplot update.exe

"C:\Users\Admin\Documents\jjsplot update.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3500,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6468,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6524,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5820,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6424,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6708,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7108,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6492,i,4453687374259669434,14778561771419465400,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6656 /prefetch:1

C:\Users\Admin\Downloads\OperaGXSetup.exe

"C:\Users\Admin\Downloads\OperaGXSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe --server-tracking-blob=NWEwODA5YzQwODFmNmM3Mzc5ZTYwN2IwZDVlMDFhNDkyZGE3YWVjN2U1Nzk4OTYwNmY4MGE5ODNhOTA3NjA5YTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy51cGxvYWQuZWUvIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL2VkaXRpb24vc3RkLTI/dXRtX3NvdXJjZT1QV05nYW1lcyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1QV05fR0JfSFZSX0REXzM1NTMmdXRtX2lkPWQ4ZmUzNWYzMmY4YTRhNWFiNTBiNDAxZDA4YjM3ZjFmJnV0bV9jb250ZW50PTM1NTNfMjIzMzczMl8iLCJ0aW1lc3RhbXAiOiIxNzMyNTExMTE1Ljg2NTYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIzLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSX0REXzM1NTMiLCJjb250ZW50IjoiMzU1M18yMjMzNzMyXyIsImlkIjoiZDhmZTM1ZjMyZjhhNGE1YWI1MGI0MDFkMDhiMzdmMWYiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIzMzM4YmZjMS1mZjU1LTRjZWItOGFkZS00YWM2M2FjNjkzMzkifQ==

C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.218 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x74bb8c5c,0x74bb8c68,0x74bb8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x894f48,0x894f58,0x894f64

C:\Windows\system32\pcwrun.exe

C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Documents\jjsplot update.exe" ContextMenu

C:\Windows\System32\msdt.exe

C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWB655.xml /skip TRUE

C:\Windows\System32\sdiagnhost.exe

C:\Windows\System32\sdiagnhost.exe -Embedding

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ejclw22q\ejclw22q.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBA9B.tmp" "c:\Users\Admin\AppData\Local\Temp\ejclw22q\CSCFDF42BEC7E4C4A53871BA3AD4564DEC6.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\olebg02y\olebg02y.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBBC4.tmp" "c:\Users\Admin\AppData\Local\Temp\olebg02y\CSC3FED11172734CA9AD7A869CCBC6106A.TMP"

C:\Users\Admin\Documents\jjsplot update.exe

"C:\Users\Admin\Documents\jjsplot update.exe"

C:\Users\Admin\Documents\jjsplot update.exe

"C:\Users\Admin\Documents\jjsplot update.exe"

C:\Users\Admin\Documents\jjsplot update.exe

"C:\Users\Admin\Documents\jjsplot update.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 235.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 162.159.138.232:443 discord.com udp
GB 172.217.169.74:443 ajax.googleapis.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 172.67.41.53:443 cdn.localizeapi.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.161.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.41.67.172.in-addr.arpa udp
US 162.159.134.233:443 cdn.discordapp.com tcp
IE 3.162.143.129:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.161.117:443 cdn.prod.website-files.com udp
US 8.8.8.8:53 129.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 40.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.180.14:443 consent.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 play.google.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 lens.google.com udp
GB 172.217.16.238:443 lens.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.187.238:443 google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com udp
GB 172.217.169.14:443 encrypted-tbn3.gstatic.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.14:443 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 216.58.204.78:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn1.gstatic.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.78:443 encrypted-tbn1.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.22:443 i.ytimg.com udp
US 8.8.8.8:53 img.youtube.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.179.238:443 img.youtube.com tcp
GB 142.250.179.238:443 img.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.206:443 img.youtube.com tcp
GB 142.250.187.206:443 img.youtube.com tcp
GB 142.250.187.206:443 img.youtube.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
GB 142.250.187.206:443 img.youtube.com udp
GB 95.101.143.201:443 www.bing.com tcp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 rewards.bing.com udp
US 204.79.197.237:443 rewards.bing.com tcp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 img.youtube.com udp
US 8.8.8.8:53 e2c68.gcp.gvt2.com udp
ZA 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
US 8.8.8.8:53 64.20.35.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 142.250.185.99:443 beacons.gvt2.com tcp
DE 142.250.185.99:443 beacons.gvt2.com tcp
US 8.8.8.8:53 99.185.250.142.in-addr.arpa udp
US 162.159.138.232:443 discord.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.138.232:443 discord.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 status.discord.com udp
US 162.159.135.232:443 status.discord.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 232.130.159.162.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.135.232:443 discord.com udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.179.238:443 img.youtube.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com udp
US 162.159.128.233:443 discord.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 discord-attachments-uploads-prd.storage.googleapis.com udp
GB 142.250.180.27:443 discord-attachments-uploads-prd.storage.googleapis.com tcp
GB 142.250.180.27:443 discord-attachments-uploads-prd.storage.googleapis.com udp
US 8.8.8.8:53 27.180.250.142.in-addr.arpa udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 upload.ee udp
DE 57.129.39.102:443 upload.ee tcp
DE 57.129.39.102:443 upload.ee tcp
US 8.8.8.8:53 www.upload.ee udp
DE 57.129.39.102:443 www.upload.ee tcp
US 8.8.8.8:53 102.39.129.57.in-addr.arpa udp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 142.250.180.2:443 ep1.adtrafficquality.google udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 checkip.dyndns.org udp
DE 193.122.6.168:80 checkip.dyndns.org tcp
US 8.8.8.8:53 168.6.122.193.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 57.129.39.102:443 www.upload.ee tcp
DE 57.129.39.102:443 www.upload.ee tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
FR 95.101.225.182:443 s7.addthis.com tcp
FR 95.101.225.182:443 s7.addthis.com tcp
IE 3.162.143.37:443 du0pud0sdlmzf.cloudfront.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 37.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 182.225.101.95.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ukankingwithea.com udp
US 8.8.8.8:53 ndtheyeiedm.info udp
US 8.8.8.8:53 sinterfumescomy.org udp
US 8.8.8.8:53 ghabovethec.info udp
GB 108.156.46.122:443 ndtheyeiedm.info tcp
US 104.21.68.94:443 ukankingwithea.com tcp
US 104.21.68.94:443 ukankingwithea.com tcp
US 104.21.68.94:443 ukankingwithea.com tcp
US 8.8.8.8:53 edstrastconversity.org udp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.204.90:443 sinterfumescomy.org tcp
US 172.67.204.90:443 sinterfumescomy.org tcp
US 172.67.204.90:443 sinterfumescomy.org tcp
GB 18.244.140.100:443 ghabovethec.info tcp
US 8.8.8.8:53 getrunkhomuto.info udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 99.86.114.124:443 edstrastconversity.org tcp
GB 99.86.114.124:443 edstrastconversity.org tcp
BE 142.251.173.84:443 accounts.google.com udp
IE 3.162.143.37:443 du0pud0sdlmzf.cloudfront.net tcp
IE 3.162.143.37:443 du0pud0sdlmzf.cloudfront.net tcp
US 172.67.204.90:443 sinterfumescomy.org udp
GB 108.156.46.122:443 ndtheyeiedm.info tcp
GB 108.156.46.122:443 ndtheyeiedm.info tcp
US 8.8.8.8:53 122.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 90.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 94.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 100.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 11.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 124.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.trkredtop1.life udp
IE 54.220.182.27:443 www.trkredtop1.life tcp
US 8.8.8.8:53 sgkaa.com udp
DE 185.26.99.247:443 sgkaa.com tcp
US 8.8.8.8:53 www.biphic.com udp
US 104.21.12.132:443 www.biphic.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 27.182.220.54.in-addr.arpa udp
US 8.8.8.8:53 247.99.26.185.in-addr.arpa udp
US 8.8.8.8:53 132.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.opera.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.25.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.11.89:443 download5.operacdn.com tcp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 117.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 89.11.18.104.in-addr.arpa udp
US 104.21.68.94:443 ukankingwithea.com udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
DE 193.122.6.168:80 checkip.dyndns.org tcp
DE 193.122.6.168:80 checkip.dyndns.org tcp
DE 193.122.6.168:80 checkip.dyndns.org tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 142.250.185.99:443 beacons.gcp.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp

Files

memory/624-0-0x0000000074FFE000-0x0000000074FFF000-memory.dmp

memory/624-1-0x0000000000F40000-0x00000000015BA000-memory.dmp

memory/624-2-0x0000000006670000-0x0000000006C14000-memory.dmp

memory/624-3-0x0000000005FA0000-0x0000000006032000-memory.dmp

memory/624-4-0x0000000006060000-0x000000000606A000-memory.dmp

memory/624-5-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/624-6-0x0000000008F80000-0x0000000008F8A000-memory.dmp

memory/624-7-0x00000000090E0000-0x0000000009234000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll

MD5 2ff7acfa80647ee46cc3c0e446327108
SHA1 c994820d03af722c244b046d1ee0967f1b5bc478
SHA256 08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d
SHA512 50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

memory/624-12-0x00000000096E0000-0x00000000096FA000-memory.dmp

memory/624-13-0x0000000009230000-0x00000000092DA000-memory.dmp

memory/624-14-0x0000000074FF0000-0x00000000757A0000-memory.dmp

memory/624-15-0x0000000074FFE000-0x0000000074FFF000-memory.dmp

memory/624-16-0x0000000074FF0000-0x00000000757A0000-memory.dmp

\??\pipe\crashpad_3756_BTFNXTCESTQDZION

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/624-26-0x0000000074FF0000-0x00000000757A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 c73e987690af13cd368cdb9f2ab04efb
SHA1 8c30aace645a3b1c4af22db7567c17c95bdd9cf8
SHA256 ab8d4bdb46b2c0d3ddcac7a6ffa77ccf0a6f527d4d73152d03034a13af8ceb34
SHA512 38e2bf8e78040f90505657aa6286d0a272345158b8d66e86eff84e5f8b05d2a0cb2050d3087886e706b08499454365d60c68158ebb6a63f71734f4a8ccfc2f0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3b5bb2da26ef034d7aa3061fd7026b5f
SHA1 1899f89477cb35ffccf33048a3fbce14ea253041
SHA256 59d206561c12ef4baeac594d3c2328eb9f950306d0a04a7ab25f230284e2f998
SHA512 229a0468ffc3e84793ff64e5502e984d3180a553ab4d251434b4831f61af8872ea4a04cde342b58e4a6a2b232ac120c4e63a867ab753120c509e96d2fe892299

