Analysis
-
max time kernel
1711s -
max time network
1714s -
platform
windows11-21h2_x64 -
resource
win11-20250619-en -
resource tags
arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/07/2025, 18:22
Static task
static1
Behavioral task
behavioral1
Sample
ReShade_Setup_6.5.1.exe
Resource
win11-20250619-en
General
-
Target
ReShade_Setup_6.5.1.exe
-
Size
3.6MB
-
MD5
3942c31aac840d1c695f30bf0c50ff92
-
SHA1
73343e3d4b1c46ddad1357946a2430c7ae21b015
-
SHA256
c384e89427865e119db4daf18c2c225b951a4cd07dbff92b65caf68c2a95ace0
-
SHA512
0a45d43d36307f7ab3a199d09ae30af4fab6497b65be537ce87c57e7e4ddf6154b2b0412a6ee30944ab29b92ae0c666187fdc64284212ab0421c56dd659e5e41
-
SSDEEP
98304:ribzK3tpXV7W7fnVOWFDxd0BlpN2waenEKvXZwnd+DTObhaW:ri63tFR8fnpJipTXZQEW
Malware Config
Extracted
purecrypter
http://example.com/api/test
Signatures
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Purecrypter family
-
Ramnit family
-
Downloads MZ/PE file 1 IoCs
flow pid Process 342 5072 chrome.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 37 IoCs
pid Process 6048 7z2409-x64.exe 3380 7z.exe 5488 7z.exe 944 7z.exe 1848 7z.exe 5876 7z.exe 5468 7zG.exe 2344 FNAF1.exe 5928 7zG.exe 5524 QRes.exe 1916 QRes.exe 4768 QRes.exe 1180 QRes.exe 5804 QRes.exe 3260 QRes.exe 5224 QRes.exe 5356 QRes.exe 948 7zG.exe 4328 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5948 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5776 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 2000 7zG.exe 5368 7z.exe 2624 7z.exe 4936 7z.exe 1488 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 2444 7zG.exe 664 7z.exe 5960 7z.exe 6072 7z.exe 2832 7z.exe 3424 7z.exe 5368 7z.exe 2976 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 6532 7zG.exe 7060 sigma adobe acrobat no virus hehe.exe 7148 sigma adobe acrobat no virus hehe.exe -
Loads dropped DLL 20 IoCs
pid Process 3348 Process not Found 5468 7zG.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 2344 FNAF1.exe 5928 7zG.exe 948 7zG.exe 4328 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5948 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5776 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 2000 7zG.exe 1488 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 2444 7zG.exe 2976 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 6532 7zG.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 1096 tasklist.exe 4052 tasklist.exe 2328 tasklist.exe 4692 tasklist.exe 5896 tasklist.exe 868 tasklist.exe 3188 tasklist.exe 2552 tasklist.exe 3500 tasklist.exe 4076 tasklist.exe 400 tasklist.exe 4560 tasklist.exe 972 tasklist.exe 4220 tasklist.exe 5532 tasklist.exe 3188 tasklist.exe 2976 tasklist.exe 5820 tasklist.exe 3772 tasklist.exe 572 tasklist.exe 1212 tasklist.exe 400 tasklist.exe 5672 tasklist.exe 704 tasklist.exe 4844 tasklist.exe 3772 tasklist.exe 2212 tasklist.exe 2480 tasklist.exe 4832 tasklist.exe 2496 tasklist.exe 5096 tasklist.exe 5796 tasklist.exe 1424 tasklist.exe 3140 tasklist.exe 4052 tasklist.exe 5252 tasklist.exe 1560 tasklist.exe 4092 tasklist.exe 892 tasklist.exe 3140 tasklist.exe 5028 tasklist.exe 5184 tasklist.exe 2568 tasklist.exe 5800 tasklist.exe 2116 tasklist.exe 4448 tasklist.exe 5944 tasklist.exe 2152 tasklist.exe 2168 tasklist.exe 5984 tasklist.exe 4536 tasklist.exe 392 tasklist.exe 2624 tasklist.exe 5224 tasklist.exe 32 tasklist.exe 6136 tasklist.exe 764 tasklist.exe 2152 tasklist.exe 2764 tasklist.exe 5484 tasklist.exe 5316 tasklist.exe 972 tasklist.exe 2496 tasklist.exe 2448 tasklist.exe -
resource yara_rule behavioral1/memory/4328-3029-0x0000000000400000-0x0000000000425000-memory.dmp upx behavioral1/memory/4328-3033-0x0000000000400000-0x0000000000425000-memory.dmp upx behavioral1/memory/4328-3032-0x0000000000400000-0x0000000000425000-memory.dmp upx behavioral1/memory/4328-3031-0x0000000000400000-0x0000000000425000-memory.dmp upx behavioral1/memory/4328-3030-0x0000000000400000-0x0000000000425000-memory.dmp upx behavioral1/memory/4328-3036-0x0000000000400000-0x0000000000425000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\readme.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7z.dll 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\descript.ion 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ca.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ms.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tk.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hu.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sw.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ja.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.dll 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ku.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\License.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7z.sfx 7z2409-x64.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 7z2409-x64.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 5 IoCs
pid pid_target Process procid_target 2952 4328 WerFault.exe 482 3500 5948 WerFault.exe 486 2732 5776 WerFault.exe 493 5776 1488 WerFault.exe 511 2616 2976 WerFault.exe 540 -
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FNAF1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sigma adobe acrobat no virus hehe.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z2409-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language QRes.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sigma adobe acrobat no virus hehe.exe -
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 chrome.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags chrome.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 chrome.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\ConfigFlags chrome.exe -
Delays execution with timeout.exe 6 IoCs
pid Process 4508 timeout.exe 1480 timeout.exe 5928 timeout.exe 5184 timeout.exe 3424 timeout.exe 4768 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 5 IoCs
pid Process 3424 taskkill.exe 3668 taskkill.exe 4776 taskkill.exe 2844 taskkill.exe 1388 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961269604725651" chrome.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.ps1\ = "ps1_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.sh OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2409-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" 7z2409-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2409-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip 7z2409-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2409-x64.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings chrome.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2409-x64.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2409-x64.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = ffffffff OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe\shell OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe\shell\open OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2409-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2409-x64.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428 chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ps1_auto_file\shell\open\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\sh_auto_file\shell\open\command OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2409-x64.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children chrome.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ૈ翾 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.ps1 OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\𨄄ʨ\ = "ps1_auto_file" OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ﶆﰀꍜ退턀㔄ʨ\ = "ps1_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\sh_auto_file OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\湁啎 耀 OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2409-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2409-x64.exe Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\湁啎 耀\ = "sh_auto_file" OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2409-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip 7z2409-x64.exe -
NTFS ADS 8 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.zip:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\AppSuite-PDF.msi:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\Five Nights At Freddys.7z:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX.zip:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.zip:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.zip:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\3f61bcf9c3e8eda19e85cd3aedf42acd2e1fb87bb23ab221f9532d398dfad6b9.zip:Zone.Identifier chrome.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 3592 chrome.exe 3592 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 6 IoCs
pid Process 4548 OpenWith.exe 2016 OpenWith.exe 2344 FNAF1.exe 5960 OpenWith.exe 3424 OpenWith.exe 380 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3484 ReShade_Setup_6.5.1.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of SendNotifyMessage 58 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 4548 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2016 OpenWith.exe 2344 FNAF1.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 5960 OpenWith.exe 3424 OpenWith.exe 3424 OpenWith.exe 3424 OpenWith.exe 3424 OpenWith.exe 3424 OpenWith.exe -
Suspicious use of UnmapMainImage 5 IoCs
pid Process 4328 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5948 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 5776 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 1488 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe 2976 869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 380 wrote to memory of 428 380 chrome.exe 79 PID 380 wrote to memory of 428 380 chrome.exe 79 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 2524 380 chrome.exe 80 PID 380 wrote to memory of 5072 380 chrome.exe 81 PID 380 wrote to memory of 5072 380 chrome.exe 81 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83 PID 380 wrote to memory of 4856 380 chrome.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde4a9dcf8,0x7ffde4a9dd04,0x7ffde4a9dd102⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=1960 /prefetch:22⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2260,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2312 /prefetch:112⤵
