Malware Analysis Report

2025-08-05 14:54

Sample ID 250704-wz279axsb1
Target ReShade_Setup_6.5.1.exe
SHA256 c384e89427865e119db4daf18c2c225b951a4cd07dbff92b65caf68c2a95ace0
Tags
purecrypter ramnit banker defense_evasion discovery downloader loader persistence privilege_escalation spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c384e89427865e119db4daf18c2c225b951a4cd07dbff92b65caf68c2a95ace0

Threat Level: Known bad

The file ReShade_Setup_6.5.1.exe was found to be: Known bad.

Malicious Activity Summary

purecrypter ramnit banker defense_evasion discovery downloader loader persistence privilege_escalation spyware stealer trojan upx worm

PureCrypter

Ramnit family

Purecrypter family

Ramnit

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates processes with tasklist

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Runs net.exe

Delays execution with timeout.exe

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Kills process with taskkill

Modifies registry class

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 18:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 18:22

Reported

2025-07-04 18:51

Platform

win11-20250619-en

Max time kernel

1711s

Max time network

1714s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe"

Signatures

PureCrypter

loader downloader purecrypter

Purecrypter family

purecrypter

Ramnit

trojan spyware stealer worm banker ramnit

Ramnit family

ramnit

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Program Files\7-Zip\7z.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe N/A
N/A N/A C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Checks installed software on the system

discovery

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2409-x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\ConfigFlags C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961269604725651" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.ps1\ = "ps1_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.sh C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Applications\7z.exe\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ps1_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\sh_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ૈ翾 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\.ps1 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\𨄄ʨ\ = "ps1_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\ﶆﰀꍜ退턀㔄ʨ\ = "ps1_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\sh_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\湁啎 耀 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\湁啎 耀\ = "sh_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3972667009-3658015838-2693993929-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2409-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\AppSuite-PDF.msi:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Five Nights At Freddys.7z:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\3f61bcf9c3e8eda19e85cd3aedf42acd2e1fb87bb23ab221f9532d398dfad6b9.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 380 wrote to memory of 428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.5.1.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde4a9dcf8,0x7ffde4a9dd04,0x7ffde4a9dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2260,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2312 /prefetch:11

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2400 /prefetch:13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4232,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4268 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5284 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5524 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5272,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4532,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3612,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5652 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3532,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5584 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3600,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3332 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3560,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4468,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4196,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5912,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5868,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6380,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6524,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5616,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6692,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6860,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7048,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7200,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7296,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6452,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7544,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6608,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7236 /prefetch:10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6596,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7176,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4612,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7668,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6888,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8032,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7868 /prefetch:14

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\7z2409-x64.exe

"C:\Users\Admin\Downloads\7z2409-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5820 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6520,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7744,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7236,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7896 /prefetch:12

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8156,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8168 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8016,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8020,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8320,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7344,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8332,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8700,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8712 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8628,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7328 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8860,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8940 /prefetch:14

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Five Nights At Freddys.7z"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Five Nights At Freddys\" -ad -an -ai#7zMap13381:104:7zEvent17003

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\1-FNAFS.bat" "

C:\Windows\system32\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\fnafdata\FNAF1.exe

"FNAF1.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "FNAF1.exe"

C:\Windows\system32\timeout.exe

timeout /t 15 /nobreak

C:\Windows\system32\taskkill.exe

taskkill /f /im mmc.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im MicrosoftEdgeUpdate.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im onedrive.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im jusched.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im SearchApp.exe

C:\Windows\system32\net.exe

net stop XboxNetApiSvc

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop XboxNetApiSvc

C:\Windows\system32\net.exe

net stop XblAuthManager

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop XblAuthManager

C:\Windows\system32\net.exe

net stop SecurityHealthService

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SecurityHealthService

C:\Windows\system32\net.exe

net stop uxsms

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop uxsms

C:\Windows\system32\net.exe

net stop wuauserv

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop wuauserv

C:\Windows\system32\net.exe

net stop SysMain

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SysMain

C:\Windows\system32\net.exe

net stop WSearch

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WSearch

C:\Windows\system32\net.exe

net stop Themes

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop Themes

C:\Windows\system32\net.exe

net stop DiagTrack

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop DiagTrack

C:\Windows\system32\net.exe

net stop DusmSvc

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop DusmSvc

C:\Windows\system32\net.exe

net stop UsoSvc

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop UsoSvc

C:\Windows\system32\net.exe

net stop WDefender

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WDefender

C:\Windows\system32\net.exe

net stop mpssvc

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mpssvc

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="GTA5.exe" CALL setpriority "32768"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="audiodg.exe" CALL setpriority "64"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="svchost.exe" CALL setpriority "64"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="csrss.exe" CALL setpriority "64"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="winlogon.exe" CALL setpriority "64"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="dwm.exe" CALL setpriority "64"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name="ntoskrnl.exe" CALL setpriority "64"

C:\Windows\system32\timeout.exe

timeout /t 10 /nobreak

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "FNAF1.exe"

C:\Windows\system32\timeout.exe

timeout /t 10 /nobreak

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "FNAF1.exe"

C:\Windows\system32\timeout.exe

timeout /t 10 /nobreak

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "FNAF1.exe"

C:\Windows\system32\timeout.exe

timeout /t 10 /nobreak

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "FNAF1.exe"

C:\Windows\system32\timeout.exe

timeout /t 10 /nobreak

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Five Nights At Freddys\Five Nights At Freddy's\ATENCION!!.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8920,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7240,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7608 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\" -ad -an -ai#7zMap6718:98:7zEvent853

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\1-Optimizar Roblox.bat" "

C:\Windows\system32\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\1-Optimizar Roblox.bat"

C:\Windows\system32\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\find.exe

find /i "RobloxPlayerBeta.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe

"C:\Users\Admin\Downloads\OPTIMIZAR%20ROBLOX\OPTIMIZAR ROBLOX\data\QRes.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8172,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8548,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8408,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8680,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7300,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7776,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=7096 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\" -ad -an -ai#7zMap2137:190:7zEvent30393

C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe

"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4328 -ip 4328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 300

C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe

"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5948 -ip 5948

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 236

C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe

"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5776 -ip 5776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 196

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=7368,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1436,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8848 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22301:190:7zEvent5203

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe

"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1488 -ip 1488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 268

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8864,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8816 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap2781:190:7zEvent29462

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\cf5d70bc2f2964f3bc07b6d6bdf73afec2eae99234a71322493184261dd5782d.sh"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\e7355ef74b876ed4626a3929704248d36fc4b59a2c75f24f98f7ad64ec171c34.ps1"

C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe

"C:\Users\Admin\Downloads\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565\869d7bedc22424a8007fdfa76a135f1213518d355f1458e9bb9590e5cc853565.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2976 -ip 2976

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 232

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7672,i,17538127434136164475,12197937570006189356,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=8396 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap28936:190:7zEvent3238

C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe

"C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"

