Analysis Overview
SHA256
ae238c457a100f15a6d009bfeee4ff277dce181e96a279d486f07f30da433183
Threat Level: Likely malicious
The file VMware-player-full-17.0.0-20800274.exe was found to be: Likely malicious.
Malicious Activity Summary
Detect jar appended to MSI
Looks for VMWare drivers on disk
Downloads MZ/PE file
Looks for VMWare services registry key.
Drops file in Drivers directory
Sets service image path in registry
Looks for VMWare Tools registry key
Blocklisted process makes network request
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Checks computer location settings
Detected potential entity reuse from brand microsoft.
Drops file in Program Files directory
Checks installed software on the system
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies system certificate store
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-18 21:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-18 21:18
Reported
2023-10-18 21:52
Platform
win10v2004-20230915-en
Max time kernel
1809s
Max time network
1848s
Command Line
Signatures
Detect jar appended to MSI
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\SET77E2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetbridge.sys | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET238A.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET2ACC.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetuserif.sys | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetadapter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET2389.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmx86.sys | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET78BD.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\hcmon.sys | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET5268.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET6F85.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnet.sys | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET2AFC.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vsock.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET2389.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1E7.tmp | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET2AFC.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1E7.tmp | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnet.sys | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET5268.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET6F85.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\System32\drivers\SET77E2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\vmci.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET78BD.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET2ACC.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET238A.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
Looks for VMWare drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\Windows\System32\drivers\vmci.sys | C:\Windows\system32\DrvInst.exe | N/A |
Looks for VMWare services registry key.
| Description | Indicator | Process | Target |
| Key security queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "system32\\DRIVERS\\vsock.sys" | C:\Windows\System32\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} = "\"C:\\ProgramData\\Package Cache\\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\\VC_redist.x86.exe\" /burn.runonce" | C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2d507699-404c-4c8b-a54a-38e352f32cdd} = "\"C:\\ProgramData\\Package Cache\\{2d507699-404c-4c8b-a54a-38e352f32cdd}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\vnetlib64.dll | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DllHost.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72} | C:\Windows\system32\DllHost.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmusb.inf_amd64_c603306f7f2b335a\vmusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vmnat.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\SET2AFD.tmp | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E33.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E2A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\PerfStringBackup.INI | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_8e12d1edcc9e768d\netadapter.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.inf | C:\Windows\system32\DllHost.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\SET74F6.tmp | C:\Windows\system32\DllHost.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netbridge.inf_amd64_9204dc61a7dee6f3\vmnetbridge.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\hcmon_1E804F260BFD7A2F39698591B5E6FF49B1EB033B\hcmon.cat | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\netuserif.inf | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\SETFD35.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E2B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\PerfStringBackup.TMP | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E32.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\netadapter.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_8e12d1edcc9e768d\vmnetadapter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E33.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E44.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vnetinst.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E74.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\SET74F6.tmp | C:\Windows\system32\DllHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vnetlib64.dll | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E3D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vmnetuserif.cat | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw19-config-option.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\en-GB.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\gobject-2.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vmnetBridge.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\tppcoipw32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\icudt44l.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vkd\coredns-initrd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\ta.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\ThinPrint\TPPrintTicket.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\ThinPrint\TPViewjpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\perf.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\question.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\EFI20-32.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vmapputil.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vmrun.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-CN.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\it.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\NVME.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vm-support.vbs | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\open_source_licenses.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\winPreVista.iso | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\sr.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\tr.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\elevated.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\VMware\USB\x64\DIFXAPI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\id.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\ja.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\task.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\te.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\EFI20-64.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\run_upgrader.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vmwarestring.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\default.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\schemas\DMTF\common.xsd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\include\vmci_sockets.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\gmodule-2.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\Resources\unattend.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\VMnetDHCP.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\VMwareToolsUpgrader9x.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\bn.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw18-config-option.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\hu.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\ml.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\libcurl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\PVSCSI.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vix.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\ThinPrint\tpview.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vnetlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\vkd\vkd-initrd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\da.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\AHCI.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\gvmomi.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\netadapter.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\x64\MICROBIOS.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Minecraft Launcher\game\locales\nl.pak.tmp | C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\vmware-tools-upgrader-32 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\option.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsocklib_x86.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI6544.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a576b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a5794.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA8ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a57a9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe | N/A |
| File created | C:\Windows\Installer\{E09B8172-B374-45CB-AB89-2923DB9A3D56}\_generic.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI873B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6C78.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8895.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FE4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{C96241EA-9900-4FE8-85B3-1E238D509DF6} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA765.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{38624EB5-356D-4B08-8357-C33D89A5C0C5} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E09B8172-B374-45CB-AB89-2923DB9A3D56}\_generic.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF11B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI312.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a5759.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7EFA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8F35.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI76EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA541.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8D9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\VMware\vmPerfmon.ini | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8856.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8924.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE1D4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a57aa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8EA7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1017.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a576b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\VMware\vmPerfmon.h | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2A3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{A26EF561-5945-46FD-8094-FA34E44D460F}\minecraft.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF15A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\{A26EF561-5945-46FD-8094-FA34E44D460F}\minecraft.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a5759.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI95A0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB2D1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI51CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8964.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8ABE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{A250E750-DB3F-40C1-8460-8EF77C7582DA} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E80.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DllHost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8A40.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6090.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA5ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e5a576a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a57aa.msi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32 | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Player\\vmnetbridge.dll" | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DllHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DllHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d6f92995d065bd40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d6f92990000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d6f9299000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d6f9299000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d6f929900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DllHost.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DllHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ova\ = "VMware.OVAPackage" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724E960E-F6FC-43F5-AF3F-98319A1306EF}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E121723-EB62-476B-B55C-B14FCE7EACF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\SourceList\PackageName = "MinecraftInstaller.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A250E750-DB3F-40C1-8460-8EF77C7582DA}v14.32.31326\\packages\\vcRuntimeAdditional_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos\CurVer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1\ = "VMXCreator Class" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator\CurVer\ = "Elevated.VMXCreator.1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20C19CE-FBF7-42CD-973A-6ACB5BBEFB9C}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\ = "IDiskLibEvent" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.Document\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\ = "IDiskLibInfo" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\ = "IDiskLibPartitionList" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\057E052AF3BD1C044806E87FC75728AD\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\VMware.SuspendState\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vmx\OpenWithList\vmplayer.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\InprocServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Player\\elevated.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.vmdk\VMware.VirtualDisk | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.ova\OpenWithList\vmplayer.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\VersionIndependentProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos.1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9A6DAE7-CF0E-4D39-A914-B054FC37C99F}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4548A7B2-5C17-400E-8D62-84DB4D79221F}\ = "INetShareControl" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ova\OpenWithList\vmware.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2718B90E473BBC54BA989232BDA9D365\ProductName = "VMware Player" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\Elevation | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0F223F1-7DB1-44CA-BED8-3406303FE26F}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35FCE01E-8917-496E-A509-497C5F2FA365}\ = "IDiskLibCreateParam" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0F223F1-7DB1-44CA-BED8-3406303FE26F}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E121724-EB62-476B-B55C-B14FCE7EACF5}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20C19CE-FBF7-42CD-973A-6ACB5BBEFB9C} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\PackageCode = "82DAC97818A9B8947B9E0F5235308B1F" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\VC_Runtime_Minimum | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\VersionIndependentProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D13A2B9-8840-48BA-AC5E-B096A1182F2F}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.Document\shell\Open | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vmsn\VMware.Snapshot | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\ = "ILicenseLib" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Dependents | C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.OVAPackage | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\165FE62A5495DF640849AF434ED464F0 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.OVFPackage\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1\CLSID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}\1.0\FLAGS | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\057E052AF3BD1C044806E87FC75728AD | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe
"C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda0ea9758,0x7ffda0ea9768,0x7ffda0ea9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe" /Q /norestart
C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe
"C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=648 /Q /norestart
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe
"C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2F088034-6C3E-4736-A29D-2829B37F8C41} {1F60667C-15A2-4B41-A26A-10F8AD0BCCB3} 2348
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=1144 -burn.embedded BurnPipe.{3B78D930-1C62-48DE-AA33-860AE4F4F6BA} {00883C7A-5445-4CEE-9C47-BAF7B7B05EC4} 528
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=1144 -burn.embedded BurnPipe.{3B78D930-1C62-48DE-AA33-860AE4F4F6BA} {00883C7A-5445-4CEE-9C47-BAF7B7B05EC4} 528
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{F3016AD9-159D-4533-A83E-A405FE343E6D} {A3888833-8FD3-438B-98B6-7CC36BB44533} 2372
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe" /Q /norestart
C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe
"C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=688 /Q /norestart
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{7BB9ADB4-A9F9-4A88-8BBC-64EC15F18D07} {5088BC80-2933-4E0D-ACA8-682A78DA6CFC} 1348
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{D3D45E62-7CBB-4DCA-9999-5671BFCACC25} {37552F6F-563A-4E7C-ADFB-1BBCA22C98FB} 2280
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{D3D45E62-7CBB-4DCA-9999-5671BFCACC25} {37552F6F-563A-4E7C-ADFB-1BBCA22C98FB} 2280
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{532384FA-ECD1-481F-A57D-FF8EB6F4E3F3} {F84C2636-20F1-4FEF-A571-06345970FC03} 1880
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EE063723B76F470CB87A4AC449A991AC C
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 7CA8F64DA911601542CC270E96419DC6 C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 60EDE5AC6AF0A05F26FB8AD95EE02E73
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 4D5A7CD879F1428E207ABF933C846CAE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9EF5FAD1D4945542F4DB853F2CF65F49 E Global\MSI0000
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding D02BF52FC189FAD6D4FDC248A027E1A5 E Global\MSI0000
