Malware Analysis Report

2025-08-05 19:01

Sample ID 231018-z5z7macg78
Target VMware-player-full-17.0.0-20800274.exe
SHA256 ae238c457a100f15a6d009bfeee4ff277dce181e96a279d486f07f30da433183
Tags
bootkit microsoft discovery evasion persistence phishing
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ae238c457a100f15a6d009bfeee4ff277dce181e96a279d486f07f30da433183

Threat Level: Likely malicious

The file VMware-player-full-17.0.0-20800274.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit microsoft discovery evasion persistence phishing

Detect jar appended to MSI

Looks for VMWare drivers on disk

Downloads MZ/PE file

Looks for VMWare services registry key.

Drops file in Drivers directory

Sets service image path in registry

Looks for VMWare Tools registry key

Blocklisted process makes network request

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Checks computer location settings

Detected potential entity reuse from brand microsoft.

Drops file in Program Files directory

Checks installed software on the system

Drops file in Windows directory

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies system certificate store

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-18 21:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 21:18

Reported

2023-10-18 21:52

Platform

win10v2004-20230915-en

Max time kernel

1809s

Max time network

1848s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe"

Signatures

Detect jar appended to MSI

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\SET77E2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetbridge.sys C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET238A.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET2ACC.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetuserif.sys C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetadapter.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRIVERS\SET2389.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmx86.sys C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET78BD.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\hcmon.sys C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET5268.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6F85.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnet.sys C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET2AFC.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vsock.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET2389.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET1E7.tmp C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET2AFC.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1E7.tmp C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnet.sys C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET5268.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRIVERS\SET6F85.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\System32\drivers\SET77E2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\vmci.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET78BD.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET2ACC.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET238A.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A

Looks for VMWare drivers on disk

evasion
Description Indicator Process Target
File opened (read-only) C:\Windows\System32\drivers\vmci.sys C:\Windows\system32\DrvInst.exe N/A

Looks for VMWare services registry key.

evasion
Description Indicator Process Target
Key security queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\syswow64\MsiExec.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "system32\\DRIVERS\\vsock.sys" C:\Windows\System32\MsiExec.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} = "\"C:\\ProgramData\\Package Cache\\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\\VC_redist.x86.exe\" /burn.runonce" C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2d507699-404c-4c8b-a54a-38e352f32cdd} = "\"C:\\ProgramData\\Package Cache\\{2d507699-404c-4c8b-a54a-38e352f32cdd}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\vnetlib64.dll C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DllHost.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72} C:\Windows\system32\DllHost.exe N/A
File created C:\Windows\system32\perfh011.dat C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmusb.inf_amd64_c603306f7f2b335a\vmusb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\vmnat.exe C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\system32\SET2AFD.tmp C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E33.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E2A.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\PerfStringBackup.INI C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_8e12d1edcc9e768d\netadapter.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.inf C:\Windows\system32\DllHost.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\SET74F6.tmp C:\Windows\system32\DllHost.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netbridge.inf_amd64_9204dc61a7dee6f3\vmnetbridge.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\DRVSTORE\hcmon_1E804F260BFD7A2F39698591B5E6FF49B1EB033B\hcmon.cat C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\netuserif.inf C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\SETFD35.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E2B.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E32.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\netadapter.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_8e12d1edcc9e768d\vmnetadapter.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.inf C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\perfh00A.dat C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\system32\perfc010.dat C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E33.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E44.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vnetinst.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\SET4E74.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\SET74F6.tmp C:\Windows\system32\DllHost.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vnetlib64.dll C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\system32\perfc009.dat C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\SET1E3D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vmnetuserif.cat C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw19-config-option.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\en-GB.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\gobject-2.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vmnetBridge.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\tppcoipw32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\icudt44l.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vkd\coredns-initrd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ta.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Common Files\ThinPrint\TPPrintTicket.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\ThinPrint\TPViewjpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\perf.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\question.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\EFI20-32.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vmapputil.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vmrun.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-CN.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\it.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\NVME.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vm-support.vbs C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\open_source_licenses.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\winPreVista.iso C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\sr.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\tr.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\elevated.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\VMware\USB\x64\DIFXAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\id.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ja.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\task.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\te.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\EFI20-64.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\run_upgrader.sh C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vmwarestring.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\default.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\schemas\DMTF\common.xsd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\include\vmci_sockets.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\gmodule-2.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\Resources\unattend.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\VMnetDHCP.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\VMwareToolsUpgrader9x.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\bn.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw18-config-option.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\hu.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ml.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\libcurl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\PVSCSI.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vix.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\ThinPrint\tpview.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vnetlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\vkd\vkd-initrd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\da.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\AHCI.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\gvmomi.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\netadapter.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\x64\MICROBIOS.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\nl.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\tools-upgraders\vmware-tools-upgrader-32 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\en\option.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsocklib_x86.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI6544.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a576b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a5794.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA8ED.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a57a9.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
File created C:\Windows\Installer\{E09B8172-B374-45CB-AB89-2923DB9A3D56}\_generic.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI873B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6C78.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File opened for modification C:\Windows\Installer\MSI8895.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6FE4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C96241EA-9900-4FE8-85B3-1E238D509DF6} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA765.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
File created C:\Windows\Installer\SourceHash{38624EB5-356D-4B08-8357-C33D89A5C0C5} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E09B8172-B374-45CB-AB89-2923DB9A3D56}\_generic.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF11B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI312.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a5759.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7EFA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8F35.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI76EA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA541.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE8D9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\VMware\vmPerfmon.ini C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI8856.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8924.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE1D4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a57aa.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI8EA7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1017.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a576b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\VMware\vmPerfmon.h C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI2A3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{A26EF561-5945-46FD-8094-FA34E44D460F}\minecraft.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF15A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\Installer\{A26EF561-5945-46FD-8094-FA34E44D460F}\minecraft.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a5759.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI95A0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB2D1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI51CB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem2.PNF C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI8964.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8ABE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A250E750-DB3F-40C1-8460-8EF77C7582DA} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6E80.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DllHost.exe N/A
File opened for modification C:\Windows\Installer\MSI8A40.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6090.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA5ED.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e5a576a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a57aa.msi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32 C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Player\\vmnetbridge.dll" C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DllHost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DllHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d6f92995d065bd40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d6f92990000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d6f9299000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d6f9299000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d6f929900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DllHost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DllHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ova\ = "VMware.OVAPackage" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724E960E-F6FC-43F5-AF3F-98319A1306EF}\TypeLib\Version = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E121723-EB62-476B-B55C-B14FCE7EACF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\SourceList\PackageName = "MinecraftInstaller.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{A250E750-DB3F-40C1-8460-8EF77C7582DA}v14.32.31326\\packages\\vcRuntimeAdditional_x86\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos\CurVer C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1\ = "VMXCreator Class" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator\CurVer\ = "Elevated.VMXCreator.1" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20C19CE-FBF7-42CD-973A-6ACB5BBEFB9C}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\ = "IDiskLibEvent" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.Document\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\ = "IDiskLibInfo" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\ = "IDiskLibPartitionList" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\057E052AF3BD1C044806E87FC75728AD\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\VMware.SuspendState\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vmx\OpenWithList\vmplayer.exe C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\InprocServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Player\\elevated.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.vmdk\VMware.VirtualDisk C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.ova\OpenWithList\vmplayer.exe C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\VersionIndependentProgID C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos.1 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F9A6DAE7-CF0E-4D39-A914-B054FC37C99F}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4548A7B2-5C17-400E-8D62-84DB4D79221F}\ = "INetShareControl" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ova\OpenWithList\vmware.exe C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2718B90E473BBC54BA989232BDA9D365\ProductName = "VMware Player" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{420F0000-71EB-4757-B979-418F039FC1F9}\Elevation C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0F223F1-7DB1-44CA-BED8-3406303FE26F}\TypeLib\Version = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35FCE01E-8917-496E-A509-497C5F2FA365}\ = "IDiskLibCreateParam" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0F223F1-7DB1-44CA-BED8-3406303FE26F}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E121724-EB62-476B-B55C-B14FCE7EACF5}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA7F48B7-D5BF-4F7D-8C12-8EEDF60AB7F4}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20C19CE-FBF7-42CD-973A-6ACB5BBEFB9C} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\PackageCode = "82DAC97818A9B8947B9E0F5235308B1F" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\165FE62A5495DF640849AF434ED464F0\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\VC_Runtime_Minimum C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\VersionIndependentProgID C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D13A2B9-8840-48BA-AC5E-B096A1182F2F}\TypeLib\Version = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.Document\shell\Open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vmsn\VMware.Snapshot C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\TypeLib\Version = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\ = "ILicenseLib" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Dependents C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.OVAPackage C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\165FE62A5495DF640849AF434ED464F0 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.OVFPackage\ C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator.1\CLSID C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}\1.0\FLAGS C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{934FE3AB-EE0C-411C-8CBD-AC73F809457F}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\057E052AF3BD1C044806E87FC75728AD C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2396 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 2504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe

"C:\Users\Admin\AppData\Local\Temp\VMware-player-full-17.0.0-20800274.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda0ea9758,0x7ffda0ea9768,0x7ffda0ea9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 --field-trial-handle=1828,i,12100492920819714444,2662534567091907551,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe

"C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe" /Q /norestart

C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe

"C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=648 /Q /norestart

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe

"C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2F088034-6C3E-4736-A29D-2829B37F8C41} {1F60667C-15A2-4B41-A26A-10F8AD0BCCB3} 2348

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=1144 -burn.embedded BurnPipe.{3B78D930-1C62-48DE-AA33-860AE4F4F6BA} {00883C7A-5445-4CEE-9C47-BAF7B7B05EC4} 528

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=1144 -burn.embedded BurnPipe.{3B78D930-1C62-48DE-AA33-860AE4F4F6BA} {00883C7A-5445-4CEE-9C47-BAF7B7B05EC4} 528

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{F3016AD9-159D-4533-A83E-A405FE343E6D} {A3888833-8FD3-438B-98B6-7CC36BB44533} 2372

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe

"C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe" /Q /norestart

C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe

"C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=688 /Q /norestart

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{7BB9ADB4-A9F9-4A88-8BBC-64EC15F18D07} {5088BC80-2933-4E0D-ACA8-682A78DA6CFC} 1348

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{D3D45E62-7CBB-4DCA-9999-5671BFCACC25} {37552F6F-563A-4E7C-ADFB-1BBCA22C98FB} 2280

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=1064 -burn.embedded BurnPipe.{D3D45E62-7CBB-4DCA-9999-5671BFCACC25} {37552F6F-563A-4E7C-ADFB-1BBCA22C98FB} 2280

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{532384FA-ECD1-481F-A57D-FF8EB6F4E3F3} {F84C2636-20F1-4FEF-A571-06345970FC03} 1880

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EE063723B76F470CB87A4AC449A991AC C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 7CA8F64DA911601542CC270E96419DC6 C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 60EDE5AC6AF0A05F26FB8AD95EE02E73

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 4D5A7CD879F1428E207ABF933C846CAE

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9EF5FAD1D4945542F4DB853F2CF65F49 E Global\MSI0000

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding D02BF52FC189FAD6D4FDC248A027E1A5 E Global\MSI0000

C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- uninstall usb

C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- install vmusb Win8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.inf" "9" "454492f13" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8"

C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe" -- install hcmoninf 5;Win7

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet0

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet1

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet2

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet3

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet4

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet5

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet6

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet7

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet8

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet9

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet10

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet11

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet12

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet13

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet14

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet15

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet16

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet17

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet18

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- remove adapter vmnet19

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- uninstall bridge

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- uninstall userif 5;None

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install bridge

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Player\netbridge.inf" "9" "4f3176507" "0000000000000178" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\VMware\VMware Player"

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install userif 5;None

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- add adapter vmnet1

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Player\netadapter.inf" "9" "4a5017fd3" "0000000000000144" "WinSta0\Default" "0000000000000108" "208" "C:\Program Files (x86)\VMware\VMware Player"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWARE\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:fc9f1aa2477c2bb3:VMnetAdapter1.Install:14.0.0.5:*vmnetadapter1," "4cbdd083b" "000000000000015C"

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {158867ED-5A43-40B6-9CC6-1568CDD1C8C2} 528

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {98F48EAC-B765-4F85-AE54-9DB45F6B55E7} 784

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- add adapter vmnet8

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWARE\0001" "C:\Windows\INF\oem5.inf" "oem5.inf:fc9f1aa2df34f6ba:VMnetAdapter8.Install:14.0.0.5:*vmnetadapter8," "47eb20b4f" "0000000000000164"

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {30A8597E-CAA4-4EF2-AB01-EF06963C494A} 620

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {4CC1F0BA-FE51-41D5-9EC6-D464C4EC14AE} 976

C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Player\vnetlib64.exe" -- install vmx86inf 5;Win8

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.inf" "9" "4d941d7e3" "000000000000017C" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWVMCIHOSTDEV\0000" "C:\Windows\INF\oem6.inf" "oem6.inf:9c00c72d390d9e8f:vmci.install.x64:9.8.18.0:root\vmwvmcihostdev," "42936a687" "0000000000000160"

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

"C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"

C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

"C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{13B6B196-AD7B-4C7F-9BDC-B1CB2EE86552}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda0ea9758,0x7ffda0ea9768,0x7ffda0ea9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1760 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5496 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3472 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4868 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3660 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5072 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3464 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4912 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=940 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\MinecraftInstaller.msi"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 08E49C0D7F88922A657407E35232E0ED C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 33FA825093A472AD0EDB8842BBED4A84

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D7D600665BC1422C6B13D8430283FC16 E Global\MSI0000

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:2

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"

C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

tools\NativeUpdater.exe MinecraftLauncher.exe "C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe"

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MinecraftLauncher.exe

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2244 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2584 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1912 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sisu.xboxlive.com/connect/XboxLive/?state=signup&signup=1&cobrandId=8058f65d-ce06-4c30-9559-473c9275a65d&tid=896928775&ru=https://www.minecraft.net/login&aid=1142970254

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ffd9f7046f8,0x7ffd9f704708,0x7ffd9f704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2812 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6412 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6544 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6592 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6116 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6752 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=936 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6456 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6892 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6876 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7068 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6388 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4808 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4900 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7576 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10984762800411985593,5085294104320829766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7792 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5112 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6784 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7556 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6752 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7288 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7144 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7452 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6580 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5500 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7244 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2520 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7500 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6616 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6640 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8344 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8512 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6660 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8332 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9212 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9492 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9488 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9812 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9972 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9976 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9012 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10404 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10356 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=8196 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=8972 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8980 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8916 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADoACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2756 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9772 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2924 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9024 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7644 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=2508 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=6848 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4048 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6368 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=1740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6520 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=9348 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9624 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=8096 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=6904 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=9308 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=9412 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7556 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=5224 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=9612 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=9764 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=10140 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=9728 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=6696 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9724 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1784 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1908 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3676 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1908 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4200 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4228 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2796 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3768 --field-trial-handle=2276,i,5045837531195760423,1663680083074523227,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=4620 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=7032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7776 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6248 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=8076 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=2944 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=1528 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=8656 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=9668 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9740 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0 0x300

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=3012 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7548 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9524 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9764 --field-trial-handle=1828,i,1909209344168581968,6686450263651872737,131072 /prefetch:8

C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe

"C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe"

C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe

"C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe "

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 74.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 59.82.57.23.in-addr.arpa udp
N/A 192.168.242.1:0 icmp
US 8.8.8.8:53 f.5.b.9.e.3.7.c.4.6.d.1.1.5.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa udp
US 8.8.8.8:53 3.1.4.5.f.5.e.b.b.f.c.2.f.d.5.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa udp
US 8.8.8.8:53 255.255.254.169.in-addr.arpa udp
US 8.8.8.8:53 95.155.254.169.in-addr.arpa udp
N/A 192.168.44.1:0 icmp
US 8.8.8.8:53 19.84.254.169.in-addr.arpa udp
N/A 255.255.255.255:67 udp
N/A 224.0.0.251:5353 udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.246:443 i.ytimg.com tcp
NL 172.217.168.246:443 i.ytimg.com tcp
NL 172.217.168.246:443 i.ytimg.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 246.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 172.217.168.246:443 i.ytimg.com udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.234:443 jnn-pa.googleapis.com tcp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.250.179.163:443 id.google.com tcp
US 8.8.8.8:53 apkmodget-com.webpkgcache.com udp
DE 172.217.23.193:443 apkmodget-com.webpkgcache.com tcp
US 8.8.8.8:53 193.23.217.172.in-addr.arpa udp
NL 172.217.168.246:443 i.ytimg.com udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
NL 142.250.179.163:443 id.google.com udp
US 8.8.8.8:53 www.usitility.com udp
NL 45.63.41.45:443 www.usitility.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
NL 45.63.41.45:443 www.usitility.com tcp
US 8.8.8.8:53 www.ustility.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 45.63.41.45:443 www.ustility.com tcp
US 8.8.8.8:53 45.41.63.45.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 35.186.211.162:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 157.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.211.186.35.in-addr.arpa udp
US 35.186.211.162:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 142.251.36.2:443 partner.googleadservices.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 launcher.mojang.com udp
US 13.107.246.67:443 launcher.mojang.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 redstone-launcher.mojang.com udp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
N/A 127.0.0.1:62701 tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 35.186.211.162:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:62714 tcp
N/A 127.0.0.1:62716 tcp
US 8.8.8.8:53 b1.nel.goog udp
US 192.178.49.3:443 b1.nel.goog tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 www.xboxab.com udp
US 13.107.5.91:443 www.xboxab.com tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 35.186.247.156:443 sentry.io tcp
US 13.107.246.67:443 launchermeta.mojang.com tcp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 13.107.246.67:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 91.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 title.mgt.xboxlive.com udp
IE 13.69.141.149:443 title.mgt.xboxlive.com tcp
N/A 127.0.0.1:63186 tcp
N/A 127.0.0.1:63196 tcp
N/A 127.0.0.1:63198 tcp
N/A 127.0.0.1:63204 tcp
N/A 127.0.0.1:63222 tcp
US 8.8.8.8:53 device.auth.xboxlive.com udp
US 40.122.167.99:443 device.auth.xboxlive.com tcp
US 8.8.8.8:53 149.141.69.13.in-addr.arpa udp
US 8.8.8.8:53 99.167.122.40.in-addr.arpa udp
N/A 127.0.0.1:63225 tcp
US 8.8.8.8:53 vortex.data.microsoft.com udp
GB 51.132.193.105:443 vortex.data.microsoft.com tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.67:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 redstone-launcher.mojang.com udp
N/A 127.0.0.1:63253 tcp
N/A 127.0.0.1:63257 tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
N/A 127.0.0.1:63268 tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 google.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.246:443 i.ytimg.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 104.110.240.65:443 cdn-dynmedia-1.microsoft.com tcp
NL 104.110.240.65:443 cdn-dynmedia-1.microsoft.com tcp
NL 104.110.240.65:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 lptag.liveperson.net udp
FR 23.57.80.253:443 c.s-microsoft.com tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 bat.bing.com udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 8.8.8.8:53 d.impactradius-event.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 publisher.liveperson.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 35.186.249.72:443 d.impactradius-event.com tcp
US 18.65.39.103:443 cdnssl.clicktale.net tcp
US 204.79.197.200:443 bat.bing.com tcp
US 151.101.1.192:443 publisher.liveperson.net tcp
US 8.8.8.8:53 65.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 253.80.57.23.in-addr.arpa udp
US 8.8.8.8:53 115.134.101.95.in-addr.arpa udp
US 8.8.8.8:53 23.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 120.154.120.34.in-addr.arpa udp
US 8.8.8.8:53 99.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 103.39.65.18.in-addr.arpa udp
NL 95.101.74.155:443 analytics.tiktok.com tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 155.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 192.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 162.47.239.18.in-addr.arpa udp
US 8.8.8.8:53 tempail.com udp
US 188.114.97.0:443 tempail.com tcp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 188.114.97.0:443 tempail.com udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 id.google.com tcp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.250.179.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 13.107.246.67:443 www.clarity.ms tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.18:443 browser.events.data.microsoft.com tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 20.189.173.18:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 13.107.246.67:443 acctcdn.msauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 199.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.19.195.152.in-addr.arpa udp
US 8.8.8.8:53 sisu.xboxlive.com udp
US 104.43.136.153:443 sisu.xboxlive.com tcp
US 104.43.136.153:443 sisu.xboxlive.com tcp
US 8.8.8.8:53 153.136.43.104.in-addr.arpa udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 signup.live.com udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 13.107.42.22:443 signup.live.com tcp
US 8.8.8.8:53 22.42.107.13.in-addr.arpa udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 152.195.19.97:443 acctcdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 113.218.217.172.in-addr.arpa udp
NL 142.251.36.2:443 partner.googleadservices.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 a.c.appier.net udp
US 8.8.8.8:53 ums.acuityplatform.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 tr.blismedia.com udp
NL 34.91.62.186:443 um.simpli.fi tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 8.8.8.8:53 d5p.de17a.com udp
JP 172.104.64.149:443 a.c.appier.net tcp
US 8.8.8.8:53 c1.adform.net udp
SE 213.155.156.164:443 d5p.de17a.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
DK 37.157.6.243:443 c1.adform.net tcp
JP 172.104.64.149:443 a.c.appier.net tcp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 164.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 149.64.104.172.in-addr.arpa udp
US 8.8.8.8:53 s.c.appier.net udp
JP 139.162.117.143:443 s.c.appier.net tcp
JP 139.162.117.143:443 s.c.appier.net tcp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 s.uuidksinc.net udp
US 104.18.25.173:443 a.tribalfusion.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 widget.us.criteo.com udp
NL 185.98.54.153:443 s.uuidksinc.net tcp
NL 193.0.160.130:443 a.rfihub.com tcp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 143.117.162.139.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 153.54.98.185.in-addr.arpa udp
US 8.8.8.8:53 live.rezync.com udp
US 18.239.83.23:443 live.rezync.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 35.244.159.8:443 us-u.openx.net tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 8.8.8.8:53 sync.teads.tv udp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 23.36.245.29:443 sync.teads.tv tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
DE 52.29.154.74:443 pm.w55c.net tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 onetag-sys.com udp
NL 142.251.39.98:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 54.205.114.6:443 sync.srv.stackadapt.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
DE 3.71.157.32:443 x.bidswitch.net tcp
US 8.8.8.8:53 23.83.239.18.in-addr.arpa udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 35.244.159.8:443 us-u.openx.net udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
NL 142.251.39.98:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 29.245.36.23.in-addr.arpa udp
US 8.8.8.8:53 74.154.29.52.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 6.114.205.54.in-addr.arpa udp
US 8.8.8.8:53 32.157.71.3.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 54.229.4.219:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 219.4.229.54.in-addr.arpa udp
US 8.8.8.8:53 temp-mail.org udp
US 172.67.73.98:443 temp-mail.org tcp
US 172.67.73.98:443 temp-mail.org tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 104.17.3.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 98.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 151.139.128.10:443 cdn4.buysellads.net tcp
US 172.66.40.60:443 cdn.paddle.com tcp
US 8.8.8.8:53 10.128.139.151.in-addr.arpa udp
US 8.8.8.8:53 60.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 web2.temp-mail.org udp
US 104.26.6.95:443 web2.temp-mail.org tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 173.194.69.156:443 securepubads.g.doubleclick.net tcp
US 172.67.70.134:443 btloader.com tcp
US 18.239.69.131:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com udp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 156.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 134.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 131.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 18.239.69.131:443 c.amazon-adsystem.com tcp
US 18.238.243.114:443 config.aps.amazon-adsystem.com tcp
US 173.194.69.156:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 23.46.70.129:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 18.239.18.118:443 tags.crwdcntrl.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 114.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 129.70.46.23.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 118.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 srv.buysellads.com udp
NL 161.35.94.167:443 srv.buysellads.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 tlx.3lift.com udp
DE 18.184.22.44:443 tlx.3lift.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
FR 185.86.139.59:443 prg.smartadserver.com tcp
FR 185.86.139.59:443 prg.smartadserver.com tcp
FR 185.86.139.59:443 prg.smartadserver.com tcp
FR 185.86.139.59:443 prg.smartadserver.com tcp
FR 185.86.139.59:443 prg.smartadserver.com tcp
FR 185.86.139.59:443 prg.smartadserver.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 bidder.criteo.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 mp.4dex.io udp
US 74.119.119.129:443 bidder.criteo.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 rt.marphezis.com udp
US 104.18.3.114:443 mp.4dex.io tcp
IE 54.77.251.23:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 18.239.81.30:443 aax.amazon-adsystem.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 44.22.184.18.in-addr.arpa udp
US 8.8.8.8:53 59.139.86.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 114.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.251.77.54.in-addr.arpa udp
US 8.8.8.8:53 41.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 129.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 30.81.239.18.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 99.81.194.117:443 bcp.crwdcntrl.net tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com tcp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 a.ad.gt udp
US 172.67.23.234:443 a.ad.gt tcp
NL 142.250.179.161:443 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 117.194.81.99.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 acdn.adnxs-simple.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
FR 23.57.81.119:443 acdn.adnxs-simple.com tcp
US 8.8.8.8:53 static.criteo.net udp
FR 178.250.7.2:443 static.criteo.net tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 34.95.69.49:443 i.clean.gg udp
US 173.194.69.156:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 119.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 104.85.0.23:443 contextual.media.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
FR 23.57.81.137:443 ads.pubmatic.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 104.85.2.117:443 eus.rubiconproject.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 23.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 137.81.57.23.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 117.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 104.36.113.112:443 image6.pubmatic.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 52.213.189.61:443 match.prod.bidr.io tcp
US 104.36.113.107:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 112.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 208.93.169.131:443 bh.contextweb.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 185.86.139.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
NL 72.251.245.181:443 cm.adgrx.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 169.197.150.7:443 match.deepintent.com tcp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 8.8.8.8:53 61.189.213.52.in-addr.arpa udp
US 8.8.8.8:53 107.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 104.139.86.185.in-addr.arpa udp
US 8.8.8.8:53 181.245.251.72.in-addr.arpa udp
NL 213.19.162.80:443 token.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 e2c58.gcp.gvt2.com udp
US 35.206.11.92:443 e2c58.gcp.gvt2.com tcp
DE 3.71.157.32:443 x.bidswitch.net tcp
US 8.8.8.8:53 ws.rqtrk.eu udp
DE 141.95.32.69:443 ws.rqtrk.eu tcp
US 8.8.8.8:53 7.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 92.11.206.35.in-addr.arpa udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 172.217.164.67:443 beacons.gvt2.com tcp
US 104.18.25.173:443 s.tribalfusion.com udp
US 8.8.8.8:53 ums.acuityplatform.com udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 b1sync.zemanta.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 69.32.95.141.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 67.164.217.172.in-addr.arpa udp
US 8.8.8.8:53 79.122.59.154.in-addr.arpa udp
US 8.8.8.8:53 63.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 us01.z.antigena.com udp
US 40.76.134.238:443 us01.z.antigena.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 54.157.211.145:443 sync.ipredictive.com tcp
US 8.8.8.8:53 ad.turn.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 pmp.mxptint.net udp
NL 98.98.134.242:443 pixel-sync.sitescout.com tcp
NL 64.158.223.137:443 pubmatic-match.dotomi.com tcp
US 38.68.201.140:443 pmp.mxptint.net tcp
US 8.8.8.8:53 ads.playground.xyz udp
US 34.102.253.54:443 ads.playground.xyz tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 238.134.76.40.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 242.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 145.211.157.54.in-addr.arpa udp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 ce.lijit.com udp
DE 3.69.99.248:443 match.sharethrough.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
US 18.239.36.38:443 live.primis.tech tcp
NL 216.52.2.30:443 ce.lijit.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 147.75.84.158:443 prebid.a-mo.net tcp
US 8.8.8.8:53 54.253.102.34.in-addr.arpa udp
US 8.8.8.8:53 140.201.68.38.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 38.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 37.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 104.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 248.99.69.3.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 34.111.113.62:443 pixel.tapad.com udp
US 104.18.41.104:443 capi.connatix.com udp
US 8.8.8.8:53 sync.intentiq.com udp
US 18.239.69.3:443 sync.intentiq.com tcp
US 8.8.8.8:53 3.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 beacon.lynx.cognitivlabs.com udp
US 44.207.94.104:443 beacon.lynx.cognitivlabs.com tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.233.203:443 csync.loopme.me tcp
US 8.8.8.8:53 px.owneriq.net udp
JP 23.207.104.228:443 px.owneriq.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 gocm.c.appier.net udp
JP 139.162.84.221:443 gocm.c.appier.net tcp
US 54.205.114.6:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 199.127.204.171:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 8.8.8.8:53 thrtle.com udp
US 34.233.234.205:443 thrtle.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 35.244.159.8:443 us-u.openx.net udp
JP 139.162.84.221:443 gocm.c.appier.net tcp
US 8.8.8.8:53 crb.kargo.com udp
DE 18.185.162.179:443 crb.kargo.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 104.18.14.101:80 crt.sectigo.com tcp
US 8.8.8.8:53 203.233.214.35.in-addr.arpa udp
US 8.8.8.8:53 104.94.207.44.in-addr.arpa udp
US 8.8.8.8:53 228.104.207.23.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 205.234.233.34.in-addr.arpa udp
US 8.8.8.8:53 171.204.127.199.in-addr.arpa udp
US 8.8.8.8:53 221.84.162.139.in-addr.arpa udp
US 8.8.8.8:53 179.162.185.18.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 sync.bfmio.com udp
US 52.204.200.132:443 sync.bfmio.com tcp
US 8.8.8.8:53 rtb.adentifi.com udp
US 34.234.177.218:443 rtb.adentifi.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 66.235.152.152:443 target.microsoft.com tcp
US 8.8.8.8:53 132.200.204.52.in-addr.arpa udp
US 8.8.8.8:53 218.177.234.34.in-addr.arpa udp
US 8.8.8.8:53 152.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
FR 23.57.80.253:443 c.s-microsoft.com tcp
US 8.8.8.8:53 signup.live.com udp
NL 142.250.179.163:443 id.google.com udp
US 13.107.42.22:443 signup.live.com tcp
US 13.107.42.22:443 signup.live.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 aka.ms udp
US 8.8.8.8:53 fpt.live.com udp
US 8.8.8.8:53 synchroscript.deliveryengine.adswizz.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
IE 52.214.147.139:443 synchroscript.deliveryengine.adswizz.com tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 139.147.214.52.in-addr.arpa udp
US 172.217.164.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.39.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 signup.live.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 172.217.164.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
US 74.119.119.129:443 bidder.criteo.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.12:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
FR 185.86.139.58:443 prg.smartadserver.com tcp
FR 185.86.139.58:443 prg.smartadserver.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 178.128.135.204:443 rt.marphezis.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 74.119.119.73:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 52.208.23.16:443 match.prod.bidr.io tcp
DE 3.127.91.113:443 x.bidswitch.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
DE 3.123.188.165:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 12.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 58.139.86.185.in-addr.arpa udp
US 173.194.69.156:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 178.250.7.2:443 static.criteo.net tcp
US 173.194.69.156:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 151.139.128.10:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 73.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 16.23.208.52.in-addr.arpa udp
US 8.8.8.8:53 113.91.127.3.in-addr.arpa udp
US 8.8.8.8:53 165.188.123.3.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
NL 161.35.94.167:443 srv.buysellads.com tcp
FR 185.86.139.58:443 prg.smartadserver.com tcp
FR 185.86.139.58:443 prg.smartadserver.com tcp
FR 185.86.139.58:443 prg.smartadserver.com tcp
FR 185.86.139.58:443 prg.smartadserver.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 54.77.223.222:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 222.223.77.54.in-addr.arpa udp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg udp
NL 142.250.179.161:443 3db94edcda224c0aeeb4203c0a8d4330.safeframe.googlesyndication.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.153:443 secure.adnxs.com tcp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 q.adrta.com udp
US 44.195.190.233:443 q.adrta.com tcp
US 8.8.8.8:53 cs.lkqd.net udp
US 69.20.43.192:443 cs.lkqd.net tcp
US 69.20.43.192:443 cs.lkqd.net tcp
US 8.8.8.8:53 contextual.media.net udp
NL 104.85.0.23:443 contextual.media.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
FR 23.57.81.137:443 ads.pubmatic.com tcp
US 8.8.8.8:53 233.190.195.44.in-addr.arpa udp
US 8.8.8.8:53 192.43.20.69.in-addr.arpa udp
US 8.8.8.8:53 st.pubmatic.com udp
US 162.248.18.36:443 st.pubmatic.com tcp
NL 142.251.39.98:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 beacon.krxd.net udp
NL 142.250.179.134:443 s0.2mdn.net udp
US 34.195.69.224:443 beacon.krxd.net tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 c.bing.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 54.229.245.224:443 pr-bh.ybp.yahoo.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 204.79.197.200:443 c.bing.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 36.18.248.162.in-addr.arpa udp
US 8.8.8.8:53 224.69.195.34.in-addr.arpa udp
US 8.8.8.8:53 224.245.229.54.in-addr.arpa udp
US 8.8.8.8:53 pix.adrta.com udp
NL 52.222.139.109:443 pix.adrta.com tcp
US 8.8.8.8:53 ipv6.adrta.com udp
US 8.8.8.8:53 adrta.com udp
US 3.220.200.196:443 adrta.com tcp
US 54.149.232.96:443 ipv6.adrta.com tcp
US 8.8.8.8:53 109.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 196.200.220.3.in-addr.arpa udp
US 8.8.8.8:53 96.232.149.54.in-addr.arpa udp
US 8.8.8.8:53 u.ipw.metadsp.co.uk udp
BE 35.210.239.72:443 u.ipw.metadsp.co.uk tcp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.67:443 bttrack.com tcp
US 52.6.39.46:443 sync.srv.stackadapt.com tcp
DK 37.157.6.243:443 c1.adform.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 169.197.150.7:443 match.deepintent.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 sync.outbrain.com udp
US 34.149.50.64:443 s.seedtag.com tcp
US 50.31.142.63:443 sync.outbrain.com tcp
US 8.8.8.8:53 cs.minutemedia-prebid.com udp
US 8.8.8.8:53 s2s.t13.io udp
US 34.107.140.113:443 s2s.t13.io tcp
US 8.8.8.8:53 cs.yellowblue.io udp
IE 52.49.194.113:443 cs.yellowblue.io tcp
IE 34.254.46.142:443 cs.yellowblue.io tcp
FR 178.250.7.2:443 static.criteo.net tcp
US 8.8.8.8:53 72.239.210.35.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 46.39.6.52.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 113.194.49.52.in-addr.arpa udp
US 8.8.8.8:53 142.46.254.34.in-addr.arpa udp
US 8.8.8.8:53 63.142.31.50.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 99644cd21a3c69b58e2dd0dcc9c3e4ce.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 99644cd21a3c69b58e2dd0dcc9c3e4ce.safeframe.googlesyndication.com tcp
US 52.6.39.46:443 sync.srv.stackadapt.com tcp
US 52.6.39.46:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 52.71.232.40:443 sync.ipredictive.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 52.6.39.46:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 b1sync.zemanta.com tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 70.42.32.127:443 b1sync.zemanta.com tcp
US 70.42.32.127:443 b1sync.zemanta.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
US 8.8.8.8:53 241.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 40.232.71.52.in-addr.arpa udp
US 8.8.8.8:53 127.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 iframe.arkoselabs.com udp
US 104.18.33.170:443 iframe.arkoselabs.com tcp
US 8.8.8.8:53 client-api.arkoselabs.com udp
US 104.18.33.170:443 client-api.arkoselabs.com udp
US 8.8.8.8:53 170.33.18.104.in-addr.arpa udp
NL 142.251.36.2:443 partner.googleadservices.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 lptag.liveperson.net udp
NL 104.110.240.65:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 8.8.8.8:53 publisher.liveperson.net udp
US 8.8.8.8:53 fpt.microsoft.com udp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.67:443 www.clarity.ms tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 151.101.1.192:443 publisher.liveperson.net tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 d.impactradius-event.com udp
US 35.186.249.72:443 d.impactradius-event.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 18.65.39.34:443 cdnssl.clicktale.net tcp
FR 23.57.80.253:443 c.s-microsoft.com tcp
NL 95.101.74.141:443 analytics.tiktok.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 34.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 141.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 13.107.246.67:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.67:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 amcdn.msftauth.net udp
US 13.107.237.67:443 amcdn.msftauth.net tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 67.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 graph.microsoft.com udp
NL 20.190.160.26:443 graph.microsoft.com tcp
US 8.8.8.8:53 26.160.190.20.in-addr.arpa udp
N/A 127.0.0.1:50605 tcp
US 8.8.8.8:53 sisu.xboxlive.com udp
US 104.43.136.153:443 sisu.xboxlive.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 20.189.173.2:443 tcp
US 20.189.173.2:443 tcp
N/A 127.0.0.1:50643 tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.67:443 launchercontent.mojang.com tcp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:443 dns.google udp
US 13.107.246.67:443 launchercontent.mojang.com tcp
N/A 127.0.0.1:50651 tcp
N/A 127.0.0.1:50654 tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 104.43.136.153:443 sisu.xboxlive.com tcp
US 52.183.104.36:443 tcp
FR 23.57.80.10:443 tcp
FR 23.57.80.10:443 tcp
FR 23.57.80.10:443 tcp
FR 23.57.80.10:443 tcp
FR 23.57.80.10:443 tcp
FR 23.57.80.10:443 tcp
US 8.8.8.8:53 36.104.183.52.in-addr.arpa udp
US 20.189.173.6:443 tcp
US 8.8.8.8:53 10.80.57.23.in-addr.arpa udp
NL 74.125.8.170:443 udp
DE 173.194.10.103:443 udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 103.10.194.173.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c59.gcp.gvt2.com udp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
US 8.8.8.8:53 59.74.154.34.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 title.mgt.xboxlive.com udp
IE 13.69.141.149:443 title.mgt.xboxlive.com tcp
US 8.8.8.8:443 dns.google tcp
N/A 127.0.0.1:50701 tcp
US 8.8.8.8:443 dns.google udp
US 20.69.192.122:443 tcp
US 52.183.104.36:443 tcp
US 8.8.8.8:53 122.192.69.20.in-addr.arpa udp
FR 23.57.80.10:443 tcp
NL 52.178.17.233:443 tcp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 vortex.data.microsoft.com udp
US 8.8.8.8:53 userpresence.xboxlive.com udp
US 20.189.173.2:443 vortex.data.microsoft.com tcp
US 52.138.119.101:443 userpresence.xboxlive.com tcp
US 8.8.8.8:53 xsts.auth.xboxlive.com udp
US 52.156.147.113:443 xsts.auth.xboxlive.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 101.119.138.52.in-addr.arpa udp
N/A 127.0.0.1:50720 tcp
N/A 127.0.0.1:50722 tcp
N/A 127.0.0.1:50736 tcp
US 8.8.8.8:53 113.147.156.52.in-addr.arpa udp
US 8.8.8.8:53 api.minecraftservices.com udp
US 13.107.246.67:443 api.minecraftservices.com tcp
US 8.8.8.8:53 profile.xboxlive.com udp
US 20.44.86.88:443 profile.xboxlive.com tcp
N/A 127.0.0.1:50739 tcp
US 8.8.8.8:53 images-eds-ssl.xboxlive.com udp
FR 23.57.80.10:443 images-eds-ssl.xboxlive.com tcp
N/A 127.0.0.1:50742 tcp
N/A 127.0.0.1:50745 tcp
US 8.8.8.8:53 88.86.44.20.in-addr.arpa udp
US 8.8.8.8:53 client.discovery.minecraft-services.net udp
US 13.107.246.67:443 client.discovery.minecraft-services.net tcp
US 8.8.8.8:53 authorization.franchise.minecraft-services.net udp
US 13.107.246.67:443 authorization.franchise.minecraft-services.net tcp
US 8.8.8.8:53 redstone-launcher.mojang.com udp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
N/A 127.0.0.1:50753 tcp
N/A 127.0.0.1:50756 tcp
N/A 127.0.0.1:50761 tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 172.217.164.67:443 beacons.gvt2.com udp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 13.107.246.67:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 appsonwindows-com.webpkgcache.com udp
DE 172.217.23.193:443 appsonwindows-com.webpkgcache.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.246:443 i.ytimg.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net udp
US 8.8.8.8:53 www.memuplay.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
US 18.239.69.91:443 www.memuplay.com tcp
US 8.8.8.8:53 dl.memuplay.com udp
US 18.239.94.97:443 dl.memuplay.com tcp
US 18.239.94.97:443 dl.memuplay.com tcp
US 18.239.94.97:443 dl.memuplay.com tcp
US 18.239.94.97:443 dl.memuplay.com tcp
US 18.239.94.97:443 dl.memuplay.com tcp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 91.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 97.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.181:443 analytics.google.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 181.34.239.216.in-addr.arpa udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 fksnk.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 a.rfihub.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 18.210.207.90:443 fksnk.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 52.19.114.225:443 pr-bh.ybp.yahoo.com tcp
DE 18.195.122.176:443 x.bidswitch.net tcp
US 104.18.25.173:443 a.tribalfusion.com udp
NL 193.0.160.131:443 a.rfihub.com tcp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 live.rezync.com udp
US 18.239.83.63:443 live.rezync.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 c1.adform.net udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
DK 37.157.6.233:443 c1.adform.net tcp
US 70.42.32.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 p.rfihub.com udp
US 70.42.32.223:443 b1sync.zemanta.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 70.42.32.223:443 b1sync.zemanta.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 225.114.19.52.in-addr.arpa udp
US 8.8.8.8:53 176.122.195.18.in-addr.arpa udp
US 8.8.8.8:53 90.207.210.18.in-addr.arpa udp
US 8.8.8.8:53 63.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 223.32.42.70.in-addr.arpa udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
DE 172.217.23.193:443 appsonwindows-com.webpkgcache.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.bignox.com udp
US 104.18.6.128:443 www.bignox.com tcp
US 104.18.6.128:443 www.bignox.com tcp
US 8.8.8.8:53 res09.bignox.com udp
US 8.8.8.8:53 res11.bignox.com udp
US 18.239.69.111:443 res11.bignox.com tcp
US 18.239.69.111:443 res11.bignox.com tcp
US 18.239.69.111:443 res11.bignox.com tcp
US 18.239.69.111:443 res11.bignox.com tcp
US 18.239.69.111:443 res11.bignox.com tcp
US 18.239.69.111:443 res11.bignox.com tcp
US 8.8.8.8:53 128.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 111.69.239.18.in-addr.arpa udp
US 18.239.69.111:443 res11.bignox.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 res06.bignox.com udp
US 104.18.6.128:443 www.bignox.com udp
NL 52.222.139.19:443 res06.bignox.com tcp
US 8.8.8.8:53 19.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 bi.noxgroup.com udp
HK 152.32.131.84:443 bi.noxgroup.com tcp
HK 152.32.131.84:443 bi.noxgroup.com tcp
HK 152.32.131.84:443 bi.noxgroup.com tcp
US 8.8.8.8:53 84.131.32.152.in-addr.arpa udp
US 104.18.7.128:443 www.bignox.com tcp
US 104.18.7.128:443 www.bignox.com tcp
US 8.8.8.8:53 128.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api-new.bignox.com udp
CN 47.94.211.254:443 api-new.bignox.com tcp
CN 47.94.211.254:443 api-new.bignox.com tcp
US 8.8.8.8:53 254.211.94.47.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com udp
HK 152.32.131.84:443 bi.noxgroup.com tcp
HK 152.32.131.84:443 bi.noxgroup.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp

Files

\??\pipe\crashpad_2396_RIZCPTBSRAFWUWNN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe

MD5 4df5dde302a87e2e85351af689892fcf
SHA1 ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7
SHA256 2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c
SHA512 d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x86.exe

MD5 4df5dde302a87e2e85351af689892fcf
SHA1 ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7
SHA256 2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c
SHA512 d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3

C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Windows\Temp\{1637E4D2-CDC5-4E73-A332-2BFD794CA751}\.cr\vcredist_x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 87e86ba38c28f620d6c62d7a2ef9a809
SHA1 4c4aa10c4c428497f24a688360d5334c2315a055
SHA256 9245a358f8cd7a7a0602c00eee14055093499e697f33ed22417c4da743729089
SHA512 50cfe7e71dd03f257e165da8ae317f1308a27ce4500c5e7c1cbdea79d47a49acdb7de81e546c14dfb356bf2ee67b1b3d06763690e27185e23fe48bf2129b8d83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55fd3ffe12d2b96bdcaf20ba497e2978
SHA1 e798df99b668ce311575f55f7dd1addc823fa2d8
SHA256 0ae2f36d0ae4d7fea42c69183d858278de529379488c0892a1d8d04aa1a35707
SHA512 f6cc2f6dee5763113ac5456f8149ddd4013b6addf759036ec3000c84516f6f55fff3cdc5a52a4217310c0184fb4a535e4fb362610e26a49786e906d2487c640a

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4320bd17d471c382a57660e2102bf3bf
SHA1 5fe9c576af9c90b3a1ebdf61438db18ed27af0b9
SHA256 18e5567e448c3f369a1c1909816b5a6b35f4b5f068af73f4d37af0fd0e26817d
SHA512 101bd8f0e5ddcb599dd4a8163ba5db5796e395f04a833f8d029fc3874f3072e963ae41b6996b04b3e5db35bf98352dbc697ef417c36c11cff75d85ec9310bb61

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a463d86920495c0d23950eedb672748
SHA1 fa10e19ca6c334c50b0f0ef23d4569030327533f
SHA256 a0e3784ee67c6872c9506f3d8e7d8db23d5a754fab6e456e8f3fd7a7b0921444
SHA512 b2751d7fe5db38253e8ccc980f4d33a4e5d51b76a9861e83e3923c4fe35d31463503fdb176a3c44e2777191581125a184884bcf38cfd771bd00204703ff4690c

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\.be\VC_redist.x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 303801811fee02a7bb4197f377a46bf3
SHA1 467d3e781e5f791221d624fe54eb7557edc78393
SHA256 011f88e1581494278fece8f5689c38c03deb3f577aa564dacd0ef989ebe00f3e
SHA512 1276424c5d98a23bab7bf52c9c6df003e9b40ee8cbc2a3978546bb2d307362a4921dac49f39da513e93c81dc0714be52c5cd51f3ebf9a1b9a117637a89460096

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f4b95093458d563d19964d2246f5f576
SHA1 d17f42bab3f97ffb11c4bc85b88366edd6b40ba5
SHA256 c50a001481d3f8b1e558d74cabd567956b4bf8fbd09cfb1d700cda763e56d2da
SHA512 319856220241165671aed207c62759d662c0478ad0c037d16200c6c0765661b4b5cd127f4e293cc42740b6d37407ae7c719d45f6fa72c2275d003a16338e7cd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\vcRuntimeMinimum_x86

MD5 5611efd8725e779c15bf3220d2efb77c
SHA1 517c154429d5430452994d13bdbe7be8ba4da666
SHA256 b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a
SHA512 d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\cab54A5CABBE7274D8A22EB58060AAB7623

MD5 fb214cec4282a54170a5e0a48770026a
SHA1 770d008de543bcde34d4a9972dce5a4a5990e504
SHA256 ace4679a6c8fecba2340784501490449931183df086e7ab2e8c0a62d402d057e
SHA512 eb64769712f4433e0dd44fe709242e7af6727d4b205265eb6a8586a9265549c29e900cf37c7ed843e422016352887c80a59423b2fa1bc1b7c42fd5150f1bdbe0

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\vcRuntimeAdditional_x86

MD5 bea14c730a3e9bf19a0737f8d48ee64c
SHA1 900c494d57e3105ff2fb4b7949204f0cc648dc3a
SHA256 9879ad78ff0c218d124d98153a44a47aefdffdf7f188f532c6dadd2a38d86938
SHA512 f426ea932c00024f2af18126e9f874523ead0061efdab7c7dbfb7c3bc9b24fb3f8ccf335b0cc384da7b6f2ba47f98ba0965fed219af74f307c99262bf7c0cf4e

C:\Windows\Temp\{CF8E3749-20BB-4B4B-926C-F9EE2E0EADEE}\cabB3E1576D1FEFBB979E13B1A5379E0B16

MD5 1b3ec3907ef91386f991033c3ed33b4e
SHA1 221544e8de4fc69d87b93a2d31685c440bee0492
SHA256 a0eb1da0a53b868173497eae8589938344b38f852bad0de95f564217bf0e3226
SHA512 10d30eb5853efbbf397108c3f477f31a871b68c46cee4216618eb8801fa9c1432363eb3201aa563b7f99005af6d613d79a6aafd1c30e91efdc06991f584d8c0b

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20231018212129_000_vcRuntimeMinimum_x86.log

MD5 858393867bc6fe6a16aa21c702826b6a
SHA1 72240ee7815385498b955cd2012bd2e444f6e078
SHA256 bd8a02c2a23ea6ec4e859406b63e32952b66b92eb6895953cf330b0e84e43579
SHA512 4fb8e262cb0dff4729fa67a14c895d149a267eba23303f01713438d2b6819c15d9c8e3dc47f3531991dd2bac904d7176adf63a5d0bd2b0f97de79df64010edc1

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\Installer\e5a576a.msi

MD5 5611efd8725e779c15bf3220d2efb77c
SHA1 517c154429d5430452994d13bdbe7be8ba4da666
SHA256 b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a
SHA512 d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30

C:\Config.Msi\e5a575e.rbs

MD5 fca94b3149b44b6cbb67fa3745b4b78c
SHA1 28b5393b6c0b52c5a9473322a2fbc4b3b1d86da8
SHA256 96f89b60703f862a83cc423d52ffd2ab4b5c91aaaff7400e23d64d390734da13
SHA512 4f2023df2ef18308edc9b8a3eb1537fc4e45c336ba20a0dbdd54ec38576f84811132deec43e3349c82a4945929b83e503a929c3978591771e937223103fa39cf

C:\Config.Msi\e5a5763.rbs

MD5 bed2de7e2570fccb83cf7d6c95764337
SHA1 3ec28104e455da83fc42e711e1d1dfc2dc0bbddd
SHA256 f604fbf897120d44f255ee3907fdcef9f9e016ec2aa49d1732103ed84727467f
SHA512 39e71ea443b3baf30c98667a4b5ef723047e6d2afad837c62beca31efea0ea9dab94a951acb8136a6a1833a0de88096035868e80cfeeaee98a6de459a8bd1ba1

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20231018212129_001_vcRuntimeAdditional_x86.log

MD5 90be2283c31c1c346bb56d710a4644fe
SHA1 e7ea5ef75b0dd30d08ffb7c15eedfc929a0bbbde
SHA256 c9b8b796702215fd7df78958b25c4164e1514aedbfdda56cbe35d4ed991dc3b6
SHA512 90a093f03d50d4216885dbd803bf8222e9871a691b5c37ba16854bf5fc20e474843de47603a7b737a7724c029052928875c96f0ead57b6a771ce2a21bfc0a143

C:\Config.Msi\e5a5770.rbs

MD5 dde179c23e559132315887767696f3c5
SHA1 1adb106cc1804e84fd844157c0bb31ebc46b477c
SHA256 23370f7dd7c327e9e4fc176cca9cf17d52890b44490182bf3a7bb83431c4e3ff
SHA512 ebc8feaefa5d0fc1e8235afda7383655df13386fede2e52a3b4e867db9b2b675b4e0ea50c18577620a4a1963c5d4841c6599440a8fd889f43f73f0ccd4bdeeda

C:\Config.Msi\e5a577f.rbs

MD5 cea9f721f92fbfc9429e0bbf079cec91
SHA1 d59a340b020d9bb190d9531500240575b182428f
SHA256 f0f57884cdd16f92039c522de3fb27dbb092b302b0a4cfd441a87757926e49ec
SHA512 8281a74b77116b6195c25aa8231f7b194e891356712630eedec9d33ac9f22afc0d5c9abf8a4642fefc1bac1026213a311e2a0a62f43d0536ad0ddc491898314b

C:\Windows\Temp\{B4210822-3B61-49B4-96B7-D9E852104599}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{B4210822-3B61-49B4-96B7-D9E852104599}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\VC_redist.x86.exe

MD5 ff6e9c111f04dd7b06691bed6d8f0db2
SHA1 211c95ea9f7452afc1edebca6e303fba84936fa1
SHA256 05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1
SHA512 7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe

MD5 dc32bee92db9ddbb64dcfa7133ca17cf
SHA1 47996aab6a20dbba69969c4b36f8fc718877751f
SHA256 426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5
SHA512 3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\vcredist_x64.exe

MD5 dc32bee92db9ddbb64dcfa7133ca17cf
SHA1 47996aab6a20dbba69969c4b36f8fc718877751f
SHA256 426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5
SHA512 3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e