- Downloads MZ/PE file
PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2400 /prefetch:132⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:5448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4232,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4268 /prefetch:92⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5284 /prefetch:142⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5524 /prefetch:142⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5272,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:3128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4532,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3612,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5652 /prefetch:142⤵PID:5968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3532,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5584 /prefetch:142⤵PID:5964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3600,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3332 /prefetch:142⤵PID:6060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3560,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3696 /prefetch:12⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4468,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4256 /prefetch:12⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4196,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5912,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5868,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3900 /prefetch:12⤵PID:2660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6380,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6360 /prefetch:12⤵PID:1284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6524,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6548 /prefetch:12⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5616,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6692,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6860,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6844 /prefetch:12⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7048,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:5848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7200,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7256 /prefetch:12⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7296,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7324 /prefetch:12⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6452,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6660 /prefetch:12⤵PID:3340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7544,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7516 /prefetch:12⤵PID:6116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6608,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7236 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6596,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7696 /prefetch:12⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7176,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7384 /prefetch:12⤵PID:5660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4612,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7036 /prefetch:12⤵PID:5604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7668,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7616 /prefetch:12⤵PID:5848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6888,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8032,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7868 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5820 /prefetch:142⤵PID:5756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6520,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7332 /prefetch:12⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7744,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7036 /prefetch:12⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7236,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7896 /prefetch:122⤵PID:6064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8156,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8168 /prefetch:142⤵
- NTFS ADS
PID:5152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8016,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7240 /prefetch:12⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8020,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8320,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7184 /prefetch:12⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7344,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8184 /prefetch:12⤵PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8332,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8140 /prefetch:12⤵PID:1200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8700,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8712 /prefetch:142⤵PID:3484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8628,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7328 /prefetch:142⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8860,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8940 /prefetch:142⤵
- NTFS ADS
PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8920,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8888 /prefetch:12⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7240,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7608 /prefetch:142⤵
- NTFS ADS
PID:6132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8172,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6572 /prefetch:12⤵PID:5996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8548,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8408,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8472 /prefetch:12⤵PID:5184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8680,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7128 /prefetch:12⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7300,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7992 /prefetch:12⤵PID:4636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7776,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7096 /prefetch:142⤵
- NTFS ADS
PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7368,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8312 /prefetch:12⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1436,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8848 /prefetch:142⤵
- NTFS ADS
PID:5396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8864,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8816 /prefetch:142⤵
- NTFS ADS
PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7672,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8396 /prefetch:142⤵
- NTFS ADS
PID:6332
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:4820
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2776
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6000
-
C:\Users\Admin\Downloads\7z2409-x64.exe"C:\Users\Admin\Downloads\7z2409-x64.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6048
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E41⤵PID:1432
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:5832
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4548 -
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"2⤵
- Executes dropped EXE
PID:3380
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2016 -
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"2⤵
- Executes dropped EXE
PID:5488
-
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"1⤵
- Executes dropped EXE
PID:944
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"1⤵
- Executes dropped EXE
PID:1848
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"1⤵
- Executes dropped EXE
PID:5876
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Five Nights At Freddys\" -ad -an -ai#7zMap13381:104:7zEvent170031⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5468
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\1-FNAFS.bat" "1⤵PID:5872
-
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"2⤵PID:5068
-
-
C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe"FNAF1.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2344
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5344
-
-
C:\Windows\system32\find.exefind /i "FNAF1.exe"2⤵PID:2812
-
-
C:\Windows\system32\timeout.exetimeout /t 15 /nobreak2⤵
- Delays execution with timeout.exe
PID:4508
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im mmc.exe2⤵
- Kills process with taskkill
PID:3424
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im MicrosoftEdgeUpdate.exe2⤵
- Kills process with taskkill
PID:3668
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im onedrive.exe2⤵
- Kills process with taskkill
PID:4776
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im jusched.exe2⤵
- Kills process with taskkill
PID:2844
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im SearchApp.exe2⤵
- Kills process with taskkill
PID:1388
-
-
C:\Windows\system32\net.exenet stop XboxNetApiSvc2⤵PID:1668
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop XboxNetApiSvc3⤵PID:4144
-
-
-
C:\Windows\system32\net.exenet stop XblAuthManager2⤵PID:4940
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop XblAuthManager3⤵PID:5036
-
-
-
C:\Windows\system32\net.exenet stop SecurityHealthService2⤵PID:5028
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SecurityHealthService3⤵PID:4480
-
-
-
C:\Windows\system32\net.exenet stop uxsms2⤵PID:5804