C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- uninstall usb
C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- install vmusb Win8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.inf" "9" "454492f13" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8"
C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe" -- install hcmoninf 5;Win7
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet0
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet1
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet2
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet3
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet4
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet5
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet6
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet7
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet8
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet9
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet10
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet11
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet12
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet13
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet14
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet15
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet16
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet17
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet18
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet19
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- uninstall bridge
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- uninstall userif 5;None
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install bridge
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Player\netbridge.inf" "9" "4f3176507" "0000000000000178" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\VMware\VMware Player"
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install userif 5;None
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- add adapter vmnet1
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Player\netadapter.inf" "9" "4a5017fd3" "0000000000000144" "WinSta0\Default" "0000000000000108" "208" "C:\Program Files (x86)\VMware\VMware Player"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWARE\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:fc9f1aa2477c2bb3:VMnetAdapter1.Install:14.0.0.5:*vmnetadapter1," "4cbdd083b" "000000000000015C"
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {158867ED-5A43-40B6-9CC6-1568CDD1C8C2} 528
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {98F48EAC-B765-4F85-AE54-9DB45F6B55E7} 784
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- add adapter vmnet8
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWARE\0001" "C:\Windows\INF\oem5.inf" "oem5.inf:fc9f1aa2df34f6ba:VMnetAdapter8.Install:14.0.0.5:*vmnetadapter8," "47eb20b4f" "0000000000000164"
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {30A8597E-CAA4-4EF2-AB01-EF06963C494A} 620
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {4CC1F0BA-FE51-41D5-9EC6-D464C4EC14AE} 976
C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install vmx86inf 5;Win8
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.inf" "9" "4d941d7e3" "000000000000017C" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWVMCIHOSTDEV\0000" "C:\Windows\INF\oem6.inf" "oem6.inf:9c00c72d390d9e8f:vmci.install.x64:9.8.18.0:root\vmwvmcihostdev," "42936a687" "0000000000000160"
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
"C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"
C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
"C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{13B6B196-AD7B-4C7F-9BDC-B1CB2EE86552}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda0ea9758,0x7ffda0ea9768,0x7ffda0ea9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1760 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5496 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3472 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4868 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3660 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5072 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3464 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4912 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=940 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\MinecraftInstaller.msi"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 08E49C0D7F88922A657407E35232E0ED C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 33FA825093A472AD0EDB8842BBED4A84
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D7D600665BC1422C6B13D8430283FC16 E Global\MSI0000
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:2
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
tools\NativeUpdater.exe MinecraftLauncher.exe "C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe"
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MinecraftLauncher.exe
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2244 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2584 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1912 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sisu.xboxlive.com/connect/XboxLive/?state=signup&signup=1&cobrandId=8058f65d-ce06-4c30-9559-473c9275a65d&tid=896928775&ru=https://www.minecraft.net/login&aid=1142970254
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ffd9f7046f8,0x7ffd9f704708,0x7ffd9f704718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2812 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6412 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6544 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6592 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6116 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6752 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=936 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6456 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6892 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6876 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7068 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6388 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4808 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4900 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7576 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7792 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5112 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6784 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7556 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6752 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7288 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7144 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7452 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6580 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5500 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7244 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2520 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7500 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6616 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6640 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8344 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8512 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6660 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8332 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9212 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9492 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9488 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9812 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9972 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9976 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9012 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10404 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10356 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=8196 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=8972 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8980 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8916 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADoACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2756 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2924 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9024 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7644 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=2508 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=6848 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4048 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6368 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=1740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6520 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=9348 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9624 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=8096 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=6904 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=9308 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=9412 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7556 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=5224 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=9612 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=9764 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=10140 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=9728 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=6696 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9724 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1784 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1908 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3676 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1908 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4200 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4228 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2796 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3768 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=4620 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=7032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7776 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6248 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=8076 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=2944 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=1528 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=8656 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=9668 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x300
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=3012 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7548 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9524 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9764 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8
C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe
"C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe"
C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe
"C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.82.57.23.in-addr.arpa | udp |
| N/A | 192.168.242.1:0 | icmp | |
| US | 8.8.8.8:53 | f.5.b.9.e.3.7.c.4.6.d.1.1.5.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 3.1.4.5.f.5.e.b.b.f.c.2.f.d.5.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 255.255.254.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.155.254.169.in-addr.arpa | udp |
| N/A | 192.168.44.1:0 | icmp | |
| US | 8.8.8.8:53 | 19.84.254.169.in-addr.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 246.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | tcp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.250.179.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | apkmodget-com.webpkgcache.com | udp |
| DE | 172.217.23.193:443 | apkmodget-com.webpkgcache.com | tcp |
| US | 8.8.8.8:53 | 193.23.217.172.in-addr.arpa | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.234:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.163:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.usitility.com | udp |
| NL | 45.63.41.45:443 | www.usitility.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| NL | 45.63.41.45:443 | www.usitility.com | tcp |
| US | 8.8.8.8:53 | www.ustility.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 45.63.41.45:443 | www.ustility.com | tcp |
| US | 8.8.8.8:53 | 45.41.63.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 35.186.211.162:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.211.186.35.in-addr.arpa | udp |
| US | 35.186.211.162:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launcher.mojang.com | udp |
| US | 13.107.246.67:443 | launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redstone-launcher.mojang.com | udp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| N/A | 127.0.0.1:62701 | tcp | |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 35.186.211.162:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:62714 | tcp | |
| N/A | 127.0.0.1:62716 | tcp | |
| US | 8.8.8.8:53 | b1.nel.goog | udp |
| US | 192.178.49.3:443 | b1.nel.goog | tcp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.xboxab.com | udp |
| US | 13.107.5.91:443 | www.xboxab.com | tcp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 13.107.246.67:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.67:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | 91.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | title.mgt.xboxlive.com | udp |
| IE | 13.69.141.149:443 | title.mgt.xboxlive.com | tcp |
| N/A | 127.0.0.1:63186 | tcp | |
| N/A | 127.0.0.1:63196 | tcp | |
| N/A | 127.0.0.1:63198 | tcp | |
| N/A | 127.0.0.1:63204 | tcp | |
| N/A | 127.0.0.1:63222 | tcp | |
| US | 8.8.8.8:53 | device.auth.xboxlive.com | udp |
| US | 40.122.167.99:443 | device.auth.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 149.141.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.122.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:63225 | tcp | |
| US | 8.8.8.8:53 | vortex.data.microsoft.com | udp |
| GB | 51.132.193.105:443 | vortex.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| US | 13.107.246.67:443 | launchercontent.mojang.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | redstone-launcher.mojang.com | udp |
| N/A | 127.0.0.1:63253 | tcp | |
| N/A | 127.0.0.1:63257 | tcp | |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| N/A | 127.0.0.1:63268 | tcp | |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| NL | 104.110.240.65:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 104.110.240.65:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 104.110.240.65:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | lptag.liveperson.net | udp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | accdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | lpcdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | publisher.liveperson.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| US | 18.65.39.103:443 | cdnssl.clicktale.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 151.101.1.192:443 | publisher.liveperson.net | tcp |
| US | 8.8.8.8:53 | 65.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.80.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.134.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.154.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.39.65.18.in-addr.arpa | udp |
| NL | 95.101.74.155:443 | analytics.tiktok.com | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.47.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tempail.com | udp |
| US | 188.114.97.0:443 | tempail.com | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 188.114.97.0:443 | tempail.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.250.179.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.18:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 20.189.173.18:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 13.107.246.67:443 | acctcdn.msauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.19.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sisu.xboxlive.com | udp |
| US | 104.43.136.153:443 | sisu.xboxlive.com | tcp |
| US | 104.43.136.153:443 | sisu.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 153.136.43.104.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 8.8.8.8:53 | 22.42.107.13.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 152.195.19.97:443 | acctcdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.218.217.172.in-addr.arpa | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | a.c.appier.net | udp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| JP | 172.104.64.149:443 | a.c.appier.net | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| SE | 213.155.156.164:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| DK | 37.157.6.243:443 | c1.adform.net | tcp |
| JP | 172.104.64.149:443 | a.c.appier.net | tcp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.64.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.c.appier.net | udp |
| JP | 139.162.117.143:443 | s.c.appier.net | tcp |
| JP | 139.162.117.143:443 | s.c.appier.net | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | s.uuidksinc.net | udp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| NL | 185.98.54.153:443 | s.uuidksinc.net | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | 143.117.162.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | 153.54.98.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 18.239.83.23:443 | live.rezync.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 23.36.245.29:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| DE | 52.29.154.74:443 | pm.w55c.net | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 54.205.114.6:443 | sync.srv.stackadapt.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 193.26.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.119.119.74.in-addr.arpa | udp |
| DE | 3.71.157.32:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 23.83.239.18.in-addr.arpa | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 29.245.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.154.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.114.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.157.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 54.229.4.219:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | 219.4.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 172.67.73.98:443 | temp-mail.org | tcp |
| US | 172.67.73.98:443 | temp-mail.org | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 98.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.paddle.com | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 151.139.128.10:443 | cdn4.buysellads.net | tcp |
| US | 172.66.40.60:443 | cdn.paddle.com | tcp |
| US | 8.8.8.8:53 | 10.128.139.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web2.temp-mail.org | udp |
| US | 104.26.6.95:443 | web2.temp-mail.org | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 173.194.69.156:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 18.239.69.131:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.142:443 | google.com | udp |
