Malware Analysis Report

2025-08-11 02:29

Sample ID 230915-tewhvsgb73
Target ZoomInstallerFull.exe
SHA256 731b998955a07f49705a15524a29c69723b1ce085adb93e39fda51832be51010
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

731b998955a07f49705a15524a29c69723b1ce085adb93e39fda51832be51010

Threat Level: Shows suspicious behavior

The file ZoomInstallerFull.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Enumerates connected drives

Drops file in System32 directory

Checks computer location settings

Loads dropped DLL

Drops file in Windows directory

Checks installed software on the system

Executes dropped EXE

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

System policy modification

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-15 15:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-15 15:58

Reported

2023-09-15 16:11

Platform

win10v2004-20230915-en

Max time kernel

713s

Max time network

722s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\system32\SystemSettingsAdminFlows.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\$Windows.~WS\Sources\SetupHost.Exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\Recovery\ReAgent.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\$Windows.~WS\Sources\SetupHost.Exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\$Windows.~WS\Sources\SetupHost.Exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\WindowsInstallationAssistant\ESDHelper.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sv-se.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File opened for modification C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktopRS2.css C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\bullet.png C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_eu-es.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_hu-hu.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File opened for modification C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ru-ru.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_pt-br.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ar-sa.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\js\base.js C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_es-mx.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\ui-dark.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-ca.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktop.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentDeploy.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ca-es.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_zh-tw.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentDeploy.dll C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\eula.css C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\ui-dark.css C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File opened for modification C:\Program Files (x86)\WindowsInstallationAssistant\Configuration.ini C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentRollback.EXE C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktop.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_zh-cn.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ja-jp.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_de-de.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_bg-bg.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\ui-dark.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\block.png C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-ca.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ja-jp.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\ESDHelper.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentRollback.EXE C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_tr-tr.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\WinDlp.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_hr-hr.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-fr.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-gb.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_de-de.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ar-sa.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_lt-lt.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\bullet.png C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\Microsoft.WinJS\css\oobe-desktop.css C:\Users\Admin\Downloads\Windows10Upgrade9252.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_fr-fr.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sl-si.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_sr-latn-rs.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\marketing.png C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\WinDlp.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_bg-bg.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_he-il.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ja-jp.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\eula.css C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\loading.gif C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_de-de.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_germany_region.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_eu-es.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_lt-lt.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logs\PBR\CBS\CBS.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\UnattendGC\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\diagwrn.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\diagwrn.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\unattend.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\PushButtonReset.etl C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\ReAgent\ReAgent.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\$Windows.~BT C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\WinRE C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\SessionID.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\setup.etl C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\INF\setupapi.setup.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\CBS C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\Contents0.dir C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\WinRE\bootstat.dat C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\setuperr.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\BCDCopy.LOG1 C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\INF\setupapi.offline.20191207_091437.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\UnattendGC\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\cbs.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\ReAgent\ReAgent.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Timestamp.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\INF\setupapi.dev.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\$Windows.~BT\diagwrn.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\$Windows.~BT\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\INF\setupapi.offline.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\DISM\dism.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\UnattendGC\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\UnattendGC\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\_s_5BFD.tmp C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\WinRE\bootstat.dat C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\ReAgent C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\cbs_unattend.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\setup.exe C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\cbs_unattend.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\Contents1.dir C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\unattend.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Timestamp.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\$Windows.~BT\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\$Windows.~BT\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\Panther\Contents0.dir C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\DDACLSys.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\ResetSession.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\SessionID.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\MoSetup\BlueBox.log C:\Users\Admin\Downloads\MediaCreationTool22H2.exe N/A
File opened for modification C:\Windows\Logs\PBR\$Windows.~BT\setuperr.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\INF\setupapi.dev.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\INF\setupapi.setup.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\cbs.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\Panther\UnattendGC\setuperr.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\setupact.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\INF C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\BCDCopy C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\BCDCopy.LOG C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\BCDCopy.LOG2 C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File opened for modification C:\Windows\Logs\PBR\$Windows.~BT\diagerr.xml C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\Logs\PBR\INF\setupapi.offline.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\$Windows.~WS\Sources\SetupHost.Exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\$Windows.~WS\Sources\SetupHost.Exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "37" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1574508946-349927670-1185736483-1000\{E3F8C31B-B0A2-4607-BD7F-2D7A1166A4BC} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1574508946-349927670-1185736483-1000\{3E1313A2-FEA9-4EAF-AD20-44284F403394} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\ProgramData\Microsoft\Diagnosis\ETLLogs\DlTel-Merge.etl:$ETLUNIQUECVDATA C:\$Windows.~WS\Sources\SetupHost.Exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\MediaCreationTool22H2.exe N/A
N/A N/A C:\$Windows.~WS\Sources\SetupHost.Exe N/A
N/A N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3048 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\Installer.exe
PID 3048 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\Installer.exe
PID 3048 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\Installer.exe
PID 1784 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1784 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\$Windows.~WS\Sources\DiagTrackRunner.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe

"C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\Installer.exe

.\Installer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa8b699758,0x7ffa8b699768,0x7ffa8b699778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4708 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5180 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3312 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2008 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4776 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5504 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5412 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5680 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1884,i,12051777112725908047,16432799678679876725,131072 /prefetch:8

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

"C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe"

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SkipSelfUpdate /SunValley

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3832 -ip 3832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1876

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

"C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe"

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SkipSelfUpdate /SunValley

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2364 -ip 2364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 1876

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

"C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe"

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SkipSelfUpdate /SunValley

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 748 -ip 748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 1792

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.0.451945597\83507716" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d05309c9-405a-49d8-928a-9c920914f5ad} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 1964 1588bdd7458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.1.642622769\669243508" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1344779c-c32b-4806-af30-6bc40ebac3c5} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2364 1588bd0d558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.2.1307304674\1867670174" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 2964 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8124081c-8e26-4efd-8865-105debf754ac} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2936 158900a9b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.3.585480552\322715051" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcf63938-5c08-4271-b08b-867d6a6c32f3} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 3584 1588f7d7058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.4.1832488290\2039601880" -childID 3 -isForBrowser -prefsHandle 4328 -prefMapHandle 4336 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44278171-dcae-4881-bc67-e501e3f7ea38} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 4348 158ff663558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.5.1037155936\715839102" -childID 4 -isForBrowser -prefsHandle 2824 -prefMapHandle 3764 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6880b66f-060a-41dd-9b31-75f8029c6987} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5136 15893206158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.6.526981940\1081697389" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a52878e2-953b-49db-8be8-4c049443736a} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5336 15893205b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.7.291136638\447643595" -childID 6 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fdebb6-88e0-4351-91cc-2265dce6b9a7} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5544 15893205258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.8.1256771959\687207855" -childID 7 -isForBrowser -prefsHandle 6004 -prefMapHandle 5996 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94de4180-5f3a-4926-ba8e-a27381b4bfd1} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 6012 15893d2eb58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b699758,0x7ffa8b699768,0x7ffa8b699778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4796 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4996 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3504 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4612 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4444 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5200 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4556 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6028 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2760 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3364 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6024 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3376 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2512 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=856 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2944 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4756 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Users\Admin\Downloads\Windows10Upgrade9252.exe

"C:\Users\Admin\Downloads\Windows10Upgrade9252.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1864,i,3150201177476399977,15031725533004101354,131072 /prefetch:8

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3844 -ip 3844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 1920

C:\Users\Admin\Downloads\MediaCreationTool22H2.exe

"C:\Users\Admin\Downloads\MediaCreationTool22H2.exe"

C:\$Windows.~WS\Sources\SetupHost.Exe

"C:\$Windows.~WS\Sources\SetupHost.Exe" /Download /Web

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\$Windows.~WS\Sources\DiagTrackRunner.exe

C:\$Windows.~WS\Sources\DiagTrackRunner.exe /UploadEtlFilesOnly

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3977055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
DE 172.217.23.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com udp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
NL 142.250.179.214:443 i.ytimg.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.67:443 mem.gfx.ms tcp
US 13.107.246.67:443 mem.gfx.ms tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 c.microsoft.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 ov-df.microsoft.com udp
US 8.8.8.8:53 az416426.vo.msecnd.net udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 13.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 141.121.18.2.in-addr.arpa udp
US 40.65.233.137:443 ov-df.microsoft.com tcp
US 72.21.81.200:443 az416426.vo.msecnd.net tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
NL 52.236.186.217:443 dc.services.visualstudio.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 13.107.246.67:443 acctcdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 182.133.235.91.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 137.233.65.40.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.186.236.52.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31nxlfycijbzzzqutmuo25u7dqieruvlfu47f22eca6a45cdb1am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31nxlfycijbzzzqutmuo25u7dqieruvlfu47f22eca6a45cdb1am1.e.aa.online-metrix.net tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31nxlfycijbzzzqutmuo25u7dqieruvlfuacabcf72903e2bacam1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31nxlfycijbzzzqutmuo25u7dqieruvlfuacabcf72903e2bacam1.e.aa.online-metrix.net tcp
US 8.8.8.8:53 130.132.235.91.in-addr.arpa udp
US 8.8.8.8:53 131.134.235.91.in-addr.arpa udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 fpt.dfp.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.141.63:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 129.132.235.91.in-addr.arpa udp
US 52.182.141.63:443 browser.events.data.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
US 95.100.245.121:443 download.microsoft.com tcp
US 8.8.8.8:53 45.147.19.2.in-addr.arpa udp
US 8.8.8.8:53 121.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
N/A 127.0.0.1:53329 tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 44.240.83.93:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 93.83.240.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:53336 tcp
US 8.8.8.8:53 id.google.com udp
US 142.250.217.67:443 id.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 67.217.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
NL 142.251.36.46:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn3.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn3.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.251.36.46:443 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 8.8.8.8:53 c.microsoft.com udp
US 13.107.246.67:443 mem.gfx.ms tcp
US 13.107.246.67:443 mem.gfx.ms tcp
US 8.8.8.8:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 ov-df.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 40.65.233.137:443 ov-df.microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 13.107.246.67:443 mem.gfx.ms tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
NL 52.236.186.216:443 dc.services.visualstudio.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 13.107.246.67:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 216.186.236.52.in-addr.arpa udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31sxiurnj5pmcwrouc2atkh77nxijikm2e4ba53f3638b40597am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31sxiurnj5pmcwrouc2atkh77nxijikm2e4ba53f3638b40597am1.e.aa.online-metrix.net tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 y6jn8c31sxiurnj5pmcwrouc2atkh77nxijikm2e6d4482abd581d8c9am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31sxiurnj5pmcwrouc2atkh77nxijikm2e6d4482abd581d8c9am1.e.aa.online-metrix.net tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 fpt.dfp.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.72.131:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 20.42.72.131:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 47.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 c.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 assets.onestore.ms udp
GB 2.19.146.166:443 assets.onestore.ms tcp
US 8.8.8.8:53 166.146.19.2.in-addr.arpa udp
US 8.8.8.8:53 c.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 www.microsoft.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.microsoft.com udp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 h.online-metrix.net udp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31kgm6upaexuyje7fu2q3taopy7gq5wusl266e2024253a15b5am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31kgm6upaexuyje7fu2q3taopy7gq5wusl266e2024253a15b5am1.e.aa.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c31kgm6upaexuyje7fu2q3taopy7gq5wusl401f9ea62e2e3b60am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c31kgm6upaexuyje7fu2q3taopy7gq5wusl401f9ea62e2e3b60am1.e.aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 8.8.8.8:53 c.microsoft.com udp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
US 13.107.246.67:443 lgincdnmsftuswe2.azureedge.net tcp
NL 91.235.133.182:443 vlscppe.microsoft.com tcp
NL 91.235.132.130:443 h.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c3152x6faoi344p3w3gl7m5xovcrsytiau6da18df3b96b078bbam1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c3152x6faoi344p3w3gl7m5xovcrsytiau6da18df3b96b078bbam1.e.aa.online-metrix.net tcp
US 8.8.8.8:53 y6jn8c3152x6faoi344p3w3gl7m5xovcrsytiau62178661bf5726f64am1.e.aa.online-metrix.net udp
NL 91.235.134.131:443 y6jn8c3152x6faoi344p3w3gl7m5xovcrsytiau62178661bf5726f64am1.e.aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
NL 91.235.132.129:3478 eu-aa.online-metrix.net udp
NL 91.235.132.129:3478 eu-aa.online-metrix.net tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 vlscppe.microsoft.com udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
US 23.46.65.50:443 cxcs.microsoft.net tcp
NL 88.221.24.131:443 www.bing.com tcp
US 8.8.8.8:53 131.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.65.46.23.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\Installer.exe