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop uxsms3⤵PID:4084
-
-
-
C:\Windows\system32\net.exenet stop wuauserv2⤵PID:5608
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wuauserv3⤵PID:3360
-
-
-
C:\Windows\system32\net.exenet stop SysMain2⤵PID:5900
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SysMain3⤵PID:5152
-
-
-
C:\Windows\system32\net.exenet stop WSearch2⤵PID:1604
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WSearch3⤵PID:2620
-
-
-
C:\Windows\system32\net.exenet stop Themes2⤵PID:2136
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Themes3⤵PID:3044
-
-
-
C:\Windows\system32\net.exenet stop DiagTrack2⤵PID:3164
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DiagTrack3⤵PID:6056
-
-
-
C:\Windows\system32\net.exenet stop DusmSvc2⤵PID:2832
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DusmSvc3⤵PID:5544
-
-
-
C:\Windows\system32\net.exenet stop UsoSvc2⤵PID:1640
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop UsoSvc3⤵PID:2728
-
-
-
C:\Windows\system32\net.exenet stop WDefender2⤵PID:3096
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WDefender3⤵PID:5940
-
-
-
C:\Windows\system32\net.exenet stop mpssvc2⤵PID:1644
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mpssvc3⤵PID:5656
-
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="GTA5.exe" CALL setpriority "32768"2⤵PID:4008
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="audiodg.exe" CALL setpriority "64"2⤵PID:5368
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="svchost.exe" CALL setpriority "64"2⤵PID:1352
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="csrss.exe" CALL setpriority "64"2⤵PID:2068
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="winlogon.exe" CALL setpriority "64"2⤵PID:4876
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="dwm.exe" CALL setpriority "64"2⤵PID:3008
-
-
C:\Windows\System32\Wbem\WMIC.exewmic process where name="ntoskrnl.exe" CALL setpriority "64"2⤵PID:740
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:1480
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2200
-
-
C:\Windows\system32\find.exefind /i "FNAF1.exe"2⤵PID:5272
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:5928
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:392
-
-
C:\Windows\system32\find.exefind /i "FNAF1.exe"2⤵PID:4560
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:5184
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:764
-
-
C:\Windows\system32\find.exefind /i "FNAF1.exe"2⤵PID:5496
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:3424
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3388
-
-
C:\Windows\system32\find.exefind /i "FNAF1.exe"2⤵PID:3668
-
-
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:4768
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\ATENCION!!.txt1⤵PID:1292
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\" -ad -an -ai#7zMap6718:98:7zEvent8531⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5928
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5524
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:1916
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:4768
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:1180
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:5804
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\1-Optimizar Roblox.bat" "1⤵PID:2948
-
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"2⤵PID:5192
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:972
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1748
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3540
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3132
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3140
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5304
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2212
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5780
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2568
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4444
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1924
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4376
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:868
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1484
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:72
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:6048
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2496
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4880
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3188
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5468
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:400
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4876
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5252
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2168
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5800
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3340
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5820
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4644
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1512
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5272
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4560
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3456
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:1424
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5096
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:600
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5152
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2272
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2600
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4608
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5524
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2624
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4144
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2116
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4592
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5028
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5160
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2016
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5900
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2876
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2000
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:6044
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5192
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:6136
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1748
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2152
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5456
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3140
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4568
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:704
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3628
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5056
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1388
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3168
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1924
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3772
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5960
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2552
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3092
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5368
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1352
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2448
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1464
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4448
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:6132
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2764
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:756
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5672
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1400
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5484
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:248
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4016
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2812
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2904
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3804
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4560
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5968
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4692
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2596
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4536
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:900
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5896
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:604
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4372
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5796
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1676
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3356
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:1560
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3344
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1208
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5668
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5532
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2616
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:572
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:940
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:972
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4092
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2480
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2792
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5944
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2152
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2528
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3140