C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe

"C:\Users\Admin\Desktop\sigma adobe acrobat no virus hehe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 192.178.223.105:443 www.google.com tcp
US 192.178.223.105:443 www.google.com tcp
US 192.178.223.105:443 www.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 142.250.117.113:443 apis.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 translate.google.com udp
GB 142.250.179.238:443 translate.google.com tcp
GB 142.250.179.238:443 translate.google.com udp
GB 216.58.212.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 192.178.223.105:443 www.google.com udp
GB 142.250.179.238:443 translate.google.com tcp
GB 142.250.179.238:443 translate.google.com udp
GB 142.250.200.14:443 consent.google.com tcp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.169.46:443 encrypted-tbn0.gstatic.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 104.21.32.1:443 optijuegos.net tcp
US 104.21.32.1:443 optijuegos.net tcp
GB 79.127.237.104:443 fonts.bunny.net tcp
US 208.93.230.26:443 ust.chatango.com tcp
GB 79.127.237.104:443 fonts.bunny.net tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
GB 142.251.30.95:443 translate.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 208.93.230.26:443 ust.chatango.com tcp
US 208.93.230.26:443 ust.chatango.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 208.93.230.28:443 ust.chatango.com tcp
GB 216.58.212.202:443 translate-pa.googleapis.com tcp
US 208.93.230.158:8081 s43.chatango.com tcp
GB 216.58.212.202:443 translate-pa.googleapis.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 172.217.16.226:443 www.googletagservices.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
GB 172.217.16.226:443 www.googletagservices.com udp
US 192.178.223.132:443 ep2.adtrafficquality.google tcp
US 192.178.223.132:443 ep2.adtrafficquality.google tcp
GB 172.217.169.36:443 www.google.com tcp
NL 139.45.197.107:443 gizokraijaw.net tcp
US 172.67.154.171:443 bvtpk.com tcp
US 192.178.223.132:443 ep2.adtrafficquality.google udp
US 104.18.41.22:443 my.rtmark.net tcp
NL 139.45.197.107:443 gizokraijaw.net tcp
US 104.21.11.245:443 tzegilo.com tcp
NL 139.45.195.252:443 flerap.com tcp
NL 139.45.195.252:443 flerap.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
NL 139.45.195.9:443 amt3.com tcp
US 104.17.151.117:443 www.mediafire.com tcp
US 104.17.151.117:443 www.mediafire.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
US 104.17.151.117:443 www.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.22.75.216:443 btloader.com tcp
GB 18.154.84.20:443 cdn.amplitude.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 104.26.8.66:443 econventa.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
GB 216.58.212.202:443 translate-pa.googleapis.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com udp
US 104.22.4.65:443 ad-delivery.net tcp
US 104.22.4.65:443 ad-delivery.net tcp
US 34.36.200.111:443 ag.dns-finder.com tcp
GB 142.251.30.95:443 translate.googleapis.com tcp
US 50.112.193.210:443 api.amplitude.com tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 104.21.63.106:443 www.ezojs.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 104.22.75.216:443 btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 216.58.212.202:443 translate-pa.googleapis.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.142.121:443 go.ezodn.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 142.250.200.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.251.30.94:443 www.google.co.uk tcp
US 192.178.223.156:443 stats.g.doubleclick.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 184.26.57.73:443 link.rubiconproject.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 52.91.215.149:443 script-api.ccgateway.net tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 34.120.133.55:443 api.rlcdn.com tcp
IE 52.19.146.55:443 id.crwdcntrl.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 172.67.142.121:443 bshr.ezodn.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 18.212.140.196:443 script-api.ccgateway.net tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
GB 18.245.162.54:443 connectid.analytics.yahoo.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
BE 18.239.213.76:443 cdn.prod.uidapi.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.39:443 static.criteo.net tcp
GB 142.250.179.225:443 17ee5325a97aa4c446b1d240484db050.safeframe.googlesyndication.com tcp
DE 162.19.223.4:443 lbs.eu-1-id5-sync.com tcp
N/A 127.0.0.1:443 tcp
US 192.178.223.132:443 ep2.adtrafficquality.google tcp
US 34.120.107.143:443 oajs.openx.net tcp
US 192.178.223.132:443 ep2.adtrafficquality.google tcp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 216.58.212.193:443 cdn.ampproject.org tcp
GB 216.58.212.193:443 cdn.ampproject.org tcp
GB 216.58.212.193:443 cdn.ampproject.org tcp
GB 216.58.212.193:443 cdn.ampproject.org tcp
GB 216.58.212.193:443 cdn.ampproject.org tcp
IE 34.254.166.34:443 rtb.gumgum.com tcp
US 34.120.107.143:443 oajs.openx.net udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 172.217.169.36:443 www.google.com udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 192.178.223.132:443 tpc.googlesyndication.com udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
N/A 127.0.0.1:443 tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
IE 52.17.201.241:443 ice.360yield.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
IE 99.80.100.79:443 ce.lijit.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
DE 91.228.74.166:443 pixel.quantserve.com tcp
GB 18.245.187.38:443 rules.quantcount.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.251.30.95:443 jnn-pa.googleapis.com udp
US 199.91.155.89:443 download2348.mediafire.com tcp
US 199.91.155.89:443 download2348.mediafire.com tcp
US 104.26.8.66:443 econventa.com tcp
US 104.26.8.66:443 econventa.com tcp
US 150.171.28.10:443 bat.bing.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 216.58.213.2:443 td.doubleclick.net tcp
GB 216.58.213.2:443 td.doubleclick.net tcp
GB 142.251.30.94:443 www.google.co.uk udp
GB 163.70.147.23:443 connect.facebook.net udp
US 104.26.8.66:443 econventa.com udp
US 13.107.246.64:443 www.clarity.ms tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 104.26.8.66:80 econventa.com tcp
US 104.26.8.66:80 econventa.com tcp
US 13.225.239.91:443 woreppercomming.com tcp
US 172.67.141.135:443 www.chancial.com tcp
DE 18.194.54.143:443 www.opera.com tcp
GB 172.217.169.78:443 www.googleoptimize.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
GB 2.22.104.208:443 cdn-production-opera-website.operacdn.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
DE 18.194.54.143:443 www.opera.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 142.250.179.238:443 play.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.140.95:443 jnn-pa.googleapis.com tcp
GB 142.250.140.95:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 142.251.30.94:443 www.google.co.uk udp
GB 142.250.200.35:443 beacons.gvt2.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
PL 34.0.245.166:443 e2c73.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.200.35:443 beacons.gvt2.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 192.178.223.105:443 www.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 104.17.151.117:443 www.mediafire.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
BE 18.239.208.127:443 pdfmeta.com tcp
BE 18.239.208.127:443 pdfmeta.com tcp
US 104.18.14.11:443 app.termly.io tcp
US 13.225.239.13:443 content.pdfmeta.com tcp
US 13.225.239.13:443 content.pdfmeta.com tcp
US 13.225.239.13:443 content.pdfmeta.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 104.18.14.11:443 app.termly.io udp
US 104.18.14.11:443 app.termly.io udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.18.31.234:443 us.consent.api.termly.io tcp
US 104.18.31.234:443 us.consent.api.termly.io udp
GB 216.58.213.2:443 td.doubleclick.net tcp
US 192.178.223.156:443 stats.g.doubleclick.net tcp
US 192.178.223.104:443 www.google.com tcp
GB 142.250.140.156:443 googleads.g.doubleclick.net tcp
GB 142.251.30.94:443 www.google.co.uk tcp
US 192.178.223.104:443 www.google.com udp
US 34.54.30.30:443 publickeyservice.pa.gcp.privacysandboxservices.com tcp
GB 18.154.84.82:443 publickeyservice.pa.aws.privacysandboxservices.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 192.178.223.156:443 stats.g.doubleclick.net udp
GB 142.251.30.94:443 www.google.co.uk udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
TW 35.206.197.180:443 e2c31.gcp.gvt2.com tcp
GB 142.250.200.35:443 beacons.gvt2.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 142.251.30.94:443 www.google.co.uk udp
GB 142.250.187.238:443 www.youtube.com udp
GB 216.58.213.2:443 td.doubleclick.net udp
GB 163.70.147.35:443 www.facebook.com udp
US 150.171.28.10:443 bat.bing.com tcp
GB 142.250.140.156:443 googleads.g.doubleclick.net udp
US 192.178.223.105:443 www.google.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
US 192.178.223.132:443 tpc.googlesyndication.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 192.178.223.104:443 www.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.251.30.94:443 www.google.co.uk udp
GB 142.250.140.156:443 googleads.g.doubleclick.net udp
GB 142.250.140.156:443 googleads.g.doubleclick.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 150.171.28.10:443 bat.bing.com tcp
GB 216.58.204.66:443 td.doubleclick.net udp
GB 142.250.140.156:443 googleads.g.doubleclick.net udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
US 192.178.223.104:443 www.google.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.179.238:443 play.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
US 192.178.223.136:443 www.youtube.com udp
US 192.178.223.136:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.140.190:443 youtube.com tcp
GB 142.250.140.190:443 youtube.com tcp
GB 142.251.30.154:443 googleads.g.doubleclick.net udp
GB 142.250.179.238:443 play.google.com udp
US 192.178.223.136:443 www.youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 192.178.223.136:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com udp
US 192.178.223.104:443 www.google.com tcp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
GB 142.250.140.190:443 youtube.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.200.35:443 beacons.gvt2.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
GB 142.250.187.246:443 i.ytimg.com udp
GB 142.251.30.154:443 googleads.g.doubleclick.net tcp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
US 192.178.223.104:443 www.google.com udp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
US 173.194.141.138:443 rr5---sn-q4fl6ndz.googlevideo.com tcp
GB 142.250.178.14:443 suggestqueries-clients6.youtube.com tcp
GB 142.250.178.14:443 suggestqueries-clients6.youtube.com udp
GB 142.250.178.14:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
GB 216.58.201.97:443 yt3.ggpht.com tcp
GB 216.58.201.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 rr2---sn-aigl6nl7.googlevideo.com udp
GB 173.194.183.199:443 rr2---sn-aigl6nl7.googlevideo.com tcp
GB 74.125.175.135:443 rr2---sn-aigl6nzr.googlevideo.com tcp
GB 74.125.175.135:443 rr2---sn-aigl6nzr.googlevideo.com udp
GB 216.58.201.97:443 yt3.ggpht.com udp
GB 142.251.30.154:443 googleads.g.doubleclick.net udp
GB 74.125.175.135:443 rr2---sn-aigl6nzr.googlevideo.com udp
GB 74.125.175.135:443 rr2---sn-aigl6nzr.googlevideo.com udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
GB 142.251.30.154:443 googleads.g.doubleclick.net udp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
BE 64.233.184.84:443 accounts.google.com udp
GB 142.250.200.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 192.178.223.132:443 tpc.googlesyndication.com udp
GB 142.251.30.94:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 142.250.187.227:443 beacons.gcp.gvt2.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.251.30.94:443 www.google.co.uk udp
US 192.178.223.106:443 www.google.com udp
GB 142.251.30.154:443 googleads.g.doubleclick.net udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
BE 74.125.133.84:443 accounts.google.com udp
IE 52.210.223.100:443 littletest-sorryplease.hf.space tcp
IE 52.210.223.100:443 littletest-sorryplease.hf.space tcp
US 8.8.8.8:53 hf.co udp
US 34.198.14.237:443 hf.co tcp
US 13.225.239.2:443 huggingface.co tcp
US 8.8.8.8:53 hf-hub-lfs-us-east-1.s3.us-east-1.amazonaws.com udp
US 16.182.41.42:443 hf-hub-lfs-us-east-1.s3.us-east-1.amazonaws.com tcp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 35.206.11.92:443 e2c58.gcp.gvt2.com tcp
US 192.178.223.99:443 www.google.com udp
US 192.178.223.99:443 www.google.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
GB 216.58.212.234:443 ogads-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 192.178.223.99:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.234:443 ogads-pa.clients6.google.com udp
GB 216.58.212.234:443 ogads-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 151.101.66.49:443 bazaar.abuse.ch tcp
US 151.101.66.49:443 bazaar.abuse.ch tcp
US 151.101.66.49:443 bazaar.abuse.ch tcp
US 151.101.66.49:443 bazaar.abuse.ch tcp
US 151.101.66.49:443 bazaar.abuse.ch tcp
US 151.101.66.49:443 bazaar.abuse.ch tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com tcp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 104.19.230.21:443 js.hcaptcha.com tcp
BR 35.215.235.162:443 e2c46.gcp.gvt2.com tcp
US 104.19.229.21:443 js.hcaptcha.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 104.19.229.21:443 js.hcaptcha.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com udp
PL 34.0.245.166:443 e2c73.gcp.gvt2.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
TW 74.125.204.94:443 beacons2.gvt2.com tcp
TW 74.125.204.94:443 beacons2.gvt2.com tcp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
TW 34.80.89.126:443 e2c1.gcp.gvt2.com tcp
GB 142.250.187.227:443 beacons3.gvt2.com tcp
GB 2.18.27.82:443 www.bing.com tcp
GB 23.206.79.163:443 cxcs.microsoft.net tcp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 192.178.223.94:443 beacons.gcp.gvt2.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 69.62.111.217:80 galilaospa.com tcp
US 69.62.111.217:80 galilaospa.com tcp
US 69.62.111.217:80 galilaospa.com tcp
US 8.8.8.8:53 bat.bing.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 69.62.111.217:80 galilaospa.com tcp