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6df90c5e-c9ed-45ce-8a10-d8718a929df0.tmp

MD5 99426149072d04a521bde5426ee6f4d9
SHA1 3e2d462466b67b08a39fb49897e58e3d50006650
SHA256 40e01413e421e88ad10824f26cae04c17eff26a1b56938e48896c78885daec0d
SHA512 971083c43aaf7a94a026c387f0ec6b79dc0f7d9ea6d1385753148ac2e24f60fa956a38fa26c4018a751292a586c3d755bd40ec4463b85dc00540a4fc49f3f776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c3ec5e6bad9eaa204624b33fcb34736
SHA1 5dd2c74e2562b10d3227657e5783cc397baf35ff
SHA256 54f3a3fa6de276eb4a6cb94b2eb8b2fa7aaebb0dffd2330c2e75a26317d1fa90
SHA512 f1a143bb51710665c09553706f80cac84f0d3ca4b128572100d536af5b853ec0095d9192d819b0c8fc73373d4ab0284d4179b9f3f6da11df7504725be676f842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d9c6e61bfc76c6f728521bdbba23f37a
SHA1 2b602d5827a95f684105d56f649eb0cfdff3ca24
SHA256 177fb21647809d6f23f91a7a5e8ce8b2c6beef59fca05b268d146821f5deda2a
SHA512 20fabcc0c5e7bcd5d63fbf24a33055434ba947202bfc9d5066d65130e7580ad7e12d5c628355187dc507ec083347734e6efbe5b5c4940daba5ba97c3e514b646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27b57727462d3efbe9e4283d52649cf6
SHA1 b1e6b90faa0b020e3f45ac8d2c4f9613f2dfbdee
SHA256 1ef0b07abb27c24d917ac854ff83749c5759865e434e485d56d07171eedb10ac
SHA512 db1c4a1c3e9fe5f19d1ef901d38a263c195e038712b772cebfee3020943068a04cc4d6e52c06320228b052890fd242d5186e31e70f01ae72896c6df5bc4feb19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0287ea2829c4bbcc3fb9b27cc99948cb
SHA1 62da9bf14d6cb8f4f71a30f3f75a253d118267b3
SHA256 d73fa9991dc2414aa16d601b825890497b2e3722f964e74aef5dc25e1f0df480
SHA512 c7c9775980e81eda4a212a9dcf9ff1fdfd28e76abc4cfcef9850793e7732c9cdfce58682dcb31661beb61075eee1b8dbff70251b4313d64714c142e4057767b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c5af6a83eece5188988012c9d9263f65
SHA1 8528b7770616f58cfecb5a392d8b0fe1e2a55224
SHA256 4e6595cd5257f7342c80689d0195276ec7b91b79a7acf0006cf0a2bb9134828f
SHA512 99b1ecbe22953201b62d72767ecee7cc741261a930a882cd3cfb3e43d64fd6d1bc4a7f7ad879695bbdb271935e3b0129621f226c36191f50b93f154ea107e18f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2578d9fdccc853a053cdd1a582464494
SHA1 59fc2ad4f9a2ad3667f5a7c90a86122a8c185547
SHA256 8d19536ad614d506f064f4d794379f5c3a982132445f99e75390b66e6523df73
SHA512 963ee12a2418f533e85ba46093accbf21ebebe0cbb2208aca45e41c735929ecf685e193850f76c97f90516075463a763400acaf644882cad488a8cfbe70440ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cf1a2f1edb8bcdc49e38d07de4d6b8f9
SHA1 08d75cc4fb83db5f52822f67e47cd1d2d10f03e8
SHA256 4b8358f7b7d4ac0d21c19e879009f49006aa2290fbe7ce28a33b712b91567407
SHA512 ff0d12822c629a8f48616c8ea95a91b0a279608d1a93a2efec6e3770e9bf875d075f91fee14e8910d62698b9f2fd8c1e876ad0ffb33087d913ed4a120d0d2f91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b49bb31462de495ec771a737b755071a
SHA1 c4f9126f58d05dd9e518d85510e2f2cbae2a965f
SHA256 ef6e6ca96d006cae5fd15655eff1db354ee3fc69630046a266804656b6108dd3
SHA512 0416d7173b88dcf774d87f93f41cbc89bda34d59fb0155d3529f78302c7f2a38a147c66b272b2a63badf08b1b0317dc3f97f73a435705954439e615fb3b7aaae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aeef575d8ce20f8536a176ae19d7598d
SHA1 a498ffe9fcb1a1574173252bafb11e5d6a509025
SHA256 14643af10f975bdf63d5a7e86c66ef8390d177bca92b5f4b436e7a66c3663f96
SHA512 cc430be9b820f92556fb9bc3eef1d2e260229d0be123d91420552ab54af624f8f6beb4f2c538bae6eeaf9ec8b705f818ecba4d748f67ae230ee4fd2cdfa27029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 eefb3b7038040a2b45001d9b00e3614c
SHA1 64f409fcd8dba116aa15366783133833ea2e29e1
SHA256 d6def6ae11d1cf9bc2c244af00ffe3c6161263c26212e4009c613a02c8a9ea76
SHA512 d463a84948b07ac2b1c51f471e21e592f84b249f6a0f58853f3e38a357068b8a6e9d33de1146e187bee9c586bbb3525b7397f2f1b4f2a2c66d784e50385bc121

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb07f7b67b577f13478d4d48df50010d
SHA1 332b872770f53bf036b5093b01b87eeae1a764d5
SHA256 cabc4bfacf4d80ca7fdc3652b62d2b4b31c8d83a75863a6eac5e4890c1b1b2ae
SHA512 1ad49750b364d802d908781428e2461130e58238156c331d8c0ac438b4bb6df97b4758dad36afa11ea4046ca0656b810bbe4a780bc988a591e24f6e7450e9394

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9052d5d001d76f3840694bd17b469fd3
SHA1 6016fc369f41ab217c8da9ee2c95b8a8192dd04c
SHA256 1760e57fe127365744eccc3a650b7be69951e22a2de8b67f5dc0fdeadbe9cdc7
SHA512 d7a790e554a4465fdb9980cdc54561d20ce68b1ea547ebd2e92f996914308a1a780c9256f0c9ee9c4c8e8137454ec1300bf0e15babfe40fcfccdeaddc4788677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 a6a07c2a700df7a527e32658418cae18
SHA1 7457cb6969539f0f171b745301314ca99ba86abd
SHA256 32a510bbd227d70a8f36396504f7a20d57285d1855263fa464932da2d86adeed
SHA512 7ef68f57ca6ab9d5a0aaa3f72bf78fe4e7d3ccc044025d8abbc07c9ed55d354dfd85e10ea70a561fceb3c8ddc099fae051ad310944b8f13b3a08c2c3217ce72a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 0f9a3513f312ca2a023bec8075e27771
SHA1 aa56ea41e99b17e63b03c6643e5b1df4dcb24b7d
SHA256 2eefdf257186bf4fdf9777404e34f5f1e2f731e12afcfd1a4355418b7027355e
SHA512 8ade920afcc9e5585b0263f90992765bc548b000633c5bc7962579f00e5e7c6759f32b348372c1bac671b1d5d50e67b3164e4e229517eefd2a6093f92ddceef5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 f7bb588e5a2fe2f4c2b725c0795f201d
SHA1 a0886e235318f0eeca1bcba99383997a9ddeed3b
SHA256 dd98fefa0acfc388dd4f30ab6f9028f2a9e13e45b8fe58b10dd37e47f4f79725
SHA512 0d06491167d65f63bc67b663233d681771e338d4f9332a30cdd2b6286accd33f4712ef3a541bc66e937b72a4301bb5fcdf1d0d3d673571f90ec49b9276328ec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e6dc6c6aed7d061_0

MD5 f011682093a8720ff765e0e92b271a68
SHA1 aa12ee2c4bd63373914a36bcace2d3d14445b150
SHA256 af39fd1f38898936a0c8b8662f8a857c0fff39559ba27b6b172b9ab6680b8580
SHA512 9e68386c4622315b196bee92a5314e1d04c0960fa50e2cfde38f18d7bdb439d9cec3dc4deb8a069dfcf9ac33975a8f2fa94ef9a5a2ef4a2286b52028501bcf9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3545a9e694a7a24c_0

MD5 7bddd6023cf479c20b08b09948a4c09e
SHA1 f327c743d0c0cd0f10230e50886baa4ff9fcc0b4
SHA256 556935086fb65f9b9c568cbbdb12dce7485b0a754c2aaab413c2d47a79082aa8
SHA512 cb6f5ab4e26a8e3dd60416d803196617a17c8441216b9fc0100266336fe61c878de73cfc71af653ebafe59607cf4f245984c10d4fb71a2bc332b6cd8594a2469