| US | 8.8.8.8:53 | 95.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 18.239.69.131:443 | c.amazon-adsystem.com | tcp |
| US | 18.238.243.114:443 | config.aps.amazon-adsystem.com | tcp |
| US | 173.194.69.156:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 23.46.70.129:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 18.239.18.118:443 | tags.crwdcntrl.net | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 114.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.70.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| NL | 161.35.94.167:443 | srv.buysellads.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| DE | 18.184.22.44:443 | tlx.3lift.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.59:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 74.119.119.129:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 104.18.3.114:443 | mp.4dex.io | tcp |
| IE | 54.77.251.23:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 18.239.81.30:443 | aax.amazon-adsystem.com | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.22.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.3.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.251.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.81.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 99.81.194.117:443 | bcp.crwdcntrl.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| NL | 142.250.179.161:443 | 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.194.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| FR | 23.57.81.119:443 | acdn.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 173.194.69.156:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.81.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 104.85.0.23:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| FR | 23.57.81.137:443 | ads.pubmatic.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| NL | 104.85.2.117:443 | eus.rubiconproject.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.81.57.23.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 104.36.113.112:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 52.213.189.61:443 | match.prod.bidr.io | tcp |
| US | 104.36.113.107:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 112.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 185.86.139.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| NL | 72.251.245.181:443 | cm.adgrx.com | tcp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.189.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.245.251.72.in-addr.arpa | udp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | e2c58.gcp.gvt2.com | udp |
| US | 35.206.11.92:443 | e2c58.gcp.gvt2.com | tcp |
| DE | 3.71.157.32:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | ws.rqtrk.eu | udp |
| DE | 141.95.32.69:443 | ws.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | 7.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.11.206.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 172.217.164.67:443 | beacons.gvt2.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | 69.32.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.164.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.59.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | us01.z.antigena.com | udp |
| US | 40.76.134.238:443 | us01.z.antigena.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 54.157.211.145:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | pmp.mxptint.net | udp |
| NL | 98.98.134.242:443 | pixel-sync.sitescout.com | tcp |
| NL | 64.158.223.137:443 | pubmatic-match.dotomi.com | tcp |
| US | 38.68.201.140:443 | pmp.mxptint.net | tcp |
| US | 8.8.8.8:53 | ads.playground.xyz | udp |
| US | 34.102.253.54:443 | ads.playground.xyz | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.134.76.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.211.157.54.in-addr.arpa | udp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.94.223.37:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 213.19.162.80:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| DE | 3.69.99.248:443 | match.sharethrough.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 18.239.36.38:443 | live.primis.tech | tcp |
| NL | 216.52.2.30:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | 54.253.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.201.68.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.223.94.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.99.69.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| US | 18.239.69.3:443 | sync.intentiq.com | tcp |
| US | 8.8.8.8:53 | 3.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacon.lynx.cognitivlabs.com | udp |
| US | 44.207.94.104:443 | beacon.lynx.cognitivlabs.com | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 35.214.233.203:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | px.owneriq.net | udp |
| JP | 23.207.104.228:443 | px.owneriq.net | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | gocm.c.appier.net | udp |
| JP | 139.162.84.221:443 | gocm.c.appier.net | tcp |
| US | 54.205.114.6:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 199.127.204.171:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 8.8.8.8:53 | thrtle.com | udp |
| US | 34.233.234.205:443 | thrtle.com | tcp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| JP | 139.162.84.221:443 | gocm.c.appier.net | tcp |
| US | 8.8.8.8:53 | crb.kargo.com | udp |
| DE | 18.185.162.179:443 | crb.kargo.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 104.18.14.101:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | 203.233.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.94.207.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.104.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.234.233.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.204.127.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.84.162.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.162.185.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.bfmio.com | udp |
| US | 52.204.200.132:443 | sync.bfmio.com | tcp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| US | 34.234.177.218:443 | rtb.adentifi.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 66.235.152.152:443 | target.microsoft.com | tcp |
| US | 8.8.8.8:53 | 132.200.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.177.234.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| NL | 142.250.179.163:443 | id.google.com | udp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | synchroscript.deliveryengine.adswizz.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| IE | 52.214.147.139:443 | synchroscript.deliveryengine.adswizz.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 139.147.214.52.in-addr.arpa | udp |
| US | 172.217.164.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.39.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 172.217.164.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| NL | 213.19.162.41:443 | fastlane.rubiconproject.com | tcp |
| US | 74.119.119.129:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.211.12:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 74.119.119.73:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 52.208.23.16:443 | match.prod.bidr.io | tcp |
| DE | 3.127.91.113:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| DE | 3.123.188.165:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | 12.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.86.185.in-addr.arpa | udp |
| US | 173.194.69.156:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| US | 173.194.69.156:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 151.139.128.10:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | 73.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.23.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.91.127.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.188.123.3.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 161.35.94.167:443 | srv.buysellads.com | tcp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.58:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.77.223.222:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.223.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| NL | 142.250.179.161:443 | 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.89.210.153:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 153.210.89.185.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | q.adrta.com | udp |
| US | 44.195.190.233:443 | q.adrta.com | tcp |
| US | 8.8.8.8:53 | cs.lkqd.net | udp |
| US | 69.20.43.192:443 | cs.lkqd.net | tcp |
| US | 69.20.43.192:443 | cs.lkqd.net | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 104.85.0.23:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| FR | 23.57.81.137:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 233.190.195.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.43.20.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| US | 162.248.18.36:443 | st.pubmatic.com | tcp |
| NL | 142.251.39.98:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | beacon.krxd.net | udp |
| NL | 142.250.179.134:443 | s0.2mdn.net | udp |
| US | 34.195.69.224:443 | beacon.krxd.net | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 54.229.245.224:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | 36.18.248.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.69.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.245.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pix.adrta.com | udp |
| NL | 52.222.139.109:443 | pix.adrta.com | tcp |
| US | 8.8.8.8:53 | ipv6.adrta.com | udp |
| US | 8.8.8.8:53 | adrta.com | udp |
| US | 3.220.200.196:443 | adrta.com | tcp |
| US | 54.149.232.96:443 | ipv6.adrta.com | tcp |
| US | 8.8.8.8:53 | 109.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.200.220.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.232.149.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.ipw.metadsp.co.uk | udp |
| BE | 35.210.239.72:443 | u.ipw.metadsp.co.uk | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 52.6.39.46:443 | sync.srv.stackadapt.com | tcp |
| DK | 37.157.6.243:443 | c1.adform.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 50.31.142.63:443 | sync.outbrain.com | tcp |
| US | 8.8.8.8:53 | cs.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| IE | 52.49.194.113:443 | cs.yellowblue.io | tcp |
| IE | 34.254.46.142:443 | cs.yellowblue.io | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | 72.239.210.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.39.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.194.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.46.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.142.31.50.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 99644cd21a3c69b58e2dd0dcc9c3e4ce.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | 99644cd21a3c69b58e2dd0dcc9c3e4ce.safeframe.googlesyndication.com | tcp |
| US | 52.6.39.46:443 | sync.srv.stackadapt.com | tcp |
| US | 52.6.39.46:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 52.71.232.40:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 52.6.39.46:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | 241.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.232.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iframe.arkoselabs.com | udp |
| US | 104.18.33.170:443 | iframe.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 104.18.33.170:443 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 170.33.18.104.in-addr.arpa | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | lptag.liveperson.net | udp |
| NL | 104.110.240.65:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | lpcdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | accdn.lpsnmedia.net | udp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 8.8.8.8:53 | publisher.liveperson.net | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 151.101.1.192:443 | publisher.liveperson.net | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 18.65.39.34:443 | cdnssl.clicktale.net | tcp |
| FR | 23.57.80.253:443 | c.s-microsoft.com | tcp |
| NL | 95.101.74.141:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 13.107.246.67:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.67:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | amcdn.msftauth.net | udp |
| US | 13.107.237.67:443 | amcdn.msftauth.net | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 67.237.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | graph.microsoft.com | udp |
| NL | 20.190.160.26:443 | graph.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.160.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:50605 | tcp | |
| US | 8.8.8.8:53 | sisu.xboxlive.com | udp |
| US | 104.43.136.153:443 | sisu.xboxlive.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 20.189.173.2:443 | tcp | |
| US | 20.189.173.2:443 | tcp | |
| N/A | 127.0.0.1:50643 | tcp | |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| US | 13.107.246.67:443 | launchercontent.mojang.com | tcp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.246.67:443 | launchercontent.mojang.com | tcp |
| N/A | 127.0.0.1:50651 | tcp | |
| N/A | 127.0.0.1:50654 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.43.136.153:443 | sisu.xboxlive.com | tcp |
| US | 52.183.104.36:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| FR | 23.57.80.10:443 | tcp | |
| US | 8.8.8.8:53 | 36.104.183.52.in-addr.arpa | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | 10.80.57.23.in-addr.arpa | udp |
| NL | 74.125.8.170:443 | udp | |
| DE | 173.194.10.103:443 | udp | |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.10.194.173.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c59.gcp.gvt2.com | udp |
| IT | 34.154.74.59:443 | e2c59.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 59.74.154.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | title.mgt.xboxlive.com | udp |
| IE | 13.69.141.149:443 | title.mgt.xboxlive.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| N/A | 127.0.0.1:50701 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.69.192.122:443 | tcp | |
| US | 52.183.104.36:443 | tcp | |
| US | 8.8.8.8:53 | 122.192.69.20.in-addr.arpa | udp |
| FR | 23.57.80.10:443 | tcp | |
| NL | 52.178.17.233:443 | tcp | |
| US | 8.8.8.8:53 | 233.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | userpresence.xboxlive.com | udp |
| US | 20.189.173.2:443 | vortex.data.microsoft.com | tcp |
| US | 52.138.119.101:443 | userpresence.xboxlive.com | tcp |
| US | 8.8.8.8:53 | xsts.auth.xboxlive.com | udp |
| US | 52.156.147.113:443 | xsts.auth.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.119.138.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:50720 | tcp | |
| N/A | 127.0.0.1:50722 | tcp | |
| N/A | 127.0.0.1:50736 | tcp | |
| US | 8.8.8.8:53 | 113.147.156.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.minecraftservices.com | udp |
| US | 13.107.246.67:443 | api.minecraftservices.com | tcp |
| US | 8.8.8.8:53 | profile.xboxlive.com | udp |
| US | 20.44.86.88:443 | profile.xboxlive.com | tcp |
| N/A | 127.0.0.1:50739 | tcp | |
| US | 8.8.8.8:53 | images-eds-ssl.xboxlive.com | udp |
| FR | 23.57.80.10:443 | images-eds-ssl.xboxlive.com | tcp |
| N/A | 127.0.0.1:50742 | tcp | |
| N/A | 127.0.0.1:50745 | tcp | |
| US | 8.8.8.8:53 | 88.86.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client.discovery.minecraft-services.net | udp |
| US | 13.107.246.67:443 | client.discovery.minecraft-services.net | tcp |
| US | 8.8.8.8:53 | authorization.franchise.minecraft-services.net | udp |
| US | 13.107.246.67:443 | authorization.franchise.minecraft-services.net | tcp |
| US | 8.8.8.8:53 | redstone-launcher.mojang.com | udp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| N/A | 127.0.0.1:50753 | tcp | |
| N/A | 127.0.0.1:50756 | tcp | |
| N/A | 127.0.0.1:50761 | tcp | |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 172.217.164.67:443 | beacons.gvt2.com | udp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 13.107.246.67:443 | redstone-launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appsonwindows-com.webpkgcache.com | udp |
| DE | 172.217.23.193:443 | appsonwindows-com.webpkgcache.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.memuplay.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.42:443 | jnn-pa.googleapis.com | udp |
| US | 18.239.69.91:443 | www.memuplay.com | tcp |
| US | 8.8.8.8:53 | dl.memuplay.com | udp |
| US | 18.239.94.97:443 | dl.memuplay.com | tcp |
| US | 18.239.94.97:443 | dl.memuplay.com | tcp |
| US | 18.239.94.97:443 | dl.memuplay.com | tcp |
| US | 18.239.94.97:443 | dl.memuplay.com | tcp |
| US | 18.239.94.97:443 | dl.memuplay.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | fksnk.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 18.210.207.90:443 | fksnk.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 52.19.114.225:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 18.195.122.176:443 | x.bidswitch.net | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | udp |
| NL | 193.0.160.131:443 | a.rfihub.com | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 18.239.83.63:443 | live.rezync.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| DK | 37.157.6.233:443 | c1.adform.net | tcp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 225.114.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.122.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.207.210.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.32.42.70.in-addr.arpa | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| DE | 172.217.23.193:443 | appsonwindows-com.webpkgcache.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.bignox.com | udp |
| US | 104.18.6.128:443 | www.bignox.com | tcp |
| US | 104.18.6.128:443 | www.bignox.com | tcp |
| US | 8.8.8.8:53 | res09.bignox.com | udp |
| US | 8.8.8.8:53 | res11.bignox.com | udp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 8.8.8.8:53 | 128.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.69.239.18.in-addr.arpa | udp |
| US | 18.239.69.111:443 | res11.bignox.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | res06.bignox.com | udp |
| US | 104.18.6.128:443 | www.bignox.com | udp |
| NL | 52.222.139.19:443 | res06.bignox.com | tcp |
| US | 8.8.8.8:53 | 19.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bi.noxgroup.com | udp |
| HK | 152.32.131.84:443 | bi.noxgroup.com | tcp |
| HK | 152.32.131.84:443 | bi.noxgroup.com | tcp |
| HK | 152.32.131.84:443 | bi.noxgroup.com | tcp |
| US | 8.8.8.8:53 | 84.131.32.152.in-addr.arpa | udp |
| US | 104.18.7.128:443 | www.bignox.com | tcp |
| US | 104.18.7.128:443 | www.bignox.com | tcp |
| US | 8.8.8.8:53 | 128.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api-new.bignox.com | udp |
| CN | 47.94.211.254:443 | api-new.bignox.com | tcp |
| CN | 47.94.211.254:443 | api-new.bignox.com | tcp |
| US | 8.8.8.8:53 | 254.211.94.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 99.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| NL | 216.58.214.14:443 | analytics.google.com | udp |