Files

memory/3484-0-0x0000025B58390000-0x0000025B583BA000-memory.dmp

memory/3484-1-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

memory/3484-2-0x0000025B72990000-0x0000025B72998000-memory.dmp

memory/3484-3-0x0000025B72B00000-0x0000025B72B38000-memory.dmp

memory/3484-4-0x0000025B729A0000-0x0000025B729AE000-memory.dmp

memory/3484-5-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

memory/3484-6-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4e87a655de673d665a5c17841aec9998
SHA1 2575ae8891f0645cd0bffa41227c5b7ac17ffcf3
SHA256 1e8389fc1f3e9710249898fd6ceee059d204a6de56981dae602ac3ab6a7415a9
SHA512 0334cd5423563f004424118ccca2b00cd9ef7d3ab316987ae982cf18c75340302e1556127f73b3bedd42b226c0598de369858c3471e84f49cc8aaf8fdab22d2a

\??\pipe\crashpad_380_VMZSPIGCZWAAYZIT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3484-54-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

memory/3484-65-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 f81de8fbd2b23421e0924cd63b15238e
SHA1 9f6841377556ef52c0ca47a2d4b67b94a43e912f
SHA256 ecf1b31d254f6f483aa6607befb3cf00b1ca3976639daad4e1177e9b08a42341
SHA512 eb31f2ae6e12e8e92067c500d648f044c38a45326f1fdb4bacb94ade88c43e241c766ddf57b30db771e26ed82e0a127e4043da68aa6ab4fa50ec54ffcc5c9471

memory/3484-77-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

memory/3484-78-0x0000025B72B90000-0x0000025B72BA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c4cf42614210f824c2ca93155a19ab9b
SHA1 e8150df7e6f6cb9514a656d1cebd8e831e0c8f30
SHA256 8436e6a6bc3e99c1599e171eb984f3b1a284591697a85d5eb5fe16a47ce7b070
SHA512 404e5be7d097ac43a92742f4e8a9b80fe393df62d501377df20e517ad07e129d49b4f1bd88c43f0b0a230c56958a2c953455f165bf8a7251b5169aa5c7f156c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b80512f710a5a1a0417552b44042690
SHA1 1d9d7ef35ba7f0307bdae890c363e1ab9ceccdd7
SHA256 58fec9ef5adc9874dc069c057c17993088499e5cbfde01f3ecf355f3b129951b
SHA512 5ffc53466d53a714092ff1656296e2f91ce6d4ce04fa0cf9e0763906dc6825e1d6584cd7d4cb516b324e14a8ce09c209988ef48966eecb1149f335b4dee7e4fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6eace527707a0e159399c9d6adb33733
SHA1 6034ec648b2b6851cad12fb1293c40619e2a81a6
SHA256 b2c71b8868acdfddbe58f20cb0aaf4acb6ec84b6f79dc4428d9eda3e084f9197
SHA512 1b4c743a1f7b55c6936147fe446b3b33fc2c26eebc72004acb0378710baaa83e9e362670f4a4af157f08a891ff53c20f3405cc36b02a242b4a8bf6ed3ce4e6ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e502c53a34f82208770ca82f5be9d50c
SHA1 9556f7b0e597a14eea682c430007580a0480a6b3
SHA256 d303a2f1c802c2c68eb3e31886fa244eedb8824de29f61b6038a888e065a67a6
SHA512 98b3735a1500956858e9e796784b80b3235d5237e9e16c96ee62ed352c22a46f2e69c1af0e94cb6feaa4b5de0c7db8275d0a5caf7d9e3b82ae2c43d18a86e598

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5817d8.TMP

MD5 c1cbe7b1a80df21cfeb64cc2a2917e4e
SHA1 2cba3e423023d25dd03b5edd2876df0f5a5d1472
SHA256 d643889247031b917095c1dc8b3333f83371cfc8e4eef0e132da7a067b8f55e4
SHA512 f92ef857711b390a074fd87c04de6a368f35c5af36192f79753ef027628ce4d818e6a9f764f6c22aa52bafc68e42ed07d1c383f7252eec20269b67eace4025f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

MD5 e0701d9d7b7a14039e6f9a53078fd23e
SHA1 201d5c31df1233b7129295fb755d5955dedd0f45
SHA256 5852825eef895cb6866ba9e265afb25c4a0283c98388135326e413886b6efb1e
SHA512 9e660e9cf2180269bdfd0d250ad6265334ea67e7ac4914b8f01158f0962300a5b4c612563eaeaf55a1f0d15eab9e86064e54b00d9281aa51ee850e7679043c77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c466311457d5028833229f40cdca9d15
SHA1 aafcc2d305e20003724f07968031ca03452c3616
SHA256 c7df5f762465034349c8416ef5d67388e3ee436b88433dafee45cb4681c89628
SHA512 ec7206e3c588344de1f6015ca13dcf176baa922d764c6d21b6ec0ca1f1ebbf8dc20e1ee9dbe461095cc817f42f9d341f4a883f0becee65133549f5218480c057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 698df1f6840a283b6288904ee3503ca7
SHA1 d0a965b84b51aab15521bef48cccdef5073341d4
SHA256 6793e75a0a2252d38012ef0ab1ba17e8848e2ef4174d98792a73900110ebd1c7
SHA512 4e887bed2d7e5dbc019c617b1673fe4c2d1282341d7d079cb0497b1f2393a6bc4e80f7e4e6372987d68a9e202449fcc6f30fbaaaf82016a032c861cc83e94c85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21dd433668f959864955f5204268462c
SHA1 8d99abd7da81be69a8e554590695e2a19254412b
SHA256 8dd6587f6a291e868943f21c6dc24fa67bf3c6aef317c07715274c7d76edb6c8
SHA512 2ddf75619ec3aba3de0ca5fc719df260af013ae586633fa4321bd411fe2370abb33b9ee06e76a7d41bbb9e347a07317d0966fef79728f963a022dc9a75a9b208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 44d241c2c763e109312d2dcf66be0379
SHA1 89d3fa6220f9c15db6b83651b4236e2228d6e6d9
SHA256 bb9b2a66d2779f10094af5e522891f4271a4713738067a8ef82602c8d8113ca1
SHA512 296ca69409802d0995af6823796226865a9698a903045281764f425f3cad15bd173b8e664de1b40d05f5a854c610e5b9cf33e52ac56d2dfb62807e4bebb60280

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af344d721303ef3968894a7be9731750
SHA1 8d7eefbf469ee281e69b9fd92959b6928a93ac44
SHA256 3dbf4a75120c373dda17e3584fae60771f981228807d7bf173c97a5a207a4656
SHA512 61ebafa80924911086f30d5cf162a4d444e1d1bc370bcaf28e0a6b05a8bf0341fdcb05e70430c7a6b9fdddc5f4d7a26151ce686ed5bbe21b6a8726f539bbbbee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 476e416300b683dacf0e28677a409755
SHA1 9c1c085ac9e9b85a69528cc4c5a9dba6d9294912
SHA256 d8c1b5f445c912772931368a35e7b17980c309ce8b727a6ef38e5d112aead667
SHA512 d58642ffdaff3bcc695ac7377f6b24ed2f0cf083b6ffd6d1239ad725764c93bdb004e2826378b2086e95dac8dddee5d62a9f857247efd452aaee37b2f5ba2282

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

MD5 5427f2d4843d91fe53bd105f84cf23eb
SHA1 6b319541e4409449e9ae0cdabbf5fa652c97ce3c
SHA256 7747fc230a3b330e98845f1e6a02413dd2eab9dcf878814d4e7be935d17997f5
SHA512 3d5f3d66b115f1791ec69c5df30a6dcc037c6886b5c40cd23ce1c2622c5131a3280a5c366b235dfb0554e6d350e656062d1e54a0fbb14c6a321ec845c4ccad7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad2f61137b5341a4cc3c67b30d81dfdc
SHA1 f6e7a12de7eb1fb1fba8df4c76bad0d7da944852
SHA256 27dd70d67919c9d77c89f37ea1f7a1c81b77ef3bb28803ea3b466828e68e4922
SHA512 8be2ec40d97c1ad61589b8cd456e33450ac1a53d744f195b4f7b80c23f62e439dc3e0bafa58be05f193872e928c097c80740403b453dbcf68d127d4d9e6951b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5f0c2935c7ad649c8a4e16716067813
SHA1 dda1207a7ad960fc1f100bda3c0e6e270f99ff32
SHA256 867337320771ed83127d3e89e712d49a8b9f2a34a82bbc3cd26d25cc2a159552
SHA512 3e0694861dd03ba4206e05a8931bcab57e27a642ffde902884e84c4f6ec3755ed298c24109bd9e4ce726e998255c37e0ea920e293a35833066ed3fa06b69c6a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 31f8ca8baed32504a1580af990ac3cb2
SHA1 be6a0713cce8720f106b361244390085786f0a4e
SHA256 4e00e918ea137482a53af3c3e13ae206339ddee031370256366cd5965a16f463
SHA512 5694c2d1c91e248e4bc67acd818594a47596d0597ad196b1a16a89db42cd095d5576c9a35f3978758b73f6f23275c3ae55022089184bd4f1e12687e6a6c8bdc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\50b7e00dbeb43403_0