MD5 8f2a853bb8edf1ccef0c622527434624
SHA1 d8a4d2404290420979892637012cdcdc7fd4daf2
SHA256 525ca9cb2b78abc207b208da60e1a08b707bcd5f4a48887006c4fb7c93b1dd84
SHA512 33b697e9b3bca03dd40d0669760836d8a10a932a8a3e06e158e8e002c6ee0a96619f3499a0b0b5d5a159bbadcb370df13af6b71c953d2c8073277ffc5835b307

C:\Users\Admin\AppData\Local\Temp\7zS8EB92118\ZoomFull_Sip.CAB

MD5 8a5e8994c5d0c85004ba81fcfed959f4
SHA1 77a30a2178b958bdaa3bfdc79a7fb21e276ffdf3
SHA256 a9141422f4b6d3dd85b63e3a51124865ecc8b11ef44a1325cdd59c2210d48c40
SHA512 77aa8810188d04dcb2da1aea8573429061610905a64dc8b6e1e2a622a79c5910b7f3a78e958746f4fdddf4804662aaf5ecaee0f715eee286a3676e7a4148e34e

\??\pipe\crashpad_1784_VFZYBNSCAEYCXQAB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 69838c22572fecd1c00a9c9e92673675
SHA1 d8ea6a3e2519377a5f17709677cce3ddb7dee72b
SHA256 f7483f44c6d6f2301727171d607f688d6ddf08710c98686b89c121ca3097c6f0
SHA512 59695a1cca1015a352af26fb3c99e13a17697beaaf203a5fe2786b7a4e063304488cb7f5d317ac69de7e2ae7e2c73d625711c89a3d93119463cd7d7991c5aa71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4c0231e3312c654b5b2a704642c37a8
SHA1 f87a96be13b67125e646d022c5db103b1587f72a
SHA256 33b61631e8f26f5f85db7886ba0ffc28e505222ae8c85a93988eaa0374380a77
SHA512 d03187a634d28bb50226315b02d14970abd777d12b8b1c94f8398006529bfd1b1acffd30ede5e97c2c48c510f8ab474f3a176d1d6ee133893fcf7f669f905158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64443514a53d356b39c84f2787927005
SHA1 5c605b34d19bcc3b478b13aa0c8dcecfa55bd0cd
SHA256 a7368935d052dd07a1ae96dba5710a1240bf185c9cc5903d231b6835662077e4
SHA512 6e6ac2bad4dd7b0372ac676bddfe49833b98fe59e1144b0fb645029deca103ab43037f7153b47f9740dbcdb3722b2c2cb556c23d7940da568b8cc21a16a0dce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58c668.TMP

MD5 44638b7bc83aa78750857ef2af0677d1
SHA1 492d81a789bf848fb1b83174cf9f5bce71092b0e
SHA256 0107ea7da38efeaae629787bad19fd05294b1d3fa542cb101db486ae147d08aa
SHA512 bdd11f9683df79de2905085bb84e2b6e1213e9e69f7567e1c339f74167e48c0e7ef4b7b6c67f1b6f6b3a635741af304c20d297c199fa267c459df6630816c4c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_h.online-metrix.net_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7a1b431a7ab0a6636b3dce71ca47400
SHA1 d4219e85c04219ee555e8d8160a84abe474323c1
SHA256 d102b6bd37cdcd23460bb9dda87f082cc54119aa54a83e35dc58ab780e0c26df
SHA512 247db068063389426893be9a58ae69252c51fbe3295e58cfc0d6e882ac8314bc53398507f5fe2cc3bf2424e73e07392d0d4c0996be2eb2dd9715a56da5feb933

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4aaea73a60a334cac15fa0c6d5246a6
SHA1 37391be76759937066e1ed555b3dcc6596ef6ff9
SHA256 9d4454d76dfe5f8a1b35ed9a0059f7b0bd6dee000e8698cdb6d56e06366a0945
SHA512 0a8dfe6fef52f223a0e9c110241a7309d7eefbef2a1e11be64022ad50685d001127391ac28bb3eb2cd83bc0c2005447879917e028767ffdbad8dccd867605978

C:\Users\Admin\Downloads\Unconfirmed 662997.crdownload

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bd712afd9faee8fe2590d6225adc0c4
SHA1 7a11123c6b0b9307c9642caaf7428df5ac366f57
SHA256 9768e6a0b3156b14dbe24f9652cf94ee3d0bf4dc77ef4fc50b1de4d8525fa6ac
SHA512 8869ea3c568f4a41fe2be80445ffb708d7ac0a6c51cda60a7aa69bde76d93267a1fce87d56b4ba4a189411fdf9fd2f4a24801050881fcf891efc28b6af51bfb6

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\AppData\Local\Temp\WXU1EE8.tmp\appraiserxp.dll

MD5 14555f41df6f971982c4706166858f2c
SHA1 6e12567f9356cff0cb93ec09f519d480a8003eb1
SHA256 10212fd4a6fe83017cc7a4dcbf6759f225fd91296b6b46651b281f1c24100682
SHA512 e0acf3a1c45de0f013b1f5226bb21c4b0bd7cbb411b0533c382b1f24a5a93c29fa22851ed5f484c0b90314d1c1b4679b352472f50a0fb5148ffd9fe11ef3b727

C:\Users\Admin\AppData\Local\Temp\WXU1EE8.tmp\resources\ux\EULA\EULA_es-es.htm

MD5 4bce0923de384170225f162240731eb9
SHA1 21cfe6b950885981d560002f04ad328fe3797b8e
SHA256 1bd1d819ef445a5b51929b03ce31ccdb697ba862ccbb603d5440fa89fc585238
SHA512 0f2e69e51b28507bf93523dcc8e715dfa3784913f729d242f0efad5e0ce1a3220d80ffe68f47c4de83ff71a0af29225e98ab0c83425ad52db6c41394a8802046

C:\Users\Admin\AppData\Local\Temp\WXU1EE8.tmp\resources\ux\EULA\EULA_en-gb.htm

MD5 31a548cd6e0569db0d8d5a766ea2c003
SHA1 eca3cba694915df5dddd95790eacc20dda1fdacf
SHA256 74a5b919aab524487a9a6b55a2de78d133e8e16c00367a82002d6c9a55d9d34a
SHA512 1cb8910b557550b5db5cc46ac325b0924cef6915e30b4daa33975f21d02d521cb0bf8c53723e03bc875928bfb5b30d8f6013d1c5887013fa6b3db084075d7561

C:\Users\Admin\AppData\Local\Temp\WXU1EE8.tmp\resources\ux\EULA\EULA_fr-ca.htm

MD5 93246f9e40f56dd432768a4b525ac39f
SHA1 9bdd2cc9209ac9520d8ac78f21fdb69b045c4cbe
SHA256 921b5d35eaa56c62640a4bf37d131fbe8c73deb2d189d01ccce4a451d90759d9
SHA512 14b66b268d84e5f90523cffb8a5608c05e928a4e791e61543efcb4897528e40c936c1b54288a93494e9e88c17f1b6343bcf99612bb44bfc5cfc2926d4037f4d8

C:\Users\Admin\AppData\Local\Temp\WXU1EE8.tmp\resources\ux\Microsoft.WinJS\css\oobe-desktop.css

MD5 5ad8ceea06e280b9b42e1b8df4b8b407
SHA1 693ea7ac3f9fed186e0165e7667d2c41376c5d61
SHA256 03a724309e738786023766fde298d17b6ccfcc3d2dbbf5c41725cf93eb891feb
SHA512 1694fa3b9102771eef8a42b367d076c691b002de81eb4334ac6bd7befde747b168e7ed8f94f1c8f8877280f51c44adb69947fc1d899943d25b679a1be71dec84

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\Downloader.dll

MD5 159fd8a9bc26e44e0bf5a9a11efd8893
SHA1 41f778d6732157350d826bc7020739650333b1c6
SHA256 73a9a0e3bbcd078cc7241ff67360c9583e42d592207f488248bca469e3c2eb7e
SHA512 231f45dead7cba14d40f34b340b00f516facf08f52d177bc16a06ba2ed40292dbfb84725c7c0b47bdea04c3d570ba055e9a7d5090214ff1b25c6384be8fd91bf

C:\Program Files (x86)\WindowsInstallationAssistant\downloader.dll

MD5 159fd8a9bc26e44e0bf5a9a11efd8893
SHA1 41f778d6732157350d826bc7020739650333b1c6
SHA256 73a9a0e3bbcd078cc7241ff67360c9583e42d592207f488248bca469e3c2eb7e
SHA512 231f45dead7cba14d40f34b340b00f516facf08f52d177bc16a06ba2ed40292dbfb84725c7c0b47bdea04c3d570ba055e9a7d5090214ff1b25c6384be8fd91bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f89e192ff8fddf9d90911942c184a5d
SHA1 88168c05e15710709f58e01d3335701696f5d86f
SHA256 4b25e03b6c9fd4eae2cf46f9b99c78f09e3073e63d5f4b69d6d7f2737ef11359
SHA512 d615d0d586b0de437725a1122db00b6bc2e6a753116685269f3ecc7d86af19ab682cd3bc0b66a1fdce4f94b848c6e4b60a2dc2727c8ed4349a18e93967907933

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default_sunvalley.htm

MD5 66b63e270cc9186f7186b316606f541f
SHA1 35468eeefc8d878f843bbf0bb0b4b1d43b843cdf
SHA256 00f8f3e4534146858326d6d2524f3360dfc9e5d149e207d61cabac17ad7a5f9f
SHA512 b9d1b4b201cabf087a44d958584ecb1c110807b9bd9865f1e76bf9d989d7d000ee84f07558bcae5e05d11f7121fe2c402fcf916b00ff5d8eac7eaf05e21a29f2

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css

MD5 7f5fcac447cc2150ac90020f8dc8c98b
SHA1 5710398d65fba59bd91d603fc340bf2a101df40a
SHA256 453d8ca4f52fb8fd40d5b4596596911b9fb0794bb89fbf9b60dc27af3eaa2850
SHA512 b9fb315fdcf93d028423f49438b1eff40216b377d8c3bc866a20914c17e00bef58a18228bebb8b33c8a64fcaaa34bee84064bb24a525b4c9ac2f26e384edb1ff

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\loading.gif

MD5 1a276cb116bdece96adf8e32c4af4fee
SHA1 6bc30738fcd0c04370436f4d3340d460d25b788f
SHA256 9d9a156c6ca2929f0f22c310260723e28428cb38995c0f940f2617b25e15b618
SHA512 5b515b5975fda333a6d9ca0e7de81dbc70311f4ecd8be22770d31c5f159807f653c87acf9df4a72b2d0664f0ef3141088de7f5aa12efc6307715c1c31ba55bb6

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\logo.png

MD5 afeed45df4d74d93c260a86e71e09102
SHA1 2cc520e3d23f6b371c288645649a482a5db7ccd9
SHA256 f5fb1e3a7bca4e2778903e8299c63ab34894e810a174b0143b79183c0fa5072f
SHA512 778a6c494eab333c5bb00905adf556c019160c5ab858415c1dd918933f494faf3650e60845d557171c6e1370bcff687672d5af0f647302867b449a2cff9b925d