| HK | 152.32.131.84:443 | bi.noxgroup.com | tcp |
| HK | 152.32.131.84:443 | bi.noxgroup.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2396_RIZCPTBSRAFWUWNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe
| MD5 | 4df5dde302a87e2e85351af689892fcf |
| SHA1 | ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7 |
| SHA256 | 2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c |
| SHA512 | d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3 |
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe
| MD5 | 4df5dde302a87e2e85351af689892fcf |
| SHA1 | ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7 |
| SHA256 | 2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c |
| SHA512 | d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3 |
C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 87e86ba38c28f620d6c62d7a2ef9a809 |
| SHA1 | 4c4aa10c4c428497f24a688360d5334c2315a055 |
| SHA256 | 9245a358f8cd7a7a0602c00eee14055093499e697f33ed22417c4da743729089 |
| SHA512 | 50cfe7e71dd03f257e165da8ae317f1308a27ce4500c5e7c1cbdea79d47a49acdb7de81e546c14dfb356bf2ee67b1b3d06763690e27185e23fe48bf2129b8d83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55fd3ffe12d2b96bdcaf20ba497e2978 |
| SHA1 | e798df99b668ce311575f55f7dd1addc823fa2d8 |
| SHA256 | 0ae2f36d0ae4d7fea42c69183d858278de529379488c0892a1d8d04aa1a35707 |
| SHA512 | f6cc2f6dee5763113ac5456f8149ddd4013b6addf759036ec3000c84516f6f55fff3cdc5a52a4217310c0184fb4a535e4fb362610e26a49786e906d2487c640a |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4320bd17d471c382a57660e2102bf3bf |
| SHA1 | 5fe9c576af9c90b3a1ebdf61438db18ed27af0b9 |
| SHA256 | 18e5567e448c3f369a1c1909816b5a6b35f4b5f068af73f4d37af0fd0e26817d |
| SHA512 | 101bd8f0e5ddcb599dd4a8163ba5db5796e395f04a833f8d029fc3874f3072e963ae41b6996b04b3e5db35bf98352dbc697ef417c36c11cff75d85ec9310bb61 |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a463d86920495c0d23950eedb672748 |
| SHA1 | fa10e19ca6c334c50b0f0ef23d4569030327533f |
| SHA256 | a0e3784ee67c6872c9506f3d8e7d8db23d5a754fab6e456e8f3fd7a7b0921444 |
| SHA512 | b2751d7fe5db38253e8ccc980f4d33a4e5d51b76a9861e83e3923c4fe35d31463503fdb176a3c44e2777191581125a184884bcf38cfd771bd00204703ff4690c |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 303801811fee02a7bb4197f377a46bf3 |
| SHA1 | 467d3e781e5f791221d624fe54eb7557edc78393 |
| SHA256 | 011f88e1581494278fece8f5689c38c03deb3f577aa564dacd0ef989ebe00f3e |
| SHA512 | 1276424c5d98a23bab7bf52c9c6df003e9b40ee8cbc2a3978546bb2d307362a4921dac49f39da513e93c81dc0714be52c5cd51f3ebf9a1b9a117637a89460096 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f4b95093458d563d19964d2246f5f576 |
| SHA1 | d17f42bab3f97ffb11c4bc85b88366edd6b40ba5 |
| SHA256 | c50a001481d3f8b1e558d74cabd567956b4bf8fbd09cfb1d700cda763e56d2da |
| SHA512 | 319856220241165671aed207c62759d662c0478ad0c037d16200c6c0765661b4b5cd127f4e293cc42740b6d37407ae7c719d45f6fa72c2275d003a16338e7cd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\vcRuntimeMinimum_x86
| MD5 | 5611efd8725e779c15bf3220d2efb77c |
| SHA1 | 517c154429d5430452994d13bdbe7be8ba4da666 |
| SHA256 | b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a |
| SHA512 | d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30 |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\cab54A5CABBE7274D8A22EB58060AAB7623
| MD5 | fb214cec4282a54170a5e0a48770026a |
| SHA1 | 770d008de543bcde34d4a9972dce5a4a5990e504 |
| SHA256 | ace4679a6c8fecba2340784501490449931183df086e7ab2e8c0a62d402d057e |
| SHA512 | eb64769712f4433e0dd44fe709242e7af6727d4b205265eb6a8586a9265549c29e900cf37c7ed843e422016352887c80a59423b2fa1bc1b7c42fd5150f1bdbe0 |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\vcRuntimeAdditional_x86
| MD5 | bea14c730a3e9bf19a0737f8d48ee64c |
| SHA1 | 900c494d57e3105ff2fb4b7949204f0cc648dc3a |
| SHA256 | 9879ad78ff0c218d124d98153a44a47aefdffdf7f188f532c6dadd2a38d86938 |
| SHA512 | f426ea932c00024f2af18126e9f874523ead0061efdab7c7dbfb7c3bc9b24fb3f8ccf335b0cc384da7b6f2ba47f98ba0965fed219af74f307c99262bf7c0cf4e |
C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\cabB3E1576D1FEFBB979E13B1A5379E0B16
| MD5 | 1b3ec3907ef91386f991033c3ed33b4e |
| SHA1 | 221544e8de4fc69d87b93a2d31685c440bee0492 |
| SHA256 | a0eb1da0a53b868173497eae8589938344b38f852bad0de95f564217bf0e3226 |
| SHA512 | 10d30eb5853efbbf397108c3f477f31a871b68c46cee4216618eb8801fa9c1432363eb3201aa563b7f99005af6d613d79a6aafd1c30e91efdc06991f584d8c0b |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20231018212129_000_vcRuntimeMinimum_x86.log
| MD5 | 858393867bc6fe6a16aa21c702826b6a |
| SHA1 | 72240ee7815385498b955cd2012bd2e444f6e078 |
| SHA256 | bd8a02c2a23ea6ec4e859406b63e32952b66b92eb6895953cf330b0e84e43579 |
| SHA512 | 4fb8e262cb0dff4729fa67a14c895d149a267eba23303f01713438d2b6819c15d9c8e3dc47f3531991dd2bac904d7176adf63a5d0bd2b0f97de79df64010edc1 |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Installer\e5a576a.msi
| MD5 | 5611efd8725e779c15bf3220d2efb77c |
| SHA1 | 517c154429d5430452994d13bdbe7be8ba4da666 |
| SHA256 | b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a |
| SHA512 | d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30 |
C:\Config.Msi\e5a575e.rbs
| MD5 | fca94b3149b44b6cbb67fa3745b4b78c |
| SHA1 | 28b5393b6c0b52c5a9473322a2fbc4b3b1d86da8 |
| SHA256 | 96f89b60703f862a83cc423d52ffd2ab4b5c91aaaff7400e23d64d390734da13 |
| SHA512 | 4f2023df2ef18308edc9b8a3eb1537fc4e45c336ba20a0dbdd54ec38576f84811132deec43e3349c82a4945929b83e503a929c3978591771e937223103fa39cf |
C:\Config.Msi\e5a5763.rbs
| MD5 | bed2de7e2570fccb83cf7d6c95764337 |
| SHA1 | 3ec28104e455da83fc42e711e1d1dfc2dc0bbddd |
| SHA256 | f604fbf897120d44f255ee3907fdcef9f9e016ec2aa49d1732103ed84727467f |
| SHA512 | 39e71ea443b3baf30c98667a4b5ef723047e6d2afad837c62beca31efea0ea9dab94a951acb8136a6a1833a0de88096035868e80cfeeaee98a6de459a8bd1ba1 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20231018212129_001_vcRuntimeAdditional_x86.log
| MD5 | 90be2283c31c1c346bb56d710a4644fe |
| SHA1 | e7ea5ef75b0dd30d08ffb7c15eedfc929a0bbbde |
| SHA256 | c9b8b796702215fd7df78958b25c4164e1514aedbfdda56cbe35d4ed991dc3b6 |
| SHA512 | 90a093f03d50d4216885dbd803bf8222e9871a691b5c37ba16854bf5fc20e474843de47603a7b737a7724c029052928875c96f0ead57b6a771ce2a21bfc0a143 |
C:\Config.Msi\e5a5770.rbs
| MD5 | dde179c23e559132315887767696f3c5 |
| SHA1 | 1adb106cc1804e84fd844157c0bb31ebc46b477c |
| SHA256 | 23370f7dd7c327e9e4fc176cca9cf17d52890b44490182bf3a7bb83431c4e3ff |
| SHA512 | ebc8feaefa5d0fc1e8235afda7383655df13386fede2e52a3b4e867db9b2b675b4e0ea50c18577620a4a1963c5d4841c6599440a8fd889f43f73f0ccd4bdeeda |
C:\Config.Msi\e5a577f.rbs
| MD5 | cea9f721f92fbfc9429e0bbf079cec91 |
| SHA1 | d59a340b020d9bb190d9531500240575b182428f |
| SHA256 | f0f57884cdd16f92039c522de3fb27dbb092b302b0a4cfd441a87757926e49ec |
| SHA512 | 8281a74b77116b6195c25aa8231f7b194e891356712630eedec9d33ac9f22afc0d5c9abf8a4642fefc1bac1026213a311e2a0a62f43d0536ad0ddc491898314b |
C:\Windows\Temp\{B4210822-3B61-49B4-96B7-D9E852104599}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{B4210822-3B61-49B4-96B7-D9E852104599}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\VC_redist.x86.exe
| MD5 | ff6e9c111f04dd7b06691bed6d8f0db2 |
| SHA1 | 211c95ea9f7452afc1edebca6e303fba84936fa1 |
| SHA256 | 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1 |
| SHA512 | 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f |
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe
| MD5 | dc32bee92db9ddbb64dcfa7133ca17cf |
| SHA1 | 47996aab6a20dbba69969c4b36f8fc718877751f |
| SHA256 | 426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5 |
| SHA512 | 3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e |
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe
| MD5 | dc32bee92db9ddbb64dcfa7133ca17cf |
| SHA1 | 47996aab6a20dbba69969c4b36f8fc718877751f |
| SHA256 | 426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5 |
| SHA512 | 3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e |
C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\thm.xml
| MD5 | f62729c6d2540015e072514226c121c7 |
| SHA1 | c1e189d693f41ac2eafcc363f7890fc0fea6979c |
| SHA256 | f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916 |
| SHA512 | cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\license.rtf
| MD5 | 04b33f0a9081c10e85d0e495a1294f83 |
| SHA1 | 1efe2fb2d014a731b752672745f9ffecdd716412 |
| SHA256 | 8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b |
| SHA512 | d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\state.rsm
| MD5 | 6b88fd70541ad14ca3df49f6433d1928 |
| SHA1 | 101ddf106cdb3ef219d798fff0a45315cc10fc7d |
| SHA256 | 35606c0db74721b339b20f28fdd509bcea5cc63c47204a331e11766c277c3434 |
| SHA512 | 5d1756c97d9ca6ca60cf8081b456ba9e2ffd13ff2b9c1eb6363dbcc1ecc512630619fb69f20f9d2b65e59939ab638fd57464b187fa5b888c0f10ed1db157c862 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\vcRuntimeMinimum_x64
| MD5 | ccb266fe902daed0189379c2ea27c5c8 |
| SHA1 | 9cd58841742e5103ae3e1607275bb660e5010f2a |
| SHA256 | 6ec4d94f7cc4b21ca909fb143c93cb260a26b8b3814cd4a9363fed90c495e3ac |
| SHA512 | cdb12c09d11e297d2caa32ba2f7493733034fdbee27e1f318827de2c502076aa257b3bdae67a7b83f241137e4a09571b7db5e514a1c609c5834d7cee6e3adb42 |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\cab5046A8AB272BF37297BB7928664C9503
| MD5 | 3a0207e15630e5432a4391baab2792d8 |
| SHA1 | 7c82b421e1ba4942be2df102aa3fa219fb38f4f2 |
| SHA256 | d400a82cfb8f7c38212f1cb11b3fc8718873937a5a730eaa694a28e4687f6479 |
| SHA512 | 7c8d1823d6a69207af975088843e96b4e8d29eb67fc72bb3948df4efa3a0baba50da74242092062e202cee625ede2cdd35aa9ef043ac5c1d8bde04a3d776813b |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
| MD5 | 8e113606487e067ff904fe6575d2d821 |
| SHA1 | 1b44770f80fbda5ef5f3d9d3340b3addab08f4ad |
| SHA256 | 94247a642dc0b20880c34fed63df0f9e4344081fd010ff79720ac049be229018 |
| SHA512 | 9d95414f22d50e2c71e4cc01da60ff68f4cc6a46b5eaefada64821f427d8056ca77ebd2b7b7b3c024d0dc26ec923b007ff9f3fdb0766a6cf698da571e96a7efa |
C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\vcRuntimeAdditional_x64
| MD5 | 4a346aa0f9078c6c9b88d5f74ad9ab48 |
| SHA1 | 22c61f9b91a64eb64cd6451e78ab60f59a365ac4 |
| SHA256 | 2e91efc37dabce03008d5923619a35942d0eebb8840ebb8c66fcf5026430e9ad |
| SHA512 | 30af7be7bd3e6e9649629eeb074d21bd2a193b9064054284d4279ea72031250cd8d40262f0b93b2932522fa1bdc2c5e5079428a8e00942f8e1020cb0ff325e40 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20231018212315_000_vcRuntimeMinimum_x64.log
| MD5 | 9cff59840dd8695eb77c3a2937f1458d |
| SHA1 | ce1fb368b6446fce1e38187105a873a04601c316 |
| SHA256 | 7b7e56f8eadd271e64a79b737bc767aea45fdcb84df0e817352567d1b694a521 |
| SHA512 | ccdfeabdb5d104f76798c4acb1511e750aa43dc07e8ba3bf34e94a9314257415507282cf34540ced93dccb68c92262dc54b96fa8e52aa2b1d264b3f8339f8e2d |
C:\Config.Msi\e5a5786.rbs
| MD5 | 806fb1ab63087603d926e61fe1f6fdbd |
| SHA1 | ed7914e2916235788e61064714e89112f0a9b00f |
| SHA256 | 4e4c2923da6840437cf7668c50821a1508e4cf4569eab1851b974d005b365a6b |
| SHA512 | ea96ef4ab16e5adfafc316f36f84c2a8f97e8f435bec42d6f00f334ef378f906844b64f6eb8a1b078ce3a99205cc937a5a732f814b1c14efeb7ad4d66f258a97 |
C:\Config.Msi\e5a5792.rbs
| MD5 | 758459d7882fcd5728703eb740c1cae1 |
| SHA1 | 075eb597ba442c305d4cf389f1d05d9281b9231a |
| SHA256 | 831eb0414079f6144499a537285f890d723ec0895c6c3dd1b93b97ae1a9b973b |
| SHA512 | f413b4813c6d32c8f3cd3ade729dcd4c347088218a085cd8fb281d9428e9a4bbb67fcc47e358243ac3132d61773f5b451c92d2e2a360ca754973508e06a6e754 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20231018212315_001_vcRuntimeAdditional_x64.log
| MD5 | ab9bd30dfb6d7bb607a0273434d463ac |
| SHA1 | aba31e3a54ccd2d0286fa1e54a64c10de7d278b1 |
| SHA256 | 0985868459a87db756cb10c347b201472eaf35b3af5ed6dbec7258997e7acf35 |
| SHA512 | ee2049d4c488a814e055ea9c76238d647c9e75638b13cd0d080dc576556c0196450171457faf12d811f34709d9ab20f01b3fd4eb212d6a4caec4ced8d1966709 |
C:\Config.Msi\e5a5799.rbs
| MD5 | e616d2dcad3c9e9f600d22cfe89f32aa |
| SHA1 | 851b739a18ece27d0bb02130c9d07d7ca0a3e8e4 |
| SHA256 | 3cf1c9a64b0fba4a41e5e9ad2c5db264553633ac3b9ca7d70b6e0e83262296f7 |
| SHA512 | 46b0f86c24db95df200a48a66205026039116c47d527d02475ace737dc2f76ead3fa6d53b03d45ff8c14e3b0d6366428b8a1e3afa3e37ee5d210dcf38ecb698f |
C:\Config.Msi\e5a57a8.rbs
| MD5 | 7ac0280876323589310a63c3c42174a4 |
| SHA1 | 84abc382d15185324e65b7209f2d66f6e4fa6711 |
| SHA256 | c13b78e5457ab7ecd3d67ba1f4d0d979c229774f2ece583dc893391e3112476c |
| SHA512 | 49a69bb26a1677b2e482dcdac718f863622a116247ddf1e30f7ba1fb9e5e0dc80ad71be0d3e1e650a7d64515d5abe942b3dda4aa6b649db66eb1d800fb4b4d43 |
C:\Windows\Temp\{1B8028E2-B299-4D4F-8E49-36D2AB050D1A}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\ProgramData\Package Cache\{2d507699-404c-4c8b-a54a-38e352f32cdd}\VC_redist.x64.exe
| MD5 | b26ea60ea4341cd87c2a67e061e34439 |
| SHA1 | 48f80f1defda08c555e99d55f9914c9674fa8ac9 |
| SHA256 | f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461 |
| SHA512 | 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330 |
C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\VMwarePlayer.msi
| MD5 | 11ba0b61bc40b25f055d1fe6fc74effa |
| SHA1 | 8053e215af2e22fac19eeaaa0e524d6bb262ca10 |
| SHA256 | 9d19235d8025f0f7d2a2902f410cf95914fb61f895ae3c565cee57eb2b2d7b3a |
| SHA512 | 994d8bca58edb279e952a3a3a57ffe656db7644296f7ec1c82495969c6b5220b3983f82086e083e87412089abe483f3a6c49ef647916d711bcbfbbef6090cf87 |
memory/3092-689-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-690-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-691-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-696-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-695-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-698-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-697-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-699-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-701-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
memory/3092-700-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MSIADD0.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\MSIADD0.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\vminst.log
| MD5 | c6e5a66d12536da0f0c61c670e9f765b |
| SHA1 | ca7bda52d2c3b5b5cb636768d9a47084df05e260 |
| SHA256 | 008d54eaf23d20e7c2900cc9fcb3c7f935292ccc3ff90c6bc9625fa5635e9553 |
| SHA512 | 8b7a5e301d9c2e72d0c1326a6287719b0badf6f3f81a268885d9168844502c024a6c7150cf1234f8f3442a1b2fdf544beccd9555ab8bf9180f94f9542f3ae442 |
C:\Users\Admin\AppData\Local\Temp\MSIC1C7.tmp
| MD5 | e224439c56ca79ee4eb0888079d03031 |
| SHA1 | 18838d703255a92575280604948c97abe53ff8f1 |
| SHA256 | 0059aa3ee8902b37ac185a1370f9bc2c790c6ac85d14d03bf9a42d91861d1340 |
| SHA512 | 5d82fa8109fafaf57b5061a27bc4c530107885d4e83434639dbedb6c17a76ebc1e499fdd1e4d7657e8319e86f9766d94c5be4e8524adbbff212bf8767bc29972 |
C:\Users\Admin\AppData\Local\Temp\MSIC1C7.tmp
| MD5 | e224439c56ca79ee4eb0888079d03031 |
| SHA1 | 18838d703255a92575280604948c97abe53ff8f1 |
| SHA256 | 0059aa3ee8902b37ac185a1370f9bc2c790c6ac85d14d03bf9a42d91861d1340 |
| SHA512 | 5d82fa8109fafaf57b5061a27bc4c530107885d4e83434639dbedb6c17a76ebc1e499fdd1e4d7657e8319e86f9766d94c5be4e8524adbbff212bf8767bc29972 |
C:\Users\Admin\AppData\Local\Temp\vminst.log
| MD5 | d0b83ea28dc167f76a5a0ed21385394f |
| SHA1 | 4399928045d3ca2249e1b1db41b4808c2e76dbfd |
| SHA256 | f6324bd7c8554d48728745b49da4b37ed76ce08f3d0f3b18910b0d470b258a4f |
| SHA512 | b4a896c333a1a95b26e0e122a9b62b4a103ad1370435e6d7846d1171a39935710cf45ee400b61b0734ac182b83212d89e1a7efd48d2124ab6dafd375fc8807ff |
C:\Users\Admin\AppData\Local\Temp\MSI144D.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\MSI144D.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\vminst.log
| MD5 | 410c7995f49389b72677676e93ce2ee5 |
| SHA1 | 2f3bc6ef84d7db2518af67a64c4742e4c239192e |
| SHA256 | e3ac891df38bf5e9ca1b0afeb4ddaf7bb1fcfc4a639daf6e866cebb905d10488 |
| SHA512 | 2df4365ef290248edbfce571cd6b156defa1ec8ab7e554326bee14ad3daf36fc7d5cdd35c8366b689c2575c249ff3251a5d218905a92432c3151cba707091749 |
C:\Users\Admin\AppData\Local\Temp\vmmsi.log
| MD5 | 79909086e5c3bbfe3b820f66c7dce0f4 |
| SHA1 | a8fb4d0573dd0982995a875837c776c5b47ef1e9 |
| SHA256 | 375f66596685bd173ded4473548da17e4f634d32af2e2f497f60a5a10e9e1af9 |
| SHA512 | 3c01774fe1e3bb6439cab0de0c3307194a52debd05abb56bf49b536ff40849b9f811c26d567425cf2d895751e19cff8bbf07b38b1444b113ae12cf9df92048e8 |
C:\Program Files (x86)\Common Files\VMware\InstallerCache\{E09B8172-B374-45CB-AB89-2923DB9A3D56}.msi
| MD5 | 11ba0b61bc40b25f055d1fe6fc74effa |
| SHA1 | 8053e215af2e22fac19eeaaa0e524d6bb262ca10 |
| SHA256 | 9d19235d8025f0f7d2a2902f410cf95914fb61f895ae3c565cee57eb2b2d7b3a |
| SHA512 | 994d8bca58edb279e952a3a3a57ffe656db7644296f7ec1c82495969c6b5220b3983f82086e083e87412089abe483f3a6c49ef647916d711bcbfbbef6090cf87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | cddfb0ccc13c012f8e24fce2e7d825ec |
| SHA1 | 8fcd72b891af382df87a99d61900eaa28db4ab0c |
| SHA256 | 4b9fe97b0d32b45b8ab4edd524b9adc66849f6836472b24667b2251b3b7c303f |
| SHA512 | 8c08b23149a8d1869208b89bf5ea4da2ee600cee10a4f3c72209610a4bd28b41ff0e95b5556055209c64aefad935c827fb2502ef1d4811248cc412aaba244909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_264D47D6D8C34D077DC5D354913A7951
| MD5 | 328eab466bbc09aa975f695fa8f82d91 |
| SHA1 | 49197b201686baede1dd705b631fbf5c92e57b17 |
| SHA256 | a1b7d1655c20247439bc2fad3abcde6156882b565ffac3466fa0475eb0d00b91 |
| SHA512 | a661de731927d65bd7d388aa44dcaa31068bc9802b79fb03dd8bb6a3465f8c3c7ae90749b2f3ca0a041b8618a804a58234a6c4b3237b0f5ccb96522665109c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_264D47D6D8C34D077DC5D354913A7951
| MD5 | 1c5bb9f9d422ea7c0507c322ce7d61e4 |
| SHA1 | fd144ddba8dc6c70b6c62f05ae061404c0b04fb9 |
| SHA256 | 622172bfa074ba00c955a236438f2742e65604e6dc33d3a9ab97d161dcd7b545 |
| SHA512 | 2c7b58907f53fc90506d6a663ee7b689401a88ba95be510f92b57a980e9652afd64632b555306d7b1cfcf874122bf5949b8d130128239aecd7e5da1e0351a261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | b8a2bc411029cd4845c62bf6b1031141 |
| SHA1 | 136dc311e055eb4d1ed5194755653cc8331bd74e |
| SHA256 | e7a62b11b57b7fec6b2f7b1a09425b9370c36a29890bd727cef2bb407ca81502 |
| SHA512 | 137a2df2570d02a8f5fe2334da48bcab7ead4d94d848293c7cd8b902f958748fcbdd149121e23f8efa891acb2c8db880c68dc093fd2826e45951d5cb3f165134 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 11762bacc2e6c5cda3aa4dbf8b13c346 |
| SHA1 | 9ed3c5f373f0edf13d22293ebe7a5c3edf4a7102 |
| SHA256 | 89eea481af8b5c2e19cc9c5fa8a670a7a663da3aa7d0930496af228eac6239ff |
| SHA512 | dc320b9ea8fc563b8c215dbebcd6af84490d4ac64bfd3944ed188aca4430fc0d13ed6d0f08d4f14ca33d6a153fa4a34e3ffddbd651e9446712190aa4b1887ba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | c9508632d6a0bc5645693876d33ad4cb |
| SHA1 | 603b106354a4934d5958d3e1752813ffa2c36e2c |
| SHA256 | 3041ab80943b8dcd9d9f55266f149b9ad56ae29f60279a4726445a111cc6f31c |
| SHA512 | 59a8d5fc7fe849653d757c32e12bb7a58bc6f46331dfe7e68aabb00536860ab95807dbde09fbbf8f420ebc1604e905398a072a8d638bc56dead95d936aec512c |
C:\Windows\Installer\MSI37C9.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Windows\Installer\MSI37C9.tmp
| MD5 | 9c28fc83d53668783133096b10a09c88 |
| SHA1 | e132c869780c04bb75966c316c9d61a21ceada2e |
| SHA256 | 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a |