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d8cadf515cd425b26749ab857b81ff9
SHA1 9fd0ef01ab1d3185ff921dc7a131ba7dd72ae058
SHA256 c1280232a887bdf517f55df08580639153ec8c14a96f5341c8c40bc4c2e08afd
SHA512 3b6be58b2463f513dd335225d3422c046d7e3318490f49bdb46b9e3c292dc51657d3e7fb9814a54866d258e2189a77dfb71ed046b4b2a61c168b521e691f5c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc9bb7750a7b3c2217e4be1c8b3e519f
SHA1 78e42ce51776ad61d5fc9fd3aa80b728f5b73d90
SHA256 87498ba6ea487dc6e15cbf3ba507e34e498a0d4045fcf10bca4ca1349ae7a9cb
SHA512 29785603b3011199946937e554607876bc84379b38a3c99b9742b95b137351937ee1fe9a755375312419afa6aa43e25af001a4f2f68dc16003a0f9fd5eaae998

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cbc314fb203800e0bfb57371239f7a87
SHA1 dc5fc7c53b2f56ba09b5a0c99bd5f722e54e1fa6
SHA256 0a832ad9ddc094d6196b763296609fed3a8467887eff0f5a22f0fd3aa05595f3
SHA512 025048acd42be58a03bd7d632ecacba5a4e136602da0d64db88e3b2b2fda7e9ebdc9b8dcc3d867e4a3f52a718b81c2734b0f50b02a7d94b7b4e07c541599e68b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 901c30fe09028fd11638f65045cec718
SHA1 891fd0a631aee6b23c5679db1498a409e12ba0f3
SHA256 49ce2b627df1da86237f4478c1717ae6b7ddfa1fbfee7ed67d7558f67122f4eb
SHA512 800bba85e25fd276d8e90ac1e6217cdc6fa33f450e7c6457b687c2594d22b974fcbb68b0b0641dfd1ffbbe4984919095aaea50197adc802da190ce12cd6e14fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

MD5 e319c7af7370ac080fbc66374603ed3a
SHA1 4f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA256 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA512 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fda9279889c1ac9e_0

MD5 5294c856498e7187bf2fb7702cbb8787
SHA1 b4ef47a0c84c7c8c0c6cbb09870fc07cfcbea940
SHA256 fac06e73307b6ccb2cde0404a9d84b3848151b04246ddf88796ae345866bc315
SHA512 fb6d0d80676422f1108e27b2ce111848cdc8d2e3d7e1b3129df25ed90f8e6b28b3f738e8a94611debd8654f5e331643918dc63e9f91938b06025ac1064fd184e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cfd628fb51c496b_0

MD5 ea3a0abe3080c4c93ff7f9e1de960a03
SHA1 e94c9947c37d54037fe0246f34f3b34d65ce0076
SHA256 560ad81ffb95731e261c19c60613fbcf02d55a7955813093f2103536a0b564fe
SHA512 0225674acfe81342121d39a62d804ca938cbcfd061e37121809936e71e2d686b94a60f4bfde0dc84a6400f35160eaedfa4e274f0d99c27bcbc38a86737472b33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\760a3e03dd30f8ce_0

MD5 6eb941cb59843d29f96538befa20b1da
SHA1 3d0aee230b5c9ae372ad85d62c4b9e9c243263ae
SHA256 9f51ea1baf4c5ff8b5ff843e7ee94d2c7708c69985304ba691029781c1ef1daf
SHA512 045b3e3a8380515510ba46e9e0c78d3fb6cab4086b05b2d1cff3d03ab131908e5e86007a5947fbad7da1bb34cee07d6330ae23b95a7498b10fe8da0bb7bdb082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f36a7ab18b06e7c3_0

MD5 efa81bf85de3560a95c02de3e13ddfb1
SHA1 d753d0b57eef31e6ff3512f172a1b5a4944885eb
SHA256 899969afe2df35bac6a1b165c7dfa251411035187c641edadc825714850e4e5c
SHA512 c815f0bc3131a63ffd6e75636fdcee701878aadf19a7dfe1943ba19c8c80ccdbf4eaa6410fe5b1e818bc82486309c69d469ef49ec911f60b3d93c68d8879434c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 5a322b316bc8745d39d83b130a9ef6e6
SHA1 f2e8ebc252d92722555b6fab8e38fbccbf6003cd
SHA256 b6fe2ea8d85c1ee73bf4e45c34247fec18e2efa340d009e0c2c1b41cc42e3f47
SHA512 97fc03ce19046d14f561bd812c4853eebb608185d20b9e8f319098b866e820c09c35d42b4354d0a6ed519408fab7a5ecdcf4b33456561400c8e3acf256846535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 853d648ebc55295d61610eb30f50a34b
SHA1 4d537dfc8c586af4762be53b99c416e8ac1500e6
SHA256 ef3c859004825af87cfdafd1560ba4af9cff1498b7223352fb741a9db0b9ca11
SHA512 2f1628d88bf2a3ff2158bbca1bc2d436154f3131fb0c91cc666ee20677a7ef081e550ad46f6318a20ad837055bcee3166e88f97e5081ad2d1facfdc8a608e9b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ada74fe1ff976345b729bd1b6d5cf5d8
SHA1 956bd003367f4f92d3cb1b6fc91c074b530b1fcd
SHA256 78584ac3bd6932b29d255a4c0d84a2d83cc4c6fc2dffc049a54a698b5356b68d
SHA512 b18c33ab4c1cf5f79c99f4c7ea0ed55b503d363b99bee163a63afc94f10a63e3e7fedd43caf668d369dc18a211f17de97ecc658001d4d942fc815017d9cafb2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ff6d345ccd2bb6c91b277ec56dc19f4
SHA1 e1113db38118feb5f47bba6f2ab276f1d1134a7b
SHA256 ece1bcfe5847251dc05958ed967c3dcffc9c322ea69e61c928313a320dbd0cd4
SHA512 44bde1f2e61ed0d5abed68fbfcfc77713be47a2c63099239904546150331be800757fddd93f5f7070d0ba3d86a1802d53499a1fe0e01a128703b62c710dfbf39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8852a3b7a301ef534ecd937615e2365e
SHA1 7768b79a8fd54afa5830aa2dd744133e7ab97169
SHA256 5d3a3c1b7d7c962c696453ed2bcfca579581f01f5a13eb88e6b8cd9ed261f632
SHA512 7d7ff7bd1a757f58a27cfaf86df7c1f5a816757bb51f92126cc374af651a0772a11dab51892acd2b57edab6f9a47fe8be5c7841ea9f4123c7bc484f7fef5306c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

MD5 1ae0f68e052e0276390f0fc6a89eaaf9
SHA1 e73a91fc3b0211dff2ef16a31d16c380ab909592
SHA256 12aabe801dbbf8b6640e02046a6511b783f6642a909dc1ce41ad388c88f1cbe3
SHA512 192de8a7a64de57ebd46eda4254da3e627c85fbfc3ac8ab4452ace41114ef44c8bcb1e59bc9211543580db323629e80d88becc1efb27b78692148a44bc27617b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 a7a2f6dbe4e14a9267f786d0d5e06097
SHA1 5513aebb0bda58551acacbfc338d903316851a7b
SHA256 dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc
SHA512 aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe597100.TMP

MD5 76415a3a4c4ea1c41c1aff74a8f61fc6
SHA1 509e17e3fe441b8f43b872593068bbc3006cc58a
SHA256 39575bcff5dded3cf2ab2a9ec20e81145a14e190a994433f93229ce7fcf7d028
SHA512 44a7e7ec8003f5051ce86e295a7dd38ff1a0540f77fa0d4387d17d0375bbefd0b95cd5411dc22ecd3bc4b1fe19adcb8c4f23abbc91eab55a1e3465c179e01d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 737fd97d7be79c4ea63286e365e22112
SHA1 6df68b6e85f5202804e5a8511f7df81e74d5a868
SHA256 d7aae1e7d26852e2eb146eb05344078a9182cce5def43bf43087a13871cef29c
SHA512 c937b8522db54cd308305d3f924a12d0b2803fb07d202aeeb7ce1aaaa52b5dac9f547a28f708ab1941e79bb17ae1153cc3c0ca97f5748bbbbe9df04e26fbf919