MD5 72ff3866d873c34d19378391997f4bcd
SHA1 bae587075773794bbf00a871b82e41dd19df2dd3
SHA256 5fb63c1285b49edd0f8bd1f6437387e04127fd943acc51864d83d4613b53bc83
SHA512 48b1b87caa62f6e769038f72892301a5add7c20c48812bf4cd507af531532b409206d1519bd1d13ed8c7cc7a519a7ec2ba742dc4276644ecc13845df638d6bfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e39413985d6800c413b3f95182803f6
SHA1 f11f58ac65ef7568b6f52582912eaa548a2e2443
SHA256 7fcf691265b330bec61ab370deb9707328879fc6601a2f261f9f67b2da907890
SHA512 88db6458e692ec18dab0c02830d5b37a4ac94f574e1c035892c763428bed67b866cb4eb9f55cbfc53f1098de3513b25358691334d29a3d44d54ccf41f395f4e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8ef5519f576d897796aab865f689ebb9
SHA1 2dc8418dece21d2016ddfb664c525b9a88a2f13a
SHA256 c62f434ba3854ddd4cc4625c77f855233fcec6b88790a6bf624145ae36c431d6
SHA512 43b58cb52553322c58599f0f40d6d7d4a854508edf15cbda7b41b2376b7ee5c479284f3df398965207089a19d9a9310b4f268ac1f9c1dd870d1da3cf8060359f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 7d63d3d7cb9eed15021ed91754cbdfc8
SHA1 2dda903f77162fc26a50c77ff2b7ed81d2121a50
SHA256 082dfddfd32a16b4367ea78f47d8ffd99fbab54e0390cd17b62cb971b8ec481b
SHA512 b65fb32944c2f3e088e3ac44c6a06b7a24bed49bb38eea6312b8396ebbb15f773296f2d7451bead975179e8c778ee6ccdfb580d43a8b63bdc19b4a606721ec63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\CacheStorage\index.txt

MD5 84936fe5235594f7e8e28c728416127a
SHA1 6cb9676704d2770c4335c758b74a2c7d1e97b69c
SHA256 e40a236e4e7952ade2b3434037777845f937243ba304dedd5b18a534367a5c03
SHA512 049975936c59c16cb62d7b8712d26c5e76d0ce0cfb3f2bb7e10dfd6a115d078bbc52e32aae4244dc17e74828c6ef5e3be297822a2bd9e90394d9288c51810e8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\CacheStorage\index.txt~RFe59d70d.TMP

MD5 8f8927d7159d53c4dad17479b5162f61
SHA1 45f66e3471b55687b50e2da69821b22dd78ecf8b
SHA256 07d2e0bd05f33a367f2b8cfbb0654871f0d4c4b92cc8a57bcce3643add30cad6
SHA512 9b76ee5cfef630c6d73b9df6dd042d4a5c7f92b1c6a1cd39c82868114fd029e3a0c4bc1d2d055ae26b4d479983aec7c0ada229355a7fa043b7d7008f89b6d689

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 591c474f8e30bbcb2a6edf6047022c34
SHA1 f55d35ac81d6b69d0badfcaf106964e3f92edab0
SHA256 fbe57d7a714f28c9226eac59af23bbaf5ec06d8b4e571cb0231d89fd65e62252
SHA512 e47261bd281e0e8d960e343356439d500c216afb7c3536f88e52ca4a5026eca765feae3e1387770348f7874741d05d84c755717599931a34740a13190de34185

C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\7z2409-x64.exe

MD5 6c73cc4c494be8f4e680de1a20262c8a
SHA1 28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
SHA256 bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
SHA512 2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07e29567ea1828184b2d715f5cc83ff1
SHA1 76f8e321472d88b07529daf194d7143f25781a7d
SHA256 ea618c16df84e61936b5b58576e3956e6e80d23144f39dcd7afdc58b3160d5d5
SHA512 8eb9fba2256409826de715af490cf34b414b19bfa0b60fba77f724f701e8e5d51ccbf716ccb1efbdc0ce24df5d444a617f2325ec87b192242f86a8bca69aca6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0f976927676e02b90e933f6755d34847
SHA1 dc511767bce8e4bfe1a044e8f11700aba5a26874
SHA256 3d2644388bfbf38bf1755009d26a1e24abb5ae11b83ceb5073c1573976531790
SHA512 95958e4471eb04b1dd7716f9ecd8647d1aebf1fdebc877696f54575e494916ec56e2baae231328b64191c443f977f3958b9c2665d446615f12df5237f0d35783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f305a0b71143794ebc47a2c60176cca4
SHA1 f23706d09715bf92519d826cea8d4a45568947dd
SHA256 7a91b1189891b24d919303136909c70a943e2512643075cb7706f5dfa81eaab5
SHA512 b6c10e6ba7d6a315be0ddd63c3d0db2638b3accab997988e567a28b76cdbb41c1fb90d53c3d1f514279500922510925d1dcf2db9c46280772a2bff5179129330

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49e7c3143e0db7909d9359059a6890d5
SHA1 15640de9965e2101065ead418ae9aa00c5600f5e
SHA256 6aa545a703134292d66403c289b0beee3a13261586b2356aca759d8fd3ce363e
SHA512 5390e314bc61873c91760fcd5f77ebe4fb702b8347c0ac74e90d6b4ba13a70b4dfc3ce9d4e19e13d743b34e46d57a7a8cd251816779d9e81443216a0c5257e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5bafc799ce9dde7285fd5a900bc2486
SHA1 4c680c66d0438c1f27b881cf63b49dc4c3dc6583
SHA256 144b7c55f37a0c689f6859ae5ef47fb9a6e70b24968a5a7ff823fce997e9ef6d
SHA512 3d75b65ec9b5ec273ee179b0aeec280fc335720def373592e6291cfef8dc059218d134a27957bb0c30f0e99d249b6ddc9195a23b632cb8cb7b5cbf58175f2ec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d553f1e8cae991ded1f84b161018d26d
SHA1 01d727ec2415ad7f4c2a1581ad66c17e1a85f310
SHA256 2fcd95bb033100b0ee044066fd07a5733bf31cec7b2c33d72131844321ef9243
SHA512 24a1fb80ed673d8170db1f2abfcc49dc75ef6614fd27db73dfdc19ed37bc025816d0ecb90f53d37e46f03f321bf757d9b2a73e7ba185987d91423cf3c20289e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

MD5 b31d6c3a52ee38ee4d969480c712cf93
SHA1 0cf2958ba2caf005c6666372d65a955b56bbf450
SHA256 1a37f663403fdd7b5d9c6577ded75fdce0bf8b8be3ceedf3839dbffd419e08cf
SHA512 1dc117306dda82ad7820b17674685ee8172bc054c92da58ef62091470965d5b72b5fc167a1de1ce5ba32b728d86ad88169f5c388bc46e6e8b35de4819e32d56e

C:\Users\Admin\Downloads\Unconfirmed 380283.crdownload

MD5 08e42764571804aa3e27530b03dd5d99
SHA1 82ca6c9c8b0cf59f8dce178352360abcb99637ac
SHA256 b66d89ee13a48e9c8d4a7aa2e3e1cb2b79f0b95e4f74f4184b85628656281588
SHA512 90fdb4f191a1a26e04fcc2df045d74fec998b968506d7e8f16ec6f5cca7068093de106b9de4009ba6ebe085e9036358553d19af1b7ed4202f86ba3d2aaa7a62d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3d40fb33f326a08d1846105edc63d45
SHA1 c6a68bd64d889bde3c4289834a42fe9790a0489b
SHA256 1d0c5c331ddaffc58f3d77ee4dc9c2558d916c3db7adbe5727fafcd84c96b148
SHA512 17a8b9b3f9715f4c654449483a788d7879406a6cfc8ab61dd10a90aef0073fa5a9e6b15c1789b59f350a02e50e429fa03517ceb11ba3bed7fc469a23807f1992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8cfbc9163dd09eda2c9f755ad16ff173
SHA1 2d0b72070eb671143c15dadcf19fbf677e020d63
SHA256 1ba8e0b3c04122aedc1978b8eff524fbc14b687a1885779ac99a85e5145833d6
SHA512 5ca3b7543cc8ea61186a3011287d063b67a6ed0861810a2c45d0ccd118a10ae7a59f2abeb0c01093e2aa8fb1b8fddf15ea74d7eaea2335c462777ea1cfc31ba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23c1b5d0fdda8fd724e6a6dd97a7a052
SHA1 5e666fd99ba92d6870fb6ada6ec8ff96cba8a901
SHA256 035688bf31983ae4d2d7cbb0c67238aeea0a4fd076dd501829bacbe2376ff732
SHA512 89c2fb26ba20ae4341740cb399404338530a592e63f725eaeccd8524abe4205e244af5239d77a052c3d7434f8ddb764853f66dc98beae36477034b66c5291ecb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1c04e85b1c8c0beb6a22d0ed56e51da
SHA1 8f7b191c69a99badb87699bcb115ef42a2f80488
SHA256 fb9678be7e3ccebf9e8b5153fa81e2f01218be8ec0062ab24861a22b4d2767c9
SHA512 b3c4c14f3410d372170b1bd9113dbe2655754aad25765414809f7db5ed476580fa502cea555af785b5b20cedf8eede76b735a5a370a040e2a093d5b99760f390