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA.css

MD5 b81d1e97c529ac3d7f5a699afce27080
SHA1 0a981264db289afd71695b4d6849672187e8120f
SHA256 35c6e30c7954f7e4b806c883576218621e2620166c8940701b33157bdd0ba225
SHA512 e5a8c95d0e9f7464f7bd908cf2f76c89100e69d9bc2e9354c0519bf7da15c5665b3ed97cd676d960d48c024993de0e9eb6683352d902eb86b8af68692334e607

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4795700ac928fd604c242858a81b35d
SHA1 85739a2eb48018de9fb0e484213d91bd369b9e79
SHA256 22fb9d7d98daad3816bdbf62a7275c943317e30bd2410c82d239f303ec44c040
SHA512 08d2a270c48ac03808ad79c0b5355e0e2d5846badd6b5d9fbbdb2fdf98589220ee4cf82b3e49b78dccfe0e1ba49353ca8868391ee36e4df07b2811c7cc39abbd

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-us.htm

MD5 31a548cd6e0569db0d8d5a766ea2c003
SHA1 eca3cba694915df5dddd95790eacc20dda1fdacf
SHA256 74a5b919aab524487a9a6b55a2de78d133e8e16c00367a82002d6c9a55d9d34a
SHA512 1cb8910b557550b5db5cc46ac325b0924cef6915e30b4daa33975f21d02d521cb0bf8c53723e03bc875928bfb5b30d8f6013d1c5887013fa6b3db084075d7561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ebd18057043b61cbe82096dff0deff7b
SHA1 fb26fb6f64015604965e337ce43cfcd138811a4d
SHA256 fc0f360ae771cd56bc3716e1fd44c6253a302720139b132fb40b8c8fb647f451
SHA512 743618ac059cc932e15c9ac5054ea11ac9c557d006e14eefa84defe355c2dbbc3bc43177fd2b9075445f4706bf6ca47fc285dfa520f95d37f63de73fe912b733

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3092cd802df7f7b20c137d072b602dba
SHA1 ea86c589aedf094f7d02e815333dc890ed896b80
SHA256 8a5cd7ef22ab34347bc0fdd27f25d4b2a4673ad8433c1ae0e22a5b69286f7563
SHA512 31c577c46e59b56f433d02790e4ebda464b9f441b9ad9ac1a41f901d3b0bd89cf97a5b2cb5078497791cf9525941ce39ee2dfdf6d1bad7629f35ee74149205aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e6b22a8dbb5bee83071b5225d8eee776
SHA1 9406304754c9baf3075266197af5be2f434b77a6
SHA256 5036e84cfd063801941a651dd827e992737159b66a0d83ab4b1a8a042db2cb4b
SHA512 e3a02078d8b60973860b7ffcb612a0fc38f5729b627384c043c3d068fc4ccf30386ef40a998ebdc9941e3f2f2a8cc171c799c67a9876e095042ab9b4e251df88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b080e39b0dfa36e6114396f06e841ca7
SHA1 a8ee1fe3cce99f6f7610bac9a252b6bc7a2a5400
SHA256 955cc2d65417655369084a43527a84241c5adcc03f34c14e6c5329266568fd6d
SHA512 8e34cc838eab9c480ac6a3f3b828770378e0392802fd4c7b86cdf9fb05645934739c78ca209a3708b58f57d884e063895f6d0fb16137aad0123985f1f9e0b1c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f280e817d48c88149fbfbbd1e235fc70
SHA1 2c1a68ab38adb56ee5fbda4ec05b0bb0199ff2fe
SHA256 2fc77564179b8a06de85301fd8c1cb8100fddca7a0ddc794a26bf7e2664f00d6
SHA512 1db876d1b37b30932872cc85d37853efe2eff6d56261525f0e34ee68b9c2477887f54719ba81f9c6783da03cd24b27182bb5aae8ea14d00552f3b70958ff2f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 644cbc215385c73efde49abe27d1fdc2
SHA1 ecf7e4afc65150285eb25953891e76af24b1e8ff
SHA256 0bdea68b45114d15802a9a0eb161c8f2443d1f5c3ae4e4f11edf18c0577f5167
SHA512 dd988a3ac5029b1ce0ffb46b06d2122ff3f1d82e17e8b35a12d68c93e44c71bf6a49f91a4ba8139265a653da76648320c390482bb51633dee6fa3c9a560d0ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9fcd9c9144d87ee1d83549a88bc09989
SHA1 920091903e73db9d550290ebcaa8322d2f34fbd9
SHA256 e63f4d56c6ae833e097cae1874f15ebf31d9e1d57b2508a91b82f436da33f73d
SHA512 a3e4f22f8aea992fa83e97e35ca58425b1344aefe5773179be2c31c09ea62a1394315426578f63e9442c3757bdca26315c172893edd2ae983c0029851d21799a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 569c8aa0c46cda0676861fe59d7c2fa2
SHA1 bf3eada6564d0e2f5dd468065750e46194f5d8c3
SHA256 e769d5bfaaa1119cef4029b087cd68891c5aacff9bc111472a5d10c7b4d37c66
SHA512 48cf8c30f0b992d604e8fcf6bcda0934dde10913c878c37a2d58f897587f75e0ec3f57462bc195480978a30626640eb4b7a297abafd3cf534df7411b256b9969

C:\Users\Admin\Downloads\Windows11InstallationAssistant (1).exe

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\GetCurrentDeploy.dll

MD5 18b0d840164b27027c866eade53c28d0
SHA1 c887a2ceb880d84ec37575ce6cb45215b7b58380
SHA256 38b2c4893db049c4adf1ad832de388a155f0c035ee88189b9fa15127fa03d2cb
SHA512 79d2c1e75375b7fb2d842bfe3d72e540029c40f0463d7a1d29105fd12a7ca485e9272390652168b1dcd69f084652c23a0048460db7ca9de95c4fdfe49a80cd1d

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\ESDHelper.dll

MD5 ad9484de01706d3b236fadbc8eff803c
SHA1 2922f480a8bdd979e23738207b47835d9902f60b
SHA256 d6252511be77f3bc936e35c7c437772ca5e628c7989974dcdd295d353d288c9a
SHA512 5c79588e79170ade809d5f804ea601b1ec4a6e36f62771c5270c547d09e73f2be8721ed22c4d1d5eddbbb4ece9b7fbffe4b1aba6fc435b9ff4a667a16902173e

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\GetCurrentRollback.EXE

MD5 4e0415184e1a4a934a2dc3037e1b61a3
SHA1 8648f037e989957c5cc47ea661c29e2268bf42b0
SHA256 2f90c5a254ab9f2f8d2c32e5f524c83f7499327fb9168e4b4dd2f13492259a61
SHA512 ca48dedd259b0122be5e491ec9776677c2960a3d5dbd9270d3d3088d4de5f2db012948420ecbce2b1ab09346add8381b2cc5e64d3f2599f1cfd4472dae7c7ff8

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\downloader.dll

MD5 159fd8a9bc26e44e0bf5a9a11efd8893
SHA1 41f778d6732157350d826bc7020739650333b1c6
SHA256 73a9a0e3bbcd078cc7241ff67360c9583e42d592207f488248bca469e3c2eb7e
SHA512 231f45dead7cba14d40f34b340b00f516facf08f52d177bc16a06ba2ed40292dbfb84725c7c0b47bdea04c3d570ba055e9a7d5090214ff1b25c6384be8fd91bf

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\GetCurrentOOBE.dll

MD5 8925477d14920763cad40ac6c03a7a89
SHA1 23101f26f7bf55cd2c54fe076ea7b8c9b978efeb
SHA256 6242ecc859f27fb4df983de6fb4ae6af98ff408e07653303bebdf7ffc02aebd9
SHA512 0124cf8f251a32ac6db06ff77d3397abf69ea1d6c1fc3b4bbf7621e3fc834ac85b2de7c58583e77ee17fe38c603f750ff252a307ebd5f11ec748e6539e0938e9

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\WinDlp.dll

MD5 6657646bb4d60bbc72612cb6c7267e22
SHA1 8fbb9b0a39dd0e4224a17c6f08fa3ec398165ed9
SHA256 346bb0cc4edc96345feabb39c78acd813b7ede743705a42753218cf94f8faeb4
SHA512 ccbb34db8b0886d2930ad0a710947cdd2c5c4cb489bdd81936acb637674df5784e918d7137edc81ea8b788c5e112d0dcf10f06f09e06268d0741427f1f042817

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\eula.css

MD5 b81d1e97c529ac3d7f5a699afce27080
SHA1 0a981264db289afd71695b4d6849672187e8120f
SHA256 35c6e30c7954f7e4b806c883576218621e2620166c8940701b33157bdd0ba225
SHA512 e5a8c95d0e9f7464f7bd908cf2f76c89100e69d9bc2e9354c0519bf7da15c5665b3ed97cd676d960d48c024993de0e9eb6683352d902eb86b8af68692334e607

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\loading.gif

MD5 1a276cb116bdece96adf8e32c4af4fee
SHA1 6bc30738fcd0c04370436f4d3340d460d25b788f
SHA256 9d9a156c6ca2929f0f22c310260723e28428cb38995c0f940f2617b25e15b618
SHA512 5b515b5975fda333a6d9ca0e7de81dbc70311f4ecd8be22770d31c5f159807f653c87acf9df4a72b2d0664f0ef3141088de7f5aa12efc6307715c1c31ba55bb6

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\default_sunvalley.htm

MD5 66b63e270cc9186f7186b316606f541f
SHA1 35468eeefc8d878f843bbf0bb0b4b1d43b843cdf
SHA256 00f8f3e4534146858326d6d2524f3360dfc9e5d149e207d61cabac17ad7a5f9f
SHA512 b9d1b4b201cabf087a44d958584ecb1c110807b9bd9865f1e76bf9d989d7d000ee84f07558bcae5e05d11f7121fe2c402fcf916b00ff5d8eac7eaf05e21a29f2

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\default.css

MD5 7f5fcac447cc2150ac90020f8dc8c98b
SHA1 5710398d65fba59bd91d603fc340bf2a101df40a
SHA256 453d8ca4f52fb8fd40d5b4596596911b9fb0794bb89fbf9b60dc27af3eaa2850
SHA512 b9fb315fdcf93d028423f49438b1eff40216b377d8c3bc866a20914c17e00bef58a18228bebb8b33c8a64fcaaa34bee84064bb24a525b4c9ac2f26e384edb1ff

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\logo.png

MD5 afeed45df4d74d93c260a86e71e09102
SHA1 2cc520e3d23f6b371c288645649a482a5db7ccd9
SHA256 f5fb1e3a7bca4e2778903e8299c63ab34894e810a174b0143b79183c0fa5072f
SHA512 778a6c494eab333c5bb00905adf556c019160c5ab858415c1dd918933f494faf3650e60845d557171c6e1370bcff687672d5af0f647302867b449a2cff9b925d

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\pass.png

MD5 5a7499645619886bfe949250e1807415
SHA1 152295cf08fcf1e21e26f05969cbb02bd22a8af6
SHA256 db27bad6e59128d58031706c83210ae780a9261e01af6fde6323bd30f7a97b12
SHA512 201fc4fa1aa035cf09872d6f335d94c97433b79af343d532d0dd5c6ab6ba60b5a3a3b60f466e2c7107c19e04ffcdfa8a016842b4f29ea3ee6dd3d60304d8d8dc

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ca-es.htm

MD5 4c0efeaffea25de377b48ee8f86781da
SHA1 c7e41ea9306c02544ef0bcf8bbaa7f617eb56afb
SHA256 71d314ac74cc8486cf4fde5312cc086c218a9acf030d56a749b608a877b0fd90
SHA512 012f0796fd88582f2e97e70b63a99b0dac50f6638b3ef5cd333e88989001d51c76f2bddb5882e97be62386edfd533b46a21dd6960ff08217107441fdcd25f612