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93dcd917c1dc2a0b24f53185bb86c3bb
SHA1 1d763983eacccce64eca2dceaf886ffdb38f41c8
SHA256 2d5a5c63193f85c81ac3ef566993b81a005da968fb97b39a3d8a47dc1974e483
SHA512 6966777ef258afa2598a1274955de78d1534d1d9b1e9d7e753d7368d7cc22d040f1e9cd61652fcfd11648949bd69232eee307734fb13bee4c9929eb29fc66361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c355e3950903b17a799630398dbaf400
SHA1 8352a8991e3ea392d2de364fc4dc611a29fde171
SHA256 b991f2de62bd68536a20fbab3db36968f84451d0b416bb277538ce2534aec1eb
SHA512 27fa2f5d6427d96be6f65e8a982fcbd7be60987d472cbb900eed5463f7591e579912963906bb5c8b7dd1b17c5c1d1bc4a165603566469dd2104bd94567a79b30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6be03bf45d01192efbc07acd6dec0d9b
SHA1 d9c3925c2f03f75065683bec98c750e14066c28d
SHA256 2f1157f212e9261eafd8192fa22ae0a84e590169e5d8e59523459c00bf0a0a0c
SHA512 786cf0d371ca2bf1cbb2133fd52c029f723250cb02eb2862803a9b73808621634b9db8d1b38d63d2060ecc985c7de2d286009da45870e1cd9799ceb6b57671e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 366c53aac99370ee4a331b79963f4fd3
SHA1 ee10ed5aac37f7749c19190896b493ea21f79080
SHA256 c9af871b2a348ce751d8067012cc6cd35b5b0f073444350545029f0acd832c59
SHA512 531dd6105f5109a8d59ae350adf85d4913da31cdee9bcdeb30183e5cefe377e1f5cd3acb14187355af9e18c0b0790eaae6bfe504be72088dc1d3f1d0d79c252d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb97e0f1f8769fb10baf01403e0c2a97
SHA1 bd93883b93e3cbc6bb7e5d9f52cee3f4c70cf9d8
SHA256 984b1d90df6de669a8257913aa20ccdd9ead6c86666cfc43eb3fc359bcaebebe
SHA512 68d33063c60ac70323b205019f852b27ae010086d41756b21aaef3e271bd21fdbcbb52a1eb9f92ba973897ba2d328b5549c69effcb5cfeb8f1368fcf6cb78555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afcbaf079d7282428d3434ee8d948c39
SHA1 449e43d57c8c424de1e7d9b7f03c5b83821e3d2a
SHA256 9b99827ab00eb288cca33ed9403996fa797324accb4d4193bb7ffbeee64e1988
SHA512 69ffbe9b305731c4b851a9d672ae000ddc9d9cc9eee62b894f113348fea7e40a8bd25c413f039c1444b7acbe3b333e81cede1cfec256c48c140a880d1570ce3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b45c77055ba1762ef25dc101a261453
SHA1 e6b83ceac19e4392d3e7f4f40e65a176946c86d6
SHA256 101d3251393c3d29b5f51a47db30dac11ff7e78772a3a8d38ba9bdf55f7bf60b
SHA512 af93aed35f0b67ec0841ba312e2dfb13386bc979f377c894aec811772306ca60cc6343c5306f8c1749ec951d19ac06c8aa0a61c829f183ff061ad974a86081fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4cdd4f257571274e9382921a41fcdae1
SHA1 11449100fc0286ffbc00b527a4e0a30692387691
SHA256 ec294a5856bf892e2833f31ee0cea9ce72e1c8af94419d02d4b1762e09d58385
SHA512 766105a28a5210d9d8e73ebd431f743d27a3f1f78da12246a65ff0810feacd14259a1e455154a0f8c09b39a276371c309d7f49960e5dceff957b86649c2a180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0daebc98d1239fae847ba7bdc7e579e0
SHA1 e08c880d56cb6a821985d200453f24902e8e3b72
SHA256 b51facb2541d153f2e5df46a2e118f23bcc7cfdf6d575961b4af8594cac030eb
SHA512 e204c37d7108dd5323febc90c32e50ea3639956208b37cbedca660de3e8bfc4a89a55f54b450c5c52e1cd1ac8cffc16f955358bbfe259c1c284387c1315e3c26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05a8a606080c0d349c3f8d679eccb9c2
SHA1 5630e44941ad2ba8b3bbf354cb9963149386e961
SHA256 d4a6cb31fac9321180e6e98ebe155655d9da988e978a1ba942c1819049c4859d
SHA512 9e72cd71f068499aa23ebceb4c44537e05bdd2af70cd4524694492375421da84c42c69da78e30bcc3ed82d636c02c7c5dbc570c9ac1bf5756e5455b2103625d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 519e1cf1344640531b85764789c5c5c5
SHA1 e39844d2372d9f63c78544815561b122ed11191c
SHA256 074340b796fef46f5f3ccc8d26550d63542d3392520698cf434eee2ea74b040c
SHA512 b5c0107a9ae2c85796f3a2bc96dae8adb4cfce4f845b8da05132382f649119e12e19482cc47caf3468730a83a0dafa33fa51dab9d4ce8791deb7f976af87a161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c957e0b87e1fff064d19f00c39fcb404
SHA1 274e0d55bd2c38468465faf6cc2ab7de96d03696
SHA256 bb2a6aa1d0846931ad2455aee9664f73610576b195135828c73aa421058c3a6e
SHA512 e08f970a36df31d4244077a06796f9bb8c008f3f6bdbf1b4adb55315ba86288925d9abc3c5977871a0a3e1df4c84bf0014b08110e42fa22a457755974e822066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 669d37e15dee5cf8e55fd4ffd07885ea
SHA1 6e4a3a0c481602f54ebfd17a361cc353cfff0bc4
SHA256 ce4abd0038353b2a55109765c7653eda0466982c0e4ee80ef41f11169e850f7e
SHA512 87c0a66b8fa6b88dc667dee84b414ab6eca1a13f3a1f0445d224738a22dfb4b83870648b2209ef2d5d72042513fbec155c815a70bb30abfd3f92bc70cee65236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b56e9e0ea577c151b3393de8e7badd3b
SHA1 4ae67cf670dfb4ab2184f9ff54aa2f047f53c850
SHA256 537624b667015e4c3272d80f6479fa7dc40ca10a6458627467cf021ecdef653c
SHA512 c6acdeeb4c7b568a79292ef3ce332eb8aac76ca896aa0604cf035b49f6b00011b98076783fa620c65ddefae8831062acf9d8a20705fe7fbb5bcdd97c4a24232d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb7b60b7aae9d68c565eeb917a382754
SHA1 de157ffd2f3f6e51fd607c2ba4e288ff5aff6da6
SHA256 4b91b5aede0b13dd160dbcceb6847a5eba5bbf78e39a5a35b3f2572c8dbddd85
SHA512 7cbb79f0d1eeb3ac8adb9e689bfd58fff0f8e1e98cac845be2dae1cc934586c19b2991c803ede7879a84b219bf43a54dc635296f91af81f080c48e3922ec50fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f7b221f5553049b6f1767266a60861f3
SHA1 ada26f247a5873f52f7c85b4b4f0944715dc5920
SHA256 3b07c969fc272ae5aea506b50f63815f8dd12c9efd2ffedd8e021f40e6651ea3
SHA512 12afba9c0254bc9c838ccfd881ccadf79bb1f1f46186e6eab96b102afb5e72b3742b07f9a67daa67eb34ff9120e2450907ea87e9d5bff7f5d41bc0e366285dce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d84c6190d1c60acf514dcf192665aa5a
SHA1 f362db22105570bf71f7fe7bf6062eb302dc12b6
SHA256 05da1fb91f3092ab34f20b0a40137aa599c0da7f9ba40b5e41d2f24391cb6dd5
SHA512 5e02cc2ff475359e5c5b2f1c00bcec9b0bc3d958fa9801c2279119c7b7023f37d114fd9212e185b556038bcf6a5c9f4155f65eb8d274ec8cd912bf763d2c0e7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07d28b86764164ce59d023d437f7ea93
SHA1 10e25e079f936e1e5de5338b99b9f2a3ade2948c
SHA256 1478e8bc688b53e26fa4acf62a935c52fb7b3b36c29583f03fd12fd3bca5d5e6
SHA512 ad3f3daa7e4ee50618a6a557f6b4dc231344d5febe3b512db6d605babf80aa07004c2ad46b453bcd8e066d89208b582683d8fbbc469fa4f255849590daca26a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7aa6fff8e6b179be964184a7009a779f
SHA1 a82cdd11b4fabeb4ffcb3344d644b22bc2f29465
SHA256 09d7a077524d86b60bda802710b52413c7c4534a13d2a4583082ade5a29fcc05
SHA512 452cc71c171b1d2f91e080555512ebe019a0783eebe852420c2b00b595571e8f5de4cea0db3c00e2bd2690ccf9105fcf6d0313c16ec93f83780a2132fce923f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af21390ecda790b9555621f7110a4f78
SHA1 078c56d0f262d05ffc34bfbbbcc487f536f546f6
SHA256 9feb14ade878eecf1050c9b319b4650aa93fd012844a3d1cfacec3e69bdd7721
SHA512 1fbc0714c1c86058d56a6173ea6041e1e78b7a27d39e96f942768ad218537052f3c4eee22ead9ec3deed6fcd85ce44afc3a4b896c5a88680ee32b6cff1c89752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e47db34a4d00f9b94d034c332c7202e3
SHA1 c27a46d8c4060d7424144d34b196db4b33d23bdc
SHA256 451672990ccf52be9ebe23fd9d05f87db4ab8c5db4f0146297d8686d45b64f8c
SHA512 3530698cfcb0f08ca0a50aa201c1cb8c0ad91d003bdb63838eaae5871dc1ad3904ded9b638b35921c46b29486aafcbad81e7ab867049ea9f15569a09cd04f3cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dafd821a458cead6fdf10c5283dbf7b9
SHA1 e003abf5af57e7ec1e6d6042ed212c495d78ce0f
SHA256 39c8ca9c779754dbe9d1226b9776dca43be447f524ef21069492f8be588c7b99
SHA512 3c3b53fd54fb00999a96f2f38025f1e65245b2552380d44cc5bc2ecd68eb2c216dda2a08327c044436c90b8547cd5c0e428fcbdbf28430af30a6c43db82b9111