C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\Windows\Temp\{D70EE057-C1F2-494F-BD68-B5EAA5A8B857}\.cr\vcredist_x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\thm.xml

MD5 f62729c6d2540015e072514226c121c7
SHA1 c1e189d693f41ac2eafcc363f7890fc0fea6979c
SHA256 f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916
SHA512 cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\license.rtf

MD5 04b33f0a9081c10e85d0e495a1294f83
SHA1 1efe2fb2d014a731b752672745f9ffecdd716412
SHA256 8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b
SHA512 d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\.be\VC_redist.x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\state.rsm

MD5 6b88fd70541ad14ca3df49f6433d1928
SHA1 101ddf106cdb3ef219d798fff0a45315cc10fc7d
SHA256 35606c0db74721b339b20f28fdd509bcea5cc63c47204a331e11766c277c3434
SHA512 5d1756c97d9ca6ca60cf8081b456ba9e2ffd13ff2b9c1eb6363dbcc1ecc512630619fb69f20f9d2b65e59939ab638fd57464b187fa5b888c0f10ed1db157c862

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\vcRuntimeMinimum_x64

MD5 ccb266fe902daed0189379c2ea27c5c8
SHA1 9cd58841742e5103ae3e1607275bb660e5010f2a
SHA256 6ec4d94f7cc4b21ca909fb143c93cb260a26b8b3814cd4a9363fed90c495e3ac
SHA512 cdb12c09d11e297d2caa32ba2f7493733034fdbee27e1f318827de2c502076aa257b3bdae67a7b83f241137e4a09571b7db5e514a1c609c5834d7cee6e3adb42

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\cab5046A8AB272BF37297BB7928664C9503

MD5 3a0207e15630e5432a4391baab2792d8
SHA1 7c82b421e1ba4942be2df102aa3fa219fb38f4f2
SHA256 d400a82cfb8f7c38212f1cb11b3fc8718873937a5a730eaa694a28e4687f6479
SHA512 7c8d1823d6a69207af975088843e96b4e8d29eb67fc72bb3948df4efa3a0baba50da74242092062e202cee625ede2cdd35aa9ef043ac5c1d8bde04a3d776813b

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

MD5 8e113606487e067ff904fe6575d2d821
SHA1 1b44770f80fbda5ef5f3d9d3340b3addab08f4ad
SHA256 94247a642dc0b20880c34fed63df0f9e4344081fd010ff79720ac049be229018
SHA512 9d95414f22d50e2c71e4cc01da60ff68f4cc6a46b5eaefada64821f427d8056ca77ebd2b7b7b3c024d0dc26ec923b007ff9f3fdb0766a6cf698da571e96a7efa

C:\Windows\Temp\{B863EB7B-9076-4238-B213-75C05CC365F6}\vcRuntimeAdditional_x64

MD5 4a346aa0f9078c6c9b88d5f74ad9ab48
SHA1 22c61f9b91a64eb64cd6451e78ab60f59a365ac4
SHA256 2e91efc37dabce03008d5923619a35942d0eebb8840ebb8c66fcf5026430e9ad
SHA512 30af7be7bd3e6e9649629eeb074d21bd2a193b9064054284d4279ea72031250cd8d40262f0b93b2932522fa1bdc2c5e5079428a8e00942f8e1020cb0ff325e40

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20231018212315_000_vcRuntimeMinimum_x64.log

MD5 9cff59840dd8695eb77c3a2937f1458d
SHA1 ce1fb368b6446fce1e38187105a873a04601c316
SHA256 7b7e56f8eadd271e64a79b737bc767aea45fdcb84df0e817352567d1b694a521
SHA512 ccdfeabdb5d104f76798c4acb1511e750aa43dc07e8ba3bf34e94a9314257415507282cf34540ced93dccb68c92262dc54b96fa8e52aa2b1d264b3f8339f8e2d

C:\Config.Msi\e5a5786.rbs

MD5 806fb1ab63087603d926e61fe1f6fdbd
SHA1 ed7914e2916235788e61064714e89112f0a9b00f
SHA256 4e4c2923da6840437cf7668c50821a1508e4cf4569eab1851b974d005b365a6b
SHA512 ea96ef4ab16e5adfafc316f36f84c2a8f97e8f435bec42d6f00f334ef378f906844b64f6eb8a1b078ce3a99205cc937a5a732f814b1c14efeb7ad4d66f258a97

C:\Config.Msi\e5a5792.rbs

MD5 758459d7882fcd5728703eb740c1cae1
SHA1 075eb597ba442c305d4cf389f1d05d9281b9231a
SHA256 831eb0414079f6144499a537285f890d723ec0895c6c3dd1b93b97ae1a9b973b
SHA512 f413b4813c6d32c8f3cd3ade729dcd4c347088218a085cd8fb281d9428e9a4bbb67fcc47e358243ac3132d61773f5b451c92d2e2a360ca754973508e06a6e754

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20231018212315_001_vcRuntimeAdditional_x64.log

MD5 ab9bd30dfb6d7bb607a0273434d463ac
SHA1 aba31e3a54ccd2d0286fa1e54a64c10de7d278b1
SHA256 0985868459a87db756cb10c347b201472eaf35b3af5ed6dbec7258997e7acf35
SHA512 ee2049d4c488a814e055ea9c76238d647c9e75638b13cd0d080dc576556c0196450171457faf12d811f34709d9ab20f01b3fd4eb212d6a4caec4ced8d1966709

C:\Config.Msi\e5a5799.rbs

MD5 e616d2dcad3c9e9f600d22cfe89f32aa
SHA1 851b739a18ece27d0bb02130c9d07d7ca0a3e8e4
SHA256 3cf1c9a64b0fba4a41e5e9ad2c5db264553633ac3b9ca7d70b6e0e83262296f7
SHA512 46b0f86c24db95df200a48a66205026039116c47d527d02475ace737dc2f76ead3fa6d53b03d45ff8c14e3b0d6366428b8a1e3afa3e37ee5d210dcf38ecb698f

C:\Config.Msi\e5a57a8.rbs

MD5 7ac0280876323589310a63c3c42174a4
SHA1 84abc382d15185324e65b7209f2d66f6e4fa6711
SHA256 c13b78e5457ab7ecd3d67ba1f4d0d979c229774f2ece583dc893391e3112476c
SHA512 49a69bb26a1677b2e482dcdac718f863622a116247ddf1e30f7ba1fb9e5e0dc80ad71be0d3e1e650a7d64515d5abe942b3dda4aa6b649db66eb1d800fb4b4d43

C:\Windows\Temp\{1B8028E2-B299-4D4F-8E49-36D2AB050D1A}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\ProgramData\Package Cache\{2d507699-404c-4c8b-a54a-38e352f32cdd}\VC_redist.x64.exe

MD5 b26ea60ea4341cd87c2a67e061e34439
SHA1 48f80f1defda08c555e99d55f9914c9674fa8ac9
SHA256 f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461
SHA512 89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

C:\Users\Admin\AppData\Local\Temp\{E09B8172-B374-45CB-AB89-2923DB9A3D56}~setup\VMwarePlayer.msi

MD5 11ba0b61bc40b25f055d1fe6fc74effa
SHA1 8053e215af2e22fac19eeaaa0e524d6bb262ca10
SHA256 9d19235d8025f0f7d2a2902f410cf95914fb61f895ae3c565cee57eb2b2d7b3a
SHA512 994d8bca58edb279e952a3a3a57ffe656db7644296f7ec1c82495969c6b5220b3983f82086e083e87412089abe483f3a6c49ef647916d711bcbfbbef6090cf87

memory/3092-689-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-690-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-691-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-696-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-695-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-698-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-697-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-699-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-701-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

memory/3092-700-0x000001C8DEC10000-0x000001C8DEC11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSIADD0.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\MSIADD0.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\vminst.log

MD5 c6e5a66d12536da0f0c61c670e9f765b
SHA1 ca7bda52d2c3b5b5cb636768d9a47084df05e260
SHA256 008d54eaf23d20e7c2900cc9fcb3c7f935292ccc3ff90c6bc9625fa5635e9553
SHA512 8b7a5e301d9c2e72d0c1326a6287719b0badf6f3f81a268885d9168844502c024a6c7150cf1234f8f3442a1b2fdf544beccd9555ab8bf9180f94f9542f3ae442

C:\Users\Admin\AppData\Local\Temp\MSIC1C7.tmp

MD5 e224439c56ca79ee4eb0888079d03031
SHA1 18838d703255a92575280604948c97abe53ff8f1
SHA256 0059aa3ee8902b37ac185a1370f9bc2c790c6ac85d14d03bf9a42d91861d1340
SHA512 5d82fa8109fafaf57b5061a27bc4c530107885d4e83434639dbedb6c17a76ebc1e499fdd1e4d7657e8319e86f9766d94c5be4e8524adbbff212bf8767bc29972

C:\Users\Admin\AppData\Local\Temp\MSIC1C7.tmp

MD5 e224439c56ca79ee4eb0888079d03031
SHA1 18838d703255a92575280604948c97abe53ff8f1
SHA256 0059aa3ee8902b37ac185a1370f9bc2c790c6ac85d14d03bf9a42d91861d1340
SHA512 5d82fa8109fafaf57b5061a27bc4c530107885d4e83434639dbedb6c17a76ebc1e499fdd1e4d7657e8319e86f9766d94c5be4e8524adbbff212bf8767bc29972

C:\Users\Admin\AppData\Local\Temp\vminst.log

MD5 d0b83ea28dc167f76a5a0ed21385394f
SHA1 4399928045d3ca2249e1b1db41b4808c2e76dbfd
SHA256 f6324bd7c8554d48728745b49da4b37ed76ce08f3d0f3b18910b0d470b258a4f
SHA512 b4a896c333a1a95b26e0e122a9b62b4a103ad1370435e6d7846d1171a39935710cf45ee400b61b0734ac182b83212d89e1a7efd48d2124ab6dafd375fc8807ff

C:\Users\Admin\AppData\Local\Temp\MSI144D.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\MSI144D.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\MSI148C.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\vminst.log

MD5 410c7995f49389b72677676e93ce2ee5
SHA1 2f3bc6ef84d7db2518af67a64c4742e4c239192e
SHA256 e3ac891df38bf5e9ca1b0afeb4ddaf7bb1fcfc4a639daf6e866cebb905d10488
SHA512 2df4365ef290248edbfce571cd6b156defa1ec8ab7e554326bee14ad3daf36fc7d5cdd35c8366b689c2575c249ff3251a5d218905a92432c3151cba707091749

C:\Users\Admin\AppData\Local\Temp\vmmsi.log

MD5 79909086e5c3bbfe3b820f66c7dce0f4
SHA1 a8fb4d0573dd0982995a875837c776c5b47ef1e9
SHA256 375f66596685bd173ded4473548da17e4f634d32af2e2f497f60a5a10e9e1af9
SHA512 3c01774fe1e3bb6439cab0de0c3307194a52debd05abb56bf49b536ff40849b9f811c26d567425cf2d895751e19cff8bbf07b38b1444b113ae12cf9df92048e8

C:\Program Files (x86)\Common Files\VMware\InstallerCache\{E09B8172-B374-45CB-AB89-2923DB9A3D56}.msi

MD5 11ba0b61bc40b25f055d1fe6fc74effa
SHA1 8053e215af2e22fac19eeaaa0e524d6bb262ca10
SHA256 9d19235d8025f0f7d2a2902f410cf95914fb61f895ae3c565cee57eb2b2d7b3a
SHA512 994d8bca58edb279e952a3a3a57ffe656db7644296f7ec1c82495969c6b5220b3983f82086e083e87412089abe483f3a6c49ef647916d711bcbfbbef6090cf87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 cddfb0ccc13c012f8e24fce2e7d825ec
SHA1 8fcd72b891af382df87a99d61900eaa28db4ab0c
SHA256 4b9fe97b0d32b45b8ab4edd524b9adc66849f6836472b24667b2251b3b7c303f
SHA512 8c08b23149a8d1869208b89bf5ea4da2ee600cee10a4f3c72209610a4bd28b41ff0e95b5556055209c64aefad935c827fb2502ef1d4811248cc412aaba244909

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_264D47D6D8C34D077DC5D354913A7951

MD5 328eab466bbc09aa975f695fa8f82d91
SHA1 49197b201686baede1dd705b631fbf5c92e57b17
SHA256 a1b7d1655c20247439bc2fad3abcde6156882b565ffac3466fa0475eb0d00b91
SHA512 a661de731927d65bd7d388aa44dcaa31068bc9802b79fb03dd8bb6a3465f8c3c7ae90749b2f3ca0a041b8618a804a58234a6c4b3237b0f5ccb96522665109c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_264D47D6D8C34D077DC5D354913A7951

MD5 1c5bb9f9d422ea7c0507c322ce7d61e4
SHA1 fd144ddba8dc6c70b6c62f05ae061404c0b04fb9
SHA256 622172bfa074ba00c955a236438f2742e65604e6dc33d3a9ab97d161dcd7b545
SHA512 2c7b58907f53fc90506d6a663ee7b689401a88ba95be510f92b57a980e9652afd64632b555306d7b1cfcf874122bf5949b8d130128239aecd7e5da1e0351a261

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 b8a2bc411029cd4845c62bf6b1031141
SHA1 136dc311e055eb4d1ed5194755653cc8331bd74e
SHA256 e7a62b11b57b7fec6b2f7b1a09425b9370c36a29890bd727cef2bb407ca81502
SHA512 137a2df2570d02a8f5fe2334da48bcab7ead4d94d848293c7cd8b902f958748fcbdd149121e23f8efa891acb2c8db880c68dc093fd2826e45951d5cb3f165134

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 11762bacc2e6c5cda3aa4dbf8b13c346
SHA1 9ed3c5f373f0edf13d22293ebe7a5c3edf4a7102
SHA256 89eea481af8b5c2e19cc9c5fa8a670a7a663da3aa7d0930496af228eac6239ff
SHA512 dc320b9ea8fc563b8c215dbebcd6af84490d4ac64bfd3944ed188aca4430fc0d13ed6d0f08d4f14ca33d6a153fa4a34e3ffddbd651e9446712190aa4b1887ba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 c9508632d6a0bc5645693876d33ad4cb
SHA1 603b106354a4934d5958d3e1752813ffa2c36e2c
SHA256 3041ab80943b8dcd9d9f55266f149b9ad56ae29f60279a4726445a111cc6f31c
SHA512 59a8d5fc7fe849653d757c32e12bb7a58bc6f46331dfe7e68aabb00536860ab95807dbde09fbbf8f420ebc1604e905398a072a8d638bc56dead95d936aec512c

C:\Windows\Installer\MSI37C9.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Windows\Installer\MSI37C9.tmp

MD5 9c28fc83d53668783133096b10a09c88
SHA1 e132c869780c04bb75966c316c9d61a21ceada2e
SHA256 3ad528a9324fb9b1f9872489a6a9890e2d94ec607fac3c5c7c69237ffd4f2c1a
SHA512 c8a7632bf309c279308905b4197e924e4c73bfae7b4d47fc08a0194f0068b481bc41380f838a8a3d90977f19a7c4e0909c47fd4c11cdac00499917c35b394e0c

C:\Users\Admin\AppData\Local\Temp\vminst.log

MD5 e072f69e52f0fb2466d94627eed7c3b2
SHA1 dda7153c72fdf77624cbae57bd50b23d31cdfec0
SHA256 89512eb0314c112af881dc875ddd23848e38203087d9dee6203dd0a5dd8ec2fd
SHA512 a7f49ccc6b13f71fcf5c95782f3ef5a7808d778a51ce1327edfe5ba38b2710b1e4535966bca9416327c082986f9253d93cda0523d949de843eeb69ee9f81c1a9

C:\Windows\Installer\MSIBC87.tmp

MD5 70a40a864efc5affa6d5b7025375bbe7
SHA1 d8f1df9c9e7e47cb2e7e26f090668a8665c29056
SHA256 bdf4edcfdeb992503f6f2e00b7bd0e21d82fe3b08b326ecaa66706692d4295eb
SHA512 7e718b94b53ca203724c4b183b16371c91c6a1c45e21ac719974495e255b09d681862e4bcaf872320ac5753a565b11712ad2cd5cc89b09c7cfedb5b529eba2fa

C:\Program Files (x86)\VMware\VMware Player\vmwarebase.dll

MD5 00fbb0793dc439d6d3c5985e3273fdf9
SHA1 0878f4cc94f913f86ea80a91bd8abcbd031babeb
SHA256 e2b512b20131abd6a10e720aec5085fab00055a58a8d418313e3e084b68259f4
SHA512 c876e1bfaba8e646ef38f6698841a27fa1b2c5d4ea660de86ac4fd1a3a170ef08378feb092983d58351b05e7c267b289736d71636c8a8c002066cd96534f9a77

C:\Program Files (x86)\VMware\VMware Player\OVFTool\env\ovftool-hw9-config-option.xml

MD5 f9f88ce99b113b935df37a746d96bc2b
SHA1 7484bdd48aa991548fb1ed17bfb7e307595dcdae
SHA256 4f9b2b9267eb779e11569f758546a8cab4aec10f98915dc13c9ca16cda4d423d
SHA512 28484f51eacd816f70f1ff62882aca2860ac6fcc9f37782fe09932ace7b070677f4b088a2649ccf0bb3143b6495bf5be994c709a8a6e6e62b8c06a32f022b726

C:\Program Files (x86)\VMware\VMware Player\netware.iso

MD5 c5c08b4dd839de30e6a2981585544a22
SHA1 6f2d142eaaef9875f233a6daec2d5fd1266dff73
SHA256 2c89993d811f5d90f7b0e2a286e9339907055e51ecb16f25509e5c4517326487
SHA512 2db0144f53bc4b6016051d81e72a174e7f34221cd05f2fc7820f39b7ac18631996cfac0beecf10a4522ac923223a4d8f780b49ef1e841d08d9d1d2528125d953