C:\Program Files\7-Zip\7-zip.dll

MD5 88518dec90d627d9d455d8159cf660c5
SHA1 e13c305d35385e5fb7f6d95bb457b944a1d5a2ca
SHA256 f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced
SHA512 7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b6b53b1c6fdf9bd488c353f4d13e46a
SHA1 f36c15b159f30b78c0a145837895e95415019f22
SHA256 407961237cccab6b3761cbeece63b125268f06bd99eb59951530fbb560195799
SHA512 8d3e6f1f24707d5afacc48a74574cd174f8be35f3eaab0bd8e3433403b13ce749633cc32f060ff75b6895193d63542f4711ee22074e0d305b34f47725e10d5c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02393ab3a3b2303ed8b1dfc6ed3f76bd
SHA1 914e0987687682819def4a3b88c1fbe13fb45146
SHA256 180e95c1fc1d4b316d88b1ca83c572c21137009d022addc8ab56a212dd0ac41f
SHA512 cb239bc45f6ae8ca7ba79edc8d2611588ef4da88d15e4171d7970be2024f52b77cb4df42cbef1859251c897e143c8b4ab59896dfe2a56c37b4ce8ac401097562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64dc8a1dce891284b09016a418eab7b7
SHA1 d3676322e4ec20b2f98b9b339b04ba43ac3dce94
SHA256 4df7cbf6114cce0d02765f28882a0f55131e037cf5f29958c4e2fc049f7f753c
SHA512 cfb04615fab7b47e06db9d9ea2061197d69eed38175dacde9cfd0e609b8ccef72d83716aba828b3b5ce244e20699427a1eab281c9a0b2802b42e8c7203ff5e29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5210b1dad15ea4947446f0d23bf39bc5
SHA1 e434db8ecf6d48163554d8893cf9e0f3f7fe5b2a
SHA256 542294c241cf61c9fb5a18a9da13d705cd9d4ffcca1cdf3c653d0e0eb477e607
SHA512 3dc50c79888892349e612bd3070f18e957577ad82a3ff5f8ae412fe7b3360e3219abcd05e336a04fad4baea630cb3d8f8423e925163040508718c0d80fbc0533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 3a866ce162809fb0361766635013d99b
SHA1 5884c0771adcc2ca34e7ba35aa327223f52c284a
SHA256 417afab46c974859ae7049ab35b65ed21d5a0b74d53e9427b0d017445b07b3d1
SHA512 d69989ba95d40ad85c0caf25b262319540991e0392683c2e26645e8bc440c4b7b2bb9280435fa788bb9e82cc542a6fb35c8abb2b920e70febefa1bff91c5aa53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 ed81ae6e321fbfbc6cb3dff94779e4be
SHA1 1f0c0cae6cf9366424323db0b0739facd69afdfb
SHA256 d22632c84b8b935a2451ed89ef446356ab024bb761c52cf8ace17068a655be0a
SHA512 60dde1068dca1305c488fb5bc43bcd77d8da22ca0b7d61515c777510cae0045d054094b5c52e27b7d9f2b536342f18e9358b806e9bd67f15ca4da0702b3b985f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 9436affc97843765a966b3568fa7e5ec
SHA1 7bfda74bb30589c75d718fbc997f18c6d5cc4a0b
SHA256 7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916
SHA512 473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 83b7855cfa4a74f261d3763b73141e37
SHA1 306f4e4a8b4635711d0933147ce79f37416fdb8a
SHA256 e2e45af9cd69dfd5425ba5ca0b5f5bc1494808e5db081bc94fbae965a7a21a79
SHA512 29c580b51f25148683e46f0f7b154b4a4a56057d27d3b7f796acae8331050a5f853c0d957daddfd4d57226ff8bc5e632304b0c4a9a92afa1169f6c18c92bd2da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 ff19e38e855d869d3e084149adfb6e05
SHA1 22c9b84a4bd7dc4766b60698d96686f150a60fac
SHA256 4437283ff4c34c5097ea6e95556342f03846595b755f2ab03ab2aabf92d83a07
SHA512 01dd5c2217f506af2df1bbb0a0c7e483f749e2d59d7b3882ba699293fc9969d4d83c95f87d0c16884bc5063ad29eb389b0433770fe416591de61907f30fac34c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\CacheStorage\index.txt

MD5 b2955f4a7cbf5fbb4065524342f74f67
SHA1 372cbc7687d38445fc0bd7c1f1c2e1625022e2ad
SHA256 15caef00a69b0de3fa9c297b88127f345d74020cba8308587b6ab8d57c0f8b86
SHA512 f13ef962b166d8bf37653c84e2be616a9673feac11900c3c1d8917d3c0c3a820f129c6cc2f09d829fd9bd18a87154c08115af07d5db8569c40607f6bf7b5dc63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2

MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA512 0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 36d21883d3c68837a1d49e28f6239d84
SHA1 f3868f4d11e7cb176fe1c0da9f739430d8f1a2c1
SHA256 829366e01a1ee65377c21ec25ae8651998fc695eebaf272e64803b58f5b5039f
SHA512 9e70b2aa2b0e83efa6291cc3bf99203fd670086afb6026b2588a68523dc9c6d63da5a680d0f579bf3ba44418c70b00e3de779cac697176f5a27dca7b59a67767

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f1a74d825aaaf6ba775e8557322be994
SHA1 23166612e844c159bad027095c5fffeb609cff17
SHA256 ff1c8afcb70f950ff436ccfdb206469d64157b848794286ad851d090b5b74808
SHA512 944b856396cbba9924972848ab9af1ca79827f49899f18c17de9cd4c7435f1f0e54773089e43d20921492f26acd5a7edcfac60057ab3e60c0e9e0b799a3a04bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5faa72.TMP

MD5 df80ad833b167fb286b26ffd9ef78399
SHA1 c60b925f6fa30573a6679233742ce46f28bb115c
SHA256 271b21ca9e94687406bb94ed483493cf1b7ffb93294dbb64911dd4091897eaa4
SHA512 868aba294a8a903e6a701ff10688083fd6976fb534eb8390f9b8ef9040a6c55817ef39a6d4b9c0bdbde4026313dfc51d56e4d2e3d5cb300c2c19baab0c3525b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35e6ce7d4442ce3590d5c7983dca7cf4
SHA1 d87f5813a87f8891b8a045e744e57d8d4967612b
SHA256 8fd2c4c7dd9e8d9747a57e7632446ff5ab751805e4e9f54e303a213e69787db7
SHA512 8573817393cff82e913922b899f33f920b83660d747826eb51b82ac5162130a56e62b5be69858280ee6b978d26e743df1b29f95c034a93b79d90c048f28ed371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a5

MD5 da236b92727776e61fc844ade9957716
SHA1 8fbc2c3184a71b360480586441cb109abcb2f623
SHA256 5ae8416d0eb18b306becb570e1c88a4619dad21136d42c0fb31a828fb8004600
SHA512 7e463084fabb53263c8e7721fc6adbd52c2c29b918697656705bdc830ba2ec8487d324ad991795fa55b3ca34e315c31de842a88fc858876b3df313172fb5a71b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

MD5 5924a1bd285bfd91183352477cd12b57
SHA1 e539f11612be0592025dee9631f3e812891437b5
SHA256 e22cd6fda72814f129fceae63a0c4d858dde4a6f903b96fe77a8f264594f8cba
SHA512 53abc17893b7013e9ba64cb42d79d33d4ed031d942dbee22a7894e15ffa8d418af68ca3f1ec0b89fca17fd240a7030f939a4ae83364ef5e1c7216b191fc2382e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 9c528d42e41e8e850330a3705c1de2bb
SHA1 b1f09b844d1c68496cf5d98f69a9cbb01c7cc4dc
SHA256 144acbe981f2cd3bcabde30764ef35ae8d8750a3e874ad4e6ca6733d20e89b5d
SHA512 744f5b6dfc2bb54ed2b6ccbe88128b62f37045f7ae6a4df621b56e6f36564fa5bb7e8e40868cd597369cb974184985653c187141a1040abed7d6861afa6e2051

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index-dir\the-real-index

MD5 e7607f2712c87053f5daec738c58880c
SHA1 5c6847ed7ca72f48a0c1ebdada1c194070e8a56b
SHA256 b603ba1100984a4549a45bb468eec79cd0a6dd6a16d661ab5e5f5980c630b556
SHA512 f126dc78782bb5041b60ae5220633fce45128f474c224532520e024b6c8c1b7f0e8f2bebc2f506a4e8124c7afb96f778de6255c4d845ae72008020b92ce7dda1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index-dir\the-real-index

MD5 1f6992a33720fd026260a492c1ebc01e
SHA1 d4408bc07ccc65cdc53099f6f9fbef5be4e5dc3c
SHA256 ebb3d5c962872a32b2e2565d4679c363e788b512c1d09bcfffd948d518c8a076
SHA512 7cc1c7c1640eb9df0049d46af20bbbceb360b004644c97c8921589b5d91835c60b0089f99a0fbcc3a89eb7a6d85961c51254ec47cbf7d297f9fee7fd7b5118c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e63406b3-f0d2-4855-93fa-8d8f627eb7d6\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 646bc8b6ba12fc0f3b55a8f95293caa2
SHA1 39e38226b33a9531d102f0a0bd1afd603faa7767
SHA256 474c3816b85d5e8024943804cb641ea400efadc511509f1e8f21a9eca4478a3a
SHA512 747c6ed56c155f13a94eb42778c83736f94c503ac4eba6d80afe4744c684cc30f11a10ee03884efed1ae534114a3046be44d581ccef9cd9e2d07945030329ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c888f7dcce2784996612262b194618bd
SHA1 771a888273424578b5be7c2a68111563f1c83bd6
SHA256 83c6e558386741d7ee0d607075021bbba203cbc595c97e9ffb871539f379406f
SHA512 b7e79c88e44e5151877b219b0a2cb8a3fa9da757e911252b8d6c99f8d9b4561e9b419da5c2faae509bb12e18642e40cdd4b6f4436096a00e41d8dc4a263678fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b06f1c6618c9a41f41f4f899ec647c1a
SHA1 c11d3dcd437c72f9b716a00cfb49b2b12a5f147a
SHA256 540abf8cfe8de53789cb801af040dcac32e2d4c532c14643732d71e6ae8f04b6
SHA512 2dca5f99fd952fa4d799bed8dc151e4c2669c513e9a2e26abe59eedefc7e224123062919b26552cf79a370ef13b9c0758ce46852c2a59f82d2cd5bd8997d3672

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8c90baffd2a142b127cf7085fcf349fc
SHA1 2e275299889d06dbb9f16f0c676b89b2bb572c31
SHA256 7e6185923012bb299adff7d186484fdc1afc02b9b22a921bf45ca301915761d7
SHA512 ce496893b18eb07e5f8391f6336f93c63455398396e8674d2ba114002cbc6087e68aac05bd315e8e1b2b68b7886ec5caac59676e93e52703ab71fa30d130f8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c55209d4599ae1bd0479b01a1184a32a
SHA1 007998690ebe2e4e8dd3136bf4f418a8fa0964a1
SHA256 82caa8c0686390d859f39304a2ffaa69bd48b6b3d228148fcee29d85e33007e5
SHA512 f9a4f7135f7fa7f76a7dc6162185ad1c9436c6f6c99f294227e4903ecb639f3c5b3114d9a9a419560ceb832eca64de8bbb5c2638650fe05b2cdfec3d37699033