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 242c83d1f46373ad64a94bd3a519c446
SHA1 c23c1a3109885e0d311d67cd0c1b15c932df3e44
SHA256 fe62c0e7b4961004725db35f5d15c666f2996333f2acb1eff950196619dc2f6f
SHA512 95d65be4d799ecd2eb82ceb68c758d4287f2b1c1c0adfc8db767c164690ff1b3e9e8deef13c05cc014ac651c97d10870df4ca1292b129709111a1a445b712e0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb74e1189b390031501bd4887711d641
SHA1 2e4be5988c78be4c49718844a496163704dcfde8
SHA256 51b024545b1cd0a8e9c9182ca34bd2c720d8e1fc2f89327054980e8611658ef5
SHA512 f60fca9c7851b20a697ad41b669fae3132bf264fd92bf027e597b5fddf396bad632cd516bb588a69520900bb520957701ca83a7f009bc3b38b522cc5f814b77b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d87a9a8b91e77ba1765b144cf459d135
SHA1 1216c09646d20af4b0e2960a9ea393d0f380bec7
SHA256 76ace2db2b8f0c4c8bdc8afeef54ae31ebdf2193b6f7737043eaee311839dfcb
SHA512 6c09990d6c2ab357f396a76ea0ad913fa658c3777f5ed551650c8d3ea765e70ba720e827b453db648588c670265fdd4022cf7b3a3cf0334996cc5b0f7147daa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35463724071582cb440159f357565e53
SHA1 8b1712b04b98fd69ec8cc97efc7b92aa2845c525
SHA256 11f5cc1e557cb715560e77927a302c1cbc82fe49bb3eb786c77b7c6c2e57c7a8
SHA512 c454014eae315a90e1af5f9c12f0ed7dd58446721b21fa39add6d36d4259f56319205a88d852c3064efbba14822e5f01ed3eed6585f9f076bfb2fb27e8e1bd5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50fc4f56214d6ddce7eadee566294160
SHA1 644e747b4ba6f6902d6f939789813bcc78c85b58
SHA256 99c10fe87ec27a443684aac3044a9f6a768150a8a49c89547f16837c5375deb6
SHA512 a633258620828d414f7b9c2614c6f1097de194094e70dbdcf4e50316eb90e18d301e9b556bea191d3591bc8415ec900146aeb519d7fd3cf2cbdcdbc3b9e57785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 467a175c85548dd8161130433bc44b81
SHA1 e0524fcf8a99b038e94dd5b878db4ecec81b713c
SHA256 5b93fe0781071724f25f557bda8937bb4b9328fd57b539258aad0106fbe3e23b
SHA512 f920e7238a066e305ccbc87dd6843f3332bfb6e37d82022b5bbde92cee05841885eccd2e9e7e363396bd3f8512d7c1f2434a364df7e9ff608131df9ca96a1007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 164d631317893e864c8858494c05c963
SHA1 676f4111f26abbc0ac79ddd61ac80d1e645559b5
SHA256 e4ebd5926988fdafba7bb0602defcef93dcc07e2b3f8f8fd3830b75c2328c610
SHA512 8f3278bf93a14f48d0dfb89f27120050768737d61df0f1577828cd1534e7476898c29a8e286c2036159c2fa344d80bebe778f4d7e9dcafa0dd02331182e1136b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3db2b86bb70263694da076501e745e55
SHA1 4af4dd5f338626f3ff3c9950e9e5b714f0623f99
SHA256 0b632f09a6b4aaeed03376d13788e50851a1f9db5ee44d710037b49586809d4f
SHA512 b9c053f10503d29ee8eec29bc9e1bb9c4307391543c59748199c76624b3a60dd924a2a0e7359c5f7ee85d1557d0d766c37fc8e4bc3e9d945dcd7dbc42d1fc12b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 129cfbf6634de81f6cc4bce1788cd5a6
SHA1 f216b62ca44b5d0be6eeb319158a387249d97474
SHA256 612de9cb34c7af8170bc008b5d800f92ca6838e8024dd13fba8f6c68121cfc19
SHA512 31860034417580c45410b434a2edb4d02a196527c6dab7c8f47c49a69c1c5fad2e7d89d0ce2f61d3341e17c396fbbc1ddce2795bdf976626a47702bf150921b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1adc94ea-9b7d-4a53-a517-4f0a5cc1e0e2.tmp

MD5 c9898576caf3fcc7596ee16dc2b3ed44
SHA1 ddef9d44e3fa6d2aeba2584ec6a8a7df968ce0ff
SHA256 4cb72487e9d20312de51617bbdef1b355510e87a31327c8ae90e1e45f2aaeaae
SHA512 f27afb8e89e39ef5c91bf7bbb266e0999a5eba2724c925e1249b4bdec6d1922c3cb7f1ed46eb39fa5272a705f6a1d30906669f75062d98be8ee78421cc217391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7063128f1c3055d794e4ae4e21371680
SHA1 c6562c387a8852374ca0ce7b483ee0e687f0d1b0
SHA256 d6a3020157b09819f547b6f5ccf1232fc2dd2a609e18b2c95da2074d2f2dd61f
SHA512 40f9ea019238ef8b39a4fe40a7008e6d67c065de3eeea5da44b962f352def9b776e74951c9ae673f1be7866064ddc7bd2625284cd0c7195a800cc11389edc651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b34ae8ee7a242d3a3c27bdee7ed05e60
SHA1 d1a296a0bc5c9be690dc0680390aeabd87e870db
SHA256 568e4eea8a754e9f951807a6b40e130427c65781982c1fe305e7e36b0ee77e2a
SHA512 cf2bd54cb808d56410c8c10be6f1319e4ffde661ac7a6dae9cb569d0abf2f407bb44e658c3774b761f23f8375b6fd0573073a2dbbf7454e092f811a00ba18935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fb6b6a4d32cbfb2cfac0c1726b0de4e
SHA1 67c75b82b223c03febcfc445586fb0158b85cdd2
SHA256 a9785951ea27fc6dbbfeb580b4f907a9700926d7b32c5b259e4917af6d1b7aca
SHA512 57c152ab04bea502287eb991278ea1b997b2228054530565b2884219cccd9c3cc93df883df1dd0fdd4cec621b1e39e52209a774cef534f6ab23492a157a7994e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 258be32521973c4700dd67e242c75ea3
SHA1 75e4ab49ed8252af70ad40a6ec7700b70d26fc1a
SHA256 f87cecfe5dd4cccb80a09c2605c19391e520b5755f1c93bfe568b1b0dfc8e81c
SHA512 f1e0df6889bc2ae97eb841ac2076e7058aa68a6a7eb70a9a844d0f3f41157ab4d250c4089f6bd8d7bd8f514bf50d279d4017588a823c2b6bb26f2c03df8f50ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf936685e100b2cf8a6451c6d0e4c64e
SHA1 a27deed5f26611f54ff01377d8d3ddf3a65b2d93
SHA256 804f236d123c7355dbe9af20603277e6c2ae073997c9174fb932f446c6e7fbfb
SHA512 9cbd11e97819747e6bfcce6fa69cc1ed272b472ea590cf6a5c6e8b65d36969cc0b8c996ec3f1c749a3bc9593c0b0c37a361bebde618882c610c31d31248b0d77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8947c5af4e9d7deed96a55de7298bd45
SHA1 c6aa0a8b4ab6ddfb791e8bdb7614ac4fce847ab5
SHA256 4356dee2e3ee4454f92a45029b3b84d8982299e8432ab1fbed0d9e87f43b0d4b
SHA512 2e32f01bd06c7fa4634e2d56316a395aceb5468a428bd1f82ca35bc4900a3618a92e7f48607b6d5032d959fc4b0080ec80885da9ac2b3f5f70025f3833ff9391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ee8c7f2648d055d1097bddc20fb117a
SHA1 1d38e45298f8cd1e86105864bd1619cf16ddb235
SHA256 681373429f9fe472669b26113d552a8f857a0ba8317a92a3304d01c3e641e3c9
SHA512 2cc6ca79327eabf7c504d05f22a857b3112958b344e20ff1f10269182836519a7a91aae9007cc1836578729020f128f3cdd5ff6abe4131f8f8745cdb547b86ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 627afb91938d82d93f40585b4040b564
SHA1 00709c5ca5c874e0eac33b6a8fefcc1451aa9f11
SHA256 a85a88851d91a5773cedc1425effd80f142347fcccc6252d26592f97e94b63b3
SHA512 97845a8f3efedde223f65f2e7b6a032dcd8be00561523c4fc3b833640c871d9aba85edf24136bb9e8d6413f6b7dfca9a37f7023eb4b852555aca35ecbdd0ff28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3296b15333485008fa27d7c8eb00e2b
SHA1 eb4876a2e484aec1ccee79e901e0e22e3ddd3980
SHA256 cca2f7332b0b86e74beb373b1d10e62fe3c106996bc164ae958d8958315c8742
SHA512 2880235d3289bd4c2ccd2e7723c15dbfa77620625793178097a4982d0fadfe2ff8b2070e922626a683cbf02eafb7d9e9653d197e3c0d4d52a400fbc2022f0792

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5867b9aa69900f2832b5ed967ae78897
SHA1 c4f2523551fcb2d2b85295089320b46fb59becb8
SHA256 69cc80be066b17708f55c72ec60fcdc344d59f461371b20b5c4488d2dddd094b
SHA512 ba5575f7a4acc48922bf1e8c5accea882a480271bc7fa4fd175b4d307765bb85b65f86d6c716fb9848ba6f24d7962b48a331acc0e7bf70487bba34a80655aa65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10718d87b184cc1e95bd80df16a94d6d
SHA1 db490633d06cec1f39d16b921fb69f5f44d0806b
SHA256 c56749e684237ecf9150ae9ae585bb8e97393ffac542901c03d8d99b7314b89e
SHA512 9ada2e6a08807e64beea1b827ec5df872e6492f6f848e3ba3bcb580920b46651860f9d908eaeeb786522ad35df1565ccefca3ecb60570c80a9885925821e01ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65b23003c15ba42533617c4a71532743
SHA1 96fa3345daff2e2db0d6f5b272ccfbda682bea8c
SHA256 5431e984680f40bb20d4860c24c28995e65ba244af193473688c916017da7deb
SHA512 9fdd389571436437ebe8e01f217a4f39cbbf6594e0fefe55efd446e333cf05bc0f93527497990d684c83e49a1d51abdc7c7f329b936b288e2631896332a3304b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9b7a1148dee086189077a3cef0b305c
SHA1 f8d198514447564943b20312240d6355fdb441f6
SHA256 96fec03aa476dc99dd25b2dbd3ef0601ce4e8b51733a20d9de4e5259adb55ed7
SHA512 deb79ffa458d5c9e42d15e58281d0d945d32e3420c799229df0d0cc28308a5586f2268cc7acfc67f1b0c5b9afdf41dbd34b685ecb6aa0b7c741d50877f00a878