C:\Windows\Installer\MSIE1D4.tmp

MD5 ba3165ec14e657e6235d6d789e9e25ca
SHA1 f626fcc0e7e7f26a092da6a995f5936a45c4f71a
SHA256 bf93de4755822425f3fd3928b52d2a6e6c91ab069213aaaa95695ed3e17e72e9
SHA512 6d83dd60b1f8e8d93ddbda657b1c75f86c1f5f6eac899123f6ce498f5dd1a5abf05e29776144044c6a848e8fdd2b9a6a5367c4b249b879a310a260fb6b55b6da

C:\Program Files (x86)\VMware\VMware Player\x64\icudt44l.dat

MD5 58cccfc4824ce98be253981d1087740e
SHA1 69ff1822448fc25f56298890eeea62e974f44da9
SHA256 7e1fc96fcc98cb8f0cb44cfa94b40549a40bd0f9968c3c1141631aa0af95a1fe
SHA512 eff1ca414672758fa1bcfc3ff2d69bcf0bdbb4bb8e94442c1e9108d5b11203b355409de9af3f6ce943a693e7198329afebde2b0862959fd48ac674c341e49429

C:\Users\Public\Desktop\VMware Workstation 17 Player.lnk

MD5 743c1577635a2706afa1e2b3e2ede3a5
SHA1 2647abbd732e96c86f4ec9afe2bb49cbc8d4cca3
SHA256 0d9a6d2415ac8695ae270e78393da8b8ab075723e2b490ab6484fbe914ee4cf5
SHA512 2edf8c821f9123272e7faddfe01db5bea71c542fdc34a7b6c37898da798820ed5d625915f9a702c68c48a33a8c9ecb6ecbe456d9b69ebed252fbffc0d5a5f452

C:\Users\Public\Desktop\VMware Workstation 17 Player.lnk~RFe5ce585.TMP

MD5 dfef74b442da5ad7ae54d5af30c6ca59
SHA1 5378a882c488957ff98f4acfe78f86e79d871737
SHA256 82e7710da20c4f37f785f5097f342eb7b0bb6a3ddaf757bd12515d0c455d8ba3
SHA512 67764c26db5063f83c4db67cdcb93ce5b959fc0d77333df25756294da1a0850badfd47413fda1797b3fcc35ca2589dbbaafa1e4e480ed494186d4e4bb0609513

C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

MD5 7be6f8ed9b2ce43f3d1a94c5bef47b7b
SHA1 c3d9d9f603448f7647956e7b6cf539129ab77cef
SHA256 79ef3f355ac182751f8aeb53a41880b8eae3dbdfe068040be91a357d746fdacb
SHA512 2c5f204f2c31dcc172b89dafb5b799567554e450c64d84beabca1fee6e23b5bd6daa866dfc4deff7000696587d639efcb018759035c9b2ee8eca9e53f0e9d1c5

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk~RFe5ce5f3.TMP

MD5 76b1105b03f1e27b737d606a204e9a62
SHA1 2bb08e81ba79d2cbb2232abaa5321c5a3e578fb3
SHA256 f24b1edb3548f66807510ce9236f5789679876982828f2ecb6d0f11888ebc9d4
SHA512 77ccbe29adead13a9f7a011d99db0ef04e9071766b39238fdfae09e7a6d0ed344b5ef9dfc9bad66a8cdd1a6c52a0e1e94885eebd216ab25defac4554e60fbe23

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\~Mware Workstation 17 Player.tmp

MD5 c2145668507f94730fefce153661e7a2
SHA1 80ee7cc2927afe2a7c75a0023c4500c7c9f8b975
SHA256 419277098eeccffab93755ea93bfe6fae3f845a35c792c8d5aee07169cda69db
SHA512 8b7ccc9c344eaadcb4ef42b903e57044b2071f17ce3ef0f1faae5e0d6cd2b1942c1e197965e406b9eb961124646f216ffc77728649b306ee350ad29ab743cc27

C:\Windows\Installer\MSIF15A.tmp

MD5 8aedd60f28517e54c49404d3dbc14789
SHA1 538320184e74e4d0c02b3bd9367282e9c7b34707
SHA256 26341fecd46af24bc5d8dba4f26fc9196270515adbde08496597f31633d02cdf
SHA512 907ccb22b28500aa6485746bacd3237048b4e1f4d3a092c492b9e351931c66878da2d366ec8ec39586d260ad62b9b465850bb084270f69a63a97f9bc81969691

C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.inf

MD5 5626db3a5208f1a16480b68d59735444
SHA1 c273d1abb9da822686bd70ea12c92d49d30c6950
SHA256 4796224ac79c0a09d2afd2f3f9d2f0518a9444b78240814601d3a8dbc55d19b6
SHA512 0089e928fd40bab41eb5b52104d7eb9bfab0a49cded5e9f15aebf6d5f59d827fe9e1107bf9dc16cd23e75e1e136c23e6d7ce564cef9ab988ec64de04558c3305

C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.cat

MD5 b3e02dc8e8142640ec18309573e5cd4c
SHA1 c97cb825a1d6413dd42364fa7071e07a85ef7f6f
SHA256 43a4ed79fb779d7f5ed51c745a59615184e8388f6996ae4ef25a2a8d213a3f5f
SHA512 a2584c83dcf82936c02b830ee1a3be2d9af21980bbb258c6881d17a03617aa703cec8ada76a28a118f2edea17ceed94d2b1d23807dfbef0092d907b149aaa1e4

C:\Windows\System32\DriverStore\Temp\{3b2199c7-7c02-754a-9ff6-07c749c52109}\vmusb.sys

MD5 925ad5e40223e8b40053aa4c567df41b
SHA1 8fc75d09ccd1a95414afb5eb2d2f4a3c717c66d1
SHA256 e793959c7bbeb12873253b46f432b9b078ec25174d3ad4140de6b08ba649627b
SHA512 29bb44db3fbc02f2306b44b8611abc0b488e75631fbdedebe740f8c54c82cff9b2dc4f8a54a6cd020733f84b11d3135e6c82a038d3f7d68639373535dab61a09

C:\Windows\System32\DRVSTORE\hcmon_1E804F260BFD7A2F39698591B5E6FF49B1EB033B\hcmon.sys

MD5 ea0bef1187b8c4bdae52d762b97713e1
SHA1 3a01ea3a08117fc3a06f56d23e4dad4d46978d96
SHA256 e685084d055c0b05681ff52d1260e79bfa12c3d63392c6918178734d87b54c76
SHA512 9f223cab1c3f33670f6aac1dc252a1c25045f5ad56d6d7fbeeaf30867cbe8aa0de42d3f77d54a94c46c138bd687093abea4c61a77488bc3e9b5edada020d440c

C:\Windows\INF\oem3.PNF

MD5 d542f7c13596a2fb4821131b3e090f14
SHA1 4a4d71a0c6e2f7ee0ae9107f1088b60f9eb801cb
SHA256 849bd984aee76ee0c9c564190df801d944d7259c972a85b17f29164f8d6f134c
SHA512 a20aa1c64bd3085be5f96f34aee772990bb234635bbc63f55671d33f60aa2e10bc36db94e347e2fcd05eeb945a760022e434d9710fc3a0620b020d4fa221f10f

C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\netbridge.inf

MD5 eddb5653f0d4465a2adf194d0ac2fdf5
SHA1 28f5ae108899a524aa2368ada7a2d1b5a6c66a14
SHA256 aca8497b6f65b34f7b5d95d80505cd9feace5987619b6e4a1f7510537fcb77cf
SHA512 eccf273bb096fc8315f8c6cb3d6cc736b1224f13b5337df9e4a8d613364f2fbdb7f211afb49987197fc7e2ed723de3f2ab6bdbc80a604bf0eece4d4e703a3ae2

C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.cat

MD5 1c22dce43bf0757f895c35c7ae5de100
SHA1 49c62e5f9dacb21918c995311fd2785d688ef67f
SHA256 2356e41b4ca641c3a82652fc9e4030a228db5959817f0b679c78cae8cdbb0c10
SHA512 818324f1afc08477b98081d26f64b61723af1b111c20f8082bfad258ecad980600f7cb2d48b9fab0ab91ea65e362f4f3c3b11de9f1a5cbf789a3f602a3139cc7

C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnet.sys

MD5 a6052a9e2b31206fe17e79faec960180
SHA1 793c5a191ae1c7ad76964f75ac4ecc55b7316bef
SHA256 0fdfb94990987a809ef173d190af5887e9b608e83daaf75c0c8d38d907eae1b9
SHA512 27a37075f659e755fe064eb987cb9ca8eb03b9b085e2df65ef49e01273c10e270c1106fcbf1ce2b1d91b69dcf77588c950a18e4afb0d4013f5a293a013a4e303

C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.sys

MD5 284079c2b673cef55380f4efefa44a6c
SHA1 ea30982d5f1db56c46b0c1bc94e3b909b2ca4403
SHA256 8371fe9682b88365c3898cf89d78ede650f3ab09a863de9931cd0143f0f55abc
SHA512 73209aeacbe5da463fc60a2b8453cf55d990a1043ce37b9c93e9b7b0edd7e5db6ff348d262d50df36812b4012297b957b928b48640e15a779a45b6fb23580e92

C:\Windows\System32\DriverStore\Temp\{b6867e24-a8e8-a042-9b3e-ebed869fc7ed}\vmnetbridge.dll

MD5 f4309443b33d60d29cf488d9e0df1d87
SHA1 f6876338a43c7082277d0e2d80c2e7d82dd4b9dc
SHA256 2ac7141de5d6303dab0116cb9226fad10205532f80570ed875714c3714b890aa
SHA512 652f829c241c68e265aeb571d3f75fbb4c4852c085dffe5cd898eda527c696e87c592e542100e74de4a0b8fb1928c671e2ebfb936203e127bf29fcb1f4ff2868

C:\Windows\System32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vnetinst.dll

MD5 7d9f03e7dc7b03f7f3fa671342cd35f7
SHA1 fa9b7fd227e1754b17abe7b0c57664546586d140
SHA256 8705d4900c6101f4c67f4ce76bf26595ca31ae5dee8a1a45f77e543ca6b47c7b
SHA512 ba6fa3c0e80293cefab8012068246be45cd0400f7cd096dbefb8bd8f08a4b7ebb4601c20cf96b8b566ca669152248b058de334cfab14e851c4464a203bd4bd00

C:\Windows\System32\DRVSTORE\netuserif_596465B37F6C686158B3D1591036405ECBCF0C38\vmnetuserif.sys

MD5 67e0ec5f275cc3a13833671adea446fc
SHA1 ac4121db324efa58cfc6aef2f11b807625394967
SHA256 77cebc6ee49057c0a87f458cdcb07da37bd31ea83973f5d02fd03740bac54444
SHA512 bc864ff902d15e955b9528c5ca670d6b7b608bd988e65592b37580f806bd061ed3e4f37d74a5f6a319806e4a545b74680d6cbb2fe966537955a2f191c881f1e7

C:\ProgramData\VMware\vmnetdhcp.conf

MD5 a88994d410622250542b444f881b1934
SHA1 fd98cec5e859fa5e91820bdd351fb25d994bcbf0
SHA256 d954b30bf0016a2042da3fdb65400c8484088f86f0e9118686e67ff1f48801ee
SHA512 bbcb4ba1208df0138c9680116b880ad0835e07cd224b6a3680dad7a79790dc1a204dc0d5bc2002677cc2128b63d1d6538528a1ce53c6d270b7f109f35120498a

C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\netadapter.inf

MD5 be9ba6026dbe3ee60c9065a73d56dec9
SHA1 ebc737df0c6513b5611432122a160b1a507c5fb4
SHA256 ac2d201cfcd14658859357605ddda855b6f49dcb051409e45112b06d7db0e215
SHA512 b5cb8512e48ae1b9ce27fc56a1e4985da05b34e1dae80a2e46755d40fad89547d88445370e78b82dcb1840b6497bc6fb6fdcaa957506a4d26060df75fe7cdd6e

C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.cat

MD5 1d4d98ff37dd7593f7c837374b3ef0b0
SHA1 558f7f3f9a28216520a57aadb83bb29bb6e6eead
SHA256 c14638cf99380a7bcccc1835af1cd0e5bdf83f067de7f309876142b3bfecdc86
SHA512 091e452a5982b8e5e366aff33f681f50c3474d722a1be58a7c2e878a2a1db922537d82a8642406bd02829e023166f106d2e37f13e9c666cc4a11a379c353c318

C:\Windows\System32\DriverStore\Temp\{2ff6511e-d1e7-7f4c-bc93-4ebe7668d061}\vmnetadapter.sys

MD5 473c53dd8f56cc4fed9e1371ab94297e
SHA1 156f8cc9d784e9bd2735652a539509d982fb9267
SHA256 8062940880fac20d9d8a31d5e900578ef3ab13867a8e67e01c5fa7e721f8f0d8
SHA512 de007bb61e54206454c943829cca076b88c5f81e2c53ea939a9261ba53ca1bddf71be0e29c4e5451758c3bd0482f80748883c68d60ab4f6fcb3c6bcdd9c7a7c5

C:\Windows\System32\catroot2\dberr.txt

MD5 3c02b13933e10a9de0a564ab6ebb53fb
SHA1 9dcbf3471c00220c07706d296ded5e74a8da358c
SHA256 fc932afdb4088201ef931dc2935c1c597640a48a26df566c0c5ca00bf8265c54
SHA512 225b07cdbabcdc5652eb65d8b7143721f16d9dba177087afd41a8fc34bb591855ee831a9de0586c241164d7c639bef84df6eeffe80c3d03681edfa1cb1d67d88

C:\Windows\Temp\vminst.log

MD5 a4490161d1691e3e84382064e3dbfab5
SHA1 fc078c162f888d4caaeacd43920000455a0db213
SHA256 1bba1f0d06e458aa308438713bf2cad47ec3481b1480314c3c40609e2590c1aa
SHA512 bb44d073965c58528fbfd8bff624f2e3a128421aa8f556d76b901a503ccb3feb220737a3f94d1a6a5f848bfd7f9c38c5d533b71ea2a0efc36dbfe3a84d126309

C:\Windows\System32\DRVSTORE\vmx86_669FCD1D989372D507A41C017F9D9B620B285CD9\vmx86.sys

MD5 94908dce6dbab7ad5b73b579cba01c52
SHA1 3b6ff317424307d2bb6f590632037bf532e51d62
SHA256 27932c4ba456fac38348d441c054692ff4e21a3640db37bd623da5358af3195b
SHA512 70fb5c32960d162ca404d10f19bbe207b21798a1e1ffd17b5ec7f3658b36b0e538174344b9e809152df9ba9ea38be0e53f0256587652ef23d805bd862a3b0822

C:\Users\Admin\AppData\Local\Temp\FWF78B2.tmp.dir\DIFXAPI.dll

MD5 116eaa5c9bb2cce346a42eafde2dc152
SHA1 13c433306ebdafcd983410482fd42685bebadeb9
SHA256 57afba202253a7736e7296ca9ad606b9640ad6f5e9c231ee291f511dd469c783
SHA512 57d2ce75bd4a645eda5a9a77a6e92789cc527412722b2fcdcbb271c0d6eb8014b596d16e9ed0e72c9e1153e60549d13be2241fbd13223779dd9596e52ee8f944

C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.inf

MD5 fdb3c5882438a6e996d13a7ab48cf467
SHA1 7257251e1b43912d15defbdf01056aef80d043a2
SHA256 1e71d0b7aa6a8835986a2d603c7218e792886fec4ea889f13200cf0fdc78a73b
SHA512 551678e245c37c61433bb06f5bbc1075b76c1b86b06907b0a8d4c1e240b62d13922a0465919f361a6584388d80333201b5b6202b3fa1c6ff7771a58ba9ea8716

C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.cat

MD5 c888f61b9b09bda1f1fc1506123753d4
SHA1 bc2be72275b899d848737bfac8e0ba1ea72af63e
SHA256 b69004749d69e2d826a4341d2ac409711fb984fe2ebb4afa2b3dbc03368493cd
SHA512 9a90df4b4e4eefb48e81853d02e3f2f9b6280636322436b717f0763bf7feca79660fc860f8142b915fc475a20de4d876c1a29687061468609e9cedcb725b88d4

C:\Windows\System32\DriverStore\Temp\{2a51016b-538b-2e48-ab6a-5d710caf7b72}\vmci.sys

MD5 339e79b21cd73fe1174b56d6032e40d2
SHA1 d85e6a6a585fe4eba6f2601ae97a9db171f2b5b1
SHA256 91e68a9891339a8db757c9eceb65371db83822fa56305d61330e50194dc97131
SHA512 10d5783d92bcdcd536abbb3650321f150f4f8a0850e99a974dc3e445dd6421b41fd9ce0da951efcc553b5bb00719e11c4c22c01f2c0882e35380a15de0076484

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys

MD5 64ba085bb02e9ecf3b21f0377199289f
SHA1 bf00ebb018e9b0fe63ef3af971ab395fc0ecb7f1
SHA256 dfdb2166d3010a1e7ccfdc38f0b1524fdc4b79b17b06093b7f9820b637d28343
SHA512 b2d3e43f291cfc0215c1e1df1d61b94c7e7d7780bdfa8d627edcb58b1298fcc96beb8eaff7567629e2ae1c7ae1b0ef60af6abd6fd9ec0b380c5e20ebb0a8a8f1