| SHA512 | c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c |
C:\Users\Admin\AppData\Local\Temp\vminst.log
| MD5 | e072f69e52f0fb2466d94627eed7c3b2 |
| SHA1 | dda7153c72fdf77624cbae57bd50b23d31cdfec0 |
| SHA256 | 89512eb0314c112af881dc875ddd23848e38203087d9dee6203dd0a5dd8ec2fd |
| SHA512 | a7f49ccc6b13f71fcf5c95782f3ef5a7808d778a51ce1327edfe5ba38b2710b1e4535966bca9416327c082986f9253d93cda0523d949de843eeb69ee9f81c1a9 |
C:\Windows\Installer\MSIBC87.tmp
| MD5 | 70a40a864efc5affa6d5b7025375bbe7 |
| SHA1 | d8f1df9c9e7e47cb2e7e26f090668a8665c29056 |
| SHA256 | bdf4edcfdeb992503f6f2e00b7bd0e21d82fe3b08b326ecaa66706692d4295eb |
| SHA512 | 7e718b94b53ca203724c4b183b16371c91c6a1c45e21ac719974495e255b09d681862e4bcaf872320ac5753a565b11712ad2cd5cc89b09c7cfedb5b529eba2fa |
C:\Program Files (x86)\VMware\VMware Player\vmwarebase.dll
| MD5 | 00fbb0793dc439d6d3c5985e3273fdf9 |
| SHA1 | 0878f4cc94f913f86ea80a91bd8abcbd031babeb |
| SHA256 | e2b512b20131abd6a10e720aec5085fab00055a58a8d418313e3e084b68259f4 |
| SHA512 | c876e1bfaba8e646ef38f6698841a27fa1b2c5d4ea660de86ac4fd1a3a170ef08378feb092983d58351b05e7c267b289736d71636c8a8c002066cd96534f9a77 |
C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw9-config-option.xml
| MD5 | f9f88ce99b113b935df37a746d96bc2b |
| SHA1 | 7484bdd48aa991548fb1ed17bfb7e307595dcdae |
| SHA256 | 4f9b2b9267eb779e11569f758546a8cab4aec10f98915dc13c9ca16cda4d423d |
| SHA512 | 28484f51eacd816f70f1ff62882aca2860ac6fcc9f37782fe09932ace7b070677f4b088a2649ccf0bb3143b6495bf5be994c709a8a6e6e62b8c06a32f022b726 |
C:\Program Files (x86)\VMware\VMware Player\netware.iso
| MD5 | c5c08b4dd839de30e6a2981585544a22 |
| SHA1 | 6f2d142eaaef9875f233a6daec2d5fd1266dff73 |
| SHA256 | 2c89993d811f5d90f7b0e2a286e9339907055e51ecb16f25509e5c4517326487 |
| SHA512 | 2db0144f53bc4b6016051d81e72a174e7f34221cd05f2fc7820f39b7ac18631996cfac0beecf10a4522ac923223a4d8f780b49ef1e841d08d9d1d2528125d953 |
C:\Windows\Installer\MSIE1D4.tmp
| MD5 | ba3165ec14e657e6235d6d789e9e25ca |
| SHA1 | f626fcc0e7e7f26a092da6a995f5936a45c4f71a |
| SHA256 | bf93de4755822425f3fd3928b52d2a6e6c91ab069213aaaa95695ed3e17e72e9 |
| SHA512 | 6d83dd60b1f8e8d93ddbda657b1c75f86c1f5f6eac899123f6ce498f5dd1a5abf05e29776144044c6a848e8fdd2b9a6a5367c4b249b879a310a260fb6b55b6da |
C:\Program Files (x86)\VMware\VMware Player\x64\icudt44l.dat
| MD5 | 58cccfc4824ce98be253981d1087740e |
| SHA1 | 69ff1822448fc25f56298890eeea62e974f44da9 |
| SHA256 | 7e1fc96fcc98cb8f0cb44cfa94b40549a40bd0f9968c3c1141631aa0af95a1fe |
| SHA512 | eff1ca414672758fa1bcfc3ff2d69bcf0bdbb4bb8e94442c1e9108d5b11203b355409de9af3f6ce943a693e7198329afebde2b0862959fd48ac674c341e49429 |
C:\Users\Public\Desktop\VMware Workstation 17 Player.lnk
| MD5 | 743c1577635a2706afa1e2b3e2ede3a5 |
| SHA1 | 2647abbd732e96c86f4ec9afe2bb49cbc8d4cca3 |
| SHA256 | 0d9a6d2415ac8695ae270e78393da8b8ab075723e2b490ab6484fbe914ee4cf5 |
| SHA512 | 2edf8c821f9123272e7faddfe01db5bea71c542fdc34a7b6c37898da798820ed5d625915f9a702c68c48a33a8c9ecb6ecbe456d9b69ebed252fbffc0d5a5f452 |
C:\Users\Public\Desktop\VMware Workstation 17 Player.lnk~RFe5ce585.TMP
| MD5 | dfef74b442da5ad7ae54d5af30c6ca59 |
| SHA1 | 5378a882c488957ff98f4acfe78f86e79d871737 |
| SHA256 | 82e7710da20c4f37f785f5097f342eb7b0bb6a3ddaf757bd12515d0c455d8ba3 |
| SHA512 | 67764c26db5063f83c4db67cdcb93ce5b959fc0d77333df25756294da1a0850badfd47413fda1797b3fcc35ca2589dbbaafa1e4e480ed494186d4e4bb0609513 |
C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
| MD5 | 7be6f8ed9b2ce43f3d1a94c5bef47b7b |
| SHA1 | c3d9d9f603448f7647956e7b6cf539129ab77cef |
| SHA256 | 79ef3f355ac182751f8aeb53a41880b8eae3dbdfe068040be91a357d746fdacb |
| SHA512 | 2c5f204f2c31dcc172b89dafb5b799567554e450c64d84beabca1fee6e23b5bd6daa866dfc4deff7000696587d639efcb018759035c9b2ee8eca9e53f0e9d1c5 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk~RFe5ce5f3.TMP
| MD5 | 76b1105b03f1e27b737d606a204e9a62 |
| SHA1 | 2bb08e81ba79d2cbb2232abaa5321c5a3e578fb3 |
| SHA256 | f24b1edb3548f66807510ce9236f5789679876982828f2ecb6d0f11888ebc9d4 |
| SHA512 | 77ccbe29adead13a9f7a011d99db0ef04e9071766b39238fdfae09e7a6d0ed344b5ef9dfc9bad66a8cdd1a6c52a0e1e94885eebd216ab25defac4554e60fbe23 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\~Mware Workstation 17 Player.tmp
| MD5 | c2145668507f94730fefce153661e7a2 |
| SHA1 | 80ee7cc2927afe2a7c75a0023c4500c7c9f8b975 |
| SHA256 | 419277098eeccffab93755ea93bfe6fae3f845a35c792c8d5aee07169cda69db |
| SHA512 | 8b7ccc9c344eaadcb4ef42b903e57044b2071f17ce3ef0f1faae5e0d6cd2b1942c1e197965e406b9eb961124646f216ffc77728649b306ee350ad29ab743cc27 |
C:\Windows\Installer\MSIF15A.tmp
| MD5 | 8aedd60f28517e54c49404d3dbc14789 |
| SHA1 | 538320184e74e4d0c02b3bd9367282e9c7b34707 |
| SHA256 | 26341fecd46af24bc5d8dba4f26fc9196270515adbde08496597f31633d02cdf |
| SHA512 | 907ccb22b28500aa6485746bacd3237048b4e1f4d3a092c492b9e351931c66878da2d366ec8ec39586d260ad62b9b465850bb084270f69a63a97f9bc81969691 |
C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.inf
| MD5 | 5626db3a5208f1a16480b68d59735444 |
| SHA1 | c273d1abb9da822686bd70ea12c92d49d30c6950 |
| SHA256 | 4796224ac79c0a09d2afd2f3f9d2f0518a9444b78240814601d3a8dbc55d19b6 |
| SHA512 | 0089e928fd40bab41eb5b52104d7eb9bfab0a49cded5e9f15aebf6d5f59d827fe9e1107bf9dc16cd23e75e1e136c23e6d7ce564cef9ab988ec64de04558c3305 |
C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.cat
| MD5 | b3e02dc8e8142640ec18309573e5cd4c |
| SHA1 | c97cb825a1d6413dd42364fa7071e07a85ef7f6f |
| SHA256 | 43a4ed79fb779d7f5ed51c745a59615184e8388f6996ae4ef25a2a8d213a3f5f |
| SHA512 | a2584c83dcf82936c02b830ee1a3be2d9af21980bbb258c6881d17a03617aa703cec8ada76a28a118f2edea17ceed94d2b1d23807dfbef0092d907b149aaa1e4 |
C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.sys
| MD5 | 925ad5e40223e8b40053aa4c567df41b |
| SHA1 | 8fc75d09ccd1a95414afb5eb2d2f4a3c717c66d1 |
| SHA256 | e793959c7bbeb12873253b46f432b9b078ec25174d3ad4140de6b08ba649627b |
| SHA512 | 29bb44db3fbc02f2306b44b8611abc0b488e75631fbdedebe740f8c54c82cff9b2dc4f8a54a6cd020733f84b11d3135e6c82a038d3f7d68639373535dab61a09 |
C:\Windows\System32\DRVSTORE\hcmon_1E804F260BFD7A2F39698591B5E6FF49B1EB033B\hcmon.sys
| MD5 | ea0bef1187b8c4bdae52d762b97713e1 |
| SHA1 | 3a01ea3a08117fc3a06f56d23e4dad4d46978d96 |
| SHA256 | e685084d055c0b05681ff52d1260e79bfa12c3d63392c6918178734d87b54c76 |
| SHA512 | 9f223cab1c3f33670f6aac1dc252a1c25045f5ad56d6d7fbeeaf30867cbe8aa0de42d3f77d54a94c46c138bd687093abea4c61a77488bc3e9b5edada020d440c |
C:\Windows\INF\oem3.PNF
| MD5 | d542f7c13596a2fb4821131b3e090f14 |
| SHA1 | 4a4d71a0c6e2f7ee0ae9107f1088b60f9eb801cb |
| SHA256 | 849bd984aee76ee0c9c564190df801d944d7259c972a85b17f29164f8d6f134c |
| SHA512 | a20aa1c64bd3085be5f96f34aee772990bb234635bbc63f55671d33f60aa2e10bc36db94e347e2fcd05eeb945a760022e434d9710fc3a0620b020d4fa221f10f |
C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\netbridge.inf
| MD5 | eddb5653f0d4465a2adf194d0ac2fdf5 |
| SHA1 | 28f5ae108899a524aa2368ada7a2d1b5a6c66a14 |
| SHA256 | aca8497b6f65b34f7b5d95d80505cd9feace5987619b6e4a1f7510537fcb77cf |
| SHA512 | eccf273bb096fc8315f8c6cb3d6cc736b1224f13b5337df9e4a8d613364f2fbdb7f211afb49987197fc7e2ed723de3f2ab6bdbc80a604bf0eece4d4e703a3ae2 |
C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.cat
| MD5 | 1c22dce43bf0757f895c35c7ae5de100 |
| SHA1 | 49c62e5f9dacb21918c995311fd2785d688ef67f |
| SHA256 | 2356e41b4ca641c3a82652fc9e4030a228db5959817f0b679c78cae8cdbb0c10 |
| SHA512 | 818324f1afc08477b98081d26f64b61723af1b111c20f8082bfad258ecad980600f7cb2d48b9fab0ab91ea65e362f4f3c3b11de9f1a5cbf789a3f602a3139cc7 |
C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnet.sys
| MD5 | a6052a9e2b31206fe17e79faec960180 |
| SHA1 | 793c5a191ae1c7ad76964f75ac4ecc55b7316bef |
| SHA256 | 0fdfb94990987a809ef173d190af5887e9b608e83daaf75c0c8d38d907eae1b9 |
| SHA512 | 27a37075f659e755fe064eb987cb9ca8eb03b9b085e2df65ef49e01273c10e270c1106fcbf1ce2b1d91b69dcf77588c950a18e4afb0d4013f5a293a013a4e303 |
C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.sys
| MD5 | 284079c2b673cef55380f4efefa44a6c |
| SHA1 | ea30982d5f1db56c46b0c1bc94e3b909b2ca4403 |
| SHA256 | 8371fe9682b88365c3898cf89d78ede650f3ab09a863de9931cd0143f0f55abc |
| SHA512 | 73209aeacbe5da463fc60a2b8453cf55d990a1043ce37b9c93e9b7b0edd7e5db6ff348d262d50df36812b4012297b957b928b48640e15a779a45b6fb23580e92 |
C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.dll
| MD5 | f4309443b33d60d29cf488d9e0df1d87 |
| SHA1 | f6876338a43c7082277d0e2d80c2e7d82dd4b9dc |
| SHA256 | 2ac7141de5d6303dab0116cb9226fad10205532f80570ed875714c3714b890aa |
| SHA512 | 652f829c241c68e265aeb571d3f75fbb4c4852c085dffe5cd898eda527c696e87c592e542100e74de4a0b8fb1928c671e2ebfb936203e127bf29fcb1f4ff2868 |
C:\Windows\System32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vnetinst.dll
| MD5 | 7d9f03e7dc7b03f7f3fa671342cd35f7 |
| SHA1 | fa9b7fd227e1754b17abe7b0c57664546586d140 |
| SHA256 | 8705d4900c6101f4c67f4ce76bf26595ca31ae5dee8a1a45f77e543ca6b47c7b |
| SHA512 | ba6fa3c0e80293cefab8012068246be45cd0400f7cd096dbefb8bd8f08a4b7ebb4601c20cf96b8b566ca669152248b058de334cfab14e851c4464a203bd4bd00 |
C:\Windows\System32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vmnetuserif.sys
| MD5 | 67e0ec5f275cc3a13833671adea446fc |
| SHA1 | ac4121db324efa58cfc6aef2f11b807625394967 |
| SHA256 | 77cebc6ee49057c0a87f458cdcb07da37bd31ea83973f5d02fd03740bac54444 |
| SHA512 | bc864ff902d15e955b9528c5ca670d6b7b608bd988e65592b37580f806bd061ed3e4f37d74a5f6a319806e4a545b74680d6cbb2fe966537955a2f191c881f1e7 |
C:\ProgramData\VMware\vmnetdhcp.conf
| MD5 | a88994d410622250542b444f881b1934 |
| SHA1 | fd98cec5e859fa5e91820bdd351fb25d994bcbf0 |
| SHA256 | d954b30bf0016a2042da3fdb65400c8484088f86f0e9118686e67ff1f48801ee |
| SHA512 | bbcb4ba1208df0138c9680116b880ad0835e07cd224b6a3680dad7a79790dc1a204dc0d5bc2002677cc2128b63d1d6538528a1ce53c6d270b7f109f35120498a |
C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\netadapter.inf
| MD5 | be9ba6026dbe3ee60c9065a73d56dec9 |
| SHA1 | ebc737df0c6513b5611432122a160b1a507c5fb4 |
| SHA256 | ac2d201cfcd14658859357605ddda855b6f49dcb051409e45112b06d7db0e215 |
| SHA512 | b5cb8512e48ae1b9ce27fc56a1e4985da05b34e1dae80a2e46755d40fad89547d88445370e78b82dcb1840b6497bc6fb6fdcaa957506a4d26060df75fe7cdd6e |
C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.cat
| MD5 | 1d4d98ff37dd7593f7c837374b3ef0b0 |
| SHA1 | 558f7f3f9a28216520a57aadb83bb29bb6e6eead |
| SHA256 | c14638cf99380a7bcccc1835af1cd0e5bdf83f067de7f309876142b3bfecdc86 |
| SHA512 | 091e452a5982b8e5e366aff33f681f50c3474d722a1be58a7c2e878a2a1db922537d82a8642406bd02829e023166f106d2e37f13e9c666cc4a11a379c353c318 |
C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.sys
| MD5 | 473c53dd8f56cc4fed9e1371ab94297e |
| SHA1 | 156f8cc9d784e9bd2735652a539509d982fb9267 |
| SHA256 | 8062940880fac20d9d8a31d5e900578ef3ab13867a8e67e01c5fa7e721f8f0d8 |
| SHA512 | de007bb61e54206454c943829cca076b88c5f81e2c53ea939a9261ba53ca1bddf71be0e29c4e5451758c3bd0482f80748883c68d60ab4f6fcb3c6bcdd9c7a7c5 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 3c02b13933e10a9de0a564ab6ebb53fb |
| SHA1 | 9dcbf3471c00220c07706d296ded5e74a8da358c |
| SHA256 | fc932afdb4088201ef931dc2935c1c597640a48a26df566c0c5ca00bf8265c54 |
| SHA512 | 225b07cdbabcdc5652eb65d8b7143721f16d9dba177087afd41a8fc34bb591855ee831a9de0586c241164d7c639bef84df6eeffe80c3d03681edfa1cb1d67d88 |
C:\Windows\Temp\vminst.log
| MD5 | a4490161d1691e3e84382064e3dbfab5 |
| SHA1 | fc078c162f888d4caaeacd43920000455a0db213 |
| SHA256 | 1bba1f0d06e458aa308438713bf2cad47ec3481b1480314c3c40609e2590c1aa |
| SHA512 | bb44d073965c58528fbfd8bff624f2e3a128421aa8f556d76b901a503ccb3feb220737a3f94d1a6a5f848bfd7f9c38c5d533b71ea2a0efc36dbfe3a84d126309 |
C:\Windows\System32\DRVSTORE\vmx86_669FCD1D989372D507A41C017F9D9B620B285CD9\vmx86.sys
| MD5 | 94908dce6dbab7ad5b73b579cba01c52 |
| SHA1 | 3b6ff317424307d2bb6f590632037bf532e51d62 |
| SHA256 | 27932c4ba456fac38348d441c054692ff4e21a3640db37bd623da5358af3195b |
| SHA512 | 70fb5c32960d162ca404d10f19bbe207b21798a1e1ffd17b5ec7f3658b36b0e538174344b9e809152df9ba9ea38be0e53f0256587652ef23d805bd862a3b0822 |
C:\Users\Admin\AppData\Local\Temp\FWF78B2.tmp.dir\DIFXAPI.dll
| MD5 | 116eaa5c9bb2cce346a42eafde2dc152 |
| SHA1 | 13c433306ebdafcd983410482fd42685bebadeb9 |
| SHA256 | 57afba202253a7736e7296ca9ad606b9640ad6f5e9c231ee291f511dd469c783 |
| SHA512 | 57d2ce75bd4a645eda5a9a77a6e92789cc527412722b2fcdcbb271c0d6eb8014b596d16e9ed0e72c9e1153e60549d13be2241fbd13223779dd9596e52ee8f944 |
C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.inf
| MD5 | fdb3c5882438a6e996d13a7ab48cf467 |
| SHA1 | 7257251e1b43912d15defbdf01056aef80d043a2 |
| SHA256 | 1e71d0b7aa6a8835986a2d603c7218e792886fec4ea889f13200cf0fdc78a73b |
| SHA512 | 551678e245c37c61433bb06f5bbc1075b76c1b86b06907b0a8d4c1e240b62d13922a0465919f361a6584388d80333201b5b6202b3fa1c6ff7771a58ba9ea8716 |
C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.cat
| MD5 | c888f61b9b09bda1f1fc1506123753d4 |
| SHA1 | bc2be72275b899d848737bfac8e0ba1ea72af63e |
| SHA256 | b69004749d69e2d826a4341d2ac409711fb984fe2ebb4afa2b3dbc03368493cd |
| SHA512 | 9a90df4b4e4eefb48e81853d02e3f2f9b6280636322436b717f0763bf7feca79660fc860f8142b915fc475a20de4d876c1a29687061468609e9cedcb725b88d4 |
C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.sys
| MD5 | 339e79b21cd73fe1174b56d6032e40d2 |
| SHA1 | d85e6a6a585fe4eba6f2601ae97a9db171f2b5b1 |
| SHA256 | 91e68a9891339a8db757c9eceb65371db83822fa56305d61330e50194dc97131 |
| SHA512 | 10d5783d92bcdcd536abbb3650321f150f4f8a0850e99a974dc3e445dd6421b41fd9ce0da951efcc553b5bb00719e11c4c22c01f2c0882e35380a15de0076484 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys
| MD5 | 64ba085bb02e9ecf3b21f0377199289f |
| SHA1 | bf00ebb018e9b0fe63ef3af971ab395fc0ecb7f1 |
| SHA256 | dfdb2166d3010a1e7ccfdc38f0b1524fdc4b79b17b06093b7f9820b637d28343 |
| SHA512 | b2d3e43f291cfc0215c1e1df1d61b94c7e7d7780bdfa8d627edcb58b1298fcc96beb8eaff7567629e2ae1c7ae1b0ef60af6abd6fd9ec0b380c5e20ebb0a8a8f1 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x86.dll
| MD5 | f7d359d175826bf28056ae1cbe1a02d9 |
| SHA1 | 19409b176561fa710d37e04c664c837f5bf80bff |
| SHA256 | af1df28834936aef92e142c14b1439ca64d070840b2c07b87351174ec0f71d8a |
| SHA512 | e2d78cb2d6f1b2f3c410ccd5272d0b3e34f3cdf25c41605b12e9a1f408308084c28c4b427c915ed87e28f21d662846529711fa07f4357a7f7f727b96a5d0e7f7 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll
| MD5 | abe700a6459d2d6fc9774e0277350ecf |
| SHA1 | cefe9bb79520b3cadf6d1bbf44fdd771487b3d7e |
| SHA256 | 952603279b8851c3739d562247f3f0a373b5fd0eb5a9c3baf1e6b1e608ebc6c8 |
| SHA512 | c6fa33ff10523d408be2e5653100fb3aabf1cecaa810916a0cbcd32c5bc2da76ebfb73256719843700ee4d05a7adf7b18c9130dab1127b7bd8b1d089b8219349 |
C:\Config.Msi\e5a57ab.rbs
| MD5 | c1a03a252d2f3ff69cbff3b782e3391a |
| SHA1 | d2a2a238f4c94c123b929eaf160605b3a7e1b33e |
| SHA256 | bdb659c524c3a94d04c16332719d7fec0eb6008e9701e19cd662886c01e26a35 |
| SHA512 | 1da5d4b80d662396a12c422151338a41238c2705a731c6537ce61066b2fbf821667dfa94a24910f68c917f4dd7f62d147dd595133a8129f32fdba7689ba26eac |
C:\Users\Admin\AppData\Local\Temp\vmmsi.log_20231018_212644.log
| MD5 | 1e9aa5474b512157a86778ea5f3fbfc1 |
| SHA1 | c09fc348777cd8c56cd061e99622aa5d24289de2 |
| SHA256 | 0a9ff8f3210db565925bf3386c3a1521d7aa64008057a19dc42cecda19a7c5e5 |
| SHA512 | 1e39d08547a5341d752da21eea3fffd4d883b9ecb05e240d25f8d1afa18558762f49abfd21861f3967434b905ff3c9a12342edf88d37a68c6f698d406651b4ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | c7a33b9876cab748a5a981036219c054 |
| SHA1 | 60bfb76b9f629ede1406ca333b4c237343f2084e |
| SHA256 | 960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184 |
| SHA512 | cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6134e9e7f1052118360e889cd9542df2 |
| SHA1 | 3864b8ff2e8e9ef7aee4fc4b7e61857dd89ee590 |
| SHA256 | b724e9bced2179c6e890c9e5f508fde8ae5dafd82167e9e9d34f39b5c22df0fa |
| SHA512 | 4bf1961362f1ea29c108ec5010b5af19149a2ff40aa8e060843eb9fdbb8fbb426427330c4cd74693964351064f404682b74c8e5a3515320053f74db20f2d66f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad674b0ac28d33596588a6e1439a380b |
| SHA1 | f9de85115139624c7461ceb8855336e6480a213e |
| SHA256 | f6a15c770d553d6738c2211caaa48a79994ad183197d6656435bee3646b52ee8 |
| SHA512 | b1b91855fac706e39d91be057c5d990b6ecef1a809bd4a6dedd48870404d6667e4af893704df820d07e5a09a64a30675814fdba4d7c9b66ec72ee2b4c624c356 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36b181839519509183856c5aef1ac692 |
| SHA1 | 2e0fab483c8eaf6e78f593b973be738e365a0a58 |
| SHA256 | 83b1bf9e4280720db411118d6189d3475003a3c5c86880ec0c64f8f5920d5022 |
| SHA512 | f211bd04b36b5c9d9977340f3665ffb7578f671eae0f2b9d1d16e51148686358257efad5c3df833c287a8119d4104856048d576ad01210fdda236dd5c0ce4ab5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ecef6.TMP
| MD5 | 332f7101baa80c3c1eb41f6d77b2ff9d |
| SHA1 | c88bbdebf122b7ce72693c8c155da2d78f1d3867 |
| SHA256 | 320fef623c62a4fb70616178188bb089dbdad92611736495e733a9f090fdcc7e |
| SHA512 | 739d6ef28a2986656ed0f74fb3e832f9a19565f1fe33d0859c6fd0b71bed962f2ff47e0e780a48f68738f0854af9b818d5b01df96ac7d684b601ef54e1d75908 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00a4f025fa4ab8c79368887cfc3a6625 |
| SHA1 | 646925cca8be820b796d46d5f271c049db9a8fc8 |
| SHA256 | 85ff220fd5cd34aba6dafa031e156ab5fa38579091dab0af02d5d20ca9c7168c |
| SHA512 | 9cfd2f197ae801c9664b30e26fb92dc8b77d61a207bbbd7f6ef55cc2c9a93a0cc541ec7b710fc0886bb57f0e85bcfcff8a38147d62fdc837e6c84c5095198bce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5bb4d183bd950a63aea7fbae5248869e |
| SHA1 | b28bd8d512d88e413ee70fc6a3371cdfdba8f7a9 |
| SHA256 | 337047a32ec92db2d162dd83a9ecedc375e06131a0e42939ca2cc97ca3aba9f9 |
| SHA512 | 185eeacfab465b3aa428a5239a15cef54a0af3ae1fba7a73af4e4e6ee13c0f3395e072078df4383ce568e12ddd92f658213dc5a6ddef15136c0455786fc13f78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3c36603a9c32167172c5a052eb6a3eb8 |
| SHA1 | e3e37fe3f15709d2d82d142f20b50c58111ebdad |
| SHA256 | a415b5d4e8b5b075f8b415fd5aaf622765f02f21a39ff6b7441cfa49157f84a7 |
| SHA512 | 593209d8b365cda34ddb75887d33787d1287d0e4b4c0c10912c7733a8c53a3c64e3dd3e2702fd7fea338c9a20c7c33b9bd6cf4c0c71fe5e06f0c41737e1f12bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d4c444512c1d9736e2cef137f2f0462 |
| SHA1 | 1e778c1396cb964c299c92ae6d07fb3751f1f1ca |
| SHA256 | 30fed426eed8cc70048ed0b199a116d1692d114917ba6cd11525801dbc7f8411 |
| SHA512 | 2bed317fa9e6c190ca5b411a7b8614e685f06ab0fca010f9d368b5b20f2675f95dddeccf4b3297ba606b1585d44a363927b5ffae463fad3b8e751193082d00e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 17b9bb9509fa8aa6e3ef890dc6cb9917 |
| SHA1 | 81d4f55fe01ad0a40d0d798b102ca826e97c0de1 |
| SHA256 | b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe |
| SHA512 | 0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8f8bc016e419e463ed40a47de5fa88dc |
| SHA1 | 669bc151f13f9c3049cf3ca293eac3361af7742f |
| SHA256 | 86a146318ae6d6a2126d6fe149b52b035fbb4dc845c678b023ed57d92ae73859 |
| SHA512 | 9d09a0b07e675ed51c950994f59d7f5ddfd9c08cafde9170a3fd2f279bca0df1154c1c2a7f77456e49bbe1db56a81e27b30df77716afe221671f5ce9265bec35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b8d52b6943ac217101782c198b46d4c |
| SHA1 | 1e7bf465bb54f67587639168e885090a7f1b73ef |
| SHA256 | 2139b667b8548d4dadefd4a5ed33af15fb708a09224288ae6c2f97b1c98a56d2 |