\??\c:\Users\Admin\AppData\Local\Temp\zxjkafuw\zxjkafuw.cmdline

MD5 d4e7e5f1bf3d92e227db18151bc5b41b
SHA1 054f483c72fb24e3325e5419a11d9e2be91d910d
SHA256 23f6395d06e3e598eaa7ab3de1078daddc9a4aceb534f4ed8c4b1aa477cbfee6
SHA512 e2fe2748a1c9acc94e846f3abd8c0ed422fe1aea4e8a86ce2f2fe5e4d2989c2f8fcffee567a33e0c22932fbe895b0ef1777dce27c2bcb83e1d435770ce8b7ba3

\??\c:\Users\Admin\AppData\Local\Temp\zxjkafuw\zxjkafuw.0.cs

MD5 7f027c09d4a4506946d0bf52058d5f46
SHA1 193725659d898a2d363af57269c4d4ba7f1eece0
SHA256 573fe7097b366000ea53065be426bef8c42cfb070065e4e2ee68e96875bf73dc
SHA512 ae3857f0bd176b3fcaecdb812e40d37f7a0a90240bf151caf9c4a82f1df9520475e4a19eb703c1c1c57dc5cef1f45b981bb2d3e767ed2c9db3ab9fb524869e97

\??\c:\Users\Admin\Documents\CSCB3CA1BEDB8E4C48B2B3F776BE2CA8FD.TMP

MD5 7bbdbcc70de6f25580bda12314337f16
SHA1 925a7b712b7010541fedb228b3611754933e0d7e
SHA256 3aa6cf6debce3df2fb7e51a328c002256272ae55748a0a15883e3d9e9e8f4721
SHA512 2e3dd764d23adab974cac236fa3cf07c4469e980dd4b97c638d44036db7f90b88f2ea4ecff071373125cd657325c26786d59a19d1fa181967c1409d75da14d67

C:\Users\Admin\AppData\Local\Temp\RESDB4A.tmp

MD5 f6febbd37bdc3841ce47f928bc1412f0
SHA1 8f7ba9bdc6db1b3c541e0eeafb9371c15c8de2b0
SHA256 6eabbe9c2326c6aaded26320903231a75ff2657f1994c798866284feefae4824
SHA512 1d4fd5d5bfee1593bae6f18804ecdbef4d246c251e61b4e89a9198cc8fe16d6260c9549831e7dd640ae75b085f41e52bd33b7ec8f9aca1f684e0ac0ad79dab6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 5098c6ad746b9910d478a999544a8c13
SHA1 7b41cbef61ab5dc6bc9a60ee641c6879aa7d9c52
SHA256 3e8aec79eb0b30189b134dda40c227b64eb18cc0663e70dd9057c11885eebf4c
SHA512 b8a92de0e115098c2b1825d6dabf5dd7a8505aeab59d214f7e74e10693ff5564a5ac5ebb4c5c2826cc0533359a2181f8ed9072194b122e77c59027fbdd19c586

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b05dc54dc2a7ffe2fbeb6a1aeec941b
SHA1 601b47e9816b27e80d2bac220d30797a3b27e315
SHA256 a4844545a57a882faa1475dac73d35a0e7640c1915f110d90fcf12f419d02dc4
SHA512 f50dd27c64537b9cefc9dfd92bb05c063a3d2bac09f072e8e37eb78b279068308c8fb4dd4d5bbe54f802810444857221ce43546b7e3d1ed75cdfa253ea33c67b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 a5ff4818d0513dfeb36c21006ddd0303
SHA1 3a6be74e24789004a50448bcc393cf2f96c125dd
SHA256 e9b2a2e123515d1ec7edd6bf805abae33bb5399f97029ff2ca5321b47000b6c1
SHA512 bc6642ada442d39ebfbb30cf607c8a44561deaa296838afa79d60caf1084a09acf95579df95851a10709ca3172c76afcfc1b27e33db780c5f1d6183ef1c66de6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2df942f08f74af24b602ce80da192586
SHA1 e4287b11455616027ba8644d47777b6b0e4e71e8
SHA256 a222b2d6924a29b36fbe7c1a909c4dbeeb78b7e16ebaa4043783c73ee8ba7d7f
SHA512 3026c4a3e22ce32ef7ad473ac24bb1cb5153f908ba17e4477c943ade1e19b4bfce23bce9a8f10fd19a32e2063aa06af62cb693403803440a76c86c0b296bf2ea

C:\Users\Admin\Documents\jjsplot update.exe

MD5 3132175f1368f83ecedd2be7f5cadb5c
SHA1 a1426719b82de0ad6332eb426c9038fff8c76b47
SHA256 54624547a2ba00853219b2d372efbe581f747d2f7a91bf3b9172f3ce156b510e
SHA512 1cf40a83c965119d501db635177d776e1bf7d0c9234413d6b21127062536eb12e191982704acb1a51aa448d482b3032c049756a984e1292df33b8a49878ffa7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26b5e6217ef56f8350476eab9c603f04
SHA1 e64c04299daafc54e21127fa1d5909481bb110ce
SHA256 92b5f41e2774b51c9d69351fd2d71c74a4d996c1eb2193fe59ad8743301c239b
SHA512 a2a4c94db3cc8cb5d2a554e52dd9c5e4d7242796f6adbdca2826b4e8171cf07b93de3736ee6de3dd3df7de08de4040fda249d0c9cd22863b3878e3f19e18265a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 404b1a55a5683be106271e4116057aef
SHA1 5b1ee1921eb55f3f924c0cf0670039f05b50e461
SHA256 c5f6a8ffba9c2586e1bfb6f93653bef9e7ae92c4ddb17dea4f88b3b48fa07868
SHA512 958ca64a27a1f82509f8af3ba775c113ef180dd769544ea8bf3a0841c2212f2f428412f77c4b994e249ff013447a4c68dabde646eed6cf364b961204d152960d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