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x86.dll

MD5 f7d359d175826bf28056ae1cbe1a02d9
SHA1 19409b176561fa710d37e04c664c837f5bf80bff
SHA256 af1df28834936aef92e142c14b1439ca64d070840b2c07b87351174ec0f71d8a
SHA512 e2d78cb2d6f1b2f3c410ccd5272d0b3e34f3cdf25c41605b12e9a1f408308084c28c4b427c915ed87e28f21d662846529711fa07f4357a7f7f727b96a5d0e7f7

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll

MD5 abe700a6459d2d6fc9774e0277350ecf
SHA1 cefe9bb79520b3cadf6d1bbf44fdd771487b3d7e
SHA256 952603279b8851c3739d562247f3f0a373b5fd0eb5a9c3baf1e6b1e608ebc6c8
SHA512 c6fa33ff10523d408be2e5653100fb3aabf1cecaa810916a0cbcd32c5bc2da76ebfb73256719843700ee4d05a7adf7b18c9130dab1127b7bd8b1d089b8219349

C:\Config.Msi\e5a57ab.rbs

MD5 c1a03a252d2f3ff69cbff3b782e3391a
SHA1 d2a2a238f4c94c123b929eaf160605b3a7e1b33e
SHA256 bdb659c524c3a94d04c16332719d7fec0eb6008e9701e19cd662886c01e26a35
SHA512 1da5d4b80d662396a12c422151338a41238c2705a731c6537ce61066b2fbf821667dfa94a24910f68c917f4dd7f62d147dd595133a8129f32fdba7689ba26eac

C:\Users\Admin\AppData\Local\Temp\vmmsi.log_20231018_212644.log

MD5 1e9aa5474b512157a86778ea5f3fbfc1
SHA1 c09fc348777cd8c56cd061e99622aa5d24289de2
SHA256 0a9ff8f3210db565925bf3386c3a1521d7aa64008057a19dc42cecda19a7c5e5
SHA512 1e39d08547a5341d752da21eea3fffd4d883b9ecb05e240d25f8d1afa18558762f49abfd21861f3967434b905ff3c9a12342edf88d37a68c6f698d406651b4ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c7a33b9876cab748a5a981036219c054
SHA1 60bfb76b9f629ede1406ca333b4c237343f2084e
SHA256 960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184
SHA512 cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6134e9e7f1052118360e889cd9542df2
SHA1 3864b8ff2e8e9ef7aee4fc4b7e61857dd89ee590
SHA256 b724e9bced2179c6e890c9e5f508fde8ae5dafd82167e9e9d34f39b5c22df0fa
SHA512 4bf1961362f1ea29c108ec5010b5af19149a2ff40aa8e060843eb9fdbb8fbb426427330c4cd74693964351064f404682b74c8e5a3515320053f74db20f2d66f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad674b0ac28d33596588a6e1439a380b
SHA1 f9de85115139624c7461ceb8855336e6480a213e
SHA256 f6a15c770d553d6738c2211caaa48a79994ad183197d6656435bee3646b52ee8
SHA512 b1b91855fac706e39d91be057c5d990b6ecef1a809bd4a6dedd48870404d6667e4af893704df820d07e5a09a64a30675814fdba4d7c9b66ec72ee2b4c624c356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36b181839519509183856c5aef1ac692
SHA1 2e0fab483c8eaf6e78f593b973be738e365a0a58
SHA256 83b1bf9e4280720db411118d6189d3475003a3c5c86880ec0c64f8f5920d5022
SHA512 f211bd04b36b5c9d9977340f3665ffb7578f671eae0f2b9d1d16e51148686358257efad5c3df833c287a8119d4104856048d576ad01210fdda236dd5c0ce4ab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ecef6.TMP

MD5 332f7101baa80c3c1eb41f6d77b2ff9d
SHA1 c88bbdebf122b7ce72693c8c155da2d78f1d3867
SHA256 320fef623c62a4fb70616178188bb089dbdad92611736495e733a9f090fdcc7e
SHA512 739d6ef28a2986656ed0f74fb3e832f9a19565f1fe33d0859c6fd0b71bed962f2ff47e0e780a48f68738f0854af9b818d5b01df96ac7d684b601ef54e1d75908

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 00a4f025fa4ab8c79368887cfc3a6625
SHA1 646925cca8be820b796d46d5f271c049db9a8fc8
SHA256 85ff220fd5cd34aba6dafa031e156ab5fa38579091dab0af02d5d20ca9c7168c
SHA512 9cfd2f197ae801c9664b30e26fb92dc8b77d61a207bbbd7f6ef55cc2c9a93a0cc541ec7b710fc0886bb57f0e85bcfcff8a38147d62fdc837e6c84c5095198bce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bb4d183bd950a63aea7fbae5248869e
SHA1 b28bd8d512d88e413ee70fc6a3371cdfdba8f7a9
SHA256 337047a32ec92db2d162dd83a9ecedc375e06131a0e42939ca2cc97ca3aba9f9
SHA512 185eeacfab465b3aa428a5239a15cef54a0af3ae1fba7a73af4e4e6ee13c0f3395e072078df4383ce568e12ddd92f658213dc5a6ddef15136c0455786fc13f78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c36603a9c32167172c5a052eb6a3eb8
SHA1 e3e37fe3f15709d2d82d142f20b50c58111ebdad
SHA256 a415b5d4e8b5b075f8b415fd5aaf622765f02f21a39ff6b7441cfa49157f84a7
SHA512 593209d8b365cda34ddb75887d33787d1287d0e4b4c0c10912c7733a8c53a3c64e3dd3e2702fd7fea338c9a20c7c33b9bd6cf4c0c71fe5e06f0c41737e1f12bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d4c444512c1d9736e2cef137f2f0462
SHA1 1e778c1396cb964c299c92ae6d07fb3751f1f1ca
SHA256 30fed426eed8cc70048ed0b199a116d1692d114917ba6cd11525801dbc7f8411
SHA512 2bed317fa9e6c190ca5b411a7b8614e685f06ab0fca010f9d368b5b20f2675f95dddeccf4b3297ba606b1585d44a363927b5ffae463fad3b8e751193082d00e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 17b9bb9509fa8aa6e3ef890dc6cb9917
SHA1 81d4f55fe01ad0a40d0d798b102ca826e97c0de1
SHA256 b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe
SHA512 0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8f8bc016e419e463ed40a47de5fa88dc
SHA1 669bc151f13f9c3049cf3ca293eac3361af7742f
SHA256 86a146318ae6d6a2126d6fe149b52b035fbb4dc845c678b023ed57d92ae73859
SHA512 9d09a0b07e675ed51c950994f59d7f5ddfd9c08cafde9170a3fd2f279bca0df1154c1c2a7f77456e49bbe1db56a81e27b30df77716afe221671f5ce9265bec35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b8d52b6943ac217101782c198b46d4c
SHA1 1e7bf465bb54f67587639168e885090a7f1b73ef
SHA256 2139b667b8548d4dadefd4a5ed33af15fb708a09224288ae6c2f97b1c98a56d2
SHA512 060a2ffdcc9a5f3bf50f052fa01ae169268744ce77099f356b6a93efdf0cc68a493ca13fd48e661c5fc8c6f444d352d09b9e493ac14d8dcc802a25211748d9fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4111c077ac41cd409891ec6845baed1f
SHA1 a655bf87dc98cb24268791e96dec7bedf9d3bf49
SHA256 dd85c11ef363e77fd2b20490417409424d80bfa78d3c3c703af605dd57f6e27b
SHA512 0f4edbc69050a89b2e7d5ce12774858f9857fc2c3ccd2ff8af0cb81c56deae9bc30f448b4d36c0f820953dd1fa83b087487a458c4533a9bbeab34c2642c9d314

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c817ba44f7da26c463cb1371038c9afe
SHA1 d0f51362728ca1dd0cfcc45e02cca98610c6a7c2
SHA256 d3d0d1be830baa83ab16ef3b41333cdbb1e218e94b4c4b84984eed8b6d226f5f
SHA512 535f365367c119408fe4fa119804992892a282d7eda62c2c4ae882e5153e36496088f16582eb76585cbec3e308ab3c81c268501f858220a75afc0499e78816bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 348136e042260eb9e1a4084e789f82a8
SHA1 7d178732508647d0af1eb0c5777fc098e1d4e70c
SHA256 a32297294c25dcbc3e1775198b69ddf87b78309fcedb0dd146ae9bc5a2c705ef
SHA512 2b0ace1697b327e9b8ee57a85467cf58d8f491f6379e2f2b38a9d718155d0c1370a5c0abafef683b693add9d8316cb23118cd1f3bc538edc2ca10fcf45dfc238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 c8f4a53ea479b07d400640c6b7bc740d
SHA1 bc7400b2ce86425d5c5ed21bee2964abbce5aed1
SHA256 7331501045923d02199563aa5ed50dbcd0a2ae86377bdd96a53786152a9098be
SHA512 f9c96512276937e42ae3664a67841d5228a8b79b8f35692905b2697dc7cbb498415dde64f3c694aa0c03e46d8b2c901dfbc311f3e3390485220abdb865d274d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 210a5a11cc3c0411190ac78a345c2f37
SHA1 981ef6653e6bf3c3499e6005f5a4983a5a0578fa
SHA256 67744cb0ec664f1cb17bf04ad2996b12f2bd3df8f6172a708ea58acb314960b5
SHA512 f689e9154c9a716307566f6379af9c8ca35c33453a367ef5d1234f032362fbfd0654739a66a6800797fabd37dadcc27e754999e73a2161ae33e385e1d18d94bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3e5f73cccc486b166ffaf04a215f9ee5
SHA1 1603df690e47c734295f1f901301441e20c7a369
SHA256 94c6956473a75a0df7be09c350620911eb37be077d20669e88e827e73b983342
SHA512 190a9a13fd26cc4a52417f70d9ce49501144a9568b121c9b79d670dce308eceedd7e451d4689a40f5f3947a5a3c7db7d0d5d5a2abf6be513134eeb52121b53bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 00c96e9b35fc1d60322efb585361b801
SHA1 e8343d37b26d42be473623a47e5d452ef24389da
SHA256 ae1a15a330c00d7fc80d7c0b68583da77d2a584bab5e8a5a0b728ca53df517ce
SHA512 e96b3b9de9af11b7381857a5ddff6fe3ae8ddf8d9000c19ab3aaa6a77a6662644580a15597a90956a2fcb9be926914b8d04e3be41fabaa2c64afc5a094a13269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 8d986559decb82349ec14d9ba092ee52
SHA1 92e45f24e58bbe2a1b92fbfb3c8ea8e0425dc205
SHA256 cfdd860da28af30f5ea82b0c1811904a991f6a64d10cc5c79b6e4aa6361c2fa2
SHA512 fcd4ed51d1d68ea48edc77743af9904e9d234721534368014dc609478cec6d480ed55d51191b2cc87ea757b44a4a1196d8dc50a21932deee6b75fa9e3de8bb99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 7bff8ce89b16244ab2054c5e8541e541
SHA1 6971d70ce2931aba68b0a21a45fc1baadc8eefdc
SHA256 533d74e24be7f3a16f6c0c7b8da1247f9fdee98b2779b4ce2e331c27027b17c8
SHA512 ad0105bb19baf2ec81cbcf8e377437d935c465ff03348730197b726f73526af5d1c21912ad42761e46eac76efec3708db74675686ee8e37407a55357df73ebfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 bdd151e061c193942be00002c4a44953
SHA1 c005d3bf0e1aafdd1a2c95f606b413d83e2ae415
SHA256 435f7f68b204283384477add4b89b2f6d3e29631db33753e71f6810611cb41c9
SHA512 3de82142302d64c91b89912f03e7cd53645d5c5622482aa1970252a11bec9c3820245f3c00ce031482f1cbc159ef0d6f6f9dc690bdb4c43547aed3bab575d983

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 1ea833263d81445a70355e2baa4b4c60
SHA1 44c6da345b92d8c8fb21c2b056579ebc6abf9373
SHA256 42a7834ad83f6dfd329a14e3bd25e79ca3bd521a302238117b19c827594eda87
SHA512 56b14aeb4cf8ea5720a5669e2706960327bdfad202f146a2bf23e642ef38637fbf52549fe2d757c52bb2b63e971032b44525b4ff4a8cabfb6081b02558fba258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 bd6903d2bee3c189e4dcc4649f5685b8
SHA1 17a91e02ee328c5f4af33850120f5e0713e768bf
SHA256 09e7fced284d420e6b1f15717c8692a5f78cd9925fd456fc0b632456dcde3648
SHA512 8752d0a5b8b6c441ab74f758bb38cba4ddb69f7008887f3c03250b466f6ab8be2a2f1bf655fe759c658617cf17f3e72f2068278e2acbec7185d1894f36804d87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5f9515.TMP

MD5 662bf4d757fc3abe47602e38a4660434
SHA1 aeb4567c881c174d0cc1ccf473bed8b90accc234
SHA256 ae4e1e5a61238e3fe2b9b0b11b6073a309e191b48ad9828da3dbd5e33ab0d74c
SHA512 2f784f9ea679def88105c19f51d392534c8846d5874f9aee2b858a09b535ea445e6e6cb05a2085b50d6f8afbd0c9acb5fc43d2a96c3173311fce137867c395d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 d42b26bf234d87ff12a04eaeab962986
SHA1 8e4e30a7ad66039b41413652d2366e9f16d0e528
SHA256 6d82c4bfbf0a281ba5d39fb7930ef07aafa9f04793dcb7ec86dd5d8e9e7fdf7e
SHA512 3ff3ac4317fbb948e0fb95b2d2da713a560ff5b518f02bcaebd072a71ed8381da6574e6c9863574ba8d14ff5a7dd01a2ce3299038c44ab61eb8956c33195f2c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 9811dd757cb12f93f571938b3906672a
SHA1 9e6da20190e318478c3b730d80bb01b456e296bf
SHA256 7bbb89c2cd4d23ed4da22aa59d7aa26bed4236510bb19565e7099285b1862caa
SHA512 6a5b558c8a50f82c699c927910db6681f60b6b8c1def876a7ac1697a1e5dce4eeb88df86a473b351c0652fffc2754b98c492019f25343ed1763c600cd4266976

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ccdb2161d069a23b7ca9a3d21aed8e96
SHA1 c14ab0e8d48c5e615a92cb24ee6a6ca6382fb7b0
SHA256 97d4c33d8b6a54ea924c326cdf6c63400cbe14f34ce14e17095e85139f959cdd
SHA512 1df97f65fa1dbde2aec28f45d291c5c1e766cf4add39518dca9b08974fa8585b41072101d153feeb25ff68ba9016cd70a2acb538cff1d7f16116b6928d49a96e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8829231936aaa8e17bfab063bfb561df
SHA1 65ef2c76809b449761fd747efbadb09bf60054ab
SHA256 124922915235470d02037900406768293443bb9497f621cb9cd0da38bb575e73
SHA512 1d2e202b71bb9ab38f5e52d1085816e3c2ca645deaf350e6f82f451155ab5c652308dcc07a114634423ba991f9e2473878401df4034fc10187f792d2bd9c6cdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6dd42df249aabfc53aabe875685b97a
SHA1 4156f8ee0056a056b96d38040619d5fb0f8d43d7
SHA256 2822fcd8fbbc42eb62bc3bdea9954d539c35447a907fec7bf060624c67404fa1
SHA512 e12852d4d6feaa0b2b5fc2b40a93569055cad28e0d65011321244d141ee762164a6ffb84d3ba4362fc3b89bc121b93b589268c511a04b1ba64292f545f009172

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 0463cce3220e34e8fe6521e50f42fe01
SHA1 79683e3bb7405e4f661590d950e50e3b3d36c8f7
SHA256 1b6f494e70368c5f89b5d8ee02fe270e85016e5f83a46cc8d7b55b9260ca3c26
SHA512 e97ec57aa607aa4c4158c85cb2eae29d9f177bdd5dfeca5415a733e4b65c31d62108931e02a473833b03bd77b85410b4a007e5894587473d0d8919a5b96e9e3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2701ee8635a373856e2af013256b5c40
SHA1 102b3a4d2991cc2dc32992bd8cab74af30d111c4
SHA256 ed62b8af623db4af5c0722872e7d31eb525ba5bfd19021e33ae60e72a0145632
SHA512 31d0043feb274013da2b62e521d8afd7f7ac0a46ef33118bbcf07e1fbda2356a2ba5e47093bb43bc903ca64ddf3b0c8fe18a8d8b10f8ea664faf02dd61654982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 699fd0cf59c643687883ebbc6512751a
SHA1 f4cc33359ba26fcd7a3bac9d283dd614aaee6785
SHA256 70119c7df5e2ee1e553c2cfad8cf52d3928f22bd3acbc24ad6069f2daf068e43
SHA512 9140e67766e53c648e21c6c334355f27b196a4e711eab0b78723f7f1c007ddcd62fae182abc82b433289373d0c12677bff41c8441eeeab4cae0684cba3b629c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f44244d91dad88bc7968b234f4e6c2ce
SHA1 b3d750cb5d6e16d413130648ac266afd83c882b8
SHA256 9b2cce2598819d42dd95e7bed4081467913c7ae3dabde29675c136bef802b376
SHA512 329b29cf5a72b80ba57ef4c9b76416706c9c03afa4160ba735d256af180d740347b7e528fef5f4607570450e3b5e1b5ed1b704d775e0cb6477d04a52859368e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d6972361063eae3785c7148b5356e8e
SHA1 651f9656dab4e7e5345eda36f2cece89829cceac
SHA256 ca6ef7863bacdef1fddda5402402f91ed3442a088672adf155c6187129806e8a
SHA512 fcb678c3a2c6c248e1a246ed2a6c239c0bf7c3825347ba280f49b99a6addd237e1f4477e0f6e448316a23d82b1fe27f4028b1208162021c345af0e14f97a328f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bfff4780563efffa43e1d875c797a259
SHA1 52b5af02bd01c63526cd76dcdae6e13bacbddf5c
SHA256 fbd87417497d3630c79a3bf67908afd692e23932c63f0e17bb89852022ada158
SHA512 5420a2489911ca259546745e55874f857976185f37a494d9e0c61acbcdc220ede46fc8a19be9adb1126af8f7c4078208773791368b3f1edd7d4bb32ab27825d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe600b6e.TMP