| SHA512 | 060a2ffdcc9a5f3bf50f052fa01ae169268744ce77099f356b6a93efdf0cc68a493ca13fd48e661c5fc8c6f444d352d09b9e493ac14d8dcc802a25211748d9fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4111c077ac41cd409891ec6845baed1f |
| SHA1 | a655bf87dc98cb24268791e96dec7bedf9d3bf49 |
| SHA256 | dd85c11ef363e77fd2b20490417409424d80bfa78d3c3c703af605dd57f6e27b |
| SHA512 | 0f4edbc69050a89b2e7d5ce12774858f9857fc2c3ccd2ff8af0cb81c56deae9bc30f448b4d36c0f820953dd1fa83b087487a458c4533a9bbeab34c2642c9d314 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | c817ba44f7da26c463cb1371038c9afe |
| SHA1 | d0f51362728ca1dd0cfcc45e02cca98610c6a7c2 |
| SHA256 | d3d0d1be830baa83ab16ef3b41333cdbb1e218e94b4c4b84984eed8b6d226f5f |
| SHA512 | 535f365367c119408fe4fa119804992892a282d7eda62c2c4ae882e5153e36496088f16582eb76585cbec3e308ab3c81c268501f858220a75afc0499e78816bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 348136e042260eb9e1a4084e789f82a8 |
| SHA1 | 7d178732508647d0af1eb0c5777fc098e1d4e70c |
| SHA256 | a32297294c25dcbc3e1775198b69ddf87b78309fcedb0dd146ae9bc5a2c705ef |
| SHA512 | 2b0ace1697b327e9b8ee57a85467cf58d8f491f6379e2f2b38a9d718155d0c1370a5c0abafef683b693add9d8316cb23118cd1f3bc538edc2ca10fcf45dfc238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | c8f4a53ea479b07d400640c6b7bc740d |
| SHA1 | bc7400b2ce86425d5c5ed21bee2964abbce5aed1 |
| SHA256 | 7331501045923d02199563aa5ed50dbcd0a2ae86377bdd96a53786152a9098be |
| SHA512 | f9c96512276937e42ae3664a67841d5228a8b79b8f35692905b2697dc7cbb498415dde64f3c694aa0c03e46d8b2c901dfbc311f3e3390485220abdb865d274d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 210a5a11cc3c0411190ac78a345c2f37 |
| SHA1 | 981ef6653e6bf3c3499e6005f5a4983a5a0578fa |
| SHA256 | 67744cb0ec664f1cb17bf04ad2996b12f2bd3df8f6172a708ea58acb314960b5 |
| SHA512 | f689e9154c9a716307566f6379af9c8ca35c33453a367ef5d1234f032362fbfd0654739a66a6800797fabd37dadcc27e754999e73a2161ae33e385e1d18d94bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3e5f73cccc486b166ffaf04a215f9ee5 |
| SHA1 | 1603df690e47c734295f1f901301441e20c7a369 |
| SHA256 | 94c6956473a75a0df7be09c350620911eb37be077d20669e88e827e73b983342 |
| SHA512 | 190a9a13fd26cc4a52417f70d9ce49501144a9568b121c9b79d670dce308eceedd7e451d4689a40f5f3947a5a3c7db7d0d5d5a2abf6be513134eeb52121b53bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 00c96e9b35fc1d60322efb585361b801 |
| SHA1 | e8343d37b26d42be473623a47e5d452ef24389da |
| SHA256 | ae1a15a330c00d7fc80d7c0b68583da77d2a584bab5e8a5a0b728ca53df517ce |
| SHA512 | e96b3b9de9af11b7381857a5ddff6fe3ae8ddf8d9000c19ab3aaa6a77a6662644580a15597a90956a2fcb9be926914b8d04e3be41fabaa2c64afc5a094a13269 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 8d986559decb82349ec14d9ba092ee52 |
| SHA1 | 92e45f24e58bbe2a1b92fbfb3c8ea8e0425dc205 |
| SHA256 | cfdd860da28af30f5ea82b0c1811904a991f6a64d10cc5c79b6e4aa6361c2fa2 |
| SHA512 | fcd4ed51d1d68ea48edc77743af9904e9d234721534368014dc609478cec6d480ed55d51191b2cc87ea757b44a4a1196d8dc50a21932deee6b75fa9e3de8bb99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 7bff8ce89b16244ab2054c5e8541e541 |
| SHA1 | 6971d70ce2931aba68b0a21a45fc1baadc8eefdc |
| SHA256 | 533d74e24be7f3a16f6c0c7b8da1247f9fdee98b2779b4ce2e331c27027b17c8 |
| SHA512 | ad0105bb19baf2ec81cbcf8e377437d935c465ff03348730197b726f73526af5d1c21912ad42761e46eac76efec3708db74675686ee8e37407a55357df73ebfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | bdd151e061c193942be00002c4a44953 |
| SHA1 | c005d3bf0e1aafdd1a2c95f606b413d83e2ae415 |
| SHA256 | 435f7f68b204283384477add4b89b2f6d3e29631db33753e71f6810611cb41c9 |
| SHA512 | 3de82142302d64c91b89912f03e7cd53645d5c5622482aa1970252a11bec9c3820245f3c00ce031482f1cbc159ef0d6f6f9dc690bdb4c43547aed3bab575d983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 1ea833263d81445a70355e2baa4b4c60 |
| SHA1 | 44c6da345b92d8c8fb21c2b056579ebc6abf9373 |
| SHA256 | 42a7834ad83f6dfd329a14e3bd25e79ca3bd521a302238117b19c827594eda87 |
| SHA512 | 56b14aeb4cf8ea5720a5669e2706960327bdfad202f146a2bf23e642ef38637fbf52549fe2d757c52bb2b63e971032b44525b4ff4a8cabfb6081b02558fba258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | bd6903d2bee3c189e4dcc4649f5685b8 |
| SHA1 | 17a91e02ee328c5f4af33850120f5e0713e768bf |
| SHA256 | 09e7fced284d420e6b1f15717c8692a5f78cd9925fd456fc0b632456dcde3648 |
| SHA512 | 8752d0a5b8b6c441ab74f758bb38cba4ddb69f7008887f3c03250b466f6ab8be2a2f1bf655fe759c658617cf17f3e72f2068278e2acbec7185d1894f36804d87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5f9515.TMP
| MD5 | 662bf4d757fc3abe47602e38a4660434 |
| SHA1 | aeb4567c881c174d0cc1ccf473bed8b90accc234 |
| SHA256 | ae4e1e5a61238e3fe2b9b0b11b6073a309e191b48ad9828da3dbd5e33ab0d74c |
| SHA512 | 2f784f9ea679def88105c19f51d392534c8846d5874f9aee2b858a09b535ea445e6e6cb05a2085b50d6f8afbd0c9acb5fc43d2a96c3173311fce137867c395d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | d42b26bf234d87ff12a04eaeab962986 |
| SHA1 | 8e4e30a7ad66039b41413652d2366e9f16d0e528 |
| SHA256 | 6d82c4bfbf0a281ba5d39fb7930ef07aafa9f04793dcb7ec86dd5d8e9e7fdf7e |
| SHA512 | 3ff3ac4317fbb948e0fb95b2d2da713a560ff5b518f02bcaebd072a71ed8381da6574e6c9863574ba8d14ff5a7dd01a2ce3299038c44ab61eb8956c33195f2c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 9811dd757cb12f93f571938b3906672a |
| SHA1 | 9e6da20190e318478c3b730d80bb01b456e296bf |
| SHA256 | 7bbb89c2cd4d23ed4da22aa59d7aa26bed4236510bb19565e7099285b1862caa |
| SHA512 | 6a5b558c8a50f82c699c927910db6681f60b6b8c1def876a7ac1697a1e5dce4eeb88df86a473b351c0652fffc2754b98c492019f25343ed1763c600cd4266976 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ccdb2161d069a23b7ca9a3d21aed8e96 |
| SHA1 | c14ab0e8d48c5e615a92cb24ee6a6ca6382fb7b0 |
| SHA256 | 97d4c33d8b6a54ea924c326cdf6c63400cbe14f34ce14e17095e85139f959cdd |
| SHA512 | 1df97f65fa1dbde2aec28f45d291c5c1e766cf4add39518dca9b08974fa8585b41072101d153feeb25ff68ba9016cd70a2acb538cff1d7f16116b6928d49a96e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8829231936aaa8e17bfab063bfb561df |
| SHA1 | 65ef2c76809b449761fd747efbadb09bf60054ab |
| SHA256 | 124922915235470d02037900406768293443bb9497f621cb9cd0da38bb575e73 |
| SHA512 | 1d2e202b71bb9ab38f5e52d1085816e3c2ca645deaf350e6f82f451155ab5c652308dcc07a114634423ba991f9e2473878401df4034fc10187f792d2bd9c6cdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6dd42df249aabfc53aabe875685b97a |
| SHA1 | 4156f8ee0056a056b96d38040619d5fb0f8d43d7 |
| SHA256 | 2822fcd8fbbc42eb62bc3bdea9954d539c35447a907fec7bf060624c67404fa1 |
| SHA512 | e12852d4d6feaa0b2b5fc2b40a93569055cad28e0d65011321244d141ee762164a6ffb84d3ba4362fc3b89bc121b93b589268c511a04b1ba64292f545f009172 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 0463cce3220e34e8fe6521e50f42fe01 |
| SHA1 | 79683e3bb7405e4f661590d950e50e3b3d36c8f7 |
| SHA256 | 1b6f494e70368c5f89b5d8ee02fe270e85016e5f83a46cc8d7b55b9260ca3c26 |
| SHA512 | e97ec57aa607aa4c4158c85cb2eae29d9f177bdd5dfeca5415a733e4b65c31d62108931e02a473833b03bd77b85410b4a007e5894587473d0d8919a5b96e9e3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2701ee8635a373856e2af013256b5c40 |
| SHA1 | 102b3a4d2991cc2dc32992bd8cab74af30d111c4 |
| SHA256 | ed62b8af623db4af5c0722872e7d31eb525ba5bfd19021e33ae60e72a0145632 |
| SHA512 | 31d0043feb274013da2b62e521d8afd7f7ac0a46ef33118bbcf07e1fbda2356a2ba5e47093bb43bc903ca64ddf3b0c8fe18a8d8b10f8ea664faf02dd61654982 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 699fd0cf59c643687883ebbc6512751a |
| SHA1 | f4cc33359ba26fcd7a3bac9d283dd614aaee6785 |
| SHA256 | 70119c7df5e2ee1e553c2cfad8cf52d3928f22bd3acbc24ad6069f2daf068e43 |
| SHA512 | 9140e67766e53c648e21c6c334355f27b196a4e711eab0b78723f7f1c007ddcd62fae182abc82b433289373d0c12677bff41c8441eeeab4cae0684cba3b629c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f44244d91dad88bc7968b234f4e6c2ce |
| SHA1 | b3d750cb5d6e16d413130648ac266afd83c882b8 |
| SHA256 | 9b2cce2598819d42dd95e7bed4081467913c7ae3dabde29675c136bef802b376 |
| SHA512 | 329b29cf5a72b80ba57ef4c9b76416706c9c03afa4160ba735d256af180d740347b7e528fef5f4607570450e3b5e1b5ed1b704d775e0cb6477d04a52859368e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6d6972361063eae3785c7148b5356e8e |
| SHA1 | 651f9656dab4e7e5345eda36f2cece89829cceac |
| SHA256 | ca6ef7863bacdef1fddda5402402f91ed3442a088672adf155c6187129806e8a |
| SHA512 | fcb678c3a2c6c248e1a246ed2a6c239c0bf7c3825347ba280f49b99a6addd237e1f4477e0f6e448316a23d82b1fe27f4028b1208162021c345af0e14f97a328f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bfff4780563efffa43e1d875c797a259 |
| SHA1 | 52b5af02bd01c63526cd76dcdae6e13bacbddf5c |
| SHA256 | fbd87417497d3630c79a3bf67908afd692e23932c63f0e17bb89852022ada158 |
| SHA512 | 5420a2489911ca259546745e55874f857976185f37a494d9e0c61acbcdc220ede46fc8a19be9adb1126af8f7c4078208773791368b3f1edd7d4bb32ab27825d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe600b6e.TMP
| MD5 | 64210613c79a2b39ee484268fa701e82 |
| SHA1 | 262a158cd127263c9345a5e023ef732654104c60 |
| SHA256 | 235b08d624931ec79b50b7a723ba12e0c74d5b5ca8d4713a2e72297d7cd017b6 |
| SHA512 | 7055c502e20b30e2b1e5a2312b155531411bb42417549aa35413d066979acf5f312868a6bd8cb662e2c300005ea0c9f16ecad53621d36ec6d81bd051b04d1ac0 |
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
| MD5 | 08f0a3740a8a79fb1237406f124ba18c |
| SHA1 | 4ce24518064580771ea8c9748e29fef7c990e34d |
| SHA256 | 4b01840ffa24b4834dd40d3e8f8f3aa51b80db8086c7bb0aade4379f28261bb6 |
| SHA512 | d515f524c77bf972616245b49cd7191599afc07abb1eeae09687bd6294b133b71047e6487eae1f37c24c26d0efe3fa02183b9e7e57ce9687464f5ec0682696a0 |
C:\Windows\Installer\MSI1017.tmp
| MD5 | 785ee78478d43f00870e91fa96b94646 |
| SHA1 | 97e3f06230bb97333db9574e56a187c2b5dfce50 |
| SHA256 | b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53 |
| SHA512 | d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed |
C:\Config.Msi\e5a57b0.rbs
| MD5 | f83e2785eac39534e846e54645f11731 |
| SHA1 | 3dbd8b7235d414631686ac08f395059f307abb8e |
| SHA256 | fc618f07c48756cb0dab96a7d751441e1598262b4e27fa32ab3d35b42e68d925 |
| SHA512 | 7aa119af8a4f80e7d6a7f4658f5a654ecf72ec05cc49d0af079b961989e4ee765cdc6552e2db33cd52a1b358a1e03fa5f5c9e24e33c1872e39c018210892eb68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a07dac6c6292ef2bb9fb7832a032ca2 |
| SHA1 | 61d816224e84bd72c31b922413f8e26cb340d6de |
| SHA256 | 44346adcf7d15f2edb44b4896cc67a28d6eb008d1d116a6d4667e28a9ffb1d77 |
| SHA512 | 807ed2c07bea1e3330a6779e7164e2e01617f4f3faf393073c2bd7cc9dc26d5fbb6978c258c5f83883bb77b4a6feed8645501becd33c286c80a54ece3d68fde2 |
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
| MD5 | e2bc472e588a1ea3d10765a10f50aa90 |
| SHA1 | 7966e8bb63a40de09f1b5a857ea16c49dc0511cf |
| SHA256 | b8786de82b04d21cee5ac9ae69d23c945d5b935b68a6064fd66eb0e9718d953c |
| SHA512 | e15e3248d931c45e1f3a624bf6c8b30efbd2252617fb034f344c3013c69e5048e05d538ada40dcd147ff98f3f25376b41c4f5ec46701bd905bd80b04d25f7314 |
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
| MD5 | e080885e16b5ce5e94216b150d7d2a7d |
| SHA1 | e86bdda23ff3f0354688ed8552eb758bbde3f2de |
| SHA256 | cb0031a14f3dc53e6b409a28086f5792dbc27ebdaa0878dfcf86a66c9eaa96d1 |
| SHA512 | 01b5438141b697fc16767830835a0694eec21847ebd70359f83fb216f0c0872055664d4151989a9ceb08689c151bd5790ff861057bdf4e79481fe6cebdc0315c |
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
| MD5 | 5a8ac90888b55a52a824fa5fe36b572f |
| SHA1 | ad21c3462ab7afd23ff4c5b6326276adce0d82c9 |
| SHA256 | c59eb4d1fe15ed95e800d488e1ecf59d957268cd1dd1af973dd0511f4e3a6b4c |
| SHA512 | 8c5e5cd9f166170a513725e478c083025ba0764d436865a6e4cf68eb085c9de5f7dec0c4c18f8c570b1a8e154c1348eec19152a185b5e26c531d0d0e74bbf86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d0bbdacadc58e195be2f5854008b8a86 |
| SHA1 | 86dac57347c42115c166bc65caa7ab0494941b04 |
| SHA256 | ec0f9cc292b31e46dcc905733c458b3c567a08896ff0ef4e295bea53dbe49786 |
| SHA512 | dad41f5dd8654a3b06f2ee58a09b4ba53c0cf9d2d3ad664f51317dbd9552736ced4556576b3e2fc6f13a3a07cfb6cdc9f9059ba9b1e672f4d5b286d2ef974ef6 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Program Files (x86)\Minecraft Launcher\game\media\background.zip
| MD5 | 963f492e15c31838691061863e8633db |
| SHA1 | 8177b8d04db29e4dcf592097fdfaa928fe185c4f |
| SHA256 | 0b13af6240c02c1ff811a5e5761628702f5f35838df0a823d78edce297cf9d9b |
| SHA512 | a996817c7a85bead4c9763926aa0f0a969a6dba837bc38b9880a4afac7709ab83374fdfe0054601887f548037ae6b431ae2e763ba52b685da1a5a75106ee4242 |
C:\Program Files (x86)\Minecraft Launcher\game\media\common.zip
| MD5 | b1a0ec10df6122bd1c15052f2772e350 |
| SHA1 | ba793e1a906936553f4426be1321b092d48964b2 |
| SHA256 | bcd0d0a40a967ad2b71dea4fff49c407d68b4ad3e2d88adb9d2c92948d51014f |
| SHA512 | 59473c3ba29cf85e71da1f0d20e558f59123690250161e8b2ce668a0c4c69dedf6ee3ec69e196a6e2596c590e6e0a47cbb847805f3520f655ff60997643307e4 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index
| MD5 | daadf7b0fb9811449ecd0633dc8aea6b |
| SHA1 | af3800df9b33eb80156c6d7b35d3de159550b094 |
| SHA256 | 0950e0654baa4ed779bce0f8c183995b34d06dbffb408c08cfc05d79020733d7 |
| SHA512 | c64e16053c59e15dfae2cf4ee39cd851e59c6394f30f1a2777b1090dd9ce0b71e163b17c75848be89706b6dd397bf76440539b01b0f89240f003a89e3da8c361 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index
| MD5 | bcc4e460843f7d99824ff84bc003d378 |
| SHA1 | a56e0e06e56765cbb174d99d8b82cceecc3abfa2 |
| SHA256 | 87d530f78c0f1e32d282c71cf1b394b40ded6f581ae4756ca439941299b6f2ea |
| SHA512 | bb0e06301e1c27645f7eeabd1f4a701ed59aa9f3910eb6ebd5bc08e4c91dda563dce793ac0dcea18cc27959ae69ec038779d991289bfeec33338a400e6f74238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d8f4eadb68a3e3d1bf2fa3006af5510 |
| SHA1 | d5d8239ec8a3bf5dadf52360350251d90d9e0142 |
| SHA256 | 85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c |
| SHA512 | 554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60953231-6845-4b22-ab2c-4ff6a58ed537.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e047d30fc315ef90a08f6452aea50aa |
| SHA1 | 828fbb41013aa447cecef6ec2f8808d86debf874 |
| SHA256 | 9adb3f279484d15b2305afe24c12161a33d57b6444b0e234412b7d3e22c887ff |
| SHA512 | e75e71f5e22e0024e4ef4123f6d9e3408369668314b1c749df25116a326180d0dc9afa394aaade6632941fa221524da5d526695521fa038ab1b31a78b196be7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d5ddc6b1516641e9939aefb834a9d7ca |
| SHA1 | 36dcf0bd264752ede9cba81c1f53ce7644eea6f8 |
| SHA256 | 4e9c4e65f765a4e54a5e124da90318e41bf1eba11e3f5371fcae2c511ef4738a |
| SHA512 | f162f96e3f216e74c57c5b3639c9b010593271902f95b3b9f1dc3bc90321ecc1486f3688e15ef06f5336daa50d94acb7ca85a53770695b6014c96cc0e96099de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7c2ff303520c03fd434363b4cee6d353 |
| SHA1 | e0e3d7e977c3f585167c615253897beefdc57375 |
| SHA256 | 76586a9398b4e3efeec4be95fb4782d5a2b114849c2e7de395067d62e8bc9ace |
| SHA512 | 2ca3c50182efc209d07dc8a2664cb69ea18ca5243446bd295db61f5df5afe7aba2acc62aa203759fd31a2506e30d2986e3a0accf1ba8e930b90171fdfb884e85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 8a7105617af7e5e9471d79d527f5752a |
| SHA1 | 17ceb523267060b80173e7dbced754beec19a96b |
| SHA256 | 529a3e0f3c3cc506976fb66bb5e064c0e40e668e7c3321e004554070933ca3d9 |
| SHA512 | d8ddb099229398671899dc78451408da195252a031c639d7b74fc71086106af807789a752e4b51dde2b9bcca4e9ad4f0ed76b890d0dfe527d0c5c58f550fd7af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4db69c4275e542275fbe763f054cbe25 |
| SHA1 | 37378d2d68360cc4617594a9f327e0da9198a6dd |
| SHA256 | 8283cc1e2513cce89296afe1b5b06f49a43949e6cba3b96602e3b95b28a8a786 |
| SHA512 | 227f6207aed94971d5148b2c807dde8e4952722f83ce700c5d68ae166a6087ed14a01efc0d41ed27de06b7ceef8721876a072623f95934074167235dd47f269c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2848503c536d80142db5b9f49f9e76bd |
| SHA1 | 6622e732a990780d6c27222cfcd4f392024b974a |
| SHA256 | b2eaa2d957b2cbe7ad997c6e697e4d586e8bc87ce5a391d7b6d47ab9e29f6de9 |
| SHA512 | 25c3fe07392d96f32798f10717d22d5eb7717099ce4acfbcd518a8c0f05cd72e2bdb81d7a9a87b6ab6e2a7288a36af861a865cd290101a37ee567f18a8b858d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 486b2c984deed79a6f209960e1e9d7f7 |
| SHA1 | 0ae64298e076ea80baecece8561cb740481f2271 |
| SHA256 | 4267eeef757c47f85714d11ba7a885f13b8941e5e54a092f3b0631e17cc4f9ab |
| SHA512 | 100d163d3ec7975597e035c6a3750aed37e11dce4d971d2c937fb920b43398101e13c3bdf7a938b983560f83ea899af8fc08a48f4cdc1b36acda5df9ff57ce22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab7d783a25edefcdfe8ac4d1f4a9585f |
| SHA1 | be75d79e0243e31a68cbfda4927f36218dca918a |
| SHA256 | 934908f68741af01d9ec8c1f880ee092821abbeb7d061321a55709c66179a33a |
| SHA512 | 6a65c4ae8c634573bbfbdd8161774bd71bbf3d2de1f6b3f8b63cd7e84d4a26a19a48731fba00a9909e216c5553014d799598daa1da1803a7bab3e05935a3447a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 103438d3ddba6b6ed94c072c5d1ad02d |
| SHA1 | e6f73c828e2cdf7264a5ee196bc89df3ca211fe2 |
| SHA256 | 0bafed1f826a327ac16b942dfd01a580ad8b71dc8e223fb519b63158346c40b6 |
| SHA512 | a4b642c60ee3ecc9d96009c70407d7a6f752c7a90ff10fd69358a0f0a5c6cf381a8e949c5137952388a08c1a86629e74781d84b7a4b4323ccf52cbfafb2f62ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0f865beef2fcd746af570fcd9a10850 |
| SHA1 | cb49833631c6d43b88f43f6e8f3f0a5d4886336e |
| SHA256 | e80ef14d6db5b5092e9f8e8ccd7acc61543ad273793abeea765b7787851cdf83 |
| SHA512 | 03eec7ae8cc8ae7fd78bbd468e02724217430eb6fcbe893e581179f8980c597c7ee103cba592ffffdf0ac8286dc682711d0ccd7e97d452fb7d4a50b00689dc8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e484878ee7ea2bcceab46341670ad0f |
| SHA1 | 169743181b9838ae97169886f5e18902ccd6ebd3 |
| SHA256 | 8d13fa0ca6b62cb63708c19522d891fda59ca6d13ac8479bbbb35e33e280d78f |
| SHA512 | 0d92d36bfb276c23205850d138d28c00d689ebddf389d0b249ae6272cb9e4b8106771cdee8ccdf16a894811225a5bb4f056cdbbb48aad0618f763cf54cbe83b5 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json
| MD5 | 5dd02d7050b2640f805b3d8fae9a561d |
| SHA1 | 8289ea699f627a7aa5bdfec40d0e21477faffaf4 |
| SHA256 | 688a8ec02104d115063e5e511bd6cc441813a0c0f51d895ae76123010788e178 |
| SHA512 | b8c029d43a903b9d5e3bc7579b74fbef0b998084308c0b08472195a563fe53b5436aae76f2b74b9d1a765a19b1226873133528588cd70c0e767227661ce91728 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json~RFe61dbd8.TMP
| MD5 | badc4040693d3e4b09621207afb680a2 |
| SHA1 | 6c2cf2461d254ba149233e410fb65d1bb359cd4c |
| SHA256 | 139309239dda6eeba742ce21c773ef314abf2ab5b66fb84a74c5b03f02713003 |
| SHA512 | de1d7e864b2a13ff933a3c6dd86784dc502c48832b88bb138f523c3cf0737be030a3eb71b8938a64a6c7710cfdee7ca86c4317e0b3c572145a9ca77e5d54f14b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccbba543490bdeae296c68ac18295201 |
| SHA1 | 4fcb4dd672b4798ffe17bee689be6001d23e2a67 |
| SHA256 | 69517fa434646dd9b134a9cfc9a76339d5b9870a5053f9abb4024d150d385bae |
| SHA512 | de28369323d42fbd8ba3fcfea51fe25b5b04916fc1e9fbae61515a4828401f6d53d085e4cdfac9ec68786437678c56d1fc19bdb81a1b3746faab9e05ca62266b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 775d9fd9d4316d22d1873b8e9d1e633f |
| SHA1 | 9772d92abcf562f44d9612a8b76de8be41b69c03 |
| SHA256 | 76586b9f3cbfaf46ffdc530a91eea5dfd5354a028621d51d9e449a1216c8dfe1 |
| SHA512 | 0554f1fdd8aaa3caf4237683fc3db2642ba1defd7242e69fec02e0e54a4d4f9a54479d8344140e6bf2bbb6968b529ae8086cce922f5affa352451228376f36d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 01808655c624e1752acc157b88d0dc51 |
| SHA1 | 1d998842efa5b71d79ee050b64e2ac70e75bd130 |