MD5 8b643afa8f7af8f5a636a27d861e4950
SHA1 0a95b4dfe83290f5d67c63ea0955e52cff8722ec
SHA256 a3d1284dda9814c96a7f33f93ccc1319b8011f61f9326ae61d9220daf7f37e26
SHA512 6615189acab71503daf9dc3d28d785a21042424a75ec091b298cbbce4a494270d0886f3a1a752273324a23a064805355f615d6f9c16df5121affe2bb778d5a6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec203f7765ee06ba29a7c0d956a99ffe
SHA1 253b7c84db0a5e6d8fee71db2969f8f19de0b695
SHA256 1592ae7125e68e25e97bde23f9f87753555fa49d427e859ce9db105a6738de26
SHA512 56cff5e2c4d3653509ac1b42bf3ae5eddec254558376a2d42b7c7846e4e23347cfe21cbc003daee4eedc4ebda881882157e5f276593a377418d8cf1920d821b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3d68ec5987b3a2dcfbddb59cbe216ee
SHA1 022a4e72be1f22f0175116ecab6eddb33e9feaa1
SHA256 9a2fa01c00b59aa50b39e64d951a341272cbaa0b60c6d10bebcba07e5f64e238
SHA512 983f2f76c2932b94dcc06f0c42248d2967ab759d84b405a4be13760726f87c9ca70b98177dc31e4bffd1462c0679ca8a6850cb8fef9a85ee3bc9d42b7f4cf5b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5151aee5bfd376f10abab7abf1841703
SHA1 b4569d3ab80549d0771c8b1adaa7039cede6623d
SHA256 8d80d5198479a7305a068cf6abb88ac959d6c608aaf57a701194eb18c779d1fa
SHA512 1d817bcb111f5157825c65a9769fb6fee739f9d09c5e598290c65184442f3f0d0c2e980f4f47c2bb63ae75d89a93ee7a0c0d897bad30bba6dbd28aebf7927412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cdde5406a7e292643c494a6c9ffa8a9
SHA1 97e93f69ee2654e09f8dfe8d44146403b010ffc4
SHA256 954c221ce77b4313ada58048056d985e19f9366d12b0c1c6b5a68fb4250be4f0
SHA512 ec3b23205e9966ce6216adcfc3d1496f3a4e93f8f5bfe560ccc6a7058f02eeb80b88c449a12f290fecbdcdf21008c01eec07532e993665773209ff2b9a0007ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e516f24aec54bcdfe22bf7bd31f67e7d
SHA1 555a16516cc337e5a45c1219dc9bb958acd2d564
SHA256 e01f6b1ce5a0eb35d76321aa69e518cd8fbb57f6c487b89101fd3a5b2fbed97f
SHA512 8eed6970d458a615dfdad097d19586679bb1108052af84adbfaf69fb9c521531fa2624de774e5cd06bbb453e3087d95ca1ca4f3e5c67b10c5f4dba5a1c8ad52c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0254ffaca131ca6e717d7a530d08b2e0
SHA1 399c03800acf4d6f57e7bb4d9a92d1b7df28aa1d
SHA256 b39546ee072eda98fe26a04bcb33e3d10b646ee06889bb731b7d2e39e170f370
SHA512 aa695f66fc3813cc1188673194dbe41b5d2dc6935a2eee6b174c321527bb9baa46ea32c573c57b05199285bd833f5dd8cd17cb32004e02c9a968ac72fa5568a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97599ae8cdb62034b682525cc2ced2f9
SHA1 007dd5eb24a49ee41f2c78ac24ed7cbdfa6d47ac
SHA256 7c3066136e6659cc39b3d25a61031e3803dc4e84495bb2dd485e4abc33e8fb25
SHA512 86aeacdc9cf499e1bd4d23bbd68e481aed34599ed3d7234023029c21162e81f2e0f2664b46dfd4561978215c70ac630f88c7af7b6af50e6bc7e0f934367e7cc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f6b662760c800bcaac9a0a584c046b1
SHA1 007b6eb1c9b8153682cc4672408bc5fa61c4009e
SHA256 de4e4938e4c8760a9d3f49c8f644ca636d2b11dc3e8b8c36d195f473a35f66aa
SHA512 56b2ea44bdf0f678efae528b1e22eb6a0a9a599c5783489a4d150acae371e1e64905fab66a243e5157af7059091cf35c6b89d13557af8675beb0ddf94f6b8e30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be3238c8e759677ad8cf8058d8d596d5
SHA1 4a1a7c83b962d42b5371b760666a911d01df2542
SHA256 57b0ad044031f224e686bb7f11fa4b2be9ff57af92e9b2794c9d5294d2647436
SHA512 bd8e58fad202ebe4c617ffffb715a762cacdca974bde0893532edb77954cfa7c77cce8b2c74191661cbdefff396c5e40dea48b422e43a20fcd3a21b5be4ed710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e780431273f1036a6f7541dc2ca35a35
SHA1 2b2ac104cedf1d273032729a681c9738075869ab
SHA256 209c0e2aa05b6a728019e208e156863be2e4a6672534b4f7bca05c3b307fa618
SHA512 8f7e65b9a9de3a14de58be15bdba6b29d00491718bd4dabeffc98b5bf62d1e7fb28ac50c846a2631d0b82618c98f06fdebd9781c09f14c3dbe68fd43609e4ec4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2919d2c1f75a3cadf9852778be8642a
SHA1 bedb8185759fb13a6671d4e685b8404e592e1e12
SHA256 f12f03548ee77369301a950a4e97fad327b9af94a59c20d33dfd1aebc02e663d
SHA512 4b4d83eb9ac19095c914d897a295a8af85e0945da44dc70738b82db7476ee90704fd9897ca0e306c8704935b647fa9940eae9049a6d77ec09d8f1ca3341d339c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d127f2d860c97f19700b98acf6e448a
SHA1 ce3a9add014062b2f65ad7078942e76b0f1e0c53
SHA256 b72997018d1227fcc67a9ace44e4cb52b48f536fc45dc4418b3dfa166d57c084
SHA512 34a11a5fb3a8585e0b317b38cd0559b9d8f841c0ecdf75d0579045c707fa3a9dbd53ce1370fcb15e8bfcfbc69819e7e6b58a5a05ef09c829aeee99defeeb6bd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 875567844ee0025e497b1805c663745d
SHA1 c92783173b941bf630d8bf53026ed66da29e84ec
SHA256 f06d703c9523357cd081855c9d4383e6bad5f7e921fbf0d21b8839381f50e610
SHA512 ea8e6251da7a65eb98e3a1b34f1de482ee82a6fcc8ea21f582e8c48c9bacee8b536d07b31101638378db4e12cb12b225aebfaadf1ec488e923d0054512e94c4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae0842019bafb39c5d44c47fb32b5c80
SHA1 0ba1deaef5f5721f814bfbfd68b8a211b28fee36
SHA256 4e47de9c15c52b7973fee1df5f684f28ae681e3c90a85fdf90893bb8bee22657
SHA512 e7ceae1e8b1c5a8bde2368d8068059addedc2389869b732394f6d9088001c7d914540cf5bbbc3f92651fc0d8d520f313e433061244380d784c90d707b0681dad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91d42e215e1ac2c3fffdda1095c74ada
SHA1 3f7fed7484a66146b494463c6ba583b56cf04f5b
SHA256 7fdf30853b56a430640b5a06c659e9f94e2a1f3e68c646a208d7829ae509681c
SHA512 8510c5dedeb130184e3911af5ba565b3f6c304c69830d23624f968a0b98ed83c66602ecf83b96bba7c73b0a6b1747450eb3ac8b9f4db8fab05c6341b38dc0b55

\??\c:\Users\Admin\AppData\Local\Temp\m4oq0oub\m4oq0oub.cmdline

MD5 9d9b8697502c8190c452c01d934fb879
SHA1 5fedc6a886e29ca4252ec0250c2c867ee97722f2
SHA256 9ec0f66c056c3bab516f22def3df72a8656eac74b1f6a8b0850eff7cf5292d16
SHA512 72819c8a2092e31a2368bc4f911735a8bf39747f207326caaa5a0e3a44bb77f73e1efb55d098b4bd03e2e6e51e1b8ee990eb627a4a49c1be9e9a94a1d4530876

\??\c:\Users\Admin\AppData\Local\Temp\m4oq0oub\m4oq0oub.0.cs

MD5 fcb175264a63a5882530445804a61d6b
SHA1 53c52a0f5c07218e57af16aa25067f026fc4a090
SHA256 7c5caad750db132cd5daf27e8a01c05e35f77c5b9e351bc941fc8137c8a1cdca
SHA512 2c467ae743e815336fd5ac989ea00d2719900ef0b349c74b0370e1abcca35bf10790b157d5961a823e3dbce534061089a96151706a07f5847faaa24813811ab9

C:\Users\Admin\AppData\Local\Temp\RESED9B.tmp

MD5 8d28dbed8d1b894e4b72964c08652f94
SHA1 31c508778c9c8a524b73f6f552b1f0c794733fa4
SHA256 8c72fab0842ddc4e1d80cb60951c81243088f63a332ff3d4c16b3e717bf001a1
SHA512 280a6e83d79832bc8aeefe9d5a6a5a3a59ea4be454b57a3d80a930be5b57d5c1b4dd5bb5836223acd5107063d6f23149e199520f8f507467949352a0426492d8

memory/624-2158-0x0000000074FF0000-0x00000000757A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee7a1dcc2a94e2cc0b6a31abbfaac845
SHA1 2a2cfbb731946ecbbc05e0f67f7dd5225465f1f2
SHA256 7a805d49b12eaf0d6f0dbaa5fa5187ae7cae6adf2588e730de1f62d440d1a75f
SHA512 580d45807284c5bb6cfe7c4ea74e8293375ff41bdf5c72ece4a751a43bedbdbc736b435997c51dcebcfcadc5834f9e1f9763140d72dc920b658b65c718bb09d9

C:\Users\Admin\Documents\jjsplot update.exe

MD5 ebbf4e6a9d857b7ea5de5f0df5f2294d
SHA1 c5f5c1683de596941223ececfe1b0b7f7ce9fe17
SHA256 8ba597c5a46765d7069fddee8bd1577bfa20057d74ba196cb66ced0951db10cb
SHA512 71c1ed3731ab6f17690bf05ca9d3cd8384d2221dd44155888b67aabab0f92e36d5bc820d5822a70cbecd1ea9f01d2208cd14188ccb9e65a467f6b9eb39329b20

memory/5060-2170-0x0000000000590000-0x00000000005AA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 930c8fdf709f6f699fc22b3ad78f5884
SHA1 1f82ff2c81e5a55ddb1b9b1faa8cc563ade31915
SHA256 a2908f1de977dff9351964f3b46404fce062201b8cc8f0e70b15c8f08d6c014f
SHA512 557e5be029ddcf142117622f2e3cfeb7d192da6d22d356973d413f7441b8b6b7b1b9739784366033b427b6c13912b2a8d58ca2e07936769a5cd7a836c975ad96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a801e323c6c95aa9dd529df028feeee
SHA1 7fbcef43e368466a2698d2fc82b2e3b1ccde0c2d
SHA256 3dc690ab6481ba377975e36fc30fd0160c8fe998704a2b8ea6d3b33d1f0c727d
SHA512 b51e6d49bb8eb823f18cc0b9a820ddfbc53284a3e7f5b04b7962bc296ebbab71c6b3aaf4525baea5f1b1a3c9b75254a69eb93330b401d2630cd3c9dd4a1ec0c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0bfe036479e692d1fbe86015e037c6f
SHA1 db193bf667bf95f68388616759ea3fe4ca82aa92
SHA256 0376d36e51123626cc05e8a3a3568b1d7494a1c1771f8510c35303c7ab3a1c58
SHA512 be07eaa3607cf105cecb5922d1faa27f333ee9c3cf92db89cf48658343f0c63d9a58a969f323ea2bdec7089b11a8b3c49f0b40c68e6d9f4a25eb8b5062ca48e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe27e6cc0dba739cb8005b1882768cd4
SHA1 d8a6f15288c66edef4326933569053ce754a5730
SHA256 63a22c7c26651b997b0e79439f9655f41c89819671ba23b7c286bc415ecb3e7a
SHA512 15ff24fdf5638ce0dd5c14644e3d83ea1e3cab08881655077f53c00d19aeab4c05c309d346048b3faa0d0ab0a6654bbc6134a28e5eea821b6f450d8937f04159

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae

MD5 01544cec8ea1384b58d63e4c1955b9ea
SHA1 bda9a87449eee2fd053b56a7844e00b1460eea52
SHA256 f4d9c14f01e2caa05f3aee0e1c6b4bd282584365271ae8d484bb9c074e6b039a
SHA512 f45d85a0230e51b1942ffc2e133512b622ce0b07e4687e1227a3fb4feff3d269a75d7253add58b158eb03b88972117a38ed38db5bd225d2dab39255e004c713b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 236699bb913624f98f91673c2b6443d6
SHA1 211bbdc14289a1db0f8fe058f236f571c189ea52
SHA256 9e96fef172aea7326b854dd578c83c5474b19712638521f45445c5fde8dab83c
SHA512 2aba53d637d78619bac932abaa75121108bf7c458bf400974e1bf7db1c1960d7fdd6958c20ba69c5b9c46989690e33b66b9df757b2cdccf0bc0f266ece401374