MD5 64210613c79a2b39ee484268fa701e82
SHA1 262a158cd127263c9345a5e023ef732654104c60
SHA256 235b08d624931ec79b50b7a723ba12e0c74d5b5ca8d4713a2e72297d7cd017b6
SHA512 7055c502e20b30e2b1e5a2312b155531411bb42417549aa35413d066979acf5f312868a6bd8cb662e2c300005ea0c9f16ecad53621d36ec6d81bd051b04d1ac0

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5 08f0a3740a8a79fb1237406f124ba18c
SHA1 4ce24518064580771ea8c9748e29fef7c990e34d
SHA256 4b01840ffa24b4834dd40d3e8f8f3aa51b80db8086c7bb0aade4379f28261bb6
SHA512 d515f524c77bf972616245b49cd7191599afc07abb1eeae09687bd6294b133b71047e6487eae1f37c24c26d0efe3fa02183b9e7e57ce9687464f5ec0682696a0

C:\Windows\Installer\MSI1017.tmp

MD5 785ee78478d43f00870e91fa96b94646
SHA1 97e3f06230bb97333db9574e56a187c2b5dfce50
SHA256 b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53
SHA512 d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

C:\Config.Msi\e5a57b0.rbs

MD5 f83e2785eac39534e846e54645f11731
SHA1 3dbd8b7235d414631686ac08f395059f307abb8e
SHA256 fc618f07c48756cb0dab96a7d751441e1598262b4e27fa32ab3d35b42e68d925
SHA512 7aa119af8a4f80e7d6a7f4658f5a654ecf72ec05cc49d0af079b961989e4ee765cdc6552e2db33cd52a1b358a1e03fa5f5c9e24e33c1872e39c018210892eb68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a07dac6c6292ef2bb9fb7832a032ca2
SHA1 61d816224e84bd72c31b922413f8e26cb340d6de
SHA256 44346adcf7d15f2edb44b4896cc67a28d6eb008d1d116a6d4667e28a9ffb1d77
SHA512 807ed2c07bea1e3330a6779e7164e2e01617f4f3faf393073c2bd7cc9dc26d5fbb6978c258c5f83883bb77b4a6feed8645501becd33c286c80a54ece3d68fde2

C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5 e2bc472e588a1ea3d10765a10f50aa90
SHA1 7966e8bb63a40de09f1b5a857ea16c49dc0511cf
SHA256 b8786de82b04d21cee5ac9ae69d23c945d5b935b68a6064fd66eb0e9718d953c
SHA512 e15e3248d931c45e1f3a624bf6c8b30efbd2252617fb034f344c3013c69e5048e05d538ada40dcd147ff98f3f25376b41c4f5ec46701bd905bd80b04d25f7314

C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5 e080885e16b5ce5e94216b150d7d2a7d
SHA1 e86bdda23ff3f0354688ed8552eb758bbde3f2de
SHA256 cb0031a14f3dc53e6b409a28086f5792dbc27ebdaa0878dfcf86a66c9eaa96d1
SHA512 01b5438141b697fc16767830835a0694eec21847ebd70359f83fb216f0c0872055664d4151989a9ceb08689c151bd5790ff861057bdf4e79481fe6cebdc0315c

C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5 5a8ac90888b55a52a824fa5fe36b572f
SHA1 ad21c3462ab7afd23ff4c5b6326276adce0d82c9
SHA256 c59eb4d1fe15ed95e800d488e1ecf59d957268cd1dd1af973dd0511f4e3a6b4c
SHA512 8c5e5cd9f166170a513725e478c083025ba0764d436865a6e4cf68eb085c9de5f7dec0c4c18f8c570b1a8e154c1348eec19152a185b5e26c531d0d0e74bbf86d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d0bbdacadc58e195be2f5854008b8a86
SHA1 86dac57347c42115c166bc65caa7ab0494941b04
SHA256 ec0f9cc292b31e46dcc905733c458b3c567a08896ff0ef4e295bea53dbe49786
SHA512 dad41f5dd8654a3b06f2ee58a09b4ba53c0cf9d2d3ad664f51317dbd9552736ced4556576b3e2fc6f13a3a07cfb6cdc9f9059ba9b1e672f4d5b286d2ef974ef6

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Program Files (x86)\Minecraft Launcher\game\media\background.zip

MD5 963f492e15c31838691061863e8633db
SHA1 8177b8d04db29e4dcf592097fdfaa928fe185c4f
SHA256 0b13af6240c02c1ff811a5e5761628702f5f35838df0a823d78edce297cf9d9b
SHA512 a996817c7a85bead4c9763926aa0f0a969a6dba837bc38b9880a4afac7709ab83374fdfe0054601887f548037ae6b431ae2e763ba52b685da1a5a75106ee4242

C:\Program Files (x86)\Minecraft Launcher\game\media\common.zip

MD5 b1a0ec10df6122bd1c15052f2772e350
SHA1 ba793e1a906936553f4426be1321b092d48964b2
SHA256 bcd0d0a40a967ad2b71dea4fff49c407d68b4ad3e2d88adb9d2c92948d51014f
SHA512 59473c3ba29cf85e71da1f0d20e558f59123690250161e8b2ce668a0c4c69dedf6ee3ec69e196a6e2596c590e6e0a47cbb847805f3520f655ff60997643307e4

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index

MD5 daadf7b0fb9811449ecd0633dc8aea6b
SHA1 af3800df9b33eb80156c6d7b35d3de159550b094
SHA256 0950e0654baa4ed779bce0f8c183995b34d06dbffb408c08cfc05d79020733d7
SHA512 c64e16053c59e15dfae2cf4ee39cd851e59c6394f30f1a2777b1090dd9ce0b71e163b17c75848be89706b6dd397bf76440539b01b0f89240f003a89e3da8c361

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index

MD5 bcc4e460843f7d99824ff84bc003d378
SHA1 a56e0e06e56765cbb174d99d8b82cceecc3abfa2
SHA256 87d530f78c0f1e32d282c71cf1b394b40ded6f581ae4756ca439941299b6f2ea
SHA512 bb0e06301e1c27645f7eeabd1f4a701ed59aa9f3910eb6ebd5bc08e4c91dda563dce793ac0dcea18cc27959ae69ec038779d991289bfeec33338a400e6f74238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d8f4eadb68a3e3d1bf2fa3006af5510
SHA1 d5d8239ec8a3bf5dadf52360350251d90d9e0142
SHA256 85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c
SHA512 554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60953231-6845-4b22-ab2c-4ff6a58ed537.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e047d30fc315ef90a08f6452aea50aa
SHA1 828fbb41013aa447cecef6ec2f8808d86debf874
SHA256 9adb3f279484d15b2305afe24c12161a33d57b6444b0e234412b7d3e22c887ff
SHA512 e75e71f5e22e0024e4ef4123f6d9e3408369668314b1c749df25116a326180d0dc9afa394aaade6632941fa221524da5d526695521fa038ab1b31a78b196be7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5ddc6b1516641e9939aefb834a9d7ca
SHA1 36dcf0bd264752ede9cba81c1f53ce7644eea6f8
SHA256 4e9c4e65f765a4e54a5e124da90318e41bf1eba11e3f5371fcae2c511ef4738a
SHA512 f162f96e3f216e74c57c5b3639c9b010593271902f95b3b9f1dc3bc90321ecc1486f3688e15ef06f5336daa50d94acb7ca85a53770695b6014c96cc0e96099de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c2ff303520c03fd434363b4cee6d353
SHA1 e0e3d7e977c3f585167c615253897beefdc57375
SHA256 76586a9398b4e3efeec4be95fb4782d5a2b114849c2e7de395067d62e8bc9ace
SHA512 2ca3c50182efc209d07dc8a2664cb69ea18ca5243446bd295db61f5df5afe7aba2acc62aa203759fd31a2506e30d2986e3a0accf1ba8e930b90171fdfb884e85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 8a7105617af7e5e9471d79d527f5752a
SHA1 17ceb523267060b80173e7dbced754beec19a96b
SHA256 529a3e0f3c3cc506976fb66bb5e064c0e40e668e7c3321e004554070933ca3d9
SHA512 d8ddb099229398671899dc78451408da195252a031c639d7b74fc71086106af807789a752e4b51dde2b9bcca4e9ad4f0ed76b890d0dfe527d0c5c58f550fd7af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4db69c4275e542275fbe763f054cbe25
SHA1 37378d2d68360cc4617594a9f327e0da9198a6dd
SHA256 8283cc1e2513cce89296afe1b5b06f49a43949e6cba3b96602e3b95b28a8a786
SHA512 227f6207aed94971d5148b2c807dde8e4952722f83ce700c5d68ae166a6087ed14a01efc0d41ed27de06b7ceef8721876a072623f95934074167235dd47f269c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2848503c536d80142db5b9f49f9e76bd
SHA1 6622e732a990780d6c27222cfcd4f392024b974a
SHA256 b2eaa2d957b2cbe7ad997c6e697e4d586e8bc87ce5a391d7b6d47ab9e29f6de9
SHA512 25c3fe07392d96f32798f10717d22d5eb7717099ce4acfbcd518a8c0f05cd72e2bdb81d7a9a87b6ab6e2a7288a36af861a865cd290101a37ee567f18a8b858d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 486b2c984deed79a6f209960e1e9d7f7
SHA1 0ae64298e076ea80baecece8561cb740481f2271
SHA256 4267eeef757c47f85714d11ba7a885f13b8941e5e54a092f3b0631e17cc4f9ab
SHA512 100d163d3ec7975597e035c6a3750aed37e11dce4d971d2c937fb920b43398101e13c3bdf7a938b983560f83ea899af8fc08a48f4cdc1b36acda5df9ff57ce22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab7d783a25edefcdfe8ac4d1f4a9585f
SHA1 be75d79e0243e31a68cbfda4927f36218dca918a
SHA256 934908f68741af01d9ec8c1f880ee092821abbeb7d061321a55709c66179a33a
SHA512 6a65c4ae8c634573bbfbdd8161774bd71bbf3d2de1f6b3f8b63cd7e84d4a26a19a48731fba00a9909e216c5553014d799598daa1da1803a7bab3e05935a3447a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 103438d3ddba6b6ed94c072c5d1ad02d
SHA1 e6f73c828e2cdf7264a5ee196bc89df3ca211fe2
SHA256 0bafed1f826a327ac16b942dfd01a580ad8b71dc8e223fb519b63158346c40b6
SHA512 a4b642c60ee3ecc9d96009c70407d7a6f752c7a90ff10fd69358a0f0a5c6cf381a8e949c5137952388a08c1a86629e74781d84b7a4b4323ccf52cbfafb2f62ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0f865beef2fcd746af570fcd9a10850
SHA1 cb49833631c6d43b88f43f6e8f3f0a5d4886336e
SHA256 e80ef14d6db5b5092e9f8e8ccd7acc61543ad273793abeea765b7787851cdf83
SHA512 03eec7ae8cc8ae7fd78bbd468e02724217430eb6fcbe893e581179f8980c597c7ee103cba592ffffdf0ac8286dc682711d0ccd7e97d452fb7d4a50b00689dc8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e484878ee7ea2bcceab46341670ad0f
SHA1 169743181b9838ae97169886f5e18902ccd6ebd3
SHA256 8d13fa0ca6b62cb63708c19522d891fda59ca6d13ac8479bbbb35e33e280d78f
SHA512 0d92d36bfb276c23205850d138d28c00d689ebddf389d0b249ae6272cb9e4b8106771cdee8ccdf16a894811225a5bb4f056cdbbb48aad0618f763cf54cbe83b5

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json

MD5 5dd02d7050b2640f805b3d8fae9a561d
SHA1 8289ea699f627a7aa5bdfec40d0e21477faffaf4
SHA256 688a8ec02104d115063e5e511bd6cc441813a0c0f51d895ae76123010788e178
SHA512 b8c029d43a903b9d5e3bc7579b74fbef0b998084308c0b08472195a563fe53b5436aae76f2b74b9d1a765a19b1226873133528588cd70c0e767227661ce91728

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json~RFe61dbd8.TMP

MD5 badc4040693d3e4b09621207afb680a2
SHA1 6c2cf2461d254ba149233e410fb65d1bb359cd4c
SHA256 139309239dda6eeba742ce21c773ef314abf2ab5b66fb84a74c5b03f02713003
SHA512 de1d7e864b2a13ff933a3c6dd86784dc502c48832b88bb138f523c3cf0737be030a3eb71b8938a64a6c7710cfdee7ca86c4317e0b3c572145a9ca77e5d54f14b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccbba543490bdeae296c68ac18295201
SHA1 4fcb4dd672b4798ffe17bee689be6001d23e2a67
SHA256 69517fa434646dd9b134a9cfc9a76339d5b9870a5053f9abb4024d150d385bae
SHA512 de28369323d42fbd8ba3fcfea51fe25b5b04916fc1e9fbae61515a4828401f6d53d085e4cdfac9ec68786437678c56d1fc19bdb81a1b3746faab9e05ca62266b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 775d9fd9d4316d22d1873b8e9d1e633f
SHA1 9772d92abcf562f44d9612a8b76de8be41b69c03
SHA256 76586b9f3cbfaf46ffdc530a91eea5dfd5354a028621d51d9e449a1216c8dfe1
SHA512 0554f1fdd8aaa3caf4237683fc3db2642ba1defd7242e69fec02e0e54a4d4f9a54479d8344140e6bf2bbb6968b529ae8086cce922f5affa352451228376f36d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 01808655c624e1752acc157b88d0dc51
SHA1 1d998842efa5b71d79ee050b64e2ac70e75bd130
SHA256 42532506988d749f210bc44b3cb2adf33458116d46d336870933d8711ba87039
SHA512 15df0fe0d702a8d41fdbe95f4d651700f1cb0011ae2501a84e3cbfe17618155f6705636d963b8014f4b16bc1bb835f75f0bc8b098403ec3b64b53327e6a0c0a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e7722f2f1a7906357495bdf36af49078
SHA1 63bae544ea03cc188ee37d82a81a12f5728281bd
SHA256 a28e92537d5382e333980bb93c4d86404dd44d743f97cd948e64221e4f879a3a
SHA512 c7905eab2473e4f0fe8b9f4cb0bee8ec7605a49ab8990ba15ae311612a6082b36b28dd705e335b1e080a1fb3e4b2683fd74f0cbed7f7a0bab6639e3dc399a9e2

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 6a8879f6388b3dbc3a9e9faadf780831
SHA1 23904613dd51431b9793ba22535c4484e8fd5913
SHA256 b13d2e55ae50a5fa85483b54abb44f14bba9e799e2a17cd924e0fadfed332904
SHA512 6e36c82cfcf6f099779cbe6975ae93254732d968fd56af90380aa4624badfbcf0af0baf57ab2d6a8e0f758f4f07957d301c1f4389c01f4a32df53c72e896555a

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State~RFe61f3a6.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7da59e30-1f6b-417d-bae9-70f299ded1d7.tmp

MD5 636e17c94a2ae244cac55dc173bc3ba7
SHA1 688f1b96f1ae0d26adf4e7d37ba47ecd3dd86f13
SHA256 c3bc931eeb22fffcc38990a0866f4164cbc517ae6ffc1cc17204872562bee28d
SHA512 01b9a494df3ec7372112d004fd3b158ba851d85632a6ef802b4d43623a84099bcfc99e53c722c985ece66b694b8648291ad55fc64d4f9eed786708375836e889

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2cc7bee6b3ef7590067dd596854adb1
SHA1 1bd2c73c10a564e397002735e79a8bc2f177a729
SHA256 12830d4d4beec102f0beb1c1f2334c443d0a5ae0d9a0cda0f54fe6696778454e
SHA512 e88aef8efad845fb5e95a161bdbc70e126968ff613dfdaf6646c4fc32bc399994b229e885aa30b8655768a43acfc1621146263c692ca03fb88f2e8e14107bdcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5de5156d1c98ee7a_0

MD5 8bac0b701f3dcc18b287960bf0ddcd62
SHA1 45ac8dedfb33d8f3af3c15e3638222e2f91173ee
SHA256 301186946fc8180784652efd6929ab803d2edadd746665153dd4027585d731b8
SHA512 3846a545b5a2bd6b6d26bd7e969dcfc8c650438cc64bd919e61c60c23e82974beadee17fe88700f4f8c05c197cdc3b3ac30f87eee2045dc24369238021fc28a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d45856032dbd7f0_0

MD5 e38e4edbda08927729426bb3f874020b
SHA1 6599bbd56cc031c29471954d836a41d0f7d54be2
SHA256 1ec1e64d471fd37b32b581cb781249cd53889138affc652ea29f7517fbe27e44
SHA512 0dc16cfbf4e780e853daa611f9d6020a3fce92671d7873c0493aacab48c6d27017e521387dbcfffd495e94da01a1511768f316964ccdfa84ed618b45f8ffee36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d56bcbdc73470a0e_0

MD5 7761a72b21f5ed065800139a5776ee06
SHA1 d77bc13701a19d0c789c0e80f232c0a7a694ed11
SHA256 165cbc87df7b78e3ca0b1d1ca96054b4993ef21abfc5374b19f87fd5b1031859
SHA512 c563f84b79252c667a0c45108024bb4d21856ea31648ea5a517075d7fb800fa4b0331b062ac67c3c464ace3d4709e26f70a3bd9807706534682f7f426502262a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a365447ea5f15aec_0