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_bg-bg.htm

MD5 dfba78b32d5dc75d2dc2f156a1c6864c
SHA1 327371387e62572f65612b511bfb816beb1b68ba
SHA256 e59e2d50e01aebd214c5d4d959bf37752b8ac1f59f5daa55565e777e7b433fb4
SHA512 6e04511079d9719779a84ae66f8d81423434d3adfa8981852135d2e2dc750a3752d2395a265ca2f4569922883322c3d6e52fc077b4f8a0924f4f8aab96cec83a

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_eu-es.htm

MD5 e45b51dbf022de14e6064882f34f35b6
SHA1 e601fb970f20916c6ce9b4dd758b306e4091406a
SHA256 b42b322604f41bbdfb1db3922abe33c5190e932f4945a64df679f622ca044ed9
SHA512 6691ed54c5d2dd981b8726e30bd4816f0571cdd7421bb229d779e5320f6677fb3fda7273becafcf7d8f2e861398881967b84c5f0495204041d70c89a2cc1720e

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_et-ee.htm

MD5 f088e1b116ca0aeea96ae3f4f8b8b374
SHA1 20b9213f4f7b4b003bc9a24ea1b833792cc3dedc
SHA256 9c11757392dab421d70c4c35fa644334a67ca734ed19f215f22c67fa28b54527
SHA512 e0489f017914077616a760d9281d95b0b6ed6c04d545820ecbe02805774095c7048ee42772696334194b2be3f3f66e9f12866df39fe6c0bc48626b64e4984451

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_el-gr.htm

MD5 8648e14abc81eccf024d4c2547aad303
SHA1 edcf96d0b86dc85b6cbbd3e8ecfd090a3a6b79a6
SHA256 11d64e2531d69b054549fdfa847e182d24abf4e45f3cd96c4e21d2bb7797ab1d
SHA512 42ee8f0c5303f08819f9582334f9ac287c6d1f3a1c2869d5c0e3735510f67195990170131f9e996949bf0a186ac4fe70493f60f1695829379366a3257ea7cb00

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_de-de.htm

MD5 26ca26a874bc3f0047c3e9d7f0a6d3b0
SHA1 54cc926da7df4892521e70ff3c9977d025cc0618
SHA256 8fc4257ea2dbfe2d086bc04dd3acc052ebfc3894fdd4ea88f40f82cdf9348b4d
SHA512 a584fb40ecbaa2ca5ca675d6ead277afa13a55a0422d465bd829f2a90255bff92b37fb9c73d3d908aa7ac9221578cba50efbcbdd7ca56ca5f6a15883b617d1d6

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_da-dk.htm

MD5 538476c994c9a3204431693fee49dcc5
SHA1 6361ba4d3be6daeaf01995d08d17a2a3ff64a307
SHA256 ee724892c7e70611d1186ac4235bb6c8002ff213625e06d3319538697632e6e3
SHA512 16aaee9dd4142f9b4970cd4ba12ab0ecc4b26bc07d0f80d4461a8205c473cda35a90d7561478bfa16ab41fc279698a2d156df26862b08a3683c4cda2e22fcdd8

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_cs-cz.htm

MD5 ed5bb6fe2af6a41f2e8281a1f06515ba
SHA1 bba5f1440b38eee04f539b1905ea13fd2ff41d59
SHA256 d2f7539a76cc96f1b18ed4bddf9323bdc5d67e81980e6659cde85a4a82a48c8d
SHA512 e12ca5b1dd7347a7a8150a6eb9faaeaf4190afd3bf0d92c9accb6d6f0110e910eae5fe93859bb9cc2d8a45c8c56ab8ba959b1e6ede1b11d9c14c50f46d2ab3b0

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ar-sa.htm

MD5 ec85cdf5efef8e758d1eeef8b6aa4b79
SHA1 56422ab31793ef09874a3036e05e6cc9e51290e6
SHA256 7ef71194bb12cc2f59e2756fc0cc434b5a0542f1362d64cd8778b3974997bad4
SHA512 b74ed2708181fb344829c19a199d5db1f7052997f26816ca0f5bbba865b3b12ff51b144bec392db3679ef2108d58ac4f886edec7b11ccb892f02e80aa6738d13

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\block.png

MD5 a132f4d4f23f1bc40cfdb88223b1c74a
SHA1 11fc3eea08765c7dfa697cd9cacd18f7a9900181
SHA256 35825ad138cec97d3cff27cd8d139377e6ba4d0a55b473b59fb4f5f4b9508be6
SHA512 c5284f403c6617947545b0282d935d7e3b2ccb30c67d85920907b7cbd00c01e4c560824c3e7d77a51e97a646aff806879f76e418973a66e2fe1086b8288326b3

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\bullet.png

MD5 062f3f1fff1deb4e8abe7a16c8aa6398
SHA1 c943234ce3e553a05be711da23cbafbe459c5988
SHA256 f67ac334038896e37ca126ac4dbd1fff51cd0ffe8c99ed1cb709d64864b72392
SHA512 c6bf7e63476f4ba36aa09a133bff02c6d68503361d9487d598b28a0bda631a496810bb9b0ba8c89efbfe16bb53693a6a81c93da1d00fc923b655a070d5dbdd2d

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\marketing.png

MD5 0968430a52f9f877d83ef2b46b107631
SHA1 c1436477b4ee1ee0b0c81c9036eb228e4038b376
SHA256 b210f3b072c60c2feb959e56c529e24cec77c1fcf933dcadad1f491f974f5e96
SHA512 7a8a15524aecdb48753cc201c215df19bc79950373adc6dd4a8f641e3add53eba31d1309bf671e3b9e696616a3badce65839b211591a2eeebb9306390d81cfcf

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_fi-fi.htm

MD5 c4e80cf089c7b0beaa85ab6f99f640fc
SHA1 c8aa953366b7d101a8155385ebc2345552304ff9
SHA256 625cdff2f256c4107b924bbc05ee9f73a5cd82529b350eda79425991d247ee5d
SHA512 4bf07a9766c9d7152a35fc16ec11cf3b82ef7ec72458a1d17248bcff617ef7675bdffa51bc6832f7bd0a6b291ac95453c3ea402967e7c930d07b488684dda038

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_gl-es.htm

MD5 0c118517aa26d7c2dfca00c04ce3e5cd
SHA1 2282098119082398942e3deb56770fd524e0ccb6
SHA256 c01492508ff5d61a686ba92b189627b32bd5489badafc56bc2014551377b3e6c
SHA512 99dc0793570d5e014efd0d8c0b0b2c8c21375cf735eefd30bfeaa6166d0e71cc2efa8ce473305a955a72faf5e3a5bc83fc9044cd6a21eb592a5ac0e660865f0e

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ja-jp.htm

MD5 d3a300647bef15f4e9eeb3c20c352f3d
SHA1 7652b94b46a052f98aadd6cf2c744a5aa8906649
SHA256 d4bcfac203cca8d8ab60c6a5d26ff218585ed353054bf0d7173d7a5f5c32e944
SHA512 cd09be836d02dfacd99b0541a54df4b590d99745e4fd37e639be7e1c9e5fe99ca308d784852b7bc3c6248a38e3472927c02ac3dfda5c259514d5d99924d7c473

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_it-it.htm

MD5 a8c239facfd21e8335dd61d42925fcde
SHA1 ed1e65cc8a0fe1e09c2d1f160fedd8c3c62e2355
SHA256 08e4c009d7020d4b0d55c464244fe2cbc5fca818913ce674280687960ff02a36
SHA512 f847126e6c991d4a28ac511a3be3041be847d3f6462cd2e900347be8eb95ece5c10b88a95c15bbd0125099a591944328f8a534fb4029d3fbb24330a63bbc6169

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_hu-hu.htm

MD5 98e56640218ee26eda09988453a7a87c
SHA1 c30768c9c508ae6da686959aa5508e3f3b38d343
SHA256 e6a9f3f707922290db92ed4421feb7426dd497de82a103206a3b970d85b26c15
SHA512 52297dc1d5ef648d61c5d774c6d6b704f02f051cf96031d75edab7957b542ba5fa3a5ccc7cf71895a9b923d0b91514425a767470375eacfbe48127e5c8ccb26a

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_hr-hr.htm

MD5 91278abbde88cc27afd111d501e8aaa4
SHA1 73612baf8a2be3c4e4f92830b925c6ceace1ef08
SHA256 d702be16e5041e4f8b02eda15f4d5cd8105f4e74224a10f0a714570d4e23253d
SHA512 a1a97a2cac24c94ffd2586738acbb14ca1529c6fcb8c97f411bf71e4f0b5c92efba955caa9ed2fdd146eb47fb6e8de78b773599a786c6db1086200708a4d1512

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_he-il.htm

MD5 8cb1b3c0cc4d8cc3f46f67f8acc5ea22
SHA1 97c8e41dff9e1316daa30ff0416e4fb18e9c0037
SHA256 b701d15bf41451b18275d1c1f0655b1e3086e7d23e65d909eced6686c3e05653
SHA512 3379b4f65a17fff224458a6e254caa7f55d7411e1b536516d66666ccd7575a1bcd89cd4b18d87644f1c6cd61bdc0c90f326e28304cb446a63c522b66ff1011a2

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ko-kr.htm

MD5 097d508bd86b43df161f024013c01621
SHA1 c23478c4ba6cc27e7a69b5f9fc5ac1ca8d39a68a
SHA256 b0ea3d101ff185c11ede6393e308403ae8555a6c13bc9a81b8ee8200a2711276
SHA512 c8a0029a62bad511bc8fbfc684c8d815b91f7b0fee42ec099afb5869b5a18663db7c8b210a7e46f974b81db07bbb4082966aa199b6ba6d85b241acf0f28427e5

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_nl-nl.htm

MD5 2aade52b30aa7d10640133d0e77452c1
SHA1 40547f365025bdb6711ac15d2204dac0ce5ddfa8
SHA256 c8aa9663e9f533c9b1bdd23ece6452b32322dbe7663e878b16805327a144229f
SHA512 8c994764fc9ea7a1719acd85038d3707f6273663fb52cf39650367f6d73838c05a75709f826c9b34c6fa59759a46f52ad993088085429e80271ac3072f9222a1

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_pl-pl.htm

MD5 2adbbc84f0bd70f0eb64db030b958ee2
SHA1 dcef3e59862b5d397f1c3d91b4d421cc76c9ba58
SHA256 45e1788148d23fcfa10dd50ba7b120f216c54a1962283ccafacf514135eff1cb
SHA512 00984fb3296afcc6385240e870543d54c83c86b9d4f2684ab89f49725c9fe7b7cc1df8d8c978b66b33cd4b84fcc88fe3fe6487ca9c582327cef44fc50897bf8d

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_nb-no.htm

MD5 c8503dfc1997465cdf184044cdb1715b
SHA1 0655bacf0e397eda6fee2ed1bce9c5cc8e1c73b6
SHA256 1480d028a3c35d90d60e521a1e36295beecf93d96cd7ee65502e517ad7da62c3
SHA512 6e6ed75e8c9068e12a57a633a9db144387be4027d89bab52da00091832a70ca0734baf197a881967d64ae9a498160b06e2dc3b6eb594b832bbde37a183b664eb

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_lv-lv.htm

MD5 3b7ce2c465aee004cd1eba73029fe96a
SHA1 88f0c434bdd99bf7ffc5a0e04f514b4be396e584
SHA256 5775c2fb517d5b7794008f6daf83351fd6c2964a056e97d688b089e4f37c80fa
SHA512 22a4040d7c5adee06fb256f83700194eeb2556be473dd344d3a2ce3fee7c8c8402a11c4ce876e9c998ff92d485dbbac3675fd42a983395edbea57b8cbf2f8b9c

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_lt-lt.htm

MD5 2118e67ebabae8525dcdea2b3fb950a4
SHA1 c3f460504dba4a432d27ec270a01edf1d5cbda1c
SHA256 ac89a24d8ddfc22ad0c5bab4bf244c9ef881d014ec745b335f25cf90b94abfb9
SHA512 c597e9f1068f03e02b46343abdf3c93189643b8a9d66170b6d2f5d5570f5f30355dcbb4ac7deb9b6bbb77ca55ee9e0d1a0620c76e0b72bee5959fe056f8d8869