C:\Users\Admin\Downloads\OperaGXSetup.exe

MD5 2c7416bf2cc1c1659c113311b55b15f9
SHA1 5b7af89283a01f0ec0700ac30d20522c21683d51
SHA256 7db1355a540f541f8e7ea0f8091f609befec473f25ded05df19839b75fca8add
SHA512 ecc99727f421a1ba2e705da2bf839086065798cb67ca67a9d004e2706d3a429fc7145c25593a0ac59ecab906f439aeba1e9a5c8a220e6f288d5b69a969baea33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 27aa1fb1cff01c7032b20965012b5fda
SHA1 2739400d71112db1cf81fe9cbd6133000f72f0a7
SHA256 ac035f5157a432c8f0a11313cfb1e1722bfc4c0443887661af43c965cd92646f
SHA512 f94229c821455bfcd5592da0ef3e9783f4d3c67dedad66b1d8741f8af2cac82bb3e04d9d151daecf6129771d97b3e47d785ebf382d84134262e7e2d799f0ed0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e13d1f43b4dfd6d07a37b10d4574d4e
SHA1 d30f1027b039fb19e230416dd3e32fa26d36fb12
SHA256 dce0ece120d89587f17e6d879d8bd96d8048e354659a4fb77a122996e4c8aa40
SHA512 6b8dc12b07f8e2a250a3aea9a28259d8ae7eba2a7bbe6a87c63f3d32ea34e5d994d6925f2a162d3915e58509b93c7d02ae98d9cae61367d2cd84425a62f2af27

C:\Users\Admin\AppData\Local\Temp\7zSC9258603\setup.exe

MD5 80510ea85c478436f90b927e1730820e
SHA1 7a54ff150b83061210dfc683aaf113c8ad3abd1f
SHA256 97fc8eb7503277c0789ae5c7683246b433d8ab5a482ec7fe0ec61e0037c05b30
SHA512 cacdd3f9107f7fb839c6ae67a4408329caa82d15e1f0f5fbf6721500fbe43b873e7eb4da3f3569ce8ddd5c26e4f47397bc2b4f4133808050e49fd34fff2c53a7

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411250505224311232.dll

MD5 5ec157d8d5e886c43f1adcf45bfa1c71
SHA1 4606048ce3a1d74d5a07e5fda2fd2274e1727b45
SHA256 fcd77e9a357f744ac0eced1f896e23cd875f1c7f8e77b5fff23f86a786842ceb
SHA512 2255f3c3d7deb1946415125d987ab22a75c9dacda94fc3bbcdb43cf876ec0e0cfdc2e4636216b3c20b2eba740a32062bc12b2d72d113ae5913cc6f81758953c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0462a032765fa9914d99602cd3ad4dc8
SHA1 9b433e9db1467492703982165bc132df2560b786
SHA256 99619d204fe64c79640a76a71d4f16a59d98afc8ff5657ab64b617d0a423f72f
SHA512 5a92ca841a6b4a5c61f1559a8d584c4e7810dfafe11c2cee71a26136f66792e712a2c9133512be37df0c20820e54e02d65341c26e04594a201fbb5458215e3cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 315c551e5e430a3e6638b8df7b8d3c70
SHA1 a511e860ac1d84f0fba6845effe82d61dd850c04
SHA256 32d1b6dbaf98ed8165fe47ee0fe17528cec9984f1a03573f5221613d415f9d44
SHA512 890b7ff06bf319cc9fe1f9e47ef1b92220b2b6c975637c3f9b28698650be6875d07388c05c8e0e2eecdcc5a74d6baf45847913ff0f5c231d5389b893781ac98c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411250505231\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 590075f419ea158a092d92798b364e5d
SHA1 726cdcf1833349a26a07503b3841023fe388116b
SHA256 9ac3180f4af128143107cd5e439888e95151e99b96f92cbec1a31e658c1eff91
SHA512 7db663a2124365a6a1cd9720e003998fe191d202af53a24704b78bff34164beed3461fd14250c824073d4d6227fe0b92ddc1a8ac36101aa105b0889a1125ea18

C:\Windows\Temp\SDIAG_fa7003bd-f6df-4cc0-a797-57ca2c02725a\en-US\DiagPackage.dll.mui

MD5 d7309f9b759ccb83b676420b4bde0182
SHA1 641ad24a420e2774a75168aaf1e990fca240e348
SHA256 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f
SHA512 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d

C:\Windows\Temp\SDIAG_fa7003bd-f6df-4cc0-a797-57ca2c02725a\DiagPackage.dll

MD5 79134a74dd0f019af67d9498192f5652
SHA1 90235b521e92e600d189d75f7f733c4bda02c027
SHA256 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e
SHA512 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3krbx4mq.vha.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5548-2539-0x000001DE2C560000-0x000001DE2C582000-memory.dmp

memory/5548-2548-0x000001DE140C0000-0x000001DE140C8000-memory.dmp

memory/3040-2547-0x0000014846380000-0x0000014846E41000-memory.dmp

memory/5548-2558-0x000001DE2C590000-0x000001DE2C598000-memory.dmp

memory/5828-2557-0x0000018D0F310000-0x0000018D0FDD1000-memory.dmp

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024112505.000\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024112505.000\PCW.debugreport.xml

MD5 708c84301297ed5fbfed59d9d8256ba3
SHA1 a179b07a2bd6a6f9d257286d443aa06fd206bea8
SHA256 c3e098ff17a4eef7bd57bbcc75d4f309fa1a2d52eeadd396628235f4ee769e33
SHA512 f921de88f8a62615ae7920b62ed7a057ba9a642e8d3a1065ad5ec3b63469130d16959f6e98e14fa7df2d86f5fe58d09894525029e3885088ed3ff4239af7b79f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2f9f4340bbe962f392ca3804d292aad
SHA1 ca4bf2053a139d4cdc397859e6213af6ef2c622c
SHA256 aed46b2808bf1f503962504960d12054117b6aa875288c903b64d30843d4d795
SHA512 b490f09c0d5cea05633dc407a0b3009e7dd706cee2032b01736643a2859491b65fc23f69a13aa011adf61b6a0cc0e8e5368329c432db9bb89f9492cd7d232112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6b886cdae647dcbdb7e504ad0b5220b
SHA1 0464a1ab471d59632c8b6fc62ad17d87005241a7
SHA256 3586023c8073678b7c4488145d76b769e37cf33aef49d441e0ee0a8790f590e7
SHA512 72192a1784572be7d9ceb92339804c2534db46436083c53d21efdb160b9510a5c1a225fbc988418044bcd105ada989d9f9252caa2bed6998be127eda4f9d10d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ca8fca4b-c4d6-4487-a4a2-609e3c4b84d0.tmp

MD5 58c6ad5db0fa00cf72b0588607b4a709
SHA1 4493ff1c90dd9ac8e9c08de577e28ffd88d49b61
SHA256 81391eef3356f23f18907433aa39a29d4b4dc955cf690a9ac5e56eb0383f0092
SHA512 83136a968a24e08742ae8e23b852fa6806ba5e8f85c588e9c68075b7771ef254a29f3e88fee0d1e5b61ff23cc9bfceff401592bcabbb26776868336ad37577fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52829db8c8c53b0056a22e2f9db52252
SHA1 9914b17dfe023ec4425caed2165c4a1eaa7e8b1c
SHA256 40014ae48d3ede435dd20086516c0ac036e98c9b3b6ed0bca2e72ec74bb14f7d
SHA512 003d1dc517bc6bd00a4091fc54cd86ea9f5e324c467bde5e0481fb474594e27b0df62db0971373dcdbf6283002d4d6ff9c258ca249e9553ec5adb7225f3ab76e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8642287bec6d08352d74ae89165232c
SHA1 d429952b61ed44e57cabf4985f96ebdfcbaf62a3
SHA256 d9edec35d01fb0a5e11b288915edfd9fe37402c3b85ce2a2170f3c215d1af3ba
SHA512 cc33e7d114d92740e78fc4cea932790cc5fd72ceeb65277aed65665435c8f50fa7be711b04679874161879d5a5fcf6df9a1393237fc1552f78d16d89eda1a01c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 0cc4706b8148d0c1c6497c45299f757b
SHA1 ddfbefe424bd39da23d19b9a40307a4a85a62460
SHA256 8fb1eedbdec13713fd539369fa32d118587e364f36f81e5e996a108483d2cd3a
SHA512 ef96793b765f8e224384fe14c2c566a9548fb7d8d4f1d56fce4c1b9abcc6f2fe155155d25d34308947301594cac82f2dd8c91cafb47bbe9996a277e8ab262424

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e591d4b5e6ecea03efa754ed0ad633b4
SHA1 be84ef5687957aafec2f655274201416e8c2c498
SHA256 b7ce86de774561a9fa84267c762ddc4e43abff1d17e0a7e2b00e9f040c31bcd8
SHA512 63f0b6f0c4aae11ac5116774975cf78b1f4e6cd44ec6d03b16cd911dadcd543d207af2bd3c174e6dc54e3b41fb5f9c72d56a8622fbb0995f88b8a1c6a83c543c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4d5e5a617fe9d19d679e9b26d2f457d8
SHA1 23df48250f6e7d7bf9a2374173e6497e521d4f9f
SHA256 8afbf7461c9a2561ff68b7375f6246e9cda481681cd69fc79e87d63b66366962
SHA512 079be99d87ab57bbdfcbaf7b61437b027d6b68c8f033abeb28623cff03e542a9195cfa6f516241f8580e3c0027145460950e147faf3de78f500160dd7097c1e5