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4052
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1064
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:32
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2568
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5540
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1096
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4844
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3792
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:72
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1200
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3500
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5104
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3188
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5036
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5880
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4636
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:740
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5252
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4220
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5800
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:1212
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5820
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4940
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1512
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3368
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3944
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4832
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2176
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5184
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5976
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5152
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1668
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2600
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3304
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2976
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4404
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:776
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5848
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3356
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4592
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3344
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3868
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1208
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3572
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5900
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3656
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2000
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5984
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4092
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4204
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2792
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4992
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2152
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1880
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4076
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3628
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1000
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5056
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5956
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5000
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:1096
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:416
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1484
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1948
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5316
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2552
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2496
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3500
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5224
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5812
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:400
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5880
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:756
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:740
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2168
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5996
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3340
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5816
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:2328
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4644
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3456
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4948
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5096
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3284
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:1308
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4692
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4536
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2272
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5896
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4608
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5796
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:6056
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\1-Optimizar Roblox.bat"1⤵PID:4924
-
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"2⤵PID:2752
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3868
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5532
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:3572
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:5768
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:892
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:6052
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:5984
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1900
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4204
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:788
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:2468
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4568
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:4052
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:6004
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:32
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:3176
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:5892
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:1204
-
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
PID:3772
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:2180
-
-
C:\Windows\system32\tasklist.exetasklist2⤵PID:4008
-
-
C:\Windows\system32\find.exefind /i "RobloxPlayerBeta.exe"2⤵PID:4880
-
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:3260
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:5224
-
C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"1⤵
- Executes dropped EXE
PID:5356
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\" -ad -an -ai#7zMap2137:190:7zEvent303931⤵
- Executes dropped EXE
- Loads dropped DLL
PID:948
-
C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:4328 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 3002⤵
- Program crash
PID:2952
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4328 -ip 43281⤵PID:2484
-
C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:5948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 2362⤵
- Program crash
PID:3500
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5948 -ip 59481⤵PID:6060
-
C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:5776 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 1962⤵
- Program crash
PID:2732
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5776 -ip 57761⤵PID:5556
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22301:190:7zEvent52031⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2000
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5960 -
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"2⤵
- Executes dropped EXE
PID:5368
-
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"1⤵
- Executes dropped EXE
PID:2624
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"1⤵
- Executes dropped EXE
PID:4936
-
C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:1488 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 2682⤵
- Program crash
PID:5776
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1488 -ip 14881⤵PID:5940
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap2781:190:7zEvent294621⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2444
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"1⤵
- Executes dropped EXE
PID:664
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3424 -
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"2⤵
- Executes dropped EXE
PID:5960
-
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"1⤵
- Executes dropped EXE
PID:6072
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"1⤵
- Executes dropped EXE
PID:2832
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"1⤵
- Executes dropped EXE
PID:3424
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"1⤵
- Executes dropped EXE
PID:5368
-
C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:2976 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 2322⤵
- Program crash
PID:2616
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2976 -ip 29761⤵PID:5992
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap28936:190:7zEvent32381⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6532
-
C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7060
-
C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7148
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD588518dec90d627d9d455d8159cf660c5
SHA1e13c305d35385e5fb7f6d95bb457b944a1d5a2ca
SHA256f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced
SHA5127c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f
-
Filesize
551KB
MD5b6d5860f368b28caa9dd14a51666a5cd
SHA1db96d4b476005a684f4a10480c722b3d89dde8a5
SHA256e2ca3ec168ae9c0b4115cd4fe220145ea9b2dc4b6fc79d765e91f415b34d00de
SHA512d2bb1d4f194091fc9f3a2dd27d56105e72c46db19af24b91af84e223ffcc7fec44b064bf94b63876ee7c20d40c45730b61aa6b1e327947d6fb1633f482daa529
-
Filesize
967KB
MD54eaae49d718451ec5442d4c8ef42b88b
SHA1bbac4f5d69a0a778db567e6978d4dabf2d763167
SHA256dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58
SHA51241595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3
-
Filesize
696KB
MD5d882650163a8f79c52e48aa9035bacbb
SHA19518c39c71af3cc77d7bbb1381160497778c3429
SHA25607a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff
SHA5128f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1
-
Filesize
14KB
MD5e03115ee7530777231a0051667ab23d3
SHA15ded32077cda52b5527f75017552a598b0523db7
SHA256cccf6f489961bb78c5c4baecd964442b14593799403e2b6e4d50082c3e64803a
SHA512053f81c647b55df05bef067f26be1d25b44cdd1d5a59c4341904f0b9173a1ad6cc3209035ed4782626b150f090f52276c7d99e77eaf108b2fed52f2179e959ee
-
Filesize
40B
MD5476e416300b683dacf0e28677a409755
SHA19c1c085ac9e9b85a69528cc4c5a9dba6d9294912
SHA256d8c1b5f445c912772931368a35e7b17980c309ce8b727a6ef38e5d112aead667
SHA512d58642ffdaff3bcc695ac7377f6b24ed2f0cf083b6ffd6d1239ad725764c93bdb004e2826378b2086e95dac8dddee5d62a9f857247efd452aaee37b2f5ba2282
-
Filesize
649B
MD5f81de8fbd2b23421e0924cd63b15238e
SHA19f6841377556ef52c0ca47a2d4b67b94a43e912f
SHA256ecf1b31d254f6f483aa6607befb3cf00b1ca3976639daad4e1177e9b08a42341
SHA512eb31f2ae6e12e8e92067c500d648f044c38a45326f1fdb4bacb94ade88c43e241c766ddf57b30db771e26ed82e0a127e4043da68aa6ab4fa50ec54ffcc5c9471
-
Filesize
68KB
MD53a866ce162809fb0361766635013d99b
SHA15884c0771adcc2ca34e7ba35aa327223f52c284a
SHA256417afab46c974859ae7049ab35b65ed21d5a0b74d53e9427b0d017445b07b3d1
SHA512d69989ba95d40ad85c0caf25b262319540991e0392683c2e26645e8bc440c4b7b2bb9280435fa788bb9e82cc542a6fb35c8abb2b920e70febefa1bff91c5aa53
-
Filesize
38KB
MD5ed81ae6e321fbfbc6cb3dff94779e4be
SHA11f0c0cae6cf9366424323db0b0739facd69afdfb
SHA256d22632c84b8b935a2451ed89ef446356ab024bb761c52cf8ace17068a655be0a
SHA51260dde1068dca1305c488fb5bc43bcd77d8da22ca0b7d61515c777510cae0045d054094b5c52e27b7d9f2b536342f18e9358b806e9bd67f15ca4da0702b3b985f
-
Filesize
38KB
MD59436affc97843765a966b3568fa7e5ec
SHA17bfda74bb30589c75d718fbc997f18c6d5cc4a0b
SHA2567165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916
SHA512473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456
-
Filesize
77KB
MD583b7855cfa4a74f261d3763b73141e37
SHA1306f4e4a8b4635711d0933147ce79f37416fdb8a
SHA256e2e45af9cd69dfd5425ba5ca0b5f5bc1494808e5db081bc94fbae965a7a21a79
SHA51229c580b51f25148683e46f0f7b154b4a4a56057d27d3b7f796acae8331050a5f853c0d957daddfd4d57226ff8bc5e632304b0c4a9a92afa1169f6c18c92bd2da
-
Filesize
458KB
MD5ff19e38e855d869d3e084149adfb6e05
SHA122c9b84a4bd7dc4766b60698d96686f150a60fac
SHA2564437283ff4c34c5097ea6e95556342f03846595b755f2ab03ab2aabf92d83a07
SHA51201dd5c2217f506af2df1bbb0a0c7e483f749e2d59d7b3882ba699293fc9969d4d83c95f87d0c16884bc5063ad29eb389b0433770fe416591de61907f30fac34c
-
Filesize
74KB
MD57d63d3d7cb9eed15021ed91754cbdfc8
SHA12dda903f77162fc26a50c77ff2b7ed81d2121a50
SHA256082dfddfd32a16b4367ea78f47d8ffd99fbab54e0390cd17b62cb971b8ec481b
SHA512b65fb32944c2f3e088e3ac44c6a06b7a24bed49bb38eea6312b8396ebbb15f773296f2d7451bead975179e8c778ee6ccdfb580d43a8b63bdc19b4a606721ec63
-
Filesize
35KB
MD57c702451150c376ff54a34249bceb819
SHA13ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA25677d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA5129f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
54KB
MD5b31d6c3a52ee38ee4d969480c712cf93
SHA10cf2958ba2caf005c6666372d65a955b56bbf450
SHA2561a37f663403fdd7b5d9c6577ded75fdce0bf8b8be3ceedf3839dbffd419e08cf
SHA5121dc117306dda82ad7820b17674685ee8172bc054c92da58ef62091470965d5b72b5fc167a1de1ce5ba32b728d86ad88169f5c388bc46e6e8b35de4819e32d56e
-
Filesize
39KB
MD59a01b69183a9604ab3a439e388b30501
SHA18ed1d59003d0dbe6360481017b44665153665fbe
SHA25620b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA5120e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca
-
Filesize
56KB
MD5da236b92727776e61fc844ade9957716
SHA18fbc2c3184a71b360480586441cb109abcb2f623
SHA2565ae8416d0eb18b306becb570e1c88a4619dad21136d42c0fb31a828fb8004600
SHA5127e463084fabb53263c8e7721fc6adbd52c2c29b918697656705bdc830ba2ec8487d324ad991795fa55b3ca34e315c31de842a88fc858876b3df313172fb5a71b
-
Filesize
659KB
MD5570fd8396930c3b38ead9c3afea2937c
SHA151fd573c11d03b0c888c0fa06857442f225443ed
SHA256ada564fc741ad3708d4de72d0846672066dd9b005c30ada5a153a620e8642230
SHA512523720f597c9852bcba1a6a0edba850fbe230cfd3b40281f27e537f5d910886cf5e6d57d5a54a8ae40ddef6af1702ad2db880043bb4429c5f87af372f20c160b
-
Filesize
34KB
MD5dc776a4fe6a45e9d3218f46c697d49e7
SHA1c0d2b392a6a21f230de390249127fe744cf3df07
SHA256a8acb67b930d80f3af5adf0d9d4edf8ade02fce8d6f07ac1e7398dba5b6ad4f5
SHA5124eccd006659cbc7eb20564511e36c259bc6201f006b6878459f513a9e9dec7ec80478fc39f70c59d1c5ae75d2a54e2bef210917d410a4777839fe01aa957486e
-
Filesize
34KB
MD55a4a3f087756bcc70d1b5ba3071b18bd
SHA10af45720626ff6fc20825426b801a07105fd2814
SHA256a47c4a48c14c849d7aae7768f7ac571ba7c55d3efa70283e0c7528dc6221e878
SHA512dc3cf82c4c1cf7c1e10bf5825a6f3c6d8e6308ead565ba8333e2887e383600bc4c5315e183c6c052523d1244edd638df98360b3c753d00dfaeaf36c9800384e9
-
Filesize
250KB
MD59c6534c5fe296439d52f022bb1e381ec
SHA156589abe1eada3a56bb92cafc37a76e0f69711ae
SHA25671160660a41c2e9a37c7257470c7f122642e965375bce17818e06a141b3cef6e
SHA5124bf5b007fa3763cf291ce591829257aa2e0b261f0bb25c02a5acb59b4eef66ae7e68c6b8d3fe35a34cacdbbaaa4a7c24dd1b91688df714c5387a84612278cda1
-
Filesize
119KB
MD5b78c208c87201efefbde1b05e311fe3f
SHA1438bab4f023ecbc7d3d136b01966930823587804
SHA256f6c6a469101626531293f2a4c594e86f5b8a620b9d351278d10b061e6b2b62fa
SHA51209dd8ee68af111edebc0826a1de3bb525607828c97c377da2098522c2218bcbcbdf2eac6f58296409100a5985770f524fe5ce53fed3f6baa119b0c0eeebe1720
-
Filesize
21KB
MD5fef291823f143f0b6ab87ee2a459746b
SHA16f670fb5615157e3b857c1af70e3c80449c021aa
SHA2562ccc2b4c56b1bc0813719c2ded1ef59cff91e7aeb5d1f3a62058bb33772b24be
SHA512cf28068cc1c1da29583c39d06f21ffa67f2b9a9c4a23e22cbfe98aacae6ddc3dde1f8dab7eaef371dc0a2230d21cc8fd41653fc5d812b14c389e07f5ef7fd5c4
-
Filesize
85KB
MD5531b945c783da57a8e6169a179367ed2
SHA19b76921414abaf64e4f4f7d7eeeaee45090f8712
SHA256f1f68df4fe7f8d1febbccd47b5b14d4d5a00b008e1d5a8ecf07f874c75d35cc9
SHA512a21dac2a2d3d2f8694e55fb920ca9fd15b8fb3b58255e2729f7fb88e0cb7aa153f5e667237b4ad4a4d9a402c226fde539194bbbcd57e9229857d8e5278dd6041
-
Filesize
174KB
MD521f277f6116e70f60e75b5f3cdb5ad35
SHA18ad28612e051b29f15335aaa10b58d082df616a9
SHA2561537b0c18a7facad4bdfa9ae3ec84095c91467aa5cfc1d8af2724909703c2fe4
SHA512e619f92b1ec91e467e4b11d5ad25c99b62c7216f9da81c159ae0c9ef3f9e75f48dde7bad09ee38727b5a14b827f3b813c196504057708cbfaf4bc67dbd032816
-
Filesize
731KB
MD55af6e20a3cb8fd7d6e9290d8b45d7626
SHA101c5780d7a66c32906dcb51b62be20758e9cb019
SHA256ef190557c15544c885d697097b9abcf38d7061c84f4ffd2cbfbdbf1a9e30cc50
SHA512f634abfca30021a6688bdf50860a5509d69800375fc847d36cb948508d8636118b8a5b6126f4c54d45076e0135b4af54d813602d5b3a87f690487c6f3009fbc6
-
Filesize
65KB
MD569bdac1bdb8253f5f336736ca229c087
SHA1b83471da9d34c3e39b1720c52dc330b37c2cc654
SHA256cdb9e82f58bbaf31ff23f67fd6aeeab12aeb46a7fa0d527e883b6fff7ffb1371
SHA5123549ac5ed9a61d3a9718698868d23bedeef7f6a5f13ef508c19d240119d3f274069f38724e6d6d580573a0107668690bb38f9d0c45bcb35d8fe3834f226da299
-
Filesize
43KB
MD5ee7523e6a016c3281ec22a1943f8d6fc
SHA1ebd34e289ff772c59e801bd343cc49c1d03ae3fb
SHA256e3ba81a0ffb714577ba2b5dcb57ab14d1977d6571113c4612e8cc99e16266d23
SHA5127e48a17f609bc0c15c3a06007b64f1a4782ec563c655accbb1c44b7b648b3fdcd86ba3cb666a293e6c9a1552fb3e044047b60efba8d76c8487224556ba1ca2d4
-
Filesize
589KB
MD5b15fe82b3220751c7563df73e9e6fbc8
SHA15933edf186e8595438ab8a830b863b65e35e9e37
SHA256709b480ac69bf8352991fa0483d563e132cc5806429e3eaed8c3848a2b1bdd9e
SHA512c520ec05edf481dfac365bb075d516db056f076e55a8c298a20879e519a14050578950c1c784126e62aaa3592b42d4b3b91bb76c0e6e0fafddc21fa4d754919e
-
Filesize
244KB
MD5880f40f23fce13eee9c52b71ddf6665b
SHA14a65d88ead3773649595656848c46e017f5ca414
SHA25611ade2ea70ea5f66a8a46c1e5f2b3699f649b03b8f5c1e7a908b308eb5bc2cf0
SHA51265decf167c5ce3af8c6252d2b80bbde245a2d0a1b1ae3cdf24fdfa345a60e0d206593b78e6e6407dc55e1feaad87cd30bdbb88d8034d94fa4b053a3eb6462798
-
Filesize
1KB
MD5698df1f6840a283b6288904ee3503ca7
SHA1d0a965b84b51aab15521bef48cccdef5073341d4
SHA2566793e75a0a2252d38012ef0ab1ba17e8848e2ef4174d98792a73900110ebd1c7
SHA5124e887bed2d7e5dbc019c617b1673fe4c2d1282341d7d079cb0497b1f2393a6bc4e80f7e4e6372987d68a9e202449fcc6f30fbaaaf82016a032c861cc83e94c85
-
Filesize
4KB
MD523c1b5d0fdda8fd724e6a6dd97a7a052
SHA15e666fd99ba92d6870fb6ada6ec8ff96cba8a901
SHA256035688bf31983ae4d2d7cbb0c67238aeea0a4fd076dd501829bacbe2376ff732
SHA51289c2fb26ba20ae4341740cb399404338530a592e63f725eaeccd8524abe4205e244af5239d77a052c3d7434f8ddb764853f66dc98beae36477034b66c5291ecb
-
Filesize
4KB
MD55210b1dad15ea4947446f0d23bf39bc5
SHA1e434db8ecf6d48163554d8893cf9e0f3f7fe5b2a
SHA256542294c241cf61c9fb5a18a9da13d705cd9d4ffcca1cdf3c653d0e0eb477e607
SHA5123dc50c79888892349e612bd3070f18e957577ad82a3ff5f8ae412fe7b3360e3219abcd05e336a04fad4baea630cb3d8f8423e925163040508718c0d80fbc0533
-
Filesize
5KB
MD532125b2a53cc625c6a4da9072e20ded1
SHA141714c6f24ab0cf078e46385878214f7123c4652
SHA256f96aa8827f641be2e8f67028ad2072d0a64ca7d8de357f2b40a998fd98db54da
SHA5121a6c24115f8513fbb206305f494280820c1949703c84553bce1377f8536ab307b2de1335e710ad9534f0f9903f43df7ab12311716af5ac3f447989033e6b27d1
-
Filesize
6KB
MD5eadeb2219bbfe65c9bb7cf5597663efe
SHA12e8f3a8d289953e49e57e6209a701bf4a46eca70
SHA256acec13fd8824e3ecd2bd1b0aa2705e2eee8246861c2666296562586a95907187
SHA512099b9631bbe4b821654845f24d93aae4a76a3313a0142c01f0556f91ee44757a028a185a62683168f0945e54ce67fde9b7aed3edc68e0490fcc18f3fa8d0343a