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000008.ldb

MD5 ac1a01179996465dd2636c10a088f781
SHA1 9bb3e08aab62872522cc06657c300789cecb72be
SHA256 d736176075d95915fa399359ffd3c9074d8c4e4173f3fb4d011f96307ff145db
SHA512 53b1081f4c21b16c5c8f10b0bcb095465d237ec1151d93ee46ee5fa494803366e8434cb013f84d88a961dea7ca6caa3b25f6abed599a261dd4262a0d1d1e849c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a9

MD5 9c6534c5fe296439d52f022bb1e381ec
SHA1 56589abe1eada3a56bb92cafc37a76e0f69711ae
SHA256 71160660a41c2e9a37c7257470c7f122642e965375bce17818e06a141b3cef6e
SHA512 4bf5b007fa3763cf291ce591829257aa2e0b261f0bb25c02a5acb59b4eef66ae7e68c6b8d3fe35a34cacdbbaaa4a7c24dd1b91688df714c5387a84612278cda1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 570fd8396930c3b38ead9c3afea2937c
SHA1 51fd573c11d03b0c888c0fa06857442f225443ed
SHA256 ada564fc741ad3708d4de72d0846672066dd9b005c30ada5a153a620e8642230
SHA512 523720f597c9852bcba1a6a0edba850fbe230cfd3b40281f27e537f5d910886cf5e6d57d5a54a8ae40ddef6af1702ad2db880043bb4429c5f87af372f20c160b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 dc776a4fe6a45e9d3218f46c697d49e7
SHA1 c0d2b392a6a21f230de390249127fe744cf3df07
SHA256 a8acb67b930d80f3af5adf0d9d4edf8ade02fce8d6f07ac1e7398dba5b6ad4f5
SHA512 4eccd006659cbc7eb20564511e36c259bc6201f006b6878459f513a9e9dec7ec80478fc39f70c59d1c5ae75d2a54e2bef210917d410a4777839fe01aa957486e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8

MD5 5a4a3f087756bcc70d1b5ba3071b18bd
SHA1 0af45720626ff6fc20825426b801a07105fd2814
SHA256 a47c4a48c14c849d7aae7768f7ac571ba7c55d3efa70283e0c7528dc6221e878
SHA512 dc3cf82c4c1cf7c1e10bf5825a6f3c6d8e6308ead565ba8333e2887e383600bc4c5315e183c6c052523d1244edd638df98360b3c753d00dfaeaf36c9800384e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 d61daa971ba63425a1caa1eaf3d75332
SHA1 f88698d70aed655c3913320cd5b45fd238cecffc
SHA256 44577766fb1fbbfe1ac84fb64bd162f2f22ac3b2b3479af7a7b35aae1fcc61d3
SHA512 4eeb2bab998a376391b96bba02bd2b7cefd9376499977bc516d8c0879a1f4893e78fdf6a4743df7ba6980b81c7e419c57535a1bcc8fb2fb15299b7366080d14d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

MD5 daf3c2bb7119e334b8a43e35209c8be0
SHA1 89db244097aab84efaf28432b9e515949551ae83
SHA256 9172965380ac346c8b2d02c5fed2203426dfca75571dda683ae7ff68fece13f1
SHA512 8b005b8286bf6a13ca916b29daff52c875950a37a399ea39e81e5cfcb9aeca965c781b25bb081463192ecd55f07f9f57e183692e7c5e04c961b2dd85867fc4a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000011.ldb

MD5 2f25a8991b5325cbd23a7a9c1839d0d0
SHA1 798fce3f362d5c450c969cdb7e353523fa373ca7
SHA256 399a1c72f2705ae8bdefa32a5b0350c198ec212b74042e38bbdb27ae5415aa59
SHA512 a91017b5ffd52df4d295c316b6086e90dd89877c0538e58329a314d513da91f564d51c2e2385788f7f3521a10057f3149bee6c12c23c567cca91ebdc597595fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000009.log

MD5 1f4ed4e76c1e228bbb59c612d8054c86
SHA1 54a5a8347ca4fd7b4abd2edae5c5c409d3254b6e
SHA256 49c22f7d0a74612e438fa4d665b8abd4b5e62211d42f7c66fafcc597ca21e334
SHA512 8ab0dc2c0a0d89ead6760dfe9624fdf5dd410ba545f8b04a53091fb5078cca1fecd5b913fdc3cbf67e8ca55fd601b25bd0f0598e40008d044cfa10d055de6a50

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a21912fbb431fcc43239640b248f8e0
SHA1 dedb1c2c3b76282ab8fdbb73d57a34c721bacbcc
SHA256 4bf060c9f5ffeb2112ac8a96f6b7ea7dca229ddfe8cef89c2125b97dcde932eb
SHA512 deeea96eccf512db9b5c4ae3863d5c9ecdc339a7ce60ad3b204a0120f8286a779f136deb68a30258d2ba69d59bc575326335cd2597426375b7dfd46267b281dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 99e598a0afe09e8cb9e9c58f259b993e
SHA1 2df0228196586ed7c53e63f18b52ceebb2d091d6
SHA256 70bd15440a933159050830f6845b9a372f4c225d1c0400f10a67a327cebc3129
SHA512 67daa256e08c43a5d9ef5ab0bafac9a9a4d2a356a539d37504ae0e695dbd50fb43056bb62b9fcbb2e543ab4bda8fa5667627b19e7c83cd020bfd960ce2cb9f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6e372b9f64e1a029116500929d0d79ed
SHA1 6e5eff2d45d5c0c4fde0d7f72f212a787f4163e9
SHA256 4a7aabdf0211cbc88ab22d6bc3e15287d19afe555996aafce3a91a34f8a68dfe
SHA512 dbb45415e260173255d0fd9bcbb580ecc749f4293f61363a67a97b6bd757ff8eab90ec1270c84d8f4b28738364778f7b6cb28d944db14db7515667dd8b6971f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bec5bc7-4464-40ba-b8aa-e61093c7ab8b\index-dir\the-real-index

MD5 35bef5b04b13a01f4f86dbec6a183253
SHA1 bc7716ef970b54ab47ddeaa022169ceb7f00ccdc
SHA256 af31bfcc8efcd0d2f4b334c86375d42f1938721bcf72a937f4c6db6be5a11f90
SHA512 c08972b2288316b993c4aea74cfb875c6ffc2fe899824e3ca51f97195d15d40f2a4eeeae32738557531304f41399ec8289fe49d856fa0b277d514a823840f844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bec5bc7-4464-40ba-b8aa-e61093c7ab8b\index-dir\the-real-index~RFe600ec9.TMP

MD5 ab43db9d0ac87c0f33f14e0415e37587
SHA1 6b85adbdec0602f06e2d0b182514569b2db16f8f
SHA256 e6427aa7561afde46c03ad0b30486bb1607be263ca739fd6abdfd215dc915ac8
SHA512 37c3877d19eee964f0b42bc9aff17230b7bda321372c1fab49c989457eb172f71cb00b58ec44762a7e54ea7224934a8dc0be301eedb6d19554cdf71d3570ebff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d40be6207c8e2dcaaa25774af9def28
SHA1 5612b9dd036b546fa1a44cdf0d33d47be82c7d96
SHA256 14a955d69768df04f6850e37d2c117745de900326967800b1036db2ff22e48d7
SHA512 4922eabea88c8568c1d3f9408e1f2b24ee1c72b5c672fcec8ec710eb2689310110ef0fddd0727133b8a455e3a994b7e4b8f0f387d18d2868cae5e604a0095385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32125b2a53cc625c6a4da9072e20ded1
SHA1 41714c6f24ab0cf078e46385878214f7123c4652
SHA256 f96aa8827f641be2e8f67028ad2072d0a64ca7d8de357f2b40a998fd98db54da
SHA512 1a6c24115f8513fbb206305f494280820c1949703c84553bce1377f8536ab307b2de1335e710ad9534f0f9903f43df7ab12311716af5ac3f447989033e6b27d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509e9c9a-220a-4f5f-bbab-6e779e87f4c1\index-dir\the-real-index

MD5 38fe6a7fae8a8d9e1127c4effc1b56bb
SHA1 b557c311cd7c35394669bcb85517fa9081d93f1b
SHA256 33582d714af9777bc6fd583359a168422b821cd471df0d70132e970582cf5aa1
SHA512 65431f17a3792f02d06cb3ff4b8ba53e61152e52f83ab126393434a6cbaf25db1974fc1aeffaff7c980c38af1c602d215cec255e75e0d41d1ee35006e536cc9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\509e9c9a-220a-4f5f-bbab-6e779e87f4c1\index-dir\the-real-index~RFe604896.TMP

MD5 f5f539a592a73b8be0df2a41952aa4ef
SHA1 af89b3950c943f90f4b35ab09144653c0199b020
SHA256 d70ca574c12564609ef4dc4f1cbd8e9d5e909075130db612b3ff53232694c179
SHA512 3b6bd4a3163a923152eb1a153e5f1cefa1edc5914bf25af3c976aaff3ec39807f1e8c03c52d36e27e660da9db320c35d9ca923d80cc5c4c01fd8c9520bf9e08f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f03dceacbf50d74b4fdadd89ab74b2bc
SHA1 473ff256659319243add62d64000b28594e83ede
SHA256 5c7d2ea4c882b3b653d4d77fd9ab5910a10f0d59ae80c4c154d0b67fc3bb8fa8
SHA512 82d1e13652af2ed8bd62097bd581dd86f60fe5f53e9161e4f5fa7bbd7c0a7a4194a8cef683e1445f96882909161bf3db10007ebf9e72582064ed54f7e7c73049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\6\IndexedDB\indexeddb.leveldb\000003.log