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_pt-br.htm

MD5 dd22e88b9cd6a8694cb929eebb0d2416
SHA1 3eb28edfaa807502527858ec8db68415e1edbce8
SHA256 457b8e2d2e2d93f11f42aa56babf712dca5e9e14c4a10ddb1c4a3886a00651b6
SHA512 d60f3c5b69c25a61aa93110e0317c8b5c24a22afe2ba741685119e9f39b99c20fdba5b758969c0025ac57649c938ad823f895986ef50706e9c92a76f6602de55

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ro-ro.htm

MD5 9135c3ec964cd101711623adfb6c47c7
SHA1 5c634dacaec41e3fe5176082b9e694a1ab151f7d
SHA256 8e3ec1cb7127436744a42fb419b02faec09b0b7da6fc57900b6cafab0984fdd7
SHA512 1391bfa21f0819698a9c5b882e9dfdd31b19efcdc09c346df0382126fe9e832102dd9c423227f4ff99edb7d0bd75e7485d50959449c812028359097e45860c7f

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_sr-latn-rs.htm

MD5 2b699e30c007af4c61c136566d73f5e8
SHA1 16c5bff8c1755ee515ec8b5b760950caad28a98c
SHA256 38f75ee444dc4df500b8581b8e73523765a1c8c5ee7b74bbd5affa3c94dc3f36
SHA512 b7b1af1e9d91b694730e771dd0f9bdef2c19d3b1c7fe69868b038fa7cb765e8b354dd83706fc8c8a1f5641e0f39d33327aa7ab2ab6fc0c45c75e5a2ee1b3872e

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_sl-si.htm

MD5 24bba9e09e794dcd16c03cafb92c20dd
SHA1 26fa2c2b11f3cfe5ef0ea540109b9d0eccd09469
SHA256 df0196dde58ebf045f54005a16bc56907017862fbe0afe48905dc66f267cda95
SHA512 5abd9bfd73c055b4e851e42f5e32a66d149e3e424d74bd71eed1c8809556de2627dc3351473c975e8d935bf8d8e8194b2db643e4f5c86869ea1600a9fbc3eb49

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_sk-sk.htm

MD5 5a7f6f7722fa0f303d4dbae71d235233
SHA1 d970f0f10a3ccea81e58a94031e38a10cf378f2d
SHA256 630c9ee34eea4f3eda37dc50c206759683cdc0d05b4b4c3c7231e4ef1855f607
SHA512 1528c22d94f448f48a9377536a6adb9c79a0bac45d257350ade8cecfd8ad36ed1268b19fb38c1bc4345507eb56640117cc9028fb6a444425b69c86cadb4524d5

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_ru-ru.htm

MD5 d6559b97749db645704cd2c48f183aa6
SHA1 cc0a80e58ff2631301f785a910e14cb228182ed9
SHA256 e52cf2f07ffcbd816400efb4cd33fd303774af67a81118d7c2369aa0e08b13e3
SHA512 c5788723f7a58060582b0d8c36cdecf41bafd3814c9c641b90884e1a0806fbd43b1772034ef83a49ddf36bab0ca666a2a54111c014970bf95407481671a67c9c

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_pt-pt.htm

MD5 851a60b47bc8497914b0a16917f18b91
SHA1 beeaa75e71b48cb9297c581e53661a59bd65dbdd
SHA256 70f56c74c7568079f52f0356ee4e6fbf50faebf2446b5932ff6f3855ba878afb
SHA512 f9516ac10bc16c4a211f81edf99849dba4385bf6277aef64cee15784bac1d07f474b4db20cbc7176b88f1bfa82af8f59751bc8b56f115d0483f053c1fafcc4c8

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_sv-se.htm

MD5 43275290b0f60ba90e8004fc00cf704a
SHA1 7631b42477f3e28c57db3a6cda0e305bde00bbe0
SHA256 80f6bad7f0c179ce2bfc7aec2de5e38d5cd8a9c14f873b301d647135e4fe736f
SHA512 698ddacf6bafe4ffbe7a53e220fe50aec341fb02afa2280b349e6fec882fc92d51b21c3dfd9b937f7a9bb9798dbd6adbe2867d2875cd6bae73a427e5d1952a39

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_th-th.htm

MD5 cee612c510deacf47e6315c497849b63
SHA1 4e3a09823f6eff2d86c3dca66b3a5d7cad290c28
SHA256 c9519097acce2e0f7d89ac7bbb83bce839076aca4f4ab85456a14235468105d2
SHA512 51790c13cd5b922798b64212d7b1d26ea34ad764dca140e5fa4af241f7b0c250e23397e9958f8b74e93d39f336d1611b814c6ec7aad701fc8047caa844f66339

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_germany_region.htm

MD5 a645b63b7ccae182950cf6045f20fdb0
SHA1 25066a2f9b1c3d744057cb946261184790be242c
SHA256 c7ec1d20cc8606944986807b8c1ed2c0b7a2bb904c672315fe49d298eb1ac1a2
SHA512 a799728eec046fd781ab3385bccdb65dc80b8d565e9301bc86c643f049bc4a6b3c763682f6ea91e73ac67f1be5d38794fe807dc44356585b9249db3ce946b9bf

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\Microsoft.WinJS\js\base.js

MD5 221c534deb612992681b0a2fb55bc5ed
SHA1 1ac3eb5a4ea6a0d876f8077e87357fccba472323
SHA256 7b67ab12bd5dcc229ea7f197fcb7723b1c41a517e198fad31020d8fea42e9715
SHA512 c9bd493fad305eb4c881eb6c9aa1daf672ec3531ca4871c44f3383b48389db24232b6dfe35ab6e82a5c8bc1a38f68b57fd30e2fab35bd6237d751285fd74444e

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\Microsoft.WinJS\css\ui-dark.css

MD5 c9674190d140117be506a070c4ef5be2
SHA1 51db8cf46f6ecac6cab85a52402fd66c035e837f
SHA256 1e8e74e5a29f269157c043718b43c10c6f8beb806a6d2b3f3f2dd542731fd196
SHA512 9d41b784a377dc9a1bb61e337ade6acf7f841a672609626697925ace30f8fc574e58ee54388a76b446a84d4ba6de46d72e0b7cad64ada5bf5664c28df09ca585

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_zh-tw.htm

MD5 bd0dcd5267a8fc03c68221bf61bc9dc6
SHA1 17ebc5478392780304e404835f0e048d987a8e56
SHA256 3ff932393a23635727d8894770e62e1d6e81abb679a8c3ec6e6705a768d2e9b5
SHA512 c2d7b0d66488c9cb5282d188ee1c2209c0fbb48663c878e336d629e7c389d87f8e45857d89b699e2ac9bcde8d7d38e59b741f5fcd8b44dfa9389838857aa272c

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_zh-cn.htm

MD5 87d3c94c57ca7dac061d58ec3d27b5ca
SHA1 65e4b24ab2af0e037f0b36127b18c642f33eb89b
SHA256 179050e0fec69952d5d8a2921237b791018d1ef4d9a89644f534d95eb01504ef
SHA512 5f9c9c4a2a65cc083af5f96763aabd9a2ceb297470147c9c9a72b9632eef5521d1b06dd55f9d4133e05d6c43d76d25c82c4852d55938160de78a32ca272a55a1

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_uk-ua.htm

MD5 53b32f37cd7a93f8f969e517bedfa50c
SHA1 0fe48c54692e6ff7c67af23492717efa961cf6f3
SHA256 9ab5a070ec22301749c414d250487799d16a85864142b8e7fc1ad167fd22f393
SHA512 7a5f235632fe4a282536b06cfd76ab060c1471f72a3130a9a785c0865b838cb6a1ba124059e811282a31613b788f8ce2a05a670d5348eaa4300fde299f999bed

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\EULA\EULA_tr-tr.htm

MD5 451c2e3b711883ef376fefc05499f5ee
SHA1 abe0cefe01ed36ca2390c12fde8aa0a3b99c705d
SHA256 17e1d934449fa683ec127a17d526b56cf0676aea8b2ce6bf72571936ec648671
SHA512 ad5c7e32330db02fa3c17c2175631e09763522bfe34e36d231d3f3142bc8076a2e7508084d822602584d56f7b8a425e13bbc759aeacb12aeed6fa7ca2b521f47

C:\Users\Admin\AppData\Local\Temp\WXUE361.tmp\resources\ux\Microsoft.WinJS\js\ui.js

MD5 b02d15ec9159d708837121c9685fa551
SHA1 577edd3d56f6a92d5248b35cd76a442b2c1caf37
SHA256 d23519634fa23488b7151ff1c31cc81e9531033f669d10c119f375198d02e22b
SHA512 60305cd9baa19a7e526f4ee9eac425f17563ab4dda0c861cc163b64495e72b547258ff7e804dd7c9820bd3543b2158109b1f72775096a2ba36ce02ad908f8a0a

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll

MD5 14555f41df6f971982c4706166858f2c
SHA1 6e12567f9356cff0cb93ec09f519d480a8003eb1
SHA256 10212fd4a6fe83017cc7a4dcbf6759f225fd91296b6b46651b281f1c24100682
SHA512 e0acf3a1c45de0f013b1f5226bb21c4b0bd7cbb411b0533c382b1f24a5a93c29fa22851ed5f484c0b90314d1c1b4679b352472f50a0fb5148ffd9fe11ef3b727

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_eu-es.htm

MD5 e45b51dbf022de14e6064882f34f35b6
SHA1 e601fb970f20916c6ce9b4dd758b306e4091406a
SHA256 b42b322604f41bbdfb1db3922abe33c5190e932f4945a64df679f622ca044ed9
SHA512 6691ed54c5d2dd981b8726e30bd4816f0571cdd7421bb229d779e5320f6677fb3fda7273becafcf7d8f2e861398881967b84c5f0495204041d70c89a2cc1720e

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_et-ee.htm

MD5 f088e1b116ca0aeea96ae3f4f8b8b374
SHA1 20b9213f4f7b4b003bc9a24ea1b833792cc3dedc
SHA256 9c11757392dab421d70c4c35fa644334a67ca734ed19f215f22c67fa28b54527
SHA512 e0489f017914077616a760d9281d95b0b6ed6c04d545820ecbe02805774095c7048ee42772696334194b2be3f3f66e9f12866df39fe6c0bc48626b64e4984451

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_es-mx.htm

MD5 4bce0923de384170225f162240731eb9
SHA1 21cfe6b950885981d560002f04ad328fe3797b8e
SHA256 1bd1d819ef445a5b51929b03ce31ccdb697ba862ccbb603d5440fa89fc585238
SHA512 0f2e69e51b28507bf93523dcc8e715dfa3784913f729d242f0efad5e0ce1a3220d80ffe68f47c4de83ff71a0af29225e98ab0c83425ad52db6c41394a8802046

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_es-es.htm

MD5 4bce0923de384170225f162240731eb9
SHA1 21cfe6b950885981d560002f04ad328fe3797b8e
SHA256 1bd1d819ef445a5b51929b03ce31ccdb697ba862ccbb603d5440fa89fc585238
SHA512 0f2e69e51b28507bf93523dcc8e715dfa3784913f729d242f0efad5e0ce1a3220d80ffe68f47c4de83ff71a0af29225e98ab0c83425ad52db6c41394a8802046

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-gb.htm

MD5 31a548cd6e0569db0d8d5a766ea2c003
SHA1 eca3cba694915df5dddd95790eacc20dda1fdacf
SHA256 74a5b919aab524487a9a6b55a2de78d133e8e16c00367a82002d6c9a55d9d34a
SHA512 1cb8910b557550b5db5cc46ac325b0924cef6915e30b4daa33975f21d02d521cb0bf8c53723e03bc875928bfb5b30d8f6013d1c5887013fa6b3db084075d7561