-
Filesize
4KB
MD507e29567ea1828184b2d715f5cc83ff1
SHA176f8e321472d88b07529daf194d7143f25781a7d
SHA256ea618c16df84e61936b5b58576e3956e6e80d23144f39dcd7afdc58b3160d5d5
SHA5128eb9fba2256409826de715af490cf34b414b19bfa0b60fba77f724f701e8e5d51ccbf716ccb1efbdc0ce24df5d444a617f2325ec87b192242f86a8bca69aca6d
-
Filesize
6KB
MD5a4a0debfe2f2689048e7d8353341a1ea
SHA10ce8d036ab3cedb1fb5b7aa7ae2cb5f74627535a
SHA2561b0fa86979d06e4d69ca2144d58fcdfd5efebf13cda67cb74e4ea89c9318bb7d
SHA512bd2f4e16c6ec2b793f2b9f45bb9aa7c741a747536dd9e4ce87d1ef8d5f3d0d2bd0b3ed54c694e1a3f6d02076676f2a175b6c3b75e9ea7af283c4c1d5b578d3f1
-
Filesize
3KB
MD51e39413985d6800c413b3f95182803f6
SHA1f11f58ac65ef7568b6f52582912eaa548a2e2443
SHA2567fcf691265b330bec61ab370deb9707328879fc6601a2f261f9f67b2da907890
SHA51288db6458e692ec18dab0c02830d5b37a4ac94f574e1c035892c763428bed67b866cb4eb9f55cbfc53f1098de3513b25358691334d29a3d44d54ccf41f395f4e1
-
Filesize
5KB
MD539fa2eeeb1f6da0d12e48980edf5dfcb
SHA137ce2af8aabd0225108830d50e742bc8dc2cabf1
SHA2568348f0ccba81a5d44ec23ff997d54318f5242c8362a36c5998c007c47465e867
SHA5120b6bb09c30e02149155fcf1d1958fdb8247b229d9c774cde158522d2dd273bbe23f2ea4982746eed1fc917de36507008979e6c1de3dada995f5751810d7ec66a
-
Filesize
264KB
MD565e2a12d698d554df2933d2546370330
SHA19f39c5792fd680077fdde6798816345ed13483ae
SHA256db6b59e53eaf42b4d4b0f22b6d90e138fa260296c704ad96ae0db65de624bb84
SHA512ee350cf29dffbfe6475ae7e487ccb78fa14160fbe4ef6c12b3a933636b7f16cc8ac03d49e3cf29d3a9301d837833693fb00fb902c40991c600640d7e61c63674
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize106KB
MD59c528d42e41e8e850330a3705c1de2bb
SHA1b1f09b844d1c68496cf5d98f69a9cbb01c7cc4dc
SHA256144acbe981f2cd3bcabde30764ef35ae8d8750a3e874ad4e6ca6733d20e89b5d
SHA512744f5b6dfc2bb54ed2b6ccbe88128b62f37045f7ae6a4df621b56e6f36564fa5bb7e8e40868cd597369cb974184985653c187141a1040abed7d6861afa6e2051
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000008.ldb
Filesize16KB
MD5ac1a01179996465dd2636c10a088f781
SHA19bb3e08aab62872522cc06657c300789cecb72be
SHA256d736176075d95915fa399359ffd3c9074d8c4e4173f3fb4d011f96307ff145db
SHA51253b1081f4c21b16c5c8f10b0bcb095465d237ec1151d93ee46ee5fa494803366e8434cb013f84d88a961dea7ca6caa3b25f6abed599a261dd4262a0d1d1e849c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000009.log
Filesize32KB
MD51f4ed4e76c1e228bbb59c612d8054c86
SHA154a5a8347ca4fd7b4abd2edae5c5c409d3254b6e
SHA25649c22f7d0a74612e438fa4d665b8abd4b5e62211d42f7c66fafcc597ca21e334
SHA5128ab0dc2c0a0d89ead6760dfe9624fdf5dd410ba545f8b04a53091fb5078cca1fecd5b913fdc3cbf67e8ca55fd601b25bd0f0598e40008d044cfa10d055de6a50
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000011.ldb
Filesize12KB
MD52f25a8991b5325cbd23a7a9c1839d0d0
SHA1798fce3f362d5c450c969cdb7e353523fa373ca7
SHA256399a1c72f2705ae8bdefa32a5b0350c198ec212b74042e38bbdb27ae5415aa59
SHA512a91017b5ffd52df4d295c316b6086e90dd89877c0538e58329a314d513da91f564d51c2e2385788f7f3521a10057f3149bee6c12c23c567cca91ebdc597595fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
Filesize349B
MD55924a1bd285bfd91183352477cd12b57
SHA1e539f11612be0592025dee9631f3e812891437b5
SHA256e22cd6fda72814f129fceae63a0c4d858dde4a6f903b96fe77a8f264594f8cba
SHA51253abc17893b7013e9ba64cb42d79d33d4ed031d942dbee22a7894e15ffa8d418af68ca3f1ec0b89fca17fd240a7030f939a4ae83364ef5e1c7216b191fc2382e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
Filesize3KB
MD5daf3c2bb7119e334b8a43e35209c8be0
SHA189db244097aab84efaf28432b9e515949551ae83
SHA2569172965380ac346c8b2d02c5fed2203426dfca75571dda683ae7ff68fece13f1
SHA5128b005b8286bf6a13ca916b29daff52c875950a37a399ea39e81e5cfcb9aeca965c781b25bb081463192ecd55f07f9f57e183692e7c5e04c961b2dd85867fc4a2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize575B
MD5d61daa971ba63425a1caa1eaf3d75332
SHA1f88698d70aed655c3913320cd5b45fd238cecffc
SHA25644577766fb1fbbfe1ac84fb64bd162f2f22ac3b2b3479af7a7b35aae1fcc61d3
SHA5124eeb2bab998a376391b96bba02bd2b7cefd9376499977bc516d8c0879a1f4893e78fdf6a4743df7ba6980b81c7e419c57535a1bcc8fb2fb15299b7366080d14d
-
Filesize
31KB
MD531f8ca8baed32504a1580af990ac3cb2
SHA1be6a0713cce8720f106b361244390085786f0a4e
SHA2564e00e918ea137482a53af3c3e13ae206339ddee031370256366cd5965a16f463
SHA5125694c2d1c91e248e4bc67acd818594a47596d0597ad196b1a16a89db42cd095d5576c9a35f3978758b73f6f23275c3ae55022089184bd4f1e12687e6a6c8bdc2
-
Filesize
36KB
MD50f976927676e02b90e933f6755d34847
SHA1dc511767bce8e4bfe1a044e8f11700aba5a26874
SHA2563d2644388bfbf38bf1755009d26a1e24abb5ae11b83ceb5073c1573976531790
SHA51295958e4471eb04b1dd7716f9ecd8647d1aebf1fdebc877696f54575e494916ec56e2baae231328b64191c443f977f3958b9c2665d446615f12df5237f0d35783
-
Filesize
10KB
MD544d241c2c763e109312d2dcf66be0379
SHA189d3fa6220f9c15db6b83651b4236e2228d6e6d9
SHA256bb9b2a66d2779f10094af5e522891f4271a4713738067a8ef82602c8d8113ca1
SHA512296ca69409802d0995af6823796226865a9698a903045281764f425f3cad15bd173b8e664de1b40d05f5a854c610e5b9cf33e52ac56d2dfb62807e4bebb60280
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
4KB
MD551df4a3f01a91e32f92cd56c12b21fef
SHA1f43e29895297223e914889523e0b35d794e2af2f
SHA256e98cd54971d2e870f5cb3920772ed05ebabb7c4deb9e289e3da87a815d24bd11
SHA512cca1d32b5379f36e8a0cff904c7a1d6a26efb231f8f913541d4d9951560236c671ea8f7f0a37a6a5119cd34acd2b8ec87aed48c5392de7a092d935dc853777ac
-
Filesize
5KB
MD5f0958ed59a83ad2afd2fc0673443ad0f
SHA1c3a76a354d16de2690a96ede8d15c6ab533543ee
SHA25698fc38014b8855872b7341b6d9fafb705019a68d56c4ac73c45d4268dc2af466
SHA512953b9c2ae0c3ef6a705bc959d9c42d96da7796d5776f35759bd997fa01eff0edc46fe3a6d1636cb0ae79acc60c73ff71b298cdc2f2001cba60dc689f2511cda4
-
Filesize
16KB
MD59cfa919fcd5c13ebba6cc7fcf7bcdbad
SHA1665b778b8ab529036dcc535488ee62cfaca0c990
SHA25625d4e81c6dc18c49c26edb87e631d38a502b110dc7063c66e9c629f3166f9642
SHA5127fb3a4bb6452a4422e1349ba96e537371fa29179ea8b1faf8bc69bada441300c84ef09da02627fc97a1accb791588ce92fa583eeabdc3b7daba3d33c07ad0d81
-
Filesize
12KB
MD521dd433668f959864955f5204268462c
SHA18d99abd7da81be69a8e554590695e2a19254412b
SHA2568dd6587f6a291e868943f21c6dc24fa67bf3c6aef317c07715274c7d76edb6c8
SHA5122ddf75619ec3aba3de0ca5fc719df260af013ae586633fa4321bd411fe2370abb33b9ee06e76a7d41bbb9e347a07317d0966fef79728f963a022dc9a75a9b208
-
Filesize
13KB
MD5ad2f61137b5341a4cc3c67b30d81dfdc
SHA1f6e7a12de7eb1fb1fba8df4c76bad0d7da944852
SHA25627dd70d67919c9d77c89f37ea1f7a1c81b77ef3bb28803ea3b466828e68e4922
SHA5128be2ec40d97c1ad61589b8cd456e33450ac1a53d744f195b4f7b80c23f62e439dc3e0bafa58be05f193872e928c097c80740403b453dbcf68d127d4d9e6951b5
-
Filesize
16KB
MD53a560bbef7681a16354d063c090ea03a
SHA1996faa20381086af58f9d50cefac33fb4078f7a0
SHA25637a8252d60c3103e382c99073283ef1b148f38bbfa6e02e8742bb0765f5c465c
SHA51283012e0c60d59dde691005993bb7ab2b44c687ad640e4a280be279e8d96a5fcaa2904d464a8cdf26ee898b5b6bcfff9205d9cbb68ffafee55b03563b07f36379
-
Filesize
11KB
MD5c466311457d5028833229f40cdca9d15
SHA1aafcc2d305e20003724f07968031ca03452c3616
SHA256c7df5f762465034349c8416ef5d67388e3ee436b88433dafee45cb4681c89628
SHA512ec7206e3c588344de1f6015ca13dcf176baa922d764c6d21b6ec0ca1f1ebbf8dc20e1ee9dbe461095cc817f42f9d341f4a883f0becee65133549f5218480c057
-
Filesize
13KB
MD5c5f0c2935c7ad649c8a4e16716067813
SHA1dda1207a7ad960fc1f100bda3c0e6e270f99ff32
SHA256867337320771ed83127d3e89e712d49a8b9f2a34a82bbc3cd26d25cc2a159552
SHA5123e0694861dd03ba4206e05a8931bcab57e27a642ffde902884e84c4f6ec3755ed298c24109bd9e4ce726e998255c37e0ea920e293a35833066ed3fa06b69c6a1
-
Filesize
14KB
MD5e3d40fb33f326a08d1846105edc63d45
SHA1c6a68bd64d889bde3c4289834a42fe9790a0489b
SHA2561d0c5c331ddaffc58f3d77ee4dc9c2558d916c3db7adbe5727fafcd84c96b148
SHA51217a8b9b3f9715f4c654449483a788d7879406a6cfc8ab61dd10a90aef0073fa5a9e6b15c1789b59f350a02e50e429fa03517ceb11ba3bed7fc469a23807f1992
-
Filesize
15KB
MD53a21912fbb431fcc43239640b248f8e0
SHA1dedb1c2c3b76282ab8fdbb73d57a34c721bacbcc
SHA2564bf060c9f5ffeb2112ac8a96f6b7ea7dca229ddfe8cef89c2125b97dcde932eb
SHA512deeea96eccf512db9b5c4ae3863d5c9ecdc339a7ce60ad3b204a0120f8286a779f136deb68a30258d2ba69d59bc575326335cd2597426375b7dfd46267b281dc
-
Filesize
16KB
MD566cef5d9afbee1d9dde948f96bc2d846
SHA120229ab00dc66cffaaba3ece6702686250c71785
SHA256352fda36df7662122064747fbdad7a0f22c38081585a0eff69de0b03250364e6
SHA512b6e437e085ff7d3a95f5e0ed6f6ce676075a64a6a22c0fbbea231941987236e435f3343a82f9c8b397ef49e792e8275e8ee353c01d15467bd5a38f99a4a21a57
-
Filesize
16KB
MD5894b38049b6e37bfc25be858967ca0d9
SHA1c91652b13f763650f707c1876ce2b5fa8c71aea6
SHA25615313984032a6a243dfc80dbb931ec910fbad10b15425b90a778135b499e496d
SHA5122fa3a5998a9e018fd65c79ada03cce0bb9b531d0bce1684bc841ecc47af985b2bb9ec96e90d469333b293f6543a249082be37c4c667b4ac73c8e5ab0a515e00e
-
Filesize
11KB
MD58b80512f710a5a1a0417552b44042690
SHA11d9d7ef35ba7f0307bdae890c363e1ab9ceccdd7
SHA25658fec9ef5adc9874dc069c057c17993088499e5cbfde01f3ecf355f3b129951b
SHA5125ffc53466d53a714092ff1656296e2f91ce6d4ce04fa0cf9e0763906dc6825e1d6584cd7d4cb516b324e14a8ce09c209988ef48966eecb1149f335b4dee7e4fd
-
Filesize
13KB
MD5f305a0b71143794ebc47a2c60176cca4
SHA1f23706d09715bf92519d826cea8d4a45568947dd
SHA2567a91b1189891b24d919303136909c70a943e2512643075cb7706f5dfa81eaab5
SHA512b6c10e6ba7d6a315be0ddd63c3d0db2638b3accab997988e567a28b76cdbb41c1fb90d53c3d1f514279500922510925d1dcf2db9c46280772a2bff5179129330
-
Filesize
13KB
MD5591c474f8e30bbcb2a6edf6047022c34
SHA1f55d35ac81d6b69d0badfcaf106964e3f92edab0
SHA256fbe57d7a714f28c9226eac59af23bbaf5ec06d8b4e571cb0231d89fd65e62252
SHA512e47261bd281e0e8d960e343356439d500c216afb7c3536f88e52ca4a5026eca765feae3e1387770348f7874741d05d84c755717599931a34740a13190de34185
-
Filesize
13KB
MD5d553f1e8cae991ded1f84b161018d26d
SHA101d727ec2415ad7f4c2a1581ad66c17e1a85f310
SHA2562fcd95bb033100b0ee044066fd07a5733bf31cec7b2c33d72131844321ef9243
SHA51224a1fb80ed673d8170db1f2abfcc49dc75ef6614fd27db73dfdc19ed37bc025816d0ecb90f53d37e46f03f321bf757d9b2a73e7ba185987d91423cf3c20289e7
-
Filesize
14KB
MD5e1c04e85b1c8c0beb6a22d0ed56e51da