| SHA256 | 42532506988d749f210bc44b3cb2adf33458116d46d336870933d8711ba87039 |
| SHA512 | 15df0fe0d702a8d41fdbe95f4d651700f1cb0011ae2501a84e3cbfe17618155f6705636d963b8014f4b16bc1bb835f75f0bc8b098403ec3b64b53327e6a0c0a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e7722f2f1a7906357495bdf36af49078 |
| SHA1 | 63bae544ea03cc188ee37d82a81a12f5728281bd |
| SHA256 | a28e92537d5382e333980bb93c4d86404dd44d743f97cd948e64221e4f879a3a |
| SHA512 | c7905eab2473e4f0fe8b9f4cb0bee8ec7605a49ab8990ba15ae311612a6082b36b28dd705e335b1e080a1fb3e4b2683fd74f0cbed7f7a0bab6639e3dc399a9e2 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State
| MD5 | 6a8879f6388b3dbc3a9e9faadf780831 |
| SHA1 | 23904613dd51431b9793ba22535c4484e8fd5913 |
| SHA256 | b13d2e55ae50a5fa85483b54abb44f14bba9e799e2a17cd924e0fadfed332904 |
| SHA512 | 6e36c82cfcf6f099779cbe6975ae93254732d968fd56af90380aa4624badfbcf0af0baf57ab2d6a8e0f758f4f07957d301c1f4389c01f4a32df53c72e896555a |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State~RFe61f3a6.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7da59e30-1f6b-417d-bae9-70f299ded1d7.tmp
| MD5 | 636e17c94a2ae244cac55dc173bc3ba7 |
| SHA1 | 688f1b96f1ae0d26adf4e7d37ba47ecd3dd86f13 |
| SHA256 | c3bc931eeb22fffcc38990a0866f4164cbc517ae6ffc1cc17204872562bee28d |
| SHA512 | 01b9a494df3ec7372112d004fd3b158ba851d85632a6ef802b4d43623a84099bcfc99e53c722c985ece66b694b8648291ad55fc64d4f9eed786708375836e889 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2cc7bee6b3ef7590067dd596854adb1 |
| SHA1 | 1bd2c73c10a564e397002735e79a8bc2f177a729 |
| SHA256 | 12830d4d4beec102f0beb1c1f2334c443d0a5ae0d9a0cda0f54fe6696778454e |
| SHA512 | e88aef8efad845fb5e95a161bdbc70e126968ff613dfdaf6646c4fc32bc399994b229e885aa30b8655768a43acfc1621146263c692ca03fb88f2e8e14107bdcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5de5156d1c98ee7a_0
| MD5 | 8bac0b701f3dcc18b287960bf0ddcd62 |
| SHA1 | 45ac8dedfb33d8f3af3c15e3638222e2f91173ee |
| SHA256 | 301186946fc8180784652efd6929ab803d2edadd746665153dd4027585d731b8 |
| SHA512 | 3846a545b5a2bd6b6d26bd7e969dcfc8c650438cc64bd919e61c60c23e82974beadee17fe88700f4f8c05c197cdc3b3ac30f87eee2045dc24369238021fc28a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d45856032dbd7f0_0
| MD5 | e38e4edbda08927729426bb3f874020b |
| SHA1 | 6599bbd56cc031c29471954d836a41d0f7d54be2 |
| SHA256 | 1ec1e64d471fd37b32b581cb781249cd53889138affc652ea29f7517fbe27e44 |
| SHA512 | 0dc16cfbf4e780e853daa611f9d6020a3fce92671d7873c0493aacab48c6d27017e521387dbcfffd495e94da01a1511768f316964ccdfa84ed618b45f8ffee36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d56bcbdc73470a0e_0
| MD5 | 7761a72b21f5ed065800139a5776ee06 |
| SHA1 | d77bc13701a19d0c789c0e80f232c0a7a694ed11 |
| SHA256 | 165cbc87df7b78e3ca0b1d1ca96054b4993ef21abfc5374b19f87fd5b1031859 |
| SHA512 | c563f84b79252c667a0c45108024bb4d21856ea31648ea5a517075d7fb800fa4b0331b062ac67c3c464ace3d4709e26f70a3bd9807706534682f7f426502262a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a365447ea5f15aec_0
| MD5 | 121e5384def8c8137e4067df12d7d2fe |
| SHA1 | 4b51dcd5d22d2655b93a327368916a6a017d06e2 |
| SHA256 | 161eb21fb9d45ee962d696b3afacb3d8e3e5287f0c107f710101b9bf09ca6842 |
| SHA512 | ba73a1a9d37658153a6ebd23b246a5701709cd927e40b0c6f79bee3d31660bc6360061f24f4a4051989d979462f5060da5e3437adec61c87e1a0479889e8c765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b93e632b1e9bedc8_0
| MD5 | df0ddf763987cffca2c8a5ba14f5f13b |
| SHA1 | d35c40deb97a154bbd8858fa5865565d5580e6ae |
| SHA256 | a17416d89d8b09f186fda5b512632c6cde2b8f9b9db025ae30ec5d4086420937 |
| SHA512 | ff22a802d2fdbf3496fa77ba65d73b6ae210c5b033f8bf19aa39e426f1f57008111bc9d1961daac4f91aad7d5e273fa6792b39c241f00dbc4c3fd4bd9b1e80b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26f2df2ba4762c22_0
| MD5 | 9dfc9d6cf92eb137bec359b83c31d7ee |
| SHA1 | 32ee0f952736f2810ce7f11721e00ffb54385925 |
| SHA256 | 7a2a0117dcf85f7bbbfff34eceaa8ae77d3e2cf7fdc421373553a2d731506051 |
| SHA512 | 80b6b886caf04c32768f8f81b6a21a88e31964992bbd6c4d2db9c7d36f222c9c6e6476bb1fd04b863b213fd31262dde02c3efc0df11b42bb9ca0dac13855945f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2082322f3bde07e_0
| MD5 | f130aa468a82fa22258a4ddc00d95d9f |
| SHA1 | ab1e0ae3ffa2fb36fdadb1bce07bd6cc9329a8e9 |
| SHA256 | 1046c47885a8a3eae6f3b8ed99cce9f95ec91b9e0d922e739c8fd2550ded8732 |
| SHA512 | a73f5e7b978035f23ec2139e9e0f3d9dccc516ccfde8a411f93bb2ed8867c5badc6194a496787a9e2623b5462dce744d7720e9eca35dbc8a5dddae7d31d95af5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | a0c81ba8fe0087cb1e11ed99d9f6b36b |
| SHA1 | b3c2464bafa150bec711f4705de7d2a085d01051 |
| SHA256 | 17957ced8a0947d3bb9e256eec5fda86329ee33b8821f066a2caca092d53669e |
| SHA512 | aaaa57e8884fafd92bcb87bf8cf54b8af7ca8e77c5ac0689fa38486e2f0fbab00c17347997ec37615f87edf1b20fd13d90f98d972025fc10f695623b8aed9adc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 5b2b2a57dbcace71068f6f44d7a9cc34 |
| SHA1 | 6dc4af386658d4091adee49380d724aac32fda1f |
| SHA256 | 32ac3cd8ea24fc4e4494c52d9cfcca833d3ce8953db300b8ecbe5f6aa88b65a2 |
| SHA512 | c1978c14ff0c856fea91d63c95cbc0ca2ef33b8d843dae19dd3495aa8ca4dc866d2be26f089db5983bb24995229d6441cc988fdf75bd85443abb0d8788685ecc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | f81f65df66d21abaef6462923c141b52 |
| SHA1 | c90c86b6a5b2cb2f00c00112f7c6f9effb8cf545 |
| SHA256 | 5497c7c3fba6e57f3ba56019bcf8015857359ad253ddb9009939923aec4135ff |
| SHA512 | fb84cb1aabdedec84e88c27ef87b1c497becff22361a16e2578b01f4f5f5f0d734e9e6b819968afea9c115cba776bcc7efb82c27cdaaa0f3e08906e0f70cadb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | ee2d17909d6a26d453f784b94d0fb8fd |
| SHA1 | 972162dcbdc9c8a647c533dfd81e036f8539db81 |
| SHA256 | 322063386219dc174071965f0eadb4e517e988b5870963899d19019c9938463a |
| SHA512 | 396ad5120ebd94ceaefb822bbdf5a6ccdd0ed02486f8534f36d01f8db53fc5737ac52c426f1ed21c3df40c451582358be9edd9809d5a5765025113d08011248d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a024ac08940b41331613a857ff7e1f0a |
| SHA1 | bbf74f7022dc7f73e3f48a5bdb00de9ecee47895 |
| SHA256 | 5a2e28f0d5d5ebd4f3c67c78747ff05653edeceb1cd6e326196cae0dea0948fd |
| SHA512 | d5136a6136ce5a976fcc4e10a6b66eeb3d40b7b51d11767e7df8bfc43db21175fdc4871c3065ac6d8d774a1cff289314866dc7311c5379e8b518231ae2a96ad5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42b46e37e1e1e3e61106eed03b1ed73b |
| SHA1 | 0d64bf8ad8a0a6f65db05d6e8e723e018c89a57d |
| SHA256 | c503d264a12ac1e68d99ae3f12c394627285bbcbab8f78d451de0f76bf7d2088 |
| SHA512 | 188681df569e5b8d83ebb28045d62b7b40a4c1f5770c06e795b1fb1913809c219ef3134ddaac12128309ff3afe8eaea3f3efdba73a70c351b3fa6b9c42d23ec5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf60712ccc54d707b1e19020182924bc |
| SHA1 | f9906eab919f0e51abf57dda97f0b3104ccc1c42 |
| SHA256 | cbdf1b11ae52b26f52130e9530a3daa07bccc875719a44682d3bc77ccdc7af06 |
| SHA512 | 84d1a1dfa1b97c53f00b13d31718640e76495eae4ca272e05a230ccc3a3331c98c3b4c3f06bc9b2755a2eded139c30b51a746e95ead1d4d02817db7c71016d5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d
| MD5 | e2dc4c3ea0d4cacfe9e089ebeed86fd8 |
| SHA1 | 2362b2c1041b1d1b414eb66d5f3f92183c447f23 |
| SHA256 | 8b714359bcc2d1dae0f728a08ec015930b41ab1667d161c355b9aa1a93e6b6be |
| SHA512 | d044ab9a74bd7843f469b0b0ad0caa411b1a4e555922b3dc3296f005b14c45ab22789eb271562e7c182d69243eda86b3eb4d7024aaf2b9f2637a12d36f2e23f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6f0e993066ea67c41fc60d1bc34f0556 |
| SHA1 | c5831275e76403fb407c5a38379fe8a8720882f7 |
| SHA256 | 0022f77e9e3406f2d70999c67b894308a46fea51860c87368a7e4448ed2958b2 |
| SHA512 | 8fe3aabcea7cefad94749408776b19363e37518e611e5b1a1a18502b83a8b1933cb881c112288d879258a714f518ccb01b5c9b7ed2fe1c782a292c489fc38c63 |
memory/6560-4142-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4143-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4144-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4148-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4149-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4150-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4151-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4152-0x0000000007290000-0x0000000007291000-memory.dmp
memory/6560-4153-0x0000000007290000-0x0000000007291000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | da48037841cecc664f90f18f04b3d883 |
| SHA1 | b29dd112ca177aa2e3359714a3c29bfa5761f508 |
| SHA256 | 8d5c83df995e0f41d742bc75cf8a439c24e7f31ad6e6bd2d8453a9ede67cbb3d |
| SHA512 | e91b75d67260136361e228543f5c1658b0a322d39f27d760911baa52e80fc35fb44669ddd34825139c7159ceac7a35ddaef8261caed618aa2030026f6b1eed44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9908c15cda4ea59fe54067be66a03f58 |
| SHA1 | 6b9b89aadf42bf58ca88accf0e33dc9086c34955 |
| SHA256 | 971aa4db789de09378d13e477f74cd5d3c593e984911ed41bd71d176268ba162 |
| SHA512 | 0443970b570b032058fd72095bc11f31b5964a31968af5e1269d0f922da112a41a3659148b823701d92aac1a33f490b08407737bc5e87e14aefb6b2dbdf1e498 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c593d8859aeb3737634b162d34c0188 |
| SHA1 | f422c9ad0360a60b8a83fcd766aa5d5e7f9239b7 |
| SHA256 | 34cf7d7b65c13dd25fa23f524747028437ab633b74795540ce5fdc2907d6fda1 |
| SHA512 | 8d36fcbb88519a1891a0a9cdeab5ad4cff5efd8ccc07d817342cb26dd1dd758c0511ebaae4a8d973025b44f163213f2d58fc572915ab38490a68475ce878e6fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9296bef536c24d81f37d8ce55b02b0a3 |
| SHA1 | 9555aef1543ea36ef55b2af50d569d64b4add4e2 |
| SHA256 | c4778d0ccc6d29209fc341b7ed30a2a1a654b068f033e23ba2163b0b704f34e5 |
| SHA512 | 4d4e87bb653757010ebb453ec3bdc4550579a51b2e1f6074fcd47e1c9c8bda1bbe26098c928e4021cb3975ea6faf3d032edaed122cdc7c76ace6d1d9d0798f1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d0ff061971d33bd3783bf24ce5c7354 |
| SHA1 | 432345b5f061931030dcb7fd823c52c8113f0499 |
| SHA256 | 4003ec73bd3371f46f88f56218440400545d395c55713f4ea9f884bc6e37289b |
| SHA512 | 444a0a92d2ae37ca1f22c8bc9b394c66f533779212ba6b0910bfcf6662adaeaaf6c0ce92d8d298c69049b192a9c0fc5a6ec9651217539f9a7714d4fac057d2df |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json
| MD5 | bd01bc48cb2a33dc5a376e45d67e610b |
| SHA1 | 783c0384546246dee3074dc2e9c1b9261dabac80 |
| SHA256 | 49f916428c626731149621dc39f28f558cc73d2aa148ce17e399418648c6d908 |
| SHA512 | 9d88541a06da0a833c990772cabd44a1d56ab1d5e81ee80a4a9e555319599353c9f94e4e282a2ffd6392630ce6ce3bd888dc8b0ef81acd5bd17f0d588e3fa397 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ecc33127f8be17d6a141ede5427f44a |
| SHA1 | 712d5b24e5b09da97c4498bad6ac9f7bd0df672d |
| SHA256 | 39b0f2d154743794461ccc4607ae400bf076ef63525ed4c6c185b8077b0a2abe |
| SHA512 | ead63d40c85f64d4c51e6d0fa6302ba0460dbe46926eca3594fb917e8237596cc8fc280e6f7ff9693a1873ab4d96332240cede1a7af527077b1ef651f0398ed6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3532900bedfc40c03b4e15ec62f14050 |
| SHA1 | a55c5ffbe1967c11fcaf4831e1c0da2a4a3a2770 |
| SHA256 | 0c44235c293e08b111eabbc3a726f97ae58786db6c2f51b1999efb80af8ce3c8 |
| SHA512 | 8ca8b6400434c40a928a11abed96891dc64743fe78f9abefc6a621ba93eb16d9c6b7a0ccf5a85e67ec0c5ba5138a78dfcf8d5794ded3e6f46e397f7e9ab0c4e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 012e85e5f3d0edd6720352ad0a50b172 |
| SHA1 | d42484fae7968c842380fe2049ed720cb0c9b94b |
| SHA256 | 7061192486920272153c7008fb1d6aa6cd56b0474ec84595ff88890669bd29bb |
| SHA512 | 457632a1e6580ef1c138b0b9bbc660477e0d06855eccb2d2f16f187cd0e4854ed2de10b22bc6311b4fccbc3d75f94981cc075587016ebe5b0fbf52ac236b1f38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | be9e237bbfb5b2f476f885f48fe38efc |
| SHA1 | 7a86c8ac52782761c288136c5e54cc0079688bf3 |
| SHA256 | 03ff42124b8ddb8620f009f8986f6c8f7c6c66b488c9a0c4d2a321298a7aa2c1 |
| SHA512 | 528fedeb8d2e0ee4c56bf203d638de8181961a67fea82a0aa6fc4b917ba47cf9af3d0aaf5b5531a8ed725c033d00c868bdb4e0b0f8ed86eff319c1cc41b91bad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 307f20332914497b3b1a99279bed25a3 |
| SHA1 | 1dbb15fc029cf6f5119c7c1d559295ae269ed140 |
| SHA256 | acf341c7db659f31a8fc67c26f6b2b4d305362fd01d1d6807710ed2bcc568947 |
| SHA512 | 2798227e3a52d3548eda3e87260b45b3df714ea41dd1bf6c479eed13bec6ea79aac82693797765d639e871df7fb7587b628afcf955dcbff36e10b2d120db7361 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8fa9242aa5dcc101930d43d1933a0764 |
| SHA1 | 73af7c8ea413058d5ff1c90013db371bc54e3297 |
| SHA256 | 745c67aa5b8ce01c0190c447be3a680a04eaf557d6106b1ee5b275d7689823bb |
| SHA512 | ec24969783f5a5877aa70aae82dda19da517f0b3e242356ad742a6938480b1f76ac3162a1db5ec71daee523d4961593106a6a62cfa7393e2102c9da91087edaf |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31a39a700ef38f66a9aa443bee2ba016 |
| SHA1 | eca13730029cf49edd1f480b5f0ace449a999ba3 |
| SHA256 | 4f46455c3fd5bc17349535d7e88fa20f72ee93df50adc5c085ac4a22bcac08fc |
| SHA512 | db9790c4f9ebec5c8570aab67f168570efe7cd03cc5f3d998d6d4c5dda4515afd1399cb6a25950aa553cbbbb8481654c9ee371cdf0314341d3a6f1798b719aab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8f28432585bcc8269927611f1457ed04 |
| SHA1 | c40403f26a77a34dba13a5a8a1d3b6ba41905584 |
| SHA256 | 2c4e67ed940cf99f83bb30f2437b5fe7905f9dbfc808ce03b81cad9705ccd9f3 |
| SHA512 | 48f18cac3ffe179b7df51b43d9cd5ff556414023c3782b538259ee809a66258a2fe3878d211c9044e1ca8833aa4885f276d3f2a79011aadd8bcdfe756decb619 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 426e48bd2b70c6b3fffca82d8977d47d |
| SHA1 | 04c042674e25d5cd9c87af2f3264831a42b49a25 |
| SHA256 | c736a94d6f9e0bfa643a5a0815833b8a011c098d2120da2efbf7baa4432e516b |
| SHA512 | 4ec975fafa7030cfcd932884a3ec5ba0ea76f12871e44241d8c6a56051c777f8c08c17284e151cd83a813cd9e0ef3c1e9c0a3d4d86b2b9e11e4a373d80c03b42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 105a5c36c296682f4026194745d8b816 |
| SHA1 | de2dec6eddc4727696d53612a0919a684adc31af |
| SHA256 | 90c109bba2348779788fef4a017e5d2360d5bae7d1db52eb88e346dbcee36017 |
| SHA512 | caeb266d28be0e5fc0c70502d0b5c27ad3070fdc40f3c5bf5b54eb37d513f77d6ca5ac19a444750e19bd2dea8ce57872b54d37ff0774617a72d689bad9b5be51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a49ed5181edd71aaa03ce3f0ad287d9c |
| SHA1 | 388baa8b90bde7a9ca9e989735f580053547c1a5 |
| SHA256 | 54a25296abbfe506717180158694d7c112479af172e8e578d74362722a3d005f |
| SHA512 | 2c7a7e8376f98f33a0bd4b5c8ed18fec2ee2c04b5346d2df91a97c86bd14400086a103f40647bdb1f0858a4a9d77c2b346677cf498b95391f5e7cc3f387a3a3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\775d776ed426628a_0
| MD5 | aaae7f79c37310cfceaa273aff9e3ff1 |
| SHA1 | f3a5cb201bf0db2d587562e8c68d9422531aad5c |
| SHA256 | c18fdb4d8b42a126382a3fed3694db0fbde110505e3afe1773ca95fac9ba31bd |
| SHA512 | a31b97e65efe2d154670a52edf395639e1cda2c30b8fd195a2ded34f647034d8394869f48eac604c6fce0eb9c21af726537bff08359f9ac973b464e95134480f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 41869d8ed77713f6848da543654acd0c |
| SHA1 | 47239abd735e0c4754b0e3f6020d3d702d49911d |
| SHA256 | 6902ce5e22d04a46ef02329962e6587ae50ac9cfbd54690a7e4f24a20a9989f4 |
| SHA512 | 7492f54b0d79c0a4c901296c20c08ec03b0c2b4c150266f129551fd43b8400a282f06eac49c731280876039258d374338934deab3a8b8c3f9ab0a0ca578ea356 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0
| MD5 | 4bd33e676b13ac31f45b07a9013dc42a |
| SHA1 | 2a1ae047f45b0634ae8c2e862e618ebec33e0c6b |
| SHA256 | d0845350b6b203bf3a3e0c88c6b2d84b24ecc50af74973f55234b39911320979 |
| SHA512 | f5c8d04c93362071b36dadfb45a7b3c4073ad78607f3cc331696f38ec43bdff90c85e0b1bfa0c62f5cacc1fdf20488eec32cf16046c57e5a45a7751554feba61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\945c2ec20732ddcd_0
| MD5 | 15e532cef5dd043b4efcb146c1ae3f92 |
| SHA1 | 9e79b6360b13d4ea7567ca7872d7b16b511dac65 |
| SHA256 | f52ce637be24f263ee242ddee3983ac5f82dd1d46dd3b0e5609f45786923de63 |
| SHA512 | eb37caba10fdc6edc257ca16ab6ac02aa7fa7183e34292b1cf4b31a3d3d0445baf27730dde78ebb766cdf30785fa86db650d3d2e452bc3fd1fcd0e631d9fc630 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c557df0a69e0ac5_0
| MD5 | 18e80646abc7683a366b23190fe519bd |
| SHA1 | 136d3a9f7f9efd851b6e2927ed53630abb10471f |
| SHA256 | c02094503b2d2cdc1dee5a026463bf967f02936c2df2d7a51096b16bf037a2d8 |
| SHA512 | 2243c87874a70960f54b32f0d9e94c6933fabe1c3e497b847b75d63d64bf78d0e2e91d28ac5cdfcd4fad7f7f60ffe8a3152fa478ae120dc476e9f978912acb8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083
| MD5 | 040a25b5aa2dadeec37427aa01b569e2 |
| SHA1 | bd3eddd61fd747b0aafb02165494aac4e2e59310 |
| SHA256 | 0d28b84ad90e5f70834c98dee27d39b6da0ace5aba5cd8393373b72b9a0f2e64 |
| SHA512 | b43adf0b9899dc1f8886e1684a56252ac12894eb41b9f8743d5525d7bf92d40c523afd26cf8e7e5b61b4e29ee57dc10acfcd5d227beb4658bea0ffcfeeae683e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 272b78b56027627ebc4f4376813eb331 |
| SHA1 | 97056fc23d95a2de3c44260e1cd7fbec596bb2d9 |
| SHA256 | 03f1bc3865768becb0d12e40f4203543daea25d94e85e224b8e151438a9f112a |
| SHA512 | 39dbf3cbd415bf2ab2f4f7ff1289fce156f4d454e79d44e50cdc5c15f8bf116c96b44249432d7ad7657728900fee8f0008368feebf2524b22473f07fc114f8ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b
| MD5 | a437ec38f0e9ba319c6b2b2f696266cb |
| SHA1 | 16cdd5a8761dc905904655eabcccfa7129db7dfe |
| SHA256 | d7105627ec61036e7153a05745e676b5c128f510aa89e117c059ebed6db17394 |
| SHA512 | 3801a2e633484672877046495ac428647edf764071fdab085cbaa6eb8342f081a98f8f3db47d0009cf819b985ff0396c0d2f1f5194a86a480ea73b17556b62b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | 14878349bc4c92494b322e97ab559c22 |
| SHA1 | bb0fc6f129e3e3f5c48219dcf2945cdf18be015c |
| SHA256 | 3309c5e347f3eda385708ef98c51a875c1623c25eaffee33311268287f0e356c |
| SHA512 | 760b9c47bdd3ef2d5ae39933041834fb50ce299f21366bf3e7af407ac94b05dcb856f6fa74509cdddb35678d17c8b890df6c05c40b126ac2cbc609d6295cadd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079
| MD5 | 5573c63865e00206bd1b2d2682136077 |
| SHA1 | 3fa8765954436acf90140934de2bc26a01a0cc81 |
| SHA256 | b8cc5dbcf324c87997987d0f8daef777bc6beef240b37ffc5a8542321b7fffa5 |
| SHA512 | 1b170db64c3f41fe9e26ebab0e6f0759d196732f2930d31af7bac1d3e59fb9e89ca9be79fb061bf6c3b706003e6f83b37f2e20599629597a14601d4608d70aec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a
| MD5 | 248e7c5430f8352b94627fe306a9f86c |
| SHA1 | c5f60ccd742d6693da51fc57f5d87532a4b652d4 |
| SHA256 | 5c9393eac024e837e7be7c62cac7e8d8daed3cde99819338a734d38d98346399 |
| SHA512 | f39c7196c0eab6f54e7e0442bf8ea83cc4bcd4575572f1ff6eb2231b285ea42ced2d7ca85f855cf33e3143ea4580facc6967cb7c21519b65f430dcd82c25af40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c14ab547821ae16e0563e7a04e4558c9 |
| SHA1 | a283684d589d0b69f1074472d8a499ddfe37ea9d |
| SHA256 | 8b2bfd7ff7711a32ad2da504babfce71614f2490123f48fcd375b604444d9fac |
| SHA512 | 0fff104c977be3febc06c3a1bf3372aac0ffdd579715947ce07e11d6faf88d3fab5d194cc61caf128d9b56a01f5fcab404a3dcf87c8eba79ae9a4aab1c3d36eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5a868d4e29c4522b_0
| MD5 | fe66a8ca68de40ca337e395a78e8f065 |
| SHA1 | a9fd6899f1305b867066dd5c4146b1c73dcef812 |
| SHA256 | 5aec3f1d9494a3af4d1019d90bc5d88fc9d1bca8d572f09e8d89f72872c2fac7 |
| SHA512 | 8b03452543fa9693c8f033a81131bc076efa2f683c1fcc5dbd58aa45d4fe1526859db9d40e752818fda10044a18e3a48c9a32f6b3695bff7a46550d37b14d8d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\775d776ed426628a_0
| MD5 | 343e4640e7d64aed5d62413ed8406036 |
| SHA1 | 067460f216233a7c70ef43b1176678aa70751ab9 |