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_el-gr.htm

MD5 8648e14abc81eccf024d4c2547aad303
SHA1 edcf96d0b86dc85b6cbbd3e8ecfd090a3a6b79a6
SHA256 11d64e2531d69b054549fdfa847e182d24abf4e45f3cd96c4e21d2bb7797ab1d
SHA512 42ee8f0c5303f08819f9582334f9ac287c6d1f3a1c2869d5c0e3735510f67195990170131f9e996949bf0a186ac4fe70493f60f1695829379366a3257ea7cb00

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_de-de.htm

MD5 26ca26a874bc3f0047c3e9d7f0a6d3b0
SHA1 54cc926da7df4892521e70ff3c9977d025cc0618
SHA256 8fc4257ea2dbfe2d086bc04dd3acc052ebfc3894fdd4ea88f40f82cdf9348b4d
SHA512 a584fb40ecbaa2ca5ca675d6ead277afa13a55a0422d465bd829f2a90255bff92b37fb9c73d3d908aa7ac9221578cba50efbcbdd7ca56ca5f6a15883b617d1d6

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_da-dk.htm

MD5 538476c994c9a3204431693fee49dcc5
SHA1 6361ba4d3be6daeaf01995d08d17a2a3ff64a307
SHA256 ee724892c7e70611d1186ac4235bb6c8002ff213625e06d3319538697632e6e3
SHA512 16aaee9dd4142f9b4970cd4ba12ab0ecc4b26bc07d0f80d4461a8205c473cda35a90d7561478bfa16ab41fc279698a2d156df26862b08a3683c4cda2e22fcdd8

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_cs-cz.htm

MD5 ed5bb6fe2af6a41f2e8281a1f06515ba
SHA1 bba5f1440b38eee04f539b1905ea13fd2ff41d59
SHA256 d2f7539a76cc96f1b18ed4bddf9323bdc5d67e81980e6659cde85a4a82a48c8d
SHA512 e12ca5b1dd7347a7a8150a6eb9faaeaf4190afd3bf0d92c9accb6d6f0110e910eae5fe93859bb9cc2d8a45c8c56ab8ba959b1e6ede1b11d9c14c50f46d2ab3b0

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ca-es.htm

MD5 4c0efeaffea25de377b48ee8f86781da
SHA1 c7e41ea9306c02544ef0bcf8bbaa7f617eb56afb
SHA256 71d314ac74cc8486cf4fde5312cc086c218a9acf030d56a749b608a877b0fd90
SHA512 012f0796fd88582f2e97e70b63a99b0dac50f6638b3ef5cd333e88989001d51c76f2bddb5882e97be62386edfd533b46a21dd6960ff08217107441fdcd25f612

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_bg-bg.htm

MD5 dfba78b32d5dc75d2dc2f156a1c6864c
SHA1 327371387e62572f65612b511bfb816beb1b68ba
SHA256 e59e2d50e01aebd214c5d4d959bf37752b8ac1f59f5daa55565e777e7b433fb4
SHA512 6e04511079d9719779a84ae66f8d81423434d3adfa8981852135d2e2dc750a3752d2395a265ca2f4569922883322c3d6e52fc077b4f8a0924f4f8aab96cec83a

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_ar-sa.htm

MD5 ec85cdf5efef8e758d1eeef8b6aa4b79
SHA1 56422ab31793ef09874a3036e05e6cc9e51290e6
SHA256 7ef71194bb12cc2f59e2756fc0cc434b5a0542f1362d64cd8778b3974997bad4
SHA512 b74ed2708181fb344829c19a199d5db1f7052997f26816ca0f5bbba865b3b12ff51b144bec392db3679ef2108d58ac4f886edec7b11ccb892f02e80aa6738d13

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\bullet.png

MD5 062f3f1fff1deb4e8abe7a16c8aa6398
SHA1 c943234ce3e553a05be711da23cbafbe459c5988
SHA256 f67ac334038896e37ca126ac4dbd1fff51cd0ffe8c99ed1cb709d64864b72392
SHA512 c6bf7e63476f4ba36aa09a133bff02c6d68503361d9487d598b28a0bda631a496810bb9b0ba8c89efbfe16bb53693a6a81c93da1d00fc923b655a070d5dbdd2d

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\resources\ux\block.png

MD5 a132f4d4f23f1bc40cfdb88223b1c74a
SHA1 11fc3eea08765c7dfa697cd9cacd18f7a9900181
SHA256 35825ad138cec97d3cff27cd8d139377e6ba4d0a55b473b59fb4f5f4b9508be6
SHA512 c5284f403c6617947545b0282d935d7e3b2ccb30c67d85920907b7cbd00c01e4c560824c3e7d77a51e97a646aff806879f76e418973a66e2fe1086b8288326b3

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\GetCurrentRollback.EXE

MD5 4e0415184e1a4a934a2dc3037e1b61a3
SHA1 8648f037e989957c5cc47ea661c29e2268bf42b0
SHA256 2f90c5a254ab9f2f8d2c32e5f524c83f7499327fb9168e4b4dd2f13492259a61
SHA512 ca48dedd259b0122be5e491ec9776677c2960a3d5dbd9270d3d3088d4de5f2db012948420ecbce2b1ab09346add8381b2cc5e64d3f2599f1cfd4472dae7c7ff8

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\GetCurrentOOBE.dll

MD5 8925477d14920763cad40ac6c03a7a89
SHA1 23101f26f7bf55cd2c54fe076ea7b8c9b978efeb
SHA256 6242ecc859f27fb4df983de6fb4ae6af98ff408e07653303bebdf7ffc02aebd9
SHA512 0124cf8f251a32ac6db06ff77d3397abf69ea1d6c1fc3b4bbf7621e3fc834ac85b2de7c58583e77ee17fe38c603f750ff252a307ebd5f11ec748e6539e0938e9

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\GetCurrentDeploy.dll

MD5 18b0d840164b27027c866eade53c28d0
SHA1 c887a2ceb880d84ec37575ce6cb45215b7b58380
SHA256 38b2c4893db049c4adf1ad832de388a155f0c035ee88189b9fa15127fa03d2cb
SHA512 79d2c1e75375b7fb2d842bfe3d72e540029c40f0463d7a1d29105fd12a7ca485e9272390652168b1dcd69f084652c23a0048460db7ca9de95c4fdfe49a80cd1d

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\ESDHelper.dll

MD5 ad9484de01706d3b236fadbc8eff803c
SHA1 2922f480a8bdd979e23738207b47835d9902f60b
SHA256 d6252511be77f3bc936e35c7c437772ca5e628c7989974dcdd295d353d288c9a
SHA512 5c79588e79170ade809d5f804ea601b1ec4a6e36f62771c5270c547d09e73f2be8721ed22c4d1d5eddbbb4ece9b7fbffe4b1aba6fc435b9ff4a667a16902173e

\??\Volume{99926f1d-0000-0000-0000-d01200000000}\Program Files (x86)\WindowsInstallationAssistant\Configuration.ini

MD5 8ea6d70b9d4e1a3347c1ac114a75e3fd
SHA1 9c70bd5003083d66910db426b470bff37ab73adc
SHA256 a1f31108b2e7a3afd0939d9c040d5d61ccf253730b2fbb8ac4d8c8cacae21700
SHA512 ef8d4da971e49fd9f82c363d652d37adba7241b54ec878533705d973a57ca30673a0d59fee24402fc9e76025cbe8c74f17c3b1b5f02c59e1a473ed5c1ecc2564

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp

MD5 d67da358293c516e7493bb13ce1ee820
SHA1 4fa9277fedbc46b73d398e164ad8e4ea2e20a5aa
SHA256 d7d64c415ced847ecf89f6a15a4f03632c42ea4e4444a48130711b04b4b6f4bc
SHA512 cd86047f3a7fcf0e1fc3e43ca843da3fcc89c2d8c2472580a6d38240cc09c69312429da5e6e7d1833a299f193bd7b76696580631189ad4ad247a5c9629a7841e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js

MD5 c9343b06b278eaeb3fcf4591ed7d2756
SHA1 b78b8692bde1e10b18206f6dbf1e049246e2532a
SHA256 ae425d199d8b88f57c2f98f8fb7aecc0de7066db1834bf21286f4ab6b99d92ed
SHA512 db5a517c3fd606c8c7311cb2da670c0eb69582dc2481fc6590d280778fd5345df9820c74ce06ded622f4c72dbc126a1c37fbd552974acc1cfcaf07c119664546

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js

MD5 963c2c18644d0dbfd7910dca6908760b
SHA1 7e77bac3fe47b1cee0d99053aa87f6c785f7b520
SHA256 60dd771b060eb905858ffbb2adfd1a7490550a28097036793cea637672da43ed
SHA512 f9b5b8875e1567eb2dbcf600bca1fdf4ea546206f81ef668743a4ffd65afa93d14c9e24e2d291de1f2fde91c7338e427d67a0e3bb080419a164b567fa23b3994

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e1da1c3a6ab764264f0810e99dd54376
SHA1 a75a36ca9cea8276dfa6b6e659bcd99f637427f3
SHA256 8a319a29bf9433611e819fb6731c053b0e0a45204697067e8745f33b0ba3c816
SHA512 d675b63d78afcc29703ecc13601ce8774d515df506998b4be540303751c3c4cfca6c37b177ba1903186ec0601e863f2f07429e7729999ec5c383408acd386ecf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\A9CA0F34FE8F2EAE25AE0E3E4C73E8261C752344

MD5 bb98a3e0eead59878b93335e7bdb920c
SHA1 df52452b836dd38909817583effda92f8de10815
SHA256 038e1f25995824204c23ec6697b5c3131dad87982d82f35cf68f99af67d9e52b
SHA512 8aa664bfa1e5b92383b80f368251462ddbcdd6df01868a0307cb6217a247fd8df477c7b9f32367bd907f6a03d81cdeca6e1e154833e5ad73770ddc252b4024e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3655ef7ddb9818d098700cdfdc9728f1
SHA1 207445dc612b009a28f91e0b26794353f260beb9
SHA256 e8abe4ac8ac7109f2f2b12e2e4b7f815b5595b19e7c40f6fc79e55c814eeca1d
SHA512 f67ca6114d66d059dff259d7a6bf3fc883e59f68525bd0faba1cbf2bd6f76f096ea3fd1f59d79a912d2615389a21739ad133b5d3f0e5708e516693831061db32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 70b6c3423f0751646db0e767a0aa45f3
SHA1 8e9331a56d6ac8652b9580dd2cc04cf2427c9c51
SHA256 d52e521f8bb57007c1660114d22cb64bdda10bdc96b1e6dac0e51f118be099c9
SHA512 7c2118d9a30ce86a2a399d92373457161eb8824515ca92bad3ad857212a596cedad7ba2c5b47e89b7147d7a184ab92552e9f758807217f60c54f4966ca66bab8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore.jsonlz4

MD5 56d62f1f593e64c1157988a3a0223e8c
SHA1 0f399f37b46876e3a54784aad73c2a5d32f1bb35
SHA256 b4cda043ae171c24efbebf05c8635ec28e73bc5910fc9bdc0ca62c583296edc6
SHA512 02697c81c69699d7d53135509fa36068f309b850128c87768892d13be10df66a3081b87c0a61f17c33bbecd05d85c2c5d0e9407c8f3ffefa50d572147fc78637