SHA18f7b191c69a99badb87699bcb115ef42a2f80488
SHA256fb9678be7e3ccebf9e8b5153fa81e2f01218be8ec0062ab24861a22b4d2767c9
SHA512b3c4c14f3410d372170b1bd9113dbe2655754aad25765414809f7db5ed476580fa502cea555af785b5b20cedf8eede76b735a5a370a040e2a093d5b99760f390
-
Filesize
14KB
MD502393ab3a3b2303ed8b1dfc6ed3f76bd
SHA1914e0987687682819def4a3b88c1fbe13fb45146
SHA256180e95c1fc1d4b316d88b1ca83c572c21137009d022addc8ab56a212dd0ac41f
SHA512cb239bc45f6ae8ca7ba79edc8d2611588ef4da88d15e4171d7970be2024f52b77cb4df42cbef1859251c897e143c8b4ab59896dfe2a56c37b4ce8ac401097562
-
Filesize
16KB
MD5d4356f7dae8944ed1cf051a4d946a08d
SHA12b7e6c6ea68019ed42e0f595f25939b7e2a5816a
SHA256180a8fc4b17668f8de3f4470878f35846b31a83c2a70faea744c3eae13dfbc0e
SHA512cf39ae46e9e03d4e77c51ff6c5d7ab07fa9f4d2b0d6b8fc79e975ddb7ab4bffabc441fb94efda5cb24db2e30d1de3f5e2193a72924236767d026a8cd8175d35a
-
Filesize
15KB
MD535e6ce7d4442ce3590d5c7983dca7cf4
SHA1d87f5813a87f8891b8a045e744e57d8d4967612b
SHA2568fd2c4c7dd9e8d9747a57e7632446ff5ab751805e4e9f54e303a213e69787db7
SHA5128573817393cff82e913922b899f33f920b83660d747826eb51b82ac5162130a56e62b5be69858280ee6b978d26e743df1b29f95c034a93b79d90c048f28ed371
-
Filesize
16KB
MD509f055f6d19b94dab7ff2f56721b79c3
SHA1789293620f88869b29a46ee4d1cde606207f71b5
SHA256f9c19b793f2d44001a737ea1efbfd3cd9a632ba5c8f5892159b1dbc16617a1d9
SHA5128bf73987e8001208939c1c81b55bdc7e9f35cf45885eb341bdb180c2473098f1542f98039ff8a4b33d718f03bb2093f7851e6414ad440882330827d7a600cc8a
-
Filesize
16KB
MD594eb221b610013df3260c71512e80b8b
SHA15da83f3d7c7cbf4cada4b2d7bf8aa305f75bbea5
SHA25640856d84489f190a9158e43f5963dfe30e7881c30dac56b4174cf879dde0e3b4
SHA512a1d9e1d9ef78f77a3acca2c93ecae3343c5e080a91188c3f7c34edb84db75c10c1520ec3ea74dd9d5d3283a19ac6118e8d8bcb7efef5945a0dcd8288afd4ba70
-
Filesize
16KB
MD5eca3f707ca328c38adb0c90c89c7bcac
SHA12602dee1591fd93e6d5a162d4ae472025002acd6
SHA2562c183f0bb818efc9d88de79d568371ceb1d8b3ceeb56298098553551d9cf9322
SHA512828da784610e72ee8a8d3cd32fbf1bb4d2da8e0b3344d419f7ca259560af106c2ae1a0c8d45e8be62ec14178b9d6cad8de1505a73bdbbc808f8f6a19d9a725a6
-
Filesize
16KB
MD5b4ea3d5079cd2605ed75556a6e57f1af
SHA13a6242fabdbc86f660449876512d615c24d69cdf
SHA256b1b54beff56254aacfb5332787dae0e41abb2641da010158b373f7d2304cbcc6
SHA512e3886f1ae15c945ca61c9b9d2e5b5869345529c0d6b29b8ba12cb447d44bc5fecae1e729292d03f8e777f1e0dd7c5e16e023d13a88d6f0dd75b4e5797c1349eb
-
Filesize
16KB
MD550cbeefdd60489e7b40b1cbaccb4f1e6
SHA11c418c3c1ed8b39264302f97f753b9f8b307da61
SHA2560451d44aad403891722c6db2c3cad8750be696bf6781e2f525f5d0a7bb19fdaf
SHA512a73268ef8b14622b86d87a608fcdfaf5141f0b6500b139f55869a378b7bab59ad2ce68822e5b80f8c500982a5f93a0514391315a229ecefb133ecaf8b21d236e
-
Filesize
16KB
MD5b1e2fa0229548642d17a951d260a71e6
SHA1e8b875ea97a5ccfa3ea95b7af0c3db8b30ddbbe0
SHA2567aff67eaf1be4dd80935c78403f5401f775b188b1830e8a40f2ec146f7407a38
SHA5126f4d24e9161e00b417bc51dec115dd7bb03ba0b0fe2207651276489d3690ac5d3e8a832cfb7910b1356c303486d84fd7dd18f05d8acc4603db5181204575da28
-
Filesize
12KB
MD5af344d721303ef3968894a7be9731750
SHA18d7eefbf469ee281e69b9fd92959b6928a93ac44
SHA2563dbf4a75120c373dda17e3584fae60771f981228807d7bf173c97a5a207a4656
SHA51261ebafa80924911086f30d5cf162a4d444e1d1bc370bcaf28e0a6b05a8bf0341fdcb05e70430c7a6b9fdddc5f4d7a26151ce686ed5bbe21b6a8726f539bbbbee
-
Filesize
15KB
MD58d40be6207c8e2dcaaa25774af9def28
SHA15612b9dd036b546fa1a44cdf0d33d47be82c7d96
SHA25614a955d69768df04f6850e37d2c117745de900326967800b1036db2ff22e48d7
SHA5124922eabea88c8568c1d3f9408e1f2b24ee1c72b5c672fcec8ec710eb2689310110ef0fddd0727133b8a455e3a994b7e4b8f0f387d18d2868cae5e604a0095385
-
Filesize
16KB
MD5f48b3a8fd796d757abd1a8df43213f85
SHA1e33840e5f4c75afa13ce2063bd6e764f036eeea5
SHA256f6bc1fd5e3c883efd71fb7d754722e62e01355c4b5dd10ffd1d778bdf61eea65
SHA512fbc116135f6a6105dcfe84ca0cfe8d836ccb6e8bb0f3e159848108d274d307b6396c5cb3c6b2b1a0531efd468d9c742f073019c86fd12e11e8af7eb8699dd539
-
Filesize
16KB
MD5686dc890932684f11699a36a5cbbcbb1
SHA199ff63273f7cd529da1d4542198b8242ced15b09
SHA25632709b372e8d409d422ddcd501954742eab1fdb79cc4cf45f94dafd8dc3872d9
SHA5123b53425e5bfb840ed8e0f06f187b3cc8e64a7b6bf39504bd8f847c42224145eea99e49041b7ec07ad639369e3549d2198a4e6395fdee8a97ef95a5f3dfbb7e5f
-
Filesize
16KB
MD5ec4a92307888edb74616792401258b8b
SHA1235637b1501f24cd7b21ee6859683ca4e76a1603
SHA256c9a26e54d483ab48485524c7be92cb59bdada551f303a3527317c31338bdf12e
SHA5128175a84ca75c00cf28ac162a701f711794e0158913c23a90b3eda961472ab7addc56d02349f92b276eb2bbeabf788937d8301a48144bd633f926b71511be966f
-
Filesize
16KB
MD536797c36af0429edb7c6388eb1e46246
SHA13c2d23f21cdaf9822e6d782165653ce2e163b4a4
SHA2569e9e5fdc92377465a7aa1a77e846907e4a5ab2b3c036d7db8fffb392e1cdc150
SHA512e555b2c76e6e70942016665eda02642b2fd57ee9a65e6e90a29a96ac9bcd79d1c027f618b7cbd957eb8016dbdac59f50b381eb1ea9f5db99a3b3b8332dcb5718
-
Filesize
13KB
MD5e5bafc799ce9dde7285fd5a900bc2486
SHA14c680c66d0438c1f27b881cf63b49dc4c3dc6583
SHA256144b7c55f37a0c689f6859ae5ef47fb9a6e70b24968a5a7ff823fce997e9ef6d
SHA5123d75b65ec9b5ec273ee179b0aeec280fc335720def373592e6291cfef8dc059218d134a27957bb0c30f0e99d249b6ddc9195a23b632cb8cb7b5cbf58175f2ec8
-
Filesize
14KB
MD564dc8a1dce891284b09016a418eab7b7
SHA1d3676322e4ec20b2f98b9b339b04ba43ac3dce94
SHA2564df7cbf6114cce0d02765f28882a0f55131e037cf5f29958c4e2fc049f7f753c
SHA512cfb04615fab7b47e06db9d9ea2061197d69eed38175dacde9cfd0e609b8ccef72d83716aba828b3b5ce244e20699427a1eab281c9a0b2802b42e8c7203ff5e29
-
Filesize
14KB
MD50b6b53b1c6fdf9bd488c353f4d13e46a
SHA1f36c15b159f30b78c0a145837895e95415019f22
SHA256407961237cccab6b3761cbeece63b125268f06bd99eb59951530fbb560195799
SHA5128d3e6f1f24707d5afacc48a74574cd174f8be35f3eaab0bd8e3433403b13ce749633cc32f060ff75b6895193d63542f4711ee22074e0d305b34f47725e10d5c5
-
Filesize
16KB
MD52b7738dc07fa81d6e0f3a5cb72df4748
SHA10aed720568f51b8c5803d7acbe5a6c3ab3cbb519
SHA256343e5943e73dd9eae31b329189b46430b0da607d134a240d1cd137381663a3f6
SHA51299faa707330574479fbf0b92d3fd76e5aaafbd3e9b639d0b0661e95917fa4b1cb89bb19b70565950ae47d3aeb826687faa6a5538614f5cdebaa441b69cb5155c
-
Filesize
16KB
MD5659c46b4fc94f02ff4665a4f54cf6670
SHA169e7ea0ba32ea79737a10612635042eaf13004b0
SHA256060860b935d97b16ed0640aeac1f1deaae708b36279a3f3692b95d494ae37e7d
SHA5126d6f586b1847748cbb5403f630b37a249ae3392350023c9452a15b0af3886989b77a7710832e5119aa7172cfd1981b633bb66c9f9ba1c06ab0cc53720666c59d
-
Filesize
15KB
MD56eace527707a0e159399c9d6adb33733
SHA16034ec648b2b6851cad12fb1293c40619e2a81a6
SHA256b2c71b8868acdfddbe58f20cb0aaf4acb6ec84b6f79dc4428d9eda3e084f9197
SHA5121b4c743a1f7b55c6936147fe446b3b33fc2c26eebc72004acb0378710baaa83e9e362670f4a4af157f08a891ff53c20f3405cc36b02a242b4a8bf6ed3ce4e6ea
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509e9c9a-220a-4f5f-bbab-6e779e87f4c1\index-dir\the-real-index
Filesize2KB
MD538fe6a7fae8a8d9e1127c4effc1b56bb
SHA1b557c311cd7c35394669bcb85517fa9081d93f1b
SHA25633582d714af9777bc6fd583359a168422b821cd471df0d70132e970582cf5aa1
SHA51265431f17a3792f02d06cb3ff4b8ba53e61152e52f83ab126393434a6cbaf25db1974fc1aeffaff7c980c38af1c602d215cec255e75e0d41d1ee35006e536cc9e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509e9c9a-220a-4f5f-bbab-6e779e87f4c1\index-dir\the-real-index~RFe604896.TMP
Filesize48B
MD5f5f539a592a73b8be0df2a41952aa4ef
SHA1af89b3950c943f90f4b35ab09144653c0199b020
SHA256d70ca574c12564609ef4dc4f1cbd8e9d5e909075130db612b3ff53232694c179
SHA5123b6bd4a3163a923152eb1a153e5f1cefa1edc5914bf25af3c976aaff3ec39807f1e8c03c52d36e27e660da9db320c35d9ca923d80cc5c4c01fd8c9520bf9e08f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bec5bc7-4464-40ba-b8aa-e61093c7ab8b\index-dir\the-real-index
Filesize576B
MD535bef5b04b13a01f4f86dbec6a183253
SHA1bc7716ef970b54ab47ddeaa022169ceb7f00ccdc
SHA256af31bfcc8efcd0d2f4b334c86375d42f1938721bcf72a937f4c6db6be5a11f90
SHA512c08972b2288316b993c4aea74cfb875c6ffc2fe899824e3ca51f97195d15d40f2a4eeeae32738557531304f41399ec8289fe49d856fa0b277d514a823840f844
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bec5bc7-4464-40ba-b8aa-e61093c7ab8b\index-dir\the-real-index~RFe600ec9.TMP
Filesize48B
MD5ab43db9d0ac87c0f33f14e0415e37587
SHA16b85adbdec0602f06e2d0b182514569b2db16f8f
SHA256e6427aa7561afde46c03ad0b30486bb1607be263ca739fd6abdfd215dc915ac8
SHA51237c3877d19eee964f0b42bc9aff17230b7bda321372c1fab49c989457eb172f71cb00b58ec44762a7e54ea7224934a8dc0be301eedb6d19554cdf71d3570ebff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index-dir\the-real-index
Filesize2KB
MD5e7607f2712c87053f5daec738c58880c
SHA15c6847ed7ca72f48a0c1ebdada1c194070e8a56b
SHA256b603ba1100984a4549a45bb468eec79cd0a6dd6a16d661ab5e5f5980c630b556
SHA512f126dc78782bb5041b60ae5220633fce45128f474c224532520e024b6c8c1b7f0e8f2bebc2f506a4e8124c7afb96f778de6255c4d845ae72008020b92ce7dda1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index-dir\the-real-index
Filesize48B
MD51f6992a33720fd026260a492c1ebc01e
SHA1d4408bc07ccc65cdc53099f6f9fbef5be4e5dc3c
SHA256ebb3d5c962872a32b2e2565d4679c363e788b512c1d09bcfffd948d518c8a076
SHA5127cc1c7c1640eb9df0049d46af20bbbceb360b004644c97c8921589b5d91835c60b0089f99a0fbcc3a89eb7a6d85961c51254ec47cbf7d297f9fee7fd7b5118c5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize183B
MD536d21883d3c68837a1d49e28f6239d84
SHA1f3868f4d11e7cb176fe1c0da9f739430d8f1a2c1
SHA256829366e01a1ee65377c21ec25ae8651998fc695eebaf272e64803b58f5b5039f
SHA5129e70b2aa2b0e83efa6291cc3bf99203fd670086afb6026b2588a68523dc9c6d63da5a680d0f579bf3ba44418c70b00e3de779cac697176f5a27dca7b59a67767
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD5f1a74d825aaaf6ba775e8557322be994
SHA123166612e844c159bad027095c5fffeb609cff17
SHA256ff1c8afcb70f950ff436ccfdb206469d64157b848794286ad851d090b5b74808
SHA512944b856396cbba9924972848ab9af1ca79827f49899f18c17de9cd4c7435f1f0e54773089e43d20921492f26acd5a7edcfac60057ab3e60c0e9e0b799a3a04bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5b06f1c6618c9a41f41f4f899ec647c1a
SHA1c11d3dcd437c72f9b716a00cfb49b2b12a5f147a
SHA256540abf8cfe8de53789cb801af040dcac32e2d4c532c14643732d71e6ae8f04b6