MD5 45e4554e2bfc0b5877d25f826d43d720
SHA1 4645cd6cd010f70348ca1a377fe1dc1a44c534f2
SHA256 419bcd581309f277deb35f20a3a778b3aacfeafec1e3eca856a4bb3f4fd3860b
SHA512 dbd0181df2a2c1012821a5e70f259873cf432fe3aa6227279758c9fe630015a8d51b96c0685b9216bb68940c04fa38e16dee4d7a9b0e5dff0e3fbbc768ebb3b2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 fa462b2936214a9bf9acc2452a70eb46
SHA1 9f5b731ced13937ca684fdcc7fb767d80d0ef1a3
SHA256 ef746abeaf34b69e3230d0840f955658a56cb9888871c8397baddcb797689a69
SHA512 b30578f3c190a90d962b454921c7859e4d024b1e891e554e36ec5612d7e0767e2949c4e64d4b82de2e1329b647ebcd4334d14f7d93e9dccf9c7de64842e8ff71

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 c9a321cd0d57b351a52988873a213b19
SHA1 23cb7efffbd93ccc19b7eea7b1309236b43b1f1c
SHA256 ef225ad7c2861489c2a01b6af6e2f72436bcad158916ad2810eed3a90fe46f0f
SHA512 7886ceddaf25e57cb788b19d12d63ec8d5e6f81e58eb8200f1c8bb311223474d0d86e68ffba7e3a96b14a1fa48a50a479bb404fd05eca17444b3d635933f4caa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f48b3a8fd796d757abd1a8df43213f85
SHA1 e33840e5f4c75afa13ce2063bd6e764f036eeea5
SHA256 f6bc1fd5e3c883efd71fb7d754722e62e01355c4b5dd10ffd1d778bdf61eea65
SHA512 fbc116135f6a6105dcfe84ca0cfe8d836ccb6e8bb0f3e159848108d274d307b6396c5cb3c6b2b1a0531efd468d9c742f073019c86fd12e11e8af7eb8699dd539

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 7c702451150c376ff54a34249bceb819
SHA1 3ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA256 77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA512 9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51df4a3f01a91e32f92cd56c12b21fef
SHA1 f43e29895297223e914889523e0b35d794e2af2f
SHA256 e98cd54971d2e870f5cb3920772ed05ebabb7c4deb9e289e3da87a815d24bd11
SHA512 cca1d32b5379f36e8a0cff904c7a1d6a26efb231f8f913541d4d9951560236c671ea8f7f0a37a6a5119cd34acd2b8ec87aed48c5392de7a092d935dc853777ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cfa919fcd5c13ebba6cc7fcf7bcdbad
SHA1 665b778b8ab529036dcc535488ee62cfaca0c990
SHA256 25d4e81c6dc18c49c26edb87e631d38a502b110dc7063c66e9c629f3166f9642
SHA512 7fb3a4bb6452a4422e1349ba96e537371fa29179ea8b1faf8bc69bada441300c84ef09da02627fc97a1accb791588ce92fa583eeabdc3b7daba3d33c07ad0d81

C:\Program Files\7-Zip\7z.exe

MD5 b6d5860f368b28caa9dd14a51666a5cd
SHA1 db96d4b476005a684f4a10480c722b3d89dde8a5
SHA256 e2ca3ec168ae9c0b4115cd4fe220145ea9b2dc4b6fc79d765e91f415b34d00de
SHA512 d2bb1d4f194091fc9f3a2dd27d56105e72c46db19af24b91af84e223ffcc7fec44b064bf94b63876ee7c20d40c45730b61aa6b1e327947d6fb1633f482daa529

C:\Program Files\7-Zip\Uninstall.exe

MD5 e03115ee7530777231a0051667ab23d3
SHA1 5ded32077cda52b5527f75017552a598b0523db7
SHA256 cccf6f489961bb78c5c4baecd964442b14593799403e2b6e4d50082c3e64803a
SHA512 053f81c647b55df05bef067f26be1d25b44cdd1d5a59c4341904f0b9173a1ad6cc3209035ed4782626b150f090f52276c7d99e77eaf108b2fed52f2179e959ee

C:\Program Files\7-Zip\7zG.exe

MD5 d882650163a8f79c52e48aa9035bacbb
SHA1 9518c39c71af3cc77d7bbb1381160497778c3429
SHA256 07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff
SHA512 8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

C:\Program Files\7-Zip\7zFM.exe

MD5 4eaae49d718451ec5442d4c8ef42b88b
SHA1 bbac4f5d69a0a778db567e6978d4dabf2d763167
SHA256 dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58
SHA512 41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3

memory/2344-2689-0x0000000008430000-0x0000000008440000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09f055f6d19b94dab7ff2f56721b79c3
SHA1 789293620f88869b29a46ee4d1cde606207f71b5
SHA256 f9c19b793f2d44001a737ea1efbfd3cd9a632ba5c8f5892159b1dbc16617a1d9
SHA512 8bf73987e8001208939c1c81b55bdc7e9f35cf45885eb341bdb180c2473098f1542f98039ff8a4b33d718f03bb2093f7851e6414ad440882330827d7a600cc8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4356f7dae8944ed1cf051a4d946a08d
SHA1 2b7e6c6ea68019ed42e0f595f25939b7e2a5816a
SHA256 180a8fc4b17668f8de3f4470878f35846b31a83c2a70faea744c3eae13dfbc0e
SHA512 cf39ae46e9e03d4e77c51ff6c5d7ab07fa9f4d2b0d6b8fc79e975ddb7ab4bffabc441fb94efda5cb24db2e30d1de3f5e2193a72924236767d026a8cd8175d35a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\4a4b2231e13b3d27_0

MD5 b0fc75ca1530cda3a821e638daeb8bfe
SHA1 e0712fe8d4d7dea71b9a09303bb096427b61c67b
SHA256 990466c9e801e13ea37abe6e9c9d1c137e25647a0183424ab743d8b43e106371
SHA512 35f3604c749cb4706e58a77a38a9d6c422b6266205e3ec3ac5737200c11cbee95feca78f85963f29f10acff794ccbafcba9be3e9f9f8be99b623a5a9940e72cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66cef5d9afbee1d9dde948f96bc2d846
SHA1 20229ab00dc66cffaaba3ece6702686250c71785
SHA256 352fda36df7662122064747fbdad7a0f22c38081585a0eff69de0b03250364e6
SHA512 b6e437e085ff7d3a95f5e0ed6f6ce676075a64a6a22c0fbbea231941987236e435f3343a82f9c8b397ef49e792e8275e8ee353c01d15467bd5a38f99a4a21a57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b7738dc07fa81d6e0f3a5cb72df4748
SHA1 0aed720568f51b8c5803d7acbe5a6c3ab3cbb519
SHA256 343e5943e73dd9eae31b329189b46430b0da607d134a240d1cd137381663a3f6
SHA512 99faa707330574479fbf0b92d3fd76e5aaafbd3e9b639d0b0661e95917fa4b1cb89bb19b70565950ae47d3aeb826687faa6a5538614f5cdebaa441b69cb5155c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94eb221b610013df3260c71512e80b8b
SHA1 5da83f3d7c7cbf4cada4b2d7bf8aa305f75bbea5
SHA256 40856d84489f190a9158e43f5963dfe30e7881c30dac56b4174cf879dde0e3b4
SHA512 a1d9e1d9ef78f77a3acca2c93ecae3343c5e080a91188c3f7c34edb84db75c10c1520ec3ea74dd9d5d3283a19ac6118e8d8bcb7efef5945a0dcd8288afd4ba70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39fa2eeeb1f6da0d12e48980edf5dfcb
SHA1 37ce2af8aabd0225108830d50e742bc8dc2cabf1
SHA256 8348f0ccba81a5d44ec23ff997d54318f5242c8362a36c5998c007c47465e867
SHA512 0b6bb09c30e02149155fcf1d1958fdb8247b229d9c774cde158522d2dd273bbe23f2ea4982746eed1fc917de36507008979e6c1de3dada995f5751810d7ec66a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 894b38049b6e37bfc25be858967ca0d9
SHA1 c91652b13f763650f707c1876ce2b5fa8c71aea6
SHA256 15313984032a6a243dfc80dbb931ec910fbad10b15425b90a778135b499e496d
SHA512 2fa3a5998a9e018fd65c79ada03cce0bb9b531d0bce1684bc841ecc47af985b2bb9ec96e90d469333b293f6543a249082be37c4c667b4ac73c8e5ab0a515e00e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 686dc890932684f11699a36a5cbbcbb1
SHA1 99ff63273f7cd529da1d4542198b8242ced15b09
SHA256 32709b372e8d409d422ddcd501954742eab1fdb79cc4cf45f94dafd8dc3872d9
SHA512 3b53425e5bfb840ed8e0f06f187b3cc8e64a7b6bf39504bd8f847c42224145eea99e49041b7ec07ad639369e3549d2198a4e6395fdee8a97ef95a5f3dfbb7e5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eadeb2219bbfe65c9bb7cf5597663efe
SHA1 2e8f3a8d289953e49e57e6209a701bf4a46eca70
SHA256 acec13fd8824e3ecd2bd1b0aa2705e2eee8246861c2666296562586a95907187
SHA512 099b9631bbe4b821654845f24d93aae4a76a3313a0142c01f0556f91ee44757a028a185a62683168f0945e54ce67fde9b7aed3edc68e0490fcc18f3fa8d0343a

memory/4328-3028-0x0000000000400000-0x0000000000427000-memory.dmp

memory/4328-3029-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4328-3033-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4328-3032-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4328-3031-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4328-3030-0x0000000000400000-0x0000000000425000-memory.dmp

memory/4328-3036-0x0000000000400000-0x0000000000425000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 659c46b4fc94f02ff4665a4f54cf6670
SHA1 69e7ea0ba32ea79737a10612635042eaf13004b0
SHA256 060860b935d97b16ed0640aeac1f1deaae708b36279a3f3692b95d494ae37e7d
SHA512 6d6f586b1847748cbb5403f630b37a249ae3392350023c9452a15b0af3886989b77a7710832e5119aa7172cfd1981b633bb66c9f9ba1c06ab0cc53720666c59d