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c7a33b9876cab748a5a981036219c054
SHA1 60bfb76b9f629ede1406ca333b4c237343f2084e
SHA256 960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184
SHA512 cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af7684d1df2b0e58d0379ef21981d6a6
SHA1 e252713e1435d1dbeb0f23b6a4ce7a24dc3ab6fb
SHA256 a299649e082af6fab1f6f4fd4fb5f72b67b69193b73692cc8040bf82e7d3c8e9
SHA512 ad03685fb9a2457b469100f4065e58f89b0d81d25864ab7be72fbb09d4721a2341315f431e2c42d9e385863d413c116972098d30bccb7999aaa3afa116b9978a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39db143955f0b98b678ec780da1b31cf
SHA1 a29843cf9a49db0d871abe8726de2f8710664729
SHA256 9a6af6e9a8197beeaed29cc63335ff8bdcde8606af712d40b162f278f0d1e043
SHA512 b3589890a29d9893674e3ad8c176ed0c1cb4db294543d070389d045abd13000da8ed8b646e49c1bd26ee19f2ed5247013cd51f886a666040c4ebd51392152ac8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ef72b87369a90400ecc68953b0dfc76
SHA1 b729e164a54859ab6e47fc5ef1b623381afb681b
SHA256 4e50f270e7a23a01f88247807ed7349e6d4506d599b051fbf444678ce1033c7e
SHA512 6550652169dcbe3adfc7e35493928d4748f57fcfa660bc75cf6ed12f0f991e9d4d501dab4b18097fc25f507e5a822de1cd1697d462ce77bd4871818ca76ed66a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5673707a56792861ec941cc4666d1b9f
SHA1 5503cc7060574ddc2425b974cada483b9e596725
SHA256 2da00642d3d0f9f522fe080ec49400316a10c24a462483d51f07b4b848704cfb
SHA512 eb129b677542e215abcbb8e694fc66144a04121b11462c32572635bcf9d2bebac2516351928aafadef98a75220d3ea59f31b778b79f429771676e26fc428b749

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 46bb73bc85b34a83183395ab26dfb369
SHA1 24afa34edcaea8f7012bb7e5a9a4aefe56d0f420
SHA256 9d0a64b9ea128839352e52e59baf1cd757430b93bf0b550513d508f3b44b2f8d
SHA512 44ccdf66bcbfcfa93e65838770757f33012798fa86622ecf95b17c7e59cad0e1730cbd8e11ae19e34d024a1e556596e9d63a1cf11d6c0000c74844243426cbdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5bbafe273a828a4485a66ec54ce88b8
SHA1 f41d766f2597210c14886b11415ff5366d64ecca
SHA256 0a65090604838c22e211b2c8372c2761f8f8cb8e7589d164a664b7206b9dc0f8
SHA512 6df5bd7c7bf6e2820475e2185b635f60094462628b36cf2ca61775013c95e353b341031bb5edb25a9420b477d12393941c304bdd1d14991562ba9db7a2b96f52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 131c32715494f3d2c9569952aacee889
SHA1 0e17ba9bc592cea7bcb95437c4ef991edc25c2fc
SHA256 a10d249081838107933d89c014a1a23f4bcdd6f46022744d3dbf71c74c056db5
SHA512 5afd49800e4151e4599b52be637bf189efca2e74c1c9ec1ac62df57525c0d283c1535802a893ea31f25449a467abf1a09b503d3d5765a00656c459bc9db83f01

C:\Users\Admin\Downloads\Unconfirmed 756287.crdownload

MD5 aa2ad37bb74c05a49417e3d2f1bd89ce
SHA1 1bf5f814ffe801b4e6f118e829c0d2821d78a60a
SHA256 690c8a63769d444fad47b7ddecee7f24c9333aa735d0bd46587d0df5cf15cde5
SHA512 fab34ccbefbcdcec8f823840c16ae564812d0e063319c4eb4cc1112cf775b8764fea59d0bbafd4774d84b56e08c24056fa96f27425c4060e12eb547c2ae086cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c9d7d9b2-0ed6-40da-9339-4738bb1413b5.tmp

MD5 99f2a6fe779bef005f9d0ab0d74a3809
SHA1 490214c482595429f177491f9608dc7edc59bd89
SHA256 1eef04903d7b443545ea6dd6af6592c844dd16b45a5ab82a056cafbb40def182
SHA512 480e4b6c794111a53da61e7f51c57af1735b30434ea1198940607d710e064caeb698a38cf3ae9b0aa07ca232242c3387c383384c5c76d8aaf2fd6cab7eeaa863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63a25ea971064cf416e1994d94e30454
SHA1 e85c89557d980912fc687aaf211a68a5e6d95e15
SHA256 e68ca507f96d1ea3ae39ff92e43301ab71a942b2fffb32b6e7e28083eb9144ed
SHA512 b254ff7fc9e1a8c3a22bb753de2f55d6be8c6f560dfdcaabfc89160665815cc4837f6b597bd9ead91ec885bcee1a680937810e8af46c9cc24e06f5fefb2004a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d7e38bb8b45090155281820412323f3b
SHA1 fd5259329b8c604fa801374fcc1934cda394493c
SHA256 d013faf7015edf400be37018db53ad04af3e7cfb40091328fbb0f016994e1b2c
SHA512 2126e1c99243173d3910873bb6230e7a82dad35e497b1b0dc1f41369a10d14c9f66ac9dca9580438db2e6ad9d436873fa49b233f38e9bc007dd2bb676a9323bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 b51cd25f5df4d2f99d876051922b0045
SHA1 474caa81e36b4e29dc87554bc8686c50a4fe859d
SHA256 65e4a299d4f422b828b239b8344d11289600c89745f05a2e36a9befb3179aca0
SHA512 1cd5900c27b1ba5bd43fa6d2bc5c874af7310b9e7444a381f7ec815b99145dbad83f4362d267649df8464f6289333e10a6557de1c9c7d837afc495fc047eb000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 438d99fea4932ea1fc763b647853d1fb
SHA1 48c5c7d6c71ef140ed4c84cda82da40a76fcb579
SHA256 8bd123bedaa8734ca3ba2a6a16b462b045e5a6d1b6a4718b5ff495663e87ebcd
SHA512 4ce4110e865d87ab0cdc8e973cff53931f26e780eaab96eb923c20689ccc5f8f04d3ddf58de93180b78de8c6ee97424d66d64d8ff01a29a58e7bd3d44705445f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 97b7b72567d7953b93e6babe3718972a
SHA1 f38741b9a94000dcd94805a4f2e88a35380ea68b
SHA256 f00bf43aaef6eb4aac6445ed71743bbb43b4c69bf750c9aa2f2e4f7499bc0fd5
SHA512 376776e3dd9a7f20eab469cec58924f52435c7fb47faf201f9f4c83c8bafafe0be078ed24d7c80584f7bdc21d8f82662508179d4aeab6a8d882ba48ba19e2923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cce9ba101d7ad09216d6c02916aa1a75
SHA1 d2423d53910168dda4c89ea4b818597d1d448f19
SHA256 59aee383035cfb4870701b6191214d559ba5c34ddb1cfe0c0ab5b8f0fc68da38
SHA512 4d140e446437992606102bb60c5208a5929a65ff9e450175d1de1a155bc72f0ec52a4aaf848e3bf9c8c24eb546994992b3de7a57ee2bb59d7df87c03e9fd7247

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 4ed75fe8796aa0cd470d6cfde955c45b
SHA1 3fc2f7ff0f309edbd85efdeb025c621229d7b1a4
SHA256 7379a5a6f8c257a60e505e1b2155cbe29c0e2ae5fba4041a169b73cc6a6bef36
SHA512 004b4736d1657260b7cfd37b24d4f53fa99ac0015fc203b09abdbe89c1944e49fb429fa6b679ef3ed9133d5e4c41a9c135f7d4495340fbceee851203e5e033a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old

MD5 c6c42f6c51c7a565f047c06cca896dae
SHA1 2f04a50a293b499a2812977ea6e46b28dbae5b8e
SHA256 b6af089b1f388beef640e20f699e06c0c2f3f47ef072fd63065657bd3113d633
SHA512 79bf742626a2213b27a1fd2f9104222abbf879c3896a268570dac0629c13e4bff88cc08b08da6b754fbacb910dd467be636ed8573bd42ae340fa842d86015a09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_h.online-metrix.net_0.indexeddb.leveldb\LOG.old

MD5 7718076782dfc22edaabe3f6f7324d94
SHA1 b280f9b849ad7acc028446cc164458a4d2b87b66
SHA256 b8ae8165375865ee1efe9aa355ea57b82975d83b28102540a9c208478d495aea
SHA512 2bbd0059c19abaa0e9dc1c77a640a699414f70e2a403a108699f8989ab49353d17ae099e3377bef164b6f0b03bfead6d13751076c9a170c7d57843b0e63a5248

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old

MD5 96b4a2597342e6e73f2edde7ea716c08
SHA1 c494c07df4b0760e86ca9c776540b9fa50132190
SHA256 7d2e17bbbe23f0e31da9345851a068575b4c5851698bd5f9d1ec88f48c04a71a
SHA512 60a6d7b2edfbb7365bcd0ff93b37581945f5ef431760c3fed856ce926d4cf28b2bddce1fe6de6d1f5584323f55286e9ba02eda7013faf6ecd71627af9ebf8061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 72ecd51dc068fea78bfb10f47bd4dd00
SHA1 e2586b91c13e25342e8a5a2b43fc9c3c3ce29bb3
SHA256 eb89b954607c068d024a1ce9bd4504a30bdb969ea8fb5d012d9297e7ff4b6b4c
SHA512 1f9eaf621c179735005233498c598bcc084aeeb8fe65fcdbdf6a3601e195e6b4fc18568948412ba817213cf5e3d0ddd44585f14cb4fc96c7660c28d2dc59203e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c945c404cfe7027ba6824dc6b5ea9bfd
SHA1 0bb6ce44c546ae1e30df426f4b6e8c6591b7cf8c
SHA256 797a5d00e25834dcf43bb4b59864eba48c6a87472d8ad562872862cb1e936ec0
SHA512 b4ae7f0ef1a150441015d1d64f2c4f1c239646c56f223973f94c81ad454686b259f60fa5225cbb6120ff509d0608645671ab3e44621b872ddabc1a7458693216

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 7e55fcfcc6183871cd258af652c7bade
SHA1 8d3ec70616c1ccbf645a50285f1c74b87a11c078
SHA256 a4c23d5e830aec16c7eea459c2f7f3593651e7c898e43031449842c5b4a8d0d1
SHA512 2b62f0f6633088c122529b8ba1324065dc582c16bf925172969a3274cb8ec8abf61cef647195394147262bcac6db2c99ef1d3d81d12d566a8e69ccbc11bf821b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2183eea95eea159eb1e3cd62ee38677d
SHA1 760bed1599e2c033d4feda098843db38a3fc64a6
SHA256 e5531e1a5326613f631e86305fb8c761ea365f45d95601733a6e6396df2a6011
SHA512 fb6cebb22c1967f274e45a1123474deb2672f769a0ebcc6c937eb82cfb5538e1a7906e858223ab2288fe7cd77a844e88a762800d69030d8512b1990e37dc5b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\LOG.old

MD5 f1848a75df4f81b226ac9161d7144ffe
SHA1 b0720dbdcf92d9f6e919c794948ba2e61f203320
SHA256 d38030fc71e8907d0bc57498234d37e54da07017e0c6812bdeef00d534a07e74
SHA512 5c2713cbd6d62a9f1c93e275018839f33df42dda311f674985ad1b1dfafcea7fe24d144f351a83000ef91fb3e64eb179d153bd61afa0b53a59cad6c31c4d56b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_h.online-metrix.net_0.indexeddb.leveldb\LOG.old

MD5 9925d77cdc75f734b302704d895d4966
SHA1 abcc118b60a099f3a473e23a1cdbe293766400d6
SHA256 647868a8ef29d399c46c9e0df24e733dc0befa8b190dd9aeba81ea1403f73afb
SHA512 e1a466fc4db4ce97f21065caf512de1fde77cfe673a5bc0695ced0c0f75e113e2acbbe4148bcd1a2af663995c87a59794f0f7652bd5d0568e3b0c0c94f3285ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_vlscppe.microsoft.com_0.indexeddb.leveldb\LOG.old