| SHA256 | 8d9836e7adceb4d3142f858ba707b0001d089b90f15762aa404689908d2c9e98 |
| SHA512 | 749f4c1fbec38bb1b1c8e9fc58dfa986a373c4cf01589ca6c5430d37e89b38eb17ef549be69a6eb9e2e7a54908576edf7eca444c37460436ea520e1f245b7488 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\945c2ec20732ddcd_0
| MD5 | a4845c7a8ec3031edae2fa9e9b9b5c22 |
| SHA1 | 549179a99932a4c4685735f69cbcad617d085c32 |
| SHA256 | 20c6c3aba0e348f0208915527f386afac55b05e15d7f81094d7fadf8f13b8888 |
| SHA512 | 62f50df710b5689d99892c880a1acf79635a7721a4df60d3819f41d665aaebcbd90d09302a1ddc1a9e503a93588532d1356218d72d8880a623d39b18b073969b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1da6077444e3fc09_0
| MD5 | 8329d0861005ac00ef70f75a127382b9 |
| SHA1 | 9b4a60250aed339bceec65229cc6f0c8d49dd51b |
| SHA256 | b06e76332f1a00ad38e59861b51a05d3907e4195b05495859f562a117574dc42 |
| SHA512 | 5dc92f32c2bc113c5d863cb79061ddb7da8e833b75937dbf9ce1140627bc220e92ae03842927bbf1936644f348bd020e2dcc6d8d62b36d1608568dd45d106b3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | af2f770d22b3b1387a15b0cd2dddfc8b |
| SHA1 | b8231a1f7b3989c86644cd81da158299f82a713e |
| SHA256 | f8b9e1db5186fe40edc74db2f1636575d8bbc5d1596f9fc4458bca67a242d933 |
| SHA512 | ba98696d8732d308a356a3288436a0325b586b85769933f6cf82dd49c358b648b0d0a8503cc56f4f436d95650ab134a7030793eb583469c2beedf45571d6d3e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a246ca895feb87d9023181e6fe273840 |
| SHA1 | a3b5fbafceadd7ec9a3d9a836f7853c3a3b976c7 |
| SHA256 | a1c1b6d08e5bbd833b4ddaa37b388ed50aa4cebe14d7fdc28df369eb06fe438b |
| SHA512 | 54092d8122cd2c2f0358381313841b6e1f8433118e80d014731d2735dcc8a8297107a8f4ca7c03790766f69f58136c174a3b2c2850b466e394434fb33639ad8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89308f07a2f2cc68b530b44ddd532916 |
| SHA1 | 59007a92574a534846abb02a7e7cb9d45b40a96f |
| SHA256 | 9c140b182802b96729844f84321af4ea69f921603ba91815aaf547615a079c3b |
| SHA512 | ffd09f86235adb6329d654b37b66f16e1de9af42bb002bc30d32853ce4410a842ad6911eb1af71e93d58dac0ac01bb0ee9f0b6fa877ed85895310f875cf5a485 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a8c365b3e459626f5abc155b8d499752 |
| SHA1 | e5738b12f2b5b0c883973e17183f6069ea6ebd24 |
| SHA256 | 95320148549b48aa6ad132bac3425a67d137407262923982a964896e5704d8ef |
| SHA512 | d4bd1d12dde3fd76f51cf66c2359daf5e3b5b40358069fa35601e8cdb432d00b1a12d65596d45c79c9f62eda42f5bc9d115f31644c7085bc21d9288ca9a113da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a445fef2c07e8ada95f55c3e692644ea |
| SHA1 | d00f7dfc42a58d1ff143523af865faabd9438ffd |
| SHA256 | 4f0a0a4afe09a7bcf668098248d5b228146981b5fdfe25f7249e9d9b3d4de864 |
| SHA512 | 57cdf4b0abd9cf1a252d284fa57b9c3f65bb8611a225bba02b8e254e89bbc844c2f20b44f8cdca3ffa576dbdc26b8593ab670cd97903d18a8eb6adf01dfdf2da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d699cd04392b8bd345d2a8a9f4360b46 |
| SHA1 | a42526599b34b9507b427e3e4aa88dd75bfac604 |
| SHA256 | e49fbe09dd1347c210ab5d94ad804bf9231863266871bf850381178082d7995f |
| SHA512 | 3be72be3e58a9adf7b277bac8bde504976f0fea371dbe7501bd5fbfea4c50dabb9ce5cd7afc63a3c35d4d8e9c1feb835e52f33929801556cc653ffe61b4ffd3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1cef40508d696531b46591142558c2b6 |
| SHA1 | 32bf05052d05e5719e7cfbb3685a67ea79c9c68f |
| SHA256 | 278c97e25a1a7914e40796db438b2e65e6e1620a6ac2ae7f9b07cb8d368a6672 |
| SHA512 | 15a09820e17a0024e9bf05dd03d0d4bdbba649b7d75a5f6bfcc271deef9e2ae6309a3bbcf81af7dd406dd1b60da4aebc5d8aaef45ed83211bce66139e25dbe6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 208d189711cbd56e159fc7df716dcf14 |
| SHA1 | d3e1181db52f7fb0a394145b24ce7078ed361ac2 |
| SHA256 | 2eec1ffcbc3b7a26b55dbfd835fd5545cd72b288423fe833efc1a66382d4927f |
| SHA512 | a1c51f635f35e04e29a3f19990de69720a10a4d41b702589174e721f57ca25f0a1a6c0ef14301d69853621867cec0decad26d5d7dcdf870bec5abac48d06d847 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Cache\Cache_Data\f_000001
| MD5 | a78ad14e77147e7de3647e61964c0335 |
| SHA1 | cecc3dd41f4cea0192b24300c71e1911bd4fce45 |
| SHA256 | 0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa |
| SHA512 | dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity~RFe65fcbb.TMP
| MD5 | 138bcb9e081a079e66a974620e1b0988 |
| SHA1 | c62bf33d8404afc29e3390a10bd512f9a258fc3b |
| SHA256 | f7ffe4fecf72bf056d631acf6302f5cd71f702fddb02747059bd3f2b95a7b2b6 |
| SHA512 | 9b99716e917bbdcc10f639ded67dd62212bd6080b4531d02bb73a0bbe98bda206b3e8b2fda72ab1903a30f1e22dd3c4e4d608473a59a364601f6f9874216115b |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity
| MD5 | dda070aa0571456a2fb99a49e9ef8ed9 |
| SHA1 | 2c45536c02cb9a8d94a5ccebd112998e090c0a82 |
| SHA256 | 274752c3f601f0ecadacebd6e8766ef93ae7038fff68c7d50ba9ff73cb1041bb |
| SHA512 | e7a3a69cb1fabe4afddde34521d4fe5cd46eadea02d343fab99808b6cd64ff88156a786d2cc2386e64b7e67bdc9cbc67f0b25bd4a6fb57dff270118db570562f |
C:\Program Files (x86)\Minecraft Launcher\game\media\icons.zip
| MD5 | 4bf23583625dd16cff556633bea4ceee |
| SHA1 | 0fd4885d5b1d3cc834e761dac9ca8b190738da8f |
| SHA256 | 9a3bd6bbacb1d1dc4b90e1635abacf6f4864f6af2fbab0fc907c332df8b463bf |
| SHA512 | c823607477ad26644836587defe9d7b84a9bb431f601633bf3c52ba2c6a65d5c9e7a3e5f626eead0fd6c07f00b98fca365154c9c4e561b503d4a93155df615fb |
C:\Program Files (x86)\Minecraft Launcher\game\media\onevanilla.zip
| MD5 | 8f1737e03943b5864e1f38504bc23788 |
| SHA1 | d7e8745d0c80d9f0196189e2838299756e54b4f6 |
| SHA256 | b2866344d678bdd2446f1bf685b68def4e6e6a895719b1498fa3ed21c2b8a6c7 |
| SHA512 | 864077f224c2801717442370968a6f163554c1929c1f8222419bc8fb068f362fcb242f28e8dd0b7d512110fa6b4a34717f74744e3a6b9e934c5243fae4fd3e0e |
C:\Program Files (x86)\Minecraft Launcher\game\media\logos.zip
| MD5 | f8eb6d299d44a288c16575658944fb82 |
| SHA1 | f45ae1dd98eaf997a1785df3673f2d3c459e8db5 |
| SHA256 | 4caa4323c7c658b612ae37b400d72c920c142911c601c4653b86be0de81212b6 |
| SHA512 | de03a7a9a96d824cf25c9ce7e489c11b17f045f74bdabfa1256e41fb7c407ae457b7ebdc3af6f870d3411348b82434ee92ef1d2df326dd2b9ae1d7b33942cd97 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index
| MD5 | ffd67ab378626cbdaa48f86c4357e70a |
| SHA1 | ffbd0254117714f7fb1c7a59520e026bf008d223 |
| SHA256 | 44a4106a8db829c728e0975dafa366a6dc92a0e181f617df5c7824258b5e4f09 |
| SHA512 | 5b599162131ba06339b3bc56789c0a1b48a83fbd75cc3856c3dc4246e775f45470deb3934901814dbfc01f5a0fe7186bb915d971d504dd388272a7947eb0b7e6 |
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State
| MD5 | 03c232825934f21d612ec507a3d93bcc |
| SHA1 | 0e0a35b0cc55f0e5a77abec57edc81fe1355b683 |
| SHA256 | 5990bf891f23d41b118c566549bf95c2ce18e4b699751f58fe7ab192ab09aebf |
| SHA512 | c9286e60c02490ec89e64988729c1acc96d5e81d23b4c97d0f0a7405ba70a799d3e8658c0e2e25c586cf02fa55de8c0ab5997faefd71bf0a543793ebda38b388 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ac
| MD5 | d5702da1770bed517ede8b122775849b |
| SHA1 | 12fcd75ad031745d2d686609a3eace54a6445cd2 |
| SHA256 | f88d4fddd2de1125ab24590db59daa08dbfd4c9b36922380d0b48a2559e8ee1f |
| SHA512 | 6f8abf58d7c10c45ed098632f226f5d2d1180a39b2f89841efaab0ecbd613e012f79a957f77c2cfcb5c855e2cbbb1c95d446084904569d31ce789188e48dd215 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f11ce26ee495d441ac362405cd8ddba |
| SHA1 | 3d64f1ddb15d904fc63f8d831924d3312b9382e8 |
| SHA256 | 647a498b7bf20a136fa58db04847f59497d871a2a0be1f7f6d64070c6ba671ba |
| SHA512 | ed2d7f44c327211eb95af7513044f8aeb41b912058258bf0224648ecd5aef85c7a3e8a814749a76e55767213f9fe39c1236c29e1092c978dc8d8dca81703f9a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d79d3c12107cd8ca3a76c0dfa0768301 |
| SHA1 | 8365ac09374a5b5ff4c6145f21551a0c06fe1eeb |
| SHA256 | e161c3a2a53981d896b6f421b363a7e86a4cd1cb3085789f18602dfcf4cb724e |
| SHA512 | cd01461d125c6a6f3e6d1878b850b35ebaf2d26a7e0be3e0030be3f040f79d3c3a53b0e04d4a01f187adf4c27f6769b8c0d70786e945eeea389a14dee153bdaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c7a72aa238a3c5e_0
| MD5 | ba566e88827b1649c4a79f43c04f94cd |
| SHA1 | 6a92c3b8986e85376db9674a16c387e790c73ca5 |
| SHA256 | f634bbd3ea48f39aaa77b94e88c84b981ddd2faf38e39357743e2dcf45027d98 |
| SHA512 | 691525301876d57676d7e6f4c5412071fb0e07dc95fe429e2b4794c1b68e819de74586d70bc83a60e98341c734f4df7671746ec869005650d2db94f5bceeacde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb4dff0a5551a44b_0
| MD5 | 20a93be9c39056d503b6410d0afc0d9c |
| SHA1 | 5a43e6ebe70387120a01e7b6a1be1af43ef2e683 |
| SHA256 | 8a62cae145185ed281be5333a3a946e0dcbff7b2a1b09ba26e8a7f088ebb1e14 |
| SHA512 | 406e4d4c7b1665bc94afc93c4773e458a40bee8f7055a9f7ab9f9736ff9de34c35b536139d42d116674334beb2dddb31491863acd99e05b0e6789964818d8183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 6657efc4b6020ee2ba3cca11b304fa8d |
| SHA1 | cfac02e0f0963ef26fbe20513af0827efba28af5 |
| SHA256 | 2397a147407cba8e1e5db579f7a77331776e998707a4a1c5e39daa5bc6097d9f |
| SHA512 | 0da3d2128062854c4825dad5f97dfc8b2add1cbf57e515979aef99512bb2110a91fe2a871e8749bcb805149c8eec157bee11af4b3ac7f53d83634c87dbdab835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | aefad9f8673d6c0ae957463bd46c8420 |
| SHA1 | ff900a55154bd8ee3b8637f72838f6a0fd8a38ab |
| SHA256 | f2c49b898ad671f8ad8dc5570a0ed721ef7d9db477037129a0fcdbb04f9abdb8 |
| SHA512 | 228d0bb56dec15f971fc92c3cee36a2f133e8f4b6c638e583ce0df4ef2d339360a69a7fd91dae9e641823e52c8c9584e99103b5171b5c5b7cf7dea86ab3650bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f139020e2d4c2fa3_0
| MD5 | 6b03ca75a4704270082aac42c05f7d7d |
| SHA1 | f4b270e8c06748dfaa414818467fdf34129a2e7a |
| SHA256 | 6c290dce7153c1a2d17fbe42746930977048dfdc8b750e060febaa60178b8c68 |
| SHA512 | e2e249890e093f4e8b006cbcd59f1c919ba31447960a9df4b0fdf0264e6a2dde94385decc8e4d8bb0ebae2df758555486f5202709d508b4533da79408e3c079b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce726e8fa67e8d8135757d62318c55aa |
| SHA1 | ca4765191db2483aa01963366df22a0d63b99b7f |
| SHA256 | cf1bbfbf1bd278431d6331b79d0fa39717519360b97c245afc1db80ec43e8333 |
| SHA512 | 0a2b672c5d34781d02dba37f01fd6d72da10b585927b57816336bb1dd80e9f7818042c115e1191fd5bf3d7be41f34b1605b2307204fe9aff48f6b67412280ef8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcbdef1133dcb5a6f4afdf9cc9ab7c6a |
| SHA1 | 67c329c54ad90efde762092c75836dfcde59c72d |
| SHA256 | d1729a82b0f21d966c3e02a4b7d2a134237488246bd272e0bd65325bdf243f4f |
| SHA512 | b3d9fd98aa38b721a88cba8510f4ded9056d1d85387f2e16c02f69a4ce33046b150aadc849b0590c1f70df6d128d4391aeb96cccbab97d8b087621b7a0a7de95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30f924ca286a4a2c_0
| MD5 | 6ffbba593f0b0478178bf0e9025882bd |
| SHA1 | 5f477f6107fe1819d9742f3ce7fe033417e3aa6f |
| SHA256 | 98821271cf07b63f9e4b6299bafdc27069c2913a7a9ba86fc9d213e3224b7b1c |
| SHA512 | bd27749d820e82e3118f3d49a44b90b660c09f131e1398ec5b5a763cebb55604b3b24aecc6dda4b37fe52a4436b887702791613b39383ade0cba3117c997d088 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6e5ee4b440963c9_0
| MD5 | fe93d439aa9a828064b90d3262d216e0 |
| SHA1 | fa5e9960eb6db9f658c1cbd4bf61aade8d34306a |
| SHA256 | 21e96dde8af14f57bc65c4a6e273b68cd1c10bd57d3419d5d5b98bbf3bbf3516 |
| SHA512 | c9522ec741b87696a48a43f71de3c9c92187a719c12e805e9e424ad9ff01d7ebc4a947c60044c5e0eb2dc383729f8b921bdb58da03ff5dad5f60abd12a39fc9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a43872aa1ae7b0f4_0
| MD5 | b92b3bc0d4109367c5d96d00212e882b |
| SHA1 | 0ca1f76842d8bd3a133a3b35c39513aed62eab0f |
| SHA256 | 11ab73cb7f37d872f23e89ffdd23f706d269d80f9efac22642ea2471c8a45949 |
| SHA512 | 9bed0797aa6821748e9222e318c7ba79dcad6b71eaebde9b2ecb50a7072a957591ceafd2ace79ff9424ee041fbe6ee2b22fee7d871d5fabcc637df97fedc27c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cc11f5047a277ec_0
| MD5 | d4759331d03afb65a9edbfb25f6c48d3 |
| SHA1 | 6d50a1d591c8fc6db63ef3f1d2cd6f0d9842970c |
| SHA256 | 37519fc40a5e5044eb89d7780f63278d57874ba91cfe66cf4f7fbc8c723d22ca |
| SHA512 | b092ad263c0580b749e11f288edb30bb4ea06ee4d6e36a1e6372a985e4a6e230304d5a801d0565b90e028f78ecd846c4e4bf5b7c29c543b4008c30871a4550af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f8e83f57f7176eb_0
| MD5 | 554c4ab5e3927f6b7daec5231a0c75f4 |
| SHA1 | 87337ae56fbbbfbead77db3ad3d8534df06028c6 |
| SHA256 | 67254aec27e521e50dc42f1c658cb70ca4d769a3a0a8f656ce515d670fa29169 |
| SHA512 | 06c410d41bd9d43c03093501e249205a4dc49f518f650070246b588a0dbf2d7f4f743c1754242a317bf9e07a3dde82a74b0624d95bcb4edeea7df9f8fd859a7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a4b47a1c6b79546_0
| MD5 | 83f952d2d99ae95ea1963ebb8eaaa91b |
| SHA1 | 50c9266a932249e1245318519d5afe2f7eadee58 |
| SHA256 | 4fc394b60030f9c485d2f9b5524f42c18920b45d9c0137912cd1cc4eda120230 |
| SHA512 | f81db0c27e7cf8c016046d048ef5d5347e5d1c19f5cd0222fb00d889064f23947fdb939afe18bdc3210982be2576caff6b6dfb92ac4255cc2a758b474826630a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 2ed622f63b586d0bca78f0f2da84b32d |
| SHA1 | 2b5e9a2aae395a30e2851ccfb4fd4119bd451ef2 |
| SHA256 | 5a7cc0a9ec0dfcdc8fdbb506036c2773bf80f39970c33d5dc85e0c498ec56a69 |
| SHA512 | c827997684af82dabee63653de0f6371bc2f244b89c02ff6afa4ba2b4223ff5aa310374d828827ddb2c373487424bcd8deb90236ceaf46bc9efa6e92b0cbc61c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\466847db2b4a71b4_0
| MD5 | a853f253d74f4d70c7e8cd32264ce90a |
| SHA1 | d45692c6a4a2da46ef26945159f7af503c40d59d |
| SHA256 | 8a1d84605245f59045668df505081d7cb8e8ff20b6e364a67a60f3b9de8f7e7d |
| SHA512 | 25eb5317f1072c3c1dc3bc7e144cd80ca312ce93f725b26f7f32fafe3d00f52fe1e06bf222829d87ab0c660ab2dd247af33a40e44680087e415f7c9d34b83af1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\60a4c5a5cdffaff6_0
| MD5 | 7bec7b0b1e6aa398c91b9ac6da29be5a |
| SHA1 | ff4b18e52367849d71b2ceba57a79f605d211cf8 |
| SHA256 | d9e71ba211946a9afd178458db4d16c14b0353936dd1cc56f4e985ceaf507759 |
| SHA512 | 56c91ee4a5592a5c306af19aebdf90f1abee3fbbe07ef12c355cbb52857cdd12b5e0be7f13fc88a6ffeeee0ee58cffbda7b80b23b47c4395a574615effd733ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e067d7f2fa00ddfc5aae27dc118c2b97 |
| SHA1 | 9da440709b191d99470e9b4310060db11c9ecfdb |
| SHA256 | 7bad7070717b455b2272774e4c7adaf19cc9b3378178872ccd8339db29706995 |
| SHA512 | f7175aba1ace52a8cb9c1841ea4b2a1580aabc58f6da0763590f7d2e79d21dfd8eade94bdf083d6235bc3b20cb06776a75747d8b80e076be873801e0cc867883 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | f8bd786507346697d039fda89a6d745e |
| SHA1 | 6c1b187e37ca3ba26db396360d7dcc114586ecbe |
| SHA256 | 410cb923172abe4c8bb860070a6c0f7f710c69c1817dea0e83772aafba8521e3 |
| SHA512 | 31e82151ba3452a4969ea476e289ac4c7b243af0aa585f64d2622d8efa0bcba0bbdc5fcc7c564b88026f7eeb1d307efe14e29df832757310cc4558e964fca96f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 51284d8e33c5598b5d1fc418cb215b62 |
| SHA1 | 9e2dc5f7072ccf349acbcd22f36d7e2f038c4047 |
| SHA256 | 83a18edacf4b16c85c29ed83d14097150e11a42436291b803013ee3defccfaa9 |
| SHA512 | 3cd328c5fef67d2b1ccec7ab9c561bcb0a900abecb1d6c0f19fac46beb00a573dee4de2f1c06eeec5a6cd34302e179b0ead212426abfc99a2ac8b6e37d011a41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
| MD5 | 9596f49f32b4a2e5e33d847c2c719b92 |
| SHA1 | 4a2768782fff271e2d5bddf89098a4780c014e03 |
| SHA256 | 7ab3a9887ddaa4ca09336730fb75d1276c0fd9992839329c94b919541fe852ce |
| SHA512 | 52a9ccaffd86761c8ccaa0f180def3223e76ff44bbef5899b69f7ef24e8a074f612b9333dd5f6ffab1374c172da132d71cef76f2ce76c9a678fd9a1173cdf4fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6aea89775632c665_0
| MD5 | 1c9beb962ed3f01f6fdad8e86e9f4feb |
| SHA1 | d217598b6ebf947bdfe9a15c9cd8a89d6c3a60cb |
| SHA256 | ebe6ebf957c38e5febb1a195f5db2d2913adb74682d96aa52ff06d75f72166da |
| SHA512 | 38cac148a765169da81569c45fb57b2d877cd03794438b1f0f7ae68e726843e2a57167103511d95cfbbe53a258ca054b55969a8b1b6292fb1fe241be6416c830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8aa05b2bea09f81e_0
| MD5 | cd44d09d30435da87581c19bb0a14195 |
| SHA1 | f584007d7c4c93c979b6f5693c78998a5d7f8d8b |
| SHA256 | b0967802c5aff3611c0ef3e6185a792e9427343cdf434ad7cf6c8f2a31524aa4 |
| SHA512 | 63cc07e4e1013337cc4777cdfb1e370d25cbf73e5b722ede26bc3cfa307e3c6406fd2dbf0f000f89319b25a983982dafa9c227f70912fbdcd100012f3ccd1657 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3654e910-b57d-4262-957c-dc639d7c8bf4.tmp
| MD5 | 0d7e3cb8036694dd32e7a9e255296b32 |
| SHA1 | c8bded49a5fc57061f3363ecf43f3c0bd0e1ae64 |
| SHA256 | 9eef29c16309ad89871e9ff623771748f01a1039d9602dc258301737700e7e04 |
| SHA512 | 73fd8eccbd230288249e291801510f5380b4e2d0990a51e0182de05cc371c940ba259e16d558c4aaed25bb17450ae3c59c7a61a0edc40dff9e6131a079544557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0b7516dec2d8a9f4ce9eb3be3e3cc44 |
| SHA1 | 189e4765aa19b523c9a68f4ffb5f2f6d370b6a4e |
| SHA256 | 5189bfbc990ed1e31a6136759bd532ce11e72ab8fa75b50dc39911bc98bb724c |
| SHA512 | 312261979415b931c0f011034bf9ed773396672d3025fab02d5d0ec90ddb6ea0b107ae0743c49d6df918383218fbafb3fc8123cd6f211e2f81afc0f76fcdee1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cb1599b40ff38a539d400673d054eb90 |
| SHA1 | fed9ecf3868147a50c71962c818e3e84044e642d |
| SHA256 | 3cebf4168bbd7f16aec8ecbad6a48914ba60929e71589cac057ae32175e31c34 |
| SHA512 | 53f9524166608d7f102da257218d2e45f2787c769f01c9b02ac714735805e381cf7b0da454dd494c80c8eea3aafeaaeaea69f276d94f9e484acff788ccc21db3 |
C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe
| MD5 | 4253db016bcc4cc5c282a2216aa0ceaa |
| SHA1 | 5019fd5c96a430a617807352f8fec67bfc34c156 |
| SHA256 | 28fda55022f2394833e78a5328b7f1b87c1e4ebdcde6913be7783d8bfa10edd2 |
| SHA512 | 2b4051a3bf9c88490481994c3f3675fe1c3d629f19996087449a6a12ad479b6dd48ba8e88a6c9bb52ebc8a4a6aff0d03d29669fd71885a9a0dc010bac26a58bf |
C:\Users\Admin\AppData\Local\Temp\NOX685D.tmp
| MD5 | f529dd5c9109598721d753efaf306acd |
| SHA1 | 69aacdef7ebb9a1f974b659c8831a59107538dcc |
| SHA256 | dfd55944df560ef7d1d9bb058f03e0d80e53a9d4eca0461cd67077da25f680c0 |
| SHA512 | 689d35f0ca1889e52e55dbd50d5ae646ad8b52ad78cd76159a96508b7a4837c6d0a632584a462b4bfcd4676e7fbb62ac78d4b839874b5ed05ff36416dbe0c514 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 17f5a6b677a9487ad23409097efc61ed |
| SHA1 | 534bb52f96a6b8a78986035ffa0d8e3f4a4d54e0 |
| SHA256 | ea68b3a790ba874d334fa4029ee4dd62c8be247c6cf31ca30dfd7612c8138028 |
| SHA512 | 5c59423dfb28e1b176086386464b0a4d1d092d69cadb6a3f558db6a80b0adf4fbe326436c93a5681933373ffbf69feebae087365b652d7848bd4ff88cc4ca778 |
C:\Users\Admin\AppData\Local\Temp\NOX6A82.tmp
| MD5 | 90d2edf41c693375a6246787ab76987f |
| SHA1 | 874d1df6f6fecbf714881134283af3005a1de431 |
| SHA256 | a1e348fd9ebf170ee6864f960c010fa89de32d992c6bd52c3960e7231ba04b74 |
| SHA512 | 41f5028f4c0a41686ab77cd09770bfa38294d599bbc26db9c2591592f93f9c935ef0d0ab8b1a7a7fd83aac74f859a36b169d5ab59f484652f09a0f854cd3d4f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 41460b1cc99d60b2ad6127f59908de8f |
| SHA1 | 8e94dc4e5f4692fe76df86811eb6e69fbcc91a3a |
| SHA256 | 152c4e5ee2064c8bdac7fe42aec1667c178715e1b05fb06b408d746e9fccd830 |
| SHA512 | df31a80d745b52c7cea4bb748a85e88b6a312dd2ebbd080da67e4b437e9422f01334e6678bb60edfd3bab2f15739dac2d8294f121184992d4616bea6933b637c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 170f69e02418ef88000fcf3f07050aee |
| SHA1 | 1b5a8e1123c56cd1b8148b7854b1c83d01f8fef8 |
| SHA256 | f9e023750685f9e82e535dd434f6ec126101a0d69169ce995fe54645ce002c22 |
| SHA512 | c4ffac4dc8f144753913af9c7f26985dcea20a7e7e7cf604bbb411aa6efbb6b639b18dc90d16932683f08f1bc7348d66b76a45a3ed5e79956933ffceeaa2e68b |