C:\Users\Admin\AppData\Local\Temp\~TM1BE.tmp

MD5 1cf5669feb127f89f57e8e9d9ac11409
SHA1 d8aaccbbef08cde0161bfbc0f6b7b1e8a1c43d42
SHA256 35f8d721f246ae3e19d204f9bcab3237448ed906a25bba14e7016e5cdd2fc2ce
SHA512 7ebf6cc1a5a0d1ad89666af09bbdd947c02fcb933aeb72c8aff1a378582e38e5c816f806afe87038f10215c3c6c11e50f3226146ba3358e4d6005553cf373b08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eca3f707ca328c38adb0c90c89c7bcac
SHA1 2602dee1591fd93e6d5a162d4ae472025002acd6
SHA256 2c183f0bb818efc9d88de79d568371ceb1d8b3ceeb56298098553551d9cf9322
SHA512 828da784610e72ee8a8d3cd32fbf1bb4d2da8e0b3344d419f7ca259560af106c2ae1a0c8d45e8be62ec14178b9d6cad8de1505a73bdbbc808f8f6a19d9a725a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4a0debfe2f2689048e7d8353341a1ea
SHA1 0ce8d036ab3cedb1fb5b7aa7ae2cb5f74627535a
SHA256 1b0fa86979d06e4d69ca2144d58fcdfd5efebf13cda67cb74e4ea89c9318bb7d
SHA512 bd2f4e16c6ec2b793f2b9f45bb9aa7c741a747536dd9e4ce87d1ef8d5f3d0d2bd0b3ed54c694e1a3f6d02076676f2a175b6c3b75e9ea7af283c4c1d5b578d3f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4ea3d5079cd2605ed75556a6e57f1af
SHA1 3a6242fabdbc86f660449876512d615c24d69cdf
SHA256 b1b54beff56254aacfb5332787dae0e41abb2641da010158b373f7d2304cbcc6
SHA512 e3886f1ae15c945ca61c9b9d2e5b5869345529c0d6b29b8ba12cb447d44bc5fecae1e729292d03f8e777f1e0dd7c5e16e023d13a88d6f0dd75b4e5797c1349eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3

MD5 21f277f6116e70f60e75b5f3cdb5ad35
SHA1 8ad28612e051b29f15335aaa10b58d082df616a9
SHA256 1537b0c18a7facad4bdfa9ae3ec84095c91467aa5cfc1d8af2724909703c2fe4
SHA512 e619f92b1ec91e467e4b11d5ad25c99b62c7216f9da81c159ae0c9ef3f9e75f48dde7bad09ee38727b5a14b827f3b813c196504057708cbfaf4bc67dbd032816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4

MD5 5af6e20a3cb8fd7d6e9290d8b45d7626
SHA1 01c5780d7a66c32906dcb51b62be20758e9cb019
SHA256 ef190557c15544c885d697097b9abcf38d7061c84f4ffd2cbfbdbf1a9e30cc50
SHA512 f634abfca30021a6688bdf50860a5509d69800375fc847d36cb948508d8636118b8a5b6126f4c54d45076e0135b4af54d813602d5b3a87f690487c6f3009fbc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2

MD5 531b945c783da57a8e6169a179367ed2
SHA1 9b76921414abaf64e4f4f7d7eeeaee45090f8712
SHA256 f1f68df4fe7f8d1febbccd47b5b14d4d5a00b008e1d5a8ecf07f874c75d35cc9
SHA512 a21dac2a2d3d2f8694e55fb920ca9fd15b8fb3b58255e2729f7fb88e0cb7aa153f5e667237b4ad4a4d9a402c226fde539194bbbcd57e9229857d8e5278dd6041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7

MD5 b15fe82b3220751c7563df73e9e6fbc8
SHA1 5933edf186e8595438ab8a830b863b65e35e9e37
SHA256 709b480ac69bf8352991fa0483d563e132cc5806429e3eaed8c3848a2b1bdd9e
SHA512 c520ec05edf481dfac365bb075d516db056f076e55a8c298a20879e519a14050578950c1c784126e62aaa3592b42d4b3b91bb76c0e6e0fafddc21fa4d754919e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c8

MD5 880f40f23fce13eee9c52b71ddf6665b
SHA1 4a65d88ead3773649595656848c46e017f5ca414
SHA256 11ade2ea70ea5f66a8a46c1e5f2b3699f649b03b8f5c1e7a908b308eb5bc2cf0
SHA512 65decf167c5ce3af8c6252d2b80bbde245a2d0a1b1ae3cdf24fdfa345a60e0d206593b78e6e6407dc55e1feaad87cd30bdbb88d8034d94fa4b053a3eb6462798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

MD5 69bdac1bdb8253f5f336736ca229c087
SHA1 b83471da9d34c3e39b1720c52dc330b37c2cc654
SHA256 cdb9e82f58bbaf31ff23f67fd6aeeab12aeb46a7fa0d527e883b6fff7ffb1371
SHA512 3549ac5ed9a61d3a9718698868d23bedeef7f6a5f13ef508c19d240119d3f274069f38724e6d6d580573a0107668690bb38f9d0c45bcb35d8fe3834f226da299

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bb

MD5 b78c208c87201efefbde1b05e311fe3f
SHA1 438bab4f023ecbc7d3d136b01966930823587804
SHA256 f6c6a469101626531293f2a4c594e86f5b8a620b9d351278d10b061e6b2b62fa
SHA512 09dd8ee68af111edebc0826a1de3bb525607828c97c377da2098522c2218bcbcbdf2eac6f58296409100a5985770f524fe5ce53fed3f6baa119b0c0eeebe1720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c6

MD5 ee7523e6a016c3281ec22a1943f8d6fc
SHA1 ebd34e289ff772c59e801bd343cc49c1d03ae3fb
SHA256 e3ba81a0ffb714577ba2b5dcb57ab14d1977d6571113c4612e8cc99e16266d23
SHA512 7e48a17f609bc0c15c3a06007b64f1a4782ec563c655accbb1c44b7b648b3fdcd86ba3cb666a293e6c9a1552fb3e044047b60efba8d76c8487224556ba1ca2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000be

MD5 fef291823f143f0b6ab87ee2a459746b
SHA1 6f670fb5615157e3b857c1af70e3c80449c021aa
SHA256 2ccc2b4c56b1bc0813719c2ded1ef59cff91e7aeb5d1f3a62058bb33772b24be
SHA512 cf28068cc1c1da29583c39d06f21ffa67f2b9a9c4a23e22cbfe98aacae6ddc3dde1f8dab7eaef371dc0a2230d21cc8fd41653fc5d812b14c389e07f5ef7fd5c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36797c36af0429edb7c6388eb1e46246
SHA1 3c2d23f21cdaf9822e6d782165653ce2e163b4a4
SHA256 9e9e5fdc92377465a7aa1a77e846907e4a5ab2b3c036d7db8fffb392e1cdc150
SHA512 e555b2c76e6e70942016665eda02642b2fd57ee9a65e6e90a29a96ac9bcd79d1c027f618b7cbd957eb8016dbdac59f50b381eb1ea9f5db99a3b3b8332dcb5718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50cbeefdd60489e7b40b1cbaccb4f1e6
SHA1 1c418c3c1ed8b39264302f97f753b9f8b307da61
SHA256 0451d44aad403891722c6db2c3cad8750be696bf6781e2f525f5d0a7bb19fdaf
SHA512 a73268ef8b14622b86d87a608fcdfaf5141f0b6500b139f55869a378b7bab59ad2ce68822e5b80f8c500982a5f93a0514391315a229ecefb133ecaf8b21d236e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1e2fa0229548642d17a951d260a71e6
SHA1 e8b875ea97a5ccfa3ea95b7af0c3db8b30ddbbe0
SHA256 7aff67eaf1be4dd80935c78403f5401f775b188b1830e8a40f2ec146f7407a38
SHA512 6f4d24e9161e00b417bc51dec115dd7bb03ba0b0fe2207651276489d3690ac5d3e8a832cfb7910b1356c303486d84fd7dd18f05d8acc4603db5181204575da28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a560bbef7681a16354d063c090ea03a
SHA1 996faa20381086af58f9d50cefac33fb4078f7a0
SHA256 37a8252d60c3103e382c99073283ef1b148f38bbfa6e02e8742bb0765f5c465c
SHA512 83012e0c60d59dde691005993bb7ab2b44c687ad640e4a280be279e8d96a5fcaa2904d464a8cdf26ee898b5b6bcfff9205d9cbb68ffafee55b03563b07f36379

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec4a92307888edb74616792401258b8b
SHA1 235637b1501f24cd7b21ee6859683ca4e76a1603
SHA256 c9a26e54d483ab48485524c7be92cb59bdada551f303a3527317c31338bdf12e
SHA512 8175a84ca75c00cf28ac162a701f711794e0158913c23a90b3eda961472ab7addc56d02349f92b276eb2bbeabf788937d8301a48144bd633f926b71511be966f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f0958ed59a83ad2afd2fc0673443ad0f
SHA1 c3a76a354d16de2690a96ede8d15c6ab533543ee
SHA256 98fc38014b8855872b7341b6d9fafb705019a68d56c4ac73c45d4268dc2af466
SHA512 953b9c2ae0c3ef6a705bc959d9c42d96da7796d5776f35759bd997fa01eff0edc46fe3a6d1636cb0ae79acc60c73ff71b298cdc2f2001cba60dc689f2511cda4

memory/7060-3316-0x00000000000A0000-0x00000000000D2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3c35e791c785c4ad7088736e6ed276e
SHA1 51bfeedccbe4d017ad00bb8ba7a2a4798cff26e1
SHA256 0738ea18a6dd6b61a557de064fabe14de3dc7b8e74238b8acab224a931723ebc
SHA512 34e7a90f4585030197969d4441cb8b13de5ea91a71066ce2e5e9e217caec00c9dbf852f7ac800503b1e88144ee3c1b6c2557597daacd9c31daba340260382f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

MD5 65e2a12d698d554df2933d2546370330
SHA1 9f39c5792fd680077fdde6798816345ed13483ae
SHA256 db6b59e53eaf42b4d4b0f22b6d90e138fa260296c704ad96ae0db65de624bb84
SHA512 ee350cf29dffbfe6475ae7e487ccb78fa14160fbe4ef6c12b3a933636b7f16cc8ac03d49e3cf29d3a9301d837833693fb00fb902c40991c600640d7e61c63674