SHA5122dca5f99fd952fa4d799bed8dc151e4c2669c513e9a2e26abe59eedefc7e224123062919b26552cf79a370ef13b9c0758ce46852c2a59f82d2cd5bd8997d3672
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize269B
MD599e598a0afe09e8cb9e9c58f259b993e
SHA12df0228196586ed7c53e63f18b52ceebb2d091d6
SHA25670bd15440a933159050830f6845b9a372f4c225d1c0400f10a67a327cebc3129
SHA51267daa256e08c43a5d9ef5ab0bafac9a9a4d2a356a539d37504ae0e695dbd50fb43056bb62b9fcbb2e543ab4bda8fa5667627b19e7c83cd020bfd960ce2cb9f5c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD58c90baffd2a142b127cf7085fcf349fc
SHA12e275299889d06dbb9f16f0c676b89b2bb572c31
SHA2567e6185923012bb299adff7d186484fdc1afc02b9b22a921bf45ca301915761d7
SHA512ce496893b18eb07e5f8391f6336f93c63455398396e8674d2ba114002cbc6087e68aac05bd315e8e1b2b68b7886ec5caac59676e93e52703ab71fa30d130f8d7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize119B
MD5646bc8b6ba12fc0f3b55a8f95293caa2
SHA139e38226b33a9531d102f0a0bd1afd603faa7767
SHA256474c3816b85d5e8024943804cb641ea400efadc511509f1e8f21a9eca4478a3a
SHA512747c6ed56c155f13a94eb42778c83736f94c503ac4eba6d80afe4744c684cc30f11a10ee03884efed1ae534114a3046be44d581ccef9cd9e2d07945030329ded
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD5c888f7dcce2784996612262b194618bd
SHA1771a888273424578b5be7c2a68111563f1c83bd6
SHA25683c6e558386741d7ee0d607075021bbba203cbc595c97e9ffb871539f379406f
SHA512b7e79c88e44e5151877b219b0a2cb8a3fa9da757e911252b8d6c99f8d9b4561e9b419da5c2faae509bb12e18642e40cdd4b6f4436096a00e41d8dc4a263678fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize187B
MD5c55209d4599ae1bd0479b01a1184a32a
SHA1007998690ebe2e4e8dd3136bf4f418a8fa0964a1
SHA25682caa8c0686390d859f39304a2ffaa69bd48b6b3d228148fcee29d85e33007e5
SHA512f9a4f7135f7fa7f76a7dc6162185ad1c9436c6f6c99f294227e4903ecb639f3c5b3114d9a9a419560ceb832eca64de8bbb5c2638650fe05b2cdfec3d37699033
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize262B
MD5f03dceacbf50d74b4fdadd89ab74b2bc
SHA1473ff256659319243add62d64000b28594e83ede
SHA2565c7d2ea4c882b3b653d4d77fd9ab5910a10f0d59ae80c4c154d0b67fc3bb8fa8
SHA51282d1e13652af2ed8bd62097bd581dd86f60fe5f53e9161e4f5fa7bbd7c0a7a4194a8cef683e1445f96882909161bf3db10007ebf9e72582064ed54f7e7c73049
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5faa72.TMP
Filesize119B
MD5df80ad833b167fb286b26ffd9ef78399
SHA1c60b925f6fa30573a6679233742ce46f28bb115c
SHA256271b21ca9e94687406bb94ed483493cf1b7ffb93294dbb64911dd4091897eaa4
SHA512868aba294a8a903e6a701ff10688083fd6976fb534eb8390f9b8ef9040a6c55817ef39a6d4b9c0bdbde4026313dfc51d56e4d2e3d5cb300c2c19baab0c3525b3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD58ef5519f576d897796aab865f689ebb9
SHA12dc8418dece21d2016ddfb664c525b9a88a2f13a
SHA256c62f434ba3854ddd4cc4625c77f855233fcec6b88790a6bf624145ae36c431d6
SHA51243b58cb52553322c58599f0f40d6d7d4a854508edf15cbda7b41b2376b7ee5c479284f3df398965207089a19d9a9310b4f268ac1f9c1dd870d1da3cf8060359f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize192B
MD56e372b9f64e1a029116500929d0d79ed
SHA16e5eff2d45d5c0c4fde0d7f72f212a787f4163e9
SHA2564a7aabdf0211cbc88ab22d6bc3e15287d19afe555996aafce3a91a34f8a68dfe
SHA512dbb45415e260173255d0fd9bcbb580ecc749f4293f61363a67a97b6bd757ff8eab90ec1270c84d8f4b28738364778f7b6cb28d944db14db7515667dd8b6971f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize144B
MD58cfbc9163dd09eda2c9f755ad16ff173
SHA12d0b72070eb671143c15dadcf19fbf677e020d63
SHA2561ba8e0b3c04122aedc1978b8eff524fbc14b687a1885779ac99a85e5145833d6
SHA5125ca3b7543cc8ea61186a3011287d063b67a6ed0861810a2c45d0ccd118a10ae7a59f2abeb0c01093e2aa8fb1b8fddf15ea74d7eaea2335c462777ea1cfc31ba6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5e502c53a34f82208770ca82f5be9d50c
SHA19556f7b0e597a14eea682c430007580a0480a6b3
SHA256d303a2f1c802c2c68eb3e31886fa244eedb8824de29f61b6038a888e065a67a6
SHA51298b3735a1500956858e9e796784b80b3235d5237e9e16c96ee62ed352c22a46f2e69c1af0e94cb6feaa4b5de0c7db8275d0a5caf7d9e3b82ae2c43d18a86e598
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5817d8.TMP
Filesize48B
MD5c1cbe7b1a80df21cfeb64cc2a2917e4e
SHA12cba3e423023d25dd03b5edd2876df0f5a5d1472
SHA256d643889247031b917095c1dc8b3333f83371cfc8e4eef0e132da7a067b8f55e4
SHA512f92ef857711b390a074fd87c04de6a368f35c5af36192f79753ef027628ce4d818e6a9f764f6c22aa52bafc68e42ed07d1c383f7252eec20269b67eace4025f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\4a4b2231e13b3d27_0
Filesize255KB
MD5b0fc75ca1530cda3a821e638daeb8bfe
SHA1e0712fe8d4d7dea71b9a09303bb096427b61c67b
SHA256990466c9e801e13ea37abe6e9c9d1c137e25647a0183424ab743d8b43e106371
SHA51235f3604c749cb4706e58a77a38a9d6c422b6266205e3ec3ac5737200c11cbee95feca78f85963f29f10acff794ccbafcba9be3e9f9f8be99b623a5a9940e72cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\50b7e00dbeb43403_0
Filesize63KB
MD572ff3866d873c34d19378391997f4bcd
SHA1bae587075773794bbf00a871b82e41dd19df2dd3
SHA2565fb63c1285b49edd0f8bd1f6437387e04127fd943acc51864d83d4613b53bc83
SHA51248b1b87caa62f6e769038f72892301a5add7c20c48812bf4cd507af531532b409206d1519bd1d13ed8c7cc7a519a7ec2ba742dc4276644ecc13845df638d6bfc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
Filesize72B
MD5e0701d9d7b7a14039e6f9a53078fd23e
SHA1201d5c31df1233b7129295fb755d5955dedd0f45
SHA2565852825eef895cb6866ba9e265afb25c4a0283c98388135326e413886b6efb1e
SHA5129e660e9cf2180269bdfd0d250ad6265334ea67e7ac4914b8f01158f0962300a5b4c612563eaeaf55a1f0d15eab9e86064e54b00d9281aa51ee850e7679043c77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
Filesize96B
MD55427f2d4843d91fe53bd105f84cf23eb
SHA16b319541e4409449e9ae0cdabbf5fa652c97ce3c
SHA2567747fc230a3b330e98845f1e6a02413dd2eab9dcf878814d4e7be935d17997f5
SHA5123d5f3d66b115f1791ec69c5df30a6dcc037c6886b5c40cd23ce1c2622c5131a3280a5c366b235dfb0554e6d350e656062d1e54a0fbb14c6a321ec845c4ccad7b
-
Filesize
76B
MD584936fe5235594f7e8e28c728416127a
SHA16cb9676704d2770c4335c758b74a2c7d1e97b69c
SHA256e40a236e4e7952ade2b3434037777845f937243ba304dedd5b18a534367a5c03
SHA512049975936c59c16cb62d7b8712d26c5e76d0ce0cfb3f2bb7e10dfd6a115d078bbc52e32aae4244dc17e74828c6ef5e3be297822a2bd9e90394d9288c51810e8d
-
Filesize
140B
MD5b2955f4a7cbf5fbb4065524342f74f67
SHA1372cbc7687d38445fc0bd7c1f1c2e1625022e2ad
SHA25615caef00a69b0de3fa9c297b88127f345d74020cba8308587b6ab8d57c0f8b86
SHA512f13ef962b166d8bf37653c84e2be616a9673feac11900c3c1d8917d3c0c3a820f129c6cc2f09d829fd9bd18a87154c08115af07d5db8569c40607f6bf7b5dc63
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\CacheStorage\index.txt~RFe59d70d.TMP
Filesize140B
MD58f8927d7159d53c4dad17479b5162f61
SHA145f66e3471b55687b50e2da69821b22dd78ecf8b
SHA25607d2e0bd05f33a367f2b8cfbb0654871f0d4c4b92cc8a57bcce3643add30cad6
SHA5129b76ee5cfef630c6d73b9df6dd042d4a5c7f92b1c6a1cd39c82868114fd029e3a0c4bc1d2d055ae26b4d479983aec7c0ada229355a7fa043b7d7008f89b6d689
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\000003.log
Filesize26KB
MD545e4554e2bfc0b5877d25f826d43d720
SHA14645cd6cd010f70348ca1a377fe1dc1a44c534f2
SHA256419bcd581309f277deb35f20a3a778b3aacfeafec1e3eca856a4bb3f4fd3860b
SHA512dbd0181df2a2c1012821a5e70f259873cf432fe3aa6227279758c9fe630015a8d51b96c0685b9216bb68940c04fa38e16dee4d7a9b0e5dff0e3fbbc768ebb3b2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
83KB
MD54e87a655de673d665a5c17841aec9998
SHA12575ae8891f0645cd0bffa41227c5b7ac17ffcf3
SHA2561e8389fc1f3e9710249898fd6ceee059d204a6de56981dae602ac3ab6a7415a9
SHA5120334cd5423563f004424118ccca2b00cd9ef7d3ab316987ae982cf18c75340302e1556127f73b3bedd42b226c0598de369858c3471e84f49cc8aaf8fdab22d2a
-
Filesize
166KB
MD5c4cf42614210f824c2ca93155a19ab9b
SHA1e8150df7e6f6cb9514a656d1cebd8e831e0c8f30
SHA2568436e6a6bc3e99c1599e171eb984f3b1a284591697a85d5eb5fe16a47ce7b070
SHA512404e5be7d097ac43a92742f4e8a9b80fe393df62d501377df20e517ad07e129d49b4f1bd88c43f0b0a230c56958a2c953455f165bf8a7251b5169aa5c7f156c6
-
Filesize
167KB
MD549e7c3143e0db7909d9359059a6890d5
SHA115640de9965e2101065ead418ae9aa00c5600f5e
SHA2566aa545a703134292d66403c289b0beee3a13261586b2356aca759d8fd3ce363e
SHA5125390e314bc61873c91760fcd5f77ebe4fb702b8347c0ac74e90d6b4ba13a70b4dfc3ce9d4e19e13d743b34e46d57a7a8cd251816779d9e81443216a0c5257e48
-
Filesize
167KB
MD5c3c35e791c785c4ad7088736e6ed276e
SHA151bfeedccbe4d017ad00bb8ba7a2a4798cff26e1
SHA2560738ea18a6dd6b61a557de064fabe14de3dc7b8e74238b8acab224a931723ebc
SHA51234e7a90f4585030197969d4441cb8b13de5ea91a71066ce2e5e9e217caec00c9dbf852f7ac800503b1e88144ee3c1b6c2557597daacd9c31daba340260382f9d
-
Filesize
1.6MB
MD51cf5669feb127f89f57e8e9d9ac11409
SHA1d8aaccbbef08cde0161bfbc0f6b7b1e8a1c43d42
SHA25635f8d721f246ae3e19d204f9bcab3237448ed906a25bba14e7016e5cdd2fc2ce
SHA5127ebf6cc1a5a0d1ad89666af09bbdd947c02fcb933aeb72c8aff1a378582e38e5c816f806afe87038f10215c3c6c11e50f3226146ba3358e4d6005553cf373b08
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize8KB
MD5fa462b2936214a9bf9acc2452a70eb46
SHA19f5b731ced13937ca684fdcc7fb767d80d0ef1a3
SHA256ef746abeaf34b69e3230d0840f955658a56cb9888871c8397baddcb797689a69
SHA512b30578f3c190a90d962b454921c7859e4d024b1e891e554e36ec5612d7e0767e2949c4e64d4b82de2e1329b647ebcd4334d14f7d93e9dccf9c7de64842e8ff71
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize10KB
MD5c9a321cd0d57b351a52988873a213b19
SHA123cb7efffbd93ccc19b7eea7b1309236b43b1f1c
SHA256ef225ad7c2861489c2a01b6af6e2f72436bcad158916ad2810eed3a90fe46f0f
SHA5127886ceddaf25e57cb788b19d12d63ec8d5e6f81e58eb8200f1c8bb311223474d0d86e68ffba7e3a96b14a1fa48a50a479bb404fd05eca17444b3d635933f4caa
-
Filesize
1.6MB
MD56c73cc4c494be8f4e680de1a20262c8a
SHA128b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
SHA256bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
SHA5122e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
2.7MB
MD508e42764571804aa3e27530b03dd5d99
SHA182ca6c9c8b0cf59f8dce178352360abcb99637ac
SHA256b66d89ee13a48e9c8d4a7aa2e3e1cb2b79f0b95e4f74f4184b85628656281588
SHA51290fdb4f191a1a26e04fcc2df045d74fec998b968506d7e8f16ec6f5cca7068093de106b9de4009ba6ebe085e9036358553d19af1b7ed4202f86ba3d2aaa7a62d