MD5 1cfc74a0ceb50c4222e6cb3d0a5b81e4
SHA1 84ee2a64f6da83146e1f7d721782d86f5da6f5fd
SHA256 4f2f6e3c261ce4ec663d6d87d0ffb34f8edd072e71edf84389d63bc8413ad5a6
SHA512 347ff1967afd942c84427227aa98e8a5e18e6fc891cc97f66ba56380551905ca7d2cfaea5946f5a37935b46285fd16534effcf1ab503fd5b89f6d2f337b03fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b53da89b13ea2dcbd72b83bb284953b
SHA1 b68ec9a99c4ef97ba18856add010a26a9fd02ecd
SHA256 8eb53f47078cdc30e37723e8aafd1534f18379eccc5857b52bb28a2ac0433d8c
SHA512 2e4c195e277ada4289475fba54f8742c0bbea372bbb2996eee7552efea9807bc90507130803c161dfb13b1b41cdde48b48c6b7e5e91f98c9518d5e64ecc88bd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 c0b25def4312fbddbcc4f01c6c0f5ba6
SHA1 8d16a183d61233e7d6b6af7b3cafc6645ac2acb1
SHA256 c0424d0ae06ca1e6e0249b40d33ac40d74075856d543ec0924884664fba52b79
SHA512 8c67619747bb108dae5661688ec8fa4c62bc6ac38ee6ff14a4691aab04d7ddd870fee4262cb30624a6bd85ac1f7595af05311496b0336f979e7e5f797791bc0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51ba9e04c088431ef0fbdaf0467adcf0
SHA1 fb07585a203b205fa59fb8bb05f2bf2489247aed
SHA256 a7567bf98006d3ef57c150531b47240371944619f73de4a39a6dd256be0d6f66
SHA512 946481b712bdbb7ce7282bcc5391d1e1205b9ff2e4740f2811de6f6b827189176bc2d320a4df66c78b6dedc10bba7b694a052ef57cad22ec7b664f42b5420907

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d77b34890455e24da57572776fcf533
SHA1 48afc9bd838195a05bdbf402b50455d042a45a76
SHA256 8a7395d7acae6df1cd42cba1a4dc24920f43ac7741981354786b97234249f33f
SHA512 4ca35ea8b9956e538c319dd092ab72c1b9e50bdb6c777ae948094867df4dc3d3394d55d2c1b10d2f2bec94ba18a770cfb8fdd3fd0e5ac3e67c537fcb26c6c179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac20beadb1a47947a3217a2725eaa489
SHA1 3fa96d5d23febaae95ec36779dc81c8f47231ea3
SHA256 27f0ff83d734e8fffb48b4c7e006c361d3b29d75dbc21a7549bf7650483755c3
SHA512 e7d15caff4d7b41db37a9d79aff24211013148f978aedc425aa470813514ada6fdf221b2756c2b3e7efd5db3d7e08b0a6d8c6f85ea4931f88e91bd3b2c292532

C:\Users\Admin\AppData\Local\Temp\WXU5D07.tmp\appraiserxp.dll

MD5 cbb270591c9a1bfb1b10559ab672f705
SHA1 fed0d59d60709b5b05b9d31030ea7a5422767a7e
SHA256 770a9a15e1eb8e2729f23a3d262b55bef16e4bb7822a2d16eeac3db35a116d7f
SHA512 67c4154d47981f22965966aa823dc0e05872b2f6d8fc7d80b4130f1cdb8bf9f326a20980e29c085e2940fc1f7b033b85d2eb192f5bda2da136364a842ea20f6a

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 ab38a78503d8ad3ce7d69f937d71a99c
SHA1 00b6a6f09dd45e356ef9e2cacd554c728313fa99
SHA256 f635cd1996967c2297e3f20c4838d2f45d1535cfea38971909683e26158fb782
SHA512 fe8e4c6973cb26b863ef97d95a7ae8b1b2dbce14bf3b317d085b38347be27db1adc46f5503c110df43e032911e5b070f3e9139857573fffdafff684f27ef1b8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7b77a60e8e800684aecde860dec8576d
SHA1 c94b432355149c009ad4bb6d7f2cfdf4da4c0911
SHA256 2143f0307787c4d5bee02635fc7f5070442387d28407826e79350c7c33f69d3c
SHA512 ca4a9e6330540fda2dbf4d5c5884eab5c7ed3464ebae72939282db093c88638a68a55db33d7d22ad97f113a6b2bdbf2859d6d8904562b01aa5e3b3b86e9c4fde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 46020f91080821c2afc3778a9776e568
SHA1 5ea9e2978f9e328722809eb387a59c75a9a0f68c
SHA256 51c2b04bafd6b09fba267e6cc5d0f2d861211fbd449bbcfecd9ec8e12a78ade7
SHA512 49ad2f61fa80d0260e5d69dd92fbf22be8accafe778d969136fa4b13ca901b2475bb93e0948859262aeda0b2a220add51da070f2a8b1c52d5a61b0bff6100f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09e58582965788e8e3d2bf248d30b89c
SHA1 bcf067ee19a7d6e5f9791d24bd23e0c9416ad04d
SHA256 9071bf45acb27b8cc084508c280ad7e9fe3b18f586641a69dc5c3fec3b1c51da
SHA512 b43bbe9209ed619a8cc8492749b7d1bb5020813093f5d1f4cedd8ea23ced4a06aa2fb91a73f9c7342d701da0bf01b8c7124762a08b693b06c482dad56f338418

C:\$Windows.~WS\Sources\Panther\DlTel-Merge.etl

MD5 078e2b546f905bd20ea822e0621c5d6f
SHA1 30e814d0dd2c02fa807de32dcc84e16254c243fd
SHA256 1ff45a7780517a0481d100517326af8a5471c2d4c50c1b34b797b97826784084
SHA512 699f9a2c8d0a353a8d99640c869bebf3ec559eb368425e72b33d3e679d7f7f2f606616051378040acb163cccb9c04647c8b179f5ba3ad05051fb841eab2a4e86

C:\Windows\System32\Recovery\ReAgent.xml

MD5 6c5b20ccee348d9572bb9fade2803fe6
SHA1 c107aabe331d6dbc4f856025b44a1b72eafc50f4
SHA256 fd52c14c12a01dcfbac1e9c35941904d8ac51ae48192b184cd00bf7d36fbb1a0
SHA512 c24ecd2ccf3fd39957f5660a89d58c116f49b23795e724221772ac00efa82a9a7dbdf5f00d1e1d061c981dac915aa271a31a6f0afd85869db5f84a972ee06389

C:\Windows\Logs\PBR\$Windows.~BT\diagwrn.xml

MD5 f8940804259d2826ab21e2d11bf3d732
SHA1 4bec2a791be4c4b025508356f4f656021ff0c809
SHA256 4e776e13cbe8d49050b0ac9682d2469ddf11b298025d7ab3d3998c51baab88e8
SHA512 4f0b90246096b0dc5db5ca9c78579b4eba652d76a654afa67e6fe1e7adb6fbe04085890153833ad3e109f820bf18978d5a7bb20aaaa16f8657d93cc0faca5c0a

C:\Windows\Logs\PBR\$Windows.~BT\setupact.log

MD5 050594a4bf437e15f007c28b91539533
SHA1 322d38386dec47f3d9658910f1e2fefdea01bfba
SHA256 0b1cd9c1f14e58cb67237d13b2f337b4676c7f59086e081347038964bd4ba5e9
SHA512 837b81f998c983abba226f6c59b93bf83c41af40d01ce507bc380f7d36b971585d959b0e7977a780d7fb3767873e905d94ba2940432b68a0cd567c6fba29a106

C:\Windows\Logs\PBR\$Windows.~BT\diagerr.xml

MD5 d1e75542ec8d1b4851765a57ac63618e
SHA1 a231451f545d3133e5d6a0487a59c5dbd01ee50e
SHA256 6c06bf950d0fe3476e020cd363ec0c8c9d4ee0fc89a24c50780c44e6453995c6
SHA512 89d3c182833b97b0899ecd45de1439f8341bf2ea11578e2085375a4db3cc18fad221998dc4b6f4407381d2134cb43d78025349ded1e50b6a4eea5919b18b168c

C:\Windows\Panther\UnattendGC\diagwrn.xml

MD5 edf1ddc968a99ba96fc7ccb107f2c03d
SHA1 cd879b99e8547f02a8d456693d787675a14cb29f
SHA256 f07eeab723023e845f401b72c498f10ed33db8b27565cf148ecd548bb00433b9
SHA512 6065cda9e72ecb31e8c9e084edba2c68d84f4f19f968cf05d561dd38dbd535c28d9ab8d9d49f411d72442783ebc29673041da4eca12a257cd752db262fb757fb

C:\Windows\Panther\UnattendGC\diagerr.xml

MD5 4f157b5055b21ae34028756156c332f4
SHA1 d9c1427ea79fcfb6187b32f206ff796c539e6f67
SHA256 35d66d80352ea77ddab275e0656bb5870bed7b7d60db2e6dc6d7626f63eceb7d
SHA512 5afd347c51f1176b9d2b7e98d2748e14a1c52751c1734e5b2c753a45c9b1e0f032aa0f4277cdb02712e29cf47b4d01a95d3677e854d936391f82ea13c362d71b

C:\Windows\Logs\PBR\ResetSession.xml

MD5 153fbc81342f73941f2d20517a35d3cb
SHA1 636c7bf628411ca58bf0a471cf0d47089f0538f3
SHA256 b901c895ad61e3a0595cb248f0c1452a2f150d33ef65f5199bd1f8fdc9d92515
SHA512 86af8aee0e2e249429723c9b8cf1b015a8c641da488afa8f3551019d4a476cce93b49a82bce2c2e69d54f287cc7f234886bb3f4b468e54a42a0d161149171bae

C:\Windows\Logs\PBR\WinRE\bootstat.dat

MD5 3c08dea20e350ea34f7309e856576428
SHA1 d7a048ccc07b4d16afc4d778d5601a067fb151b9
SHA256 b7bbc3f2463000f52eadcce2e262512dc79bbbb3355c62c734f18db57e0fba82
SHA512 1c1cdd554cbf98dcb7358808cfa2682bd09a596e24a3708ab73e379e5f8ae7dc394b8e88824589327e2f67487ca19dacba9e3288993e2e92463dc32aaef67f9d

C:\Windows\Logs\PBR\SessionID.xml

MD5 be95302e145b87b0d889dcab45c46257
SHA1 00a789367c810f461b6972718b0c22c6dbc15801
SHA256 cdb7caae641c0f639fee85231f2bcd8e8127bf1d7d1dced6e6087db605a8ec13
SHA512 6660ac402b6514787e8b7e31f5e692924b822fa29ce5600570e23d33e13518416af32fa60e41c66b6aea316503c66adbe413e143b9c28534b108907a360bd682

C:\Windows\Logs\PBR\setupact.log

MD5 29b9ddde2770eb6f8c674e14f7fdcafa
SHA1 5bdfd69f5ef8e3d56f7d011a2f4045358ee79c51
SHA256 7c20cb31daa5e3e505ad6c2ec41279371cacb0023927ff82c7da43d3867ac120
SHA512 196eae53563fd06446fdadfb81202ef576ba33053958a6e12da279562e936ff53045f140cace57e337c19354d1258b5e38802a67b8d8efa19e46e8d676c329aa

C:\$SysReset\Logs\setuperr.log

MD5 e6904ede4314f44b99786943578f69f8
SHA1 fa2719aac2d74ec951dfc76da61bb0b20476357e
SHA256 de6b33af11035267d48cfd834b03855fb9779a2c661b421cb4da0ef49524ae71
SHA512 0a86624dabab529859e721b64647b16cf163c8bcff6815db09241d86945d9561e8efd87cb3a717bfb6ab42a475661403cb7cf91711f74d2292defba589efcd51

C:\Windows\Logs\PBR\Timestamp.xml

MD5 29f03fe283e03b9227ba11559ad63582
SHA1 894e09e0b16cda9ab1e38a7b15c157476d27b770
SHA256 806782d5aa2feb9cd9015a56521eb316f66d26b5ddf87a088460db04244711e3
SHA512 e09429d9654537e899e8b9d74252c4250b4f7327462bb3ac0acae8094cb10d98863e6752d35b9b5ba1f7207b50d6de7645b65b13da1d61aaf9f429d2c529a42f