MD5 121e5384def8c8137e4067df12d7d2fe
SHA1 4b51dcd5d22d2655b93a327368916a6a017d06e2
SHA256 161eb21fb9d45ee962d696b3afacb3d8e3e5287f0c107f710101b9bf09ca6842
SHA512 ba73a1a9d37658153a6ebd23b246a5701709cd927e40b0c6f79bee3d31660bc6360061f24f4a4051989d979462f5060da5e3437adec61c87e1a0479889e8c765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b93e632b1e9bedc8_0

MD5 df0ddf763987cffca2c8a5ba14f5f13b
SHA1 d35c40deb97a154bbd8858fa5865565d5580e6ae
SHA256 a17416d89d8b09f186fda5b512632c6cde2b8f9b9db025ae30ec5d4086420937
SHA512 ff22a802d2fdbf3496fa77ba65d73b6ae210c5b033f8bf19aa39e426f1f57008111bc9d1961daac4f91aad7d5e273fa6792b39c241f00dbc4c3fd4bd9b1e80b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26f2df2ba4762c22_0

MD5 9dfc9d6cf92eb137bec359b83c31d7ee
SHA1 32ee0f952736f2810ce7f11721e00ffb54385925
SHA256 7a2a0117dcf85f7bbbfff34eceaa8ae77d3e2cf7fdc421373553a2d731506051
SHA512 80b6b886caf04c32768f8f81b6a21a88e31964992bbd6c4d2db9c7d36f222c9c6e6476bb1fd04b863b213fd31262dde02c3efc0df11b42bb9ca0dac13855945f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2082322f3bde07e_0

MD5 f130aa468a82fa22258a4ddc00d95d9f
SHA1 ab1e0ae3ffa2fb36fdadb1bce07bd6cc9329a8e9
SHA256 1046c47885a8a3eae6f3b8ed99cce9f95ec91b9e0d922e739c8fd2550ded8732
SHA512 a73f5e7b978035f23ec2139e9e0f3d9dccc516ccfde8a411f93bb2ed8867c5badc6194a496787a9e2623b5462dce744d7720e9eca35dbc8a5dddae7d31d95af5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 a0c81ba8fe0087cb1e11ed99d9f6b36b
SHA1 b3c2464bafa150bec711f4705de7d2a085d01051
SHA256 17957ced8a0947d3bb9e256eec5fda86329ee33b8821f066a2caca092d53669e
SHA512 aaaa57e8884fafd92bcb87bf8cf54b8af7ca8e77c5ac0689fa38486e2f0fbab00c17347997ec37615f87edf1b20fd13d90f98d972025fc10f695623b8aed9adc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 5b2b2a57dbcace71068f6f44d7a9cc34
SHA1 6dc4af386658d4091adee49380d724aac32fda1f
SHA256 32ac3cd8ea24fc4e4494c52d9cfcca833d3ce8953db300b8ecbe5f6aa88b65a2
SHA512 c1978c14ff0c856fea91d63c95cbc0ca2ef33b8d843dae19dd3495aa8ca4dc866d2be26f089db5983bb24995229d6441cc988fdf75bd85443abb0d8788685ecc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 f81f65df66d21abaef6462923c141b52
SHA1 c90c86b6a5b2cb2f00c00112f7c6f9effb8cf545
SHA256 5497c7c3fba6e57f3ba56019bcf8015857359ad253ddb9009939923aec4135ff
SHA512 fb84cb1aabdedec84e88c27ef87b1c497becff22361a16e2578b01f4f5f5f0d734e9e6b819968afea9c115cba776bcc7efb82c27cdaaa0f3e08906e0f70cadb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 ee2d17909d6a26d453f784b94d0fb8fd
SHA1 972162dcbdc9c8a647c533dfd81e036f8539db81
SHA256 322063386219dc174071965f0eadb4e517e988b5870963899d19019c9938463a
SHA512 396ad5120ebd94ceaefb822bbdf5a6ccdd0ed02486f8534f36d01f8db53fc5737ac52c426f1ed21c3df40c451582358be9edd9809d5a5765025113d08011248d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a024ac08940b41331613a857ff7e1f0a
SHA1 bbf74f7022dc7f73e3f48a5bdb00de9ecee47895
SHA256 5a2e28f0d5d5ebd4f3c67c78747ff05653edeceb1cd6e326196cae0dea0948fd
SHA512 d5136a6136ce5a976fcc4e10a6b66eeb3d40b7b51d11767e7df8bfc43db21175fdc4871c3065ac6d8d774a1cff289314866dc7311c5379e8b518231ae2a96ad5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42b46e37e1e1e3e61106eed03b1ed73b
SHA1 0d64bf8ad8a0a6f65db05d6e8e723e018c89a57d
SHA256 c503d264a12ac1e68d99ae3f12c394627285bbcbab8f78d451de0f76bf7d2088
SHA512 188681df569e5b8d83ebb28045d62b7b40a4c1f5770c06e795b1fb1913809c219ef3134ddaac12128309ff3afe8eaea3f3efdba73a70c351b3fa6b9c42d23ec5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf60712ccc54d707b1e19020182924bc
SHA1 f9906eab919f0e51abf57dda97f0b3104ccc1c42
SHA256 cbdf1b11ae52b26f52130e9530a3daa07bccc875719a44682d3bc77ccdc7af06
SHA512 84d1a1dfa1b97c53f00b13d31718640e76495eae4ca272e05a230ccc3a3331c98c3b4c3f06bc9b2755a2eded139c30b51a746e95ead1d4d02817db7c71016d5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007d

MD5 e2dc4c3ea0d4cacfe9e089ebeed86fd8
SHA1 2362b2c1041b1d1b414eb66d5f3f92183c447f23
SHA256 8b714359bcc2d1dae0f728a08ec015930b41ab1667d161c355b9aa1a93e6b6be
SHA512 d044ab9a74bd7843f469b0b0ad0caa411b1a4e555922b3dc3296f005b14c45ab22789eb271562e7c182d69243eda86b3eb4d7024aaf2b9f2637a12d36f2e23f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6f0e993066ea67c41fc60d1bc34f0556
SHA1 c5831275e76403fb407c5a38379fe8a8720882f7
SHA256 0022f77e9e3406f2d70999c67b894308a46fea51860c87368a7e4448ed2958b2
SHA512 8fe3aabcea7cefad94749408776b19363e37518e611e5b1a1a18502b83a8b1933cb881c112288d879258a714f518ccb01b5c9b7ed2fe1c782a292c489fc38c63

memory/6560-4142-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4143-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4144-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4148-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4149-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4150-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4151-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4152-0x0000000007290000-0x0000000007291000-memory.dmp

memory/6560-4153-0x0000000007290000-0x0000000007291000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 da48037841cecc664f90f18f04b3d883
SHA1 b29dd112ca177aa2e3359714a3c29bfa5761f508
SHA256 8d5c83df995e0f41d742bc75cf8a439c24e7f31ad6e6bd2d8453a9ede67cbb3d
SHA512 e91b75d67260136361e228543f5c1658b0a322d39f27d760911baa52e80fc35fb44669ddd34825139c7159ceac7a35ddaef8261caed618aa2030026f6b1eed44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9908c15cda4ea59fe54067be66a03f58
SHA1 6b9b89aadf42bf58ca88accf0e33dc9086c34955
SHA256 971aa4db789de09378d13e477f74cd5d3c593e984911ed41bd71d176268ba162
SHA512 0443970b570b032058fd72095bc11f31b5964a31968af5e1269d0f922da112a41a3659148b823701d92aac1a33f490b08407737bc5e87e14aefb6b2dbdf1e498

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c593d8859aeb3737634b162d34c0188
SHA1 f422c9ad0360a60b8a83fcd766aa5d5e7f9239b7
SHA256 34cf7d7b65c13dd25fa23f524747028437ab633b74795540ce5fdc2907d6fda1
SHA512 8d36fcbb88519a1891a0a9cdeab5ad4cff5efd8ccc07d817342cb26dd1dd758c0511ebaae4a8d973025b44f163213f2d58fc572915ab38490a68475ce878e6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9296bef536c24d81f37d8ce55b02b0a3
SHA1 9555aef1543ea36ef55b2af50d569d64b4add4e2
SHA256 c4778d0ccc6d29209fc341b7ed30a2a1a654b068f033e23ba2163b0b704f34e5
SHA512 4d4e87bb653757010ebb453ec3bdc4550579a51b2e1f6074fcd47e1c9c8bda1bbe26098c928e4021cb3975ea6faf3d032edaed122cdc7c76ace6d1d9d0798f1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d0ff061971d33bd3783bf24ce5c7354
SHA1 432345b5f061931030dcb7fd823c52c8113f0499
SHA256 4003ec73bd3371f46f88f56218440400545d395c55713f4ea9f884bc6e37289b
SHA512 444a0a92d2ae37ca1f22c8bc9b394c66f533779212ba6b0910bfcf6662adaeaaf6c0ce92d8d298c69049b192a9c0fc5a6ec9651217539f9a7714d4fac057d2df

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json

MD5 bd01bc48cb2a33dc5a376e45d67e610b
SHA1 783c0384546246dee3074dc2e9c1b9261dabac80
SHA256 49f916428c626731149621dc39f28f558cc73d2aa148ce17e399418648c6d908
SHA512 9d88541a06da0a833c990772cabd44a1d56ab1d5e81ee80a4a9e555319599353c9f94e4e282a2ffd6392630ce6ce3bd888dc8b0ef81acd5bd17f0d588e3fa397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ecc33127f8be17d6a141ede5427f44a
SHA1 712d5b24e5b09da97c4498bad6ac9f7bd0df672d
SHA256 39b0f2d154743794461ccc4607ae400bf076ef63525ed4c6c185b8077b0a2abe
SHA512 ead63d40c85f64d4c51e6d0fa6302ba0460dbe46926eca3594fb917e8237596cc8fc280e6f7ff9693a1873ab4d96332240cede1a7af527077b1ef651f0398ed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3532900bedfc40c03b4e15ec62f14050
SHA1 a55c5ffbe1967c11fcaf4831e1c0da2a4a3a2770
SHA256 0c44235c293e08b111eabbc3a726f97ae58786db6c2f51b1999efb80af8ce3c8
SHA512 8ca8b6400434c40a928a11abed96891dc64743fe78f9abefc6a621ba93eb16d9c6b7a0ccf5a85e67ec0c5ba5138a78dfcf8d5794ded3e6f46e397f7e9ab0c4e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 012e85e5f3d0edd6720352ad0a50b172
SHA1 d42484fae7968c842380fe2049ed720cb0c9b94b
SHA256 7061192486920272153c7008fb1d6aa6cd56b0474ec84595ff88890669bd29bb
SHA512 457632a1e6580ef1c138b0b9bbc660477e0d06855eccb2d2f16f187cd0e4854ed2de10b22bc6311b4fccbc3d75f94981cc075587016ebe5b0fbf52ac236b1f38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be9e237bbfb5b2f476f885f48fe38efc
SHA1 7a86c8ac52782761c288136c5e54cc0079688bf3
SHA256 03ff42124b8ddb8620f009f8986f6c8f7c6c66b488c9a0c4d2a321298a7aa2c1
SHA512 528fedeb8d2e0ee4c56bf203d638de8181961a67fea82a0aa6fc4b917ba47cf9af3d0aaf5b5531a8ed725c033d00c868bdb4e0b0f8ed86eff319c1cc41b91bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 307f20332914497b3b1a99279bed25a3
SHA1 1dbb15fc029cf6f5119c7c1d559295ae269ed140
SHA256 acf341c7db659f31a8fc67c26f6b2b4d305362fd01d1d6807710ed2bcc568947
SHA512 2798227e3a52d3548eda3e87260b45b3df714ea41dd1bf6c479eed13bec6ea79aac82693797765d639e871df7fb7587b628afcf955dcbff36e10b2d120db7361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8fa9242aa5dcc101930d43d1933a0764
SHA1 73af7c8ea413058d5ff1c90013db371bc54e3297
SHA256 745c67aa5b8ce01c0190c447be3a680a04eaf557d6106b1ee5b275d7689823bb
SHA512 ec24969783f5a5877aa70aae82dda19da517f0b3e242356ad742a6938480b1f76ac3162a1db5ec71daee523d4961593106a6a62cfa7393e2102c9da91087edaf

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31a39a700ef38f66a9aa443bee2ba016
SHA1 eca13730029cf49edd1f480b5f0ace449a999ba3
SHA256 4f46455c3fd5bc17349535d7e88fa20f72ee93df50adc5c085ac4a22bcac08fc
SHA512 db9790c4f9ebec5c8570aab67f168570efe7cd03cc5f3d998d6d4c5dda4515afd1399cb6a25950aa553cbbbb8481654c9ee371cdf0314341d3a6f1798b719aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f28432585bcc8269927611f1457ed04
SHA1 c40403f26a77a34dba13a5a8a1d3b6ba41905584
SHA256 2c4e67ed940cf99f83bb30f2437b5fe7905f9dbfc808ce03b81cad9705ccd9f3
SHA512 48f18cac3ffe179b7df51b43d9cd5ff556414023c3782b538259ee809a66258a2fe3878d211c9044e1ca8833aa4885f276d3f2a79011aadd8bcdfe756decb619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 426e48bd2b70c6b3fffca82d8977d47d
SHA1 04c042674e25d5cd9c87af2f3264831a42b49a25
SHA256 c736a94d6f9e0bfa643a5a0815833b8a011c098d2120da2efbf7baa4432e516b
SHA512 4ec975fafa7030cfcd932884a3ec5ba0ea76f12871e44241d8c6a56051c777f8c08c17284e151cd83a813cd9e0ef3c1e9c0a3d4d86b2b9e11e4a373d80c03b42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 105a5c36c296682f4026194745d8b816
SHA1 de2dec6eddc4727696d53612a0919a684adc31af
SHA256 90c109bba2348779788fef4a017e5d2360d5bae7d1db52eb88e346dbcee36017
SHA512 caeb266d28be0e5fc0c70502d0b5c27ad3070fdc40f3c5bf5b54eb37d513f77d6ca5ac19a444750e19bd2dea8ce57872b54d37ff0774617a72d689bad9b5be51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a49ed5181edd71aaa03ce3f0ad287d9c
SHA1 388baa8b90bde7a9ca9e989735f580053547c1a5
SHA256 54a25296abbfe506717180158694d7c112479af172e8e578d74362722a3d005f
SHA512 2c7a7e8376f98f33a0bd4b5c8ed18fec2ee2c04b5346d2df91a97c86bd14400086a103f40647bdb1f0858a4a9d77c2b346677cf498b95391f5e7cc3f387a3a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\775d776ed426628a_0

MD5 aaae7f79c37310cfceaa273aff9e3ff1
SHA1 f3a5cb201bf0db2d587562e8c68d9422531aad5c
SHA256 c18fdb4d8b42a126382a3fed3694db0fbde110505e3afe1773ca95fac9ba31bd
SHA512 a31b97e65efe2d154670a52edf395639e1cda2c30b8fd195a2ded34f647034d8394869f48eac604c6fce0eb9c21af726537bff08359f9ac973b464e95134480f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41869d8ed77713f6848da543654acd0c
SHA1 47239abd735e0c4754b0e3f6020d3d702d49911d
SHA256 6902ce5e22d04a46ef02329962e6587ae50ac9cfbd54690a7e4f24a20a9989f4
SHA512 7492f54b0d79c0a4c901296c20c08ec03b0c2b4c150266f129551fd43b8400a282f06eac49c731280876039258d374338934deab3a8b8c3f9ab0a0ca578ea356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

MD5 4bd33e676b13ac31f45b07a9013dc42a
SHA1 2a1ae047f45b0634ae8c2e862e618ebec33e0c6b
SHA256 d0845350b6b203bf3a3e0c88c6b2d84b24ecc50af74973f55234b39911320979
SHA512 f5c8d04c93362071b36dadfb45a7b3c4073ad78607f3cc331696f38ec43bdff90c85e0b1bfa0c62f5cacc1fdf20488eec32cf16046c57e5a45a7751554feba61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\945c2ec20732ddcd_0

MD5 15e532cef5dd043b4efcb146c1ae3f92
SHA1 9e79b6360b13d4ea7567ca7872d7b16b511dac65
SHA256 f52ce637be24f263ee242ddee3983ac5f82dd1d46dd3b0e5609f45786923de63
SHA512 eb37caba10fdc6edc257ca16ab6ac02aa7fa7183e34292b1cf4b31a3d3d0445baf27730dde78ebb766cdf30785fa86db650d3d2e452bc3fd1fcd0e631d9fc630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c557df0a69e0ac5_0

MD5 18e80646abc7683a366b23190fe519bd
SHA1 136d3a9f7f9efd851b6e2927ed53630abb10471f
SHA256 c02094503b2d2cdc1dee5a026463bf967f02936c2df2d7a51096b16bf037a2d8
SHA512 2243c87874a70960f54b32f0d9e94c6933fabe1c3e497b847b75d63d64bf78d0e2e91d28ac5cdfcd4fad7f7f60ffe8a3152fa478ae120dc476e9f978912acb8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

MD5 040a25b5aa2dadeec37427aa01b569e2
SHA1 bd3eddd61fd747b0aafb02165494aac4e2e59310
SHA256 0d28b84ad90e5f70834c98dee27d39b6da0ace5aba5cd8393373b72b9a0f2e64
SHA512 b43adf0b9899dc1f8886e1684a56252ac12894eb41b9f8743d5525d7bf92d40c523afd26cf8e7e5b61b4e29ee57dc10acfcd5d227beb4658bea0ffcfeeae683e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 272b78b56027627ebc4f4376813eb331
SHA1 97056fc23d95a2de3c44260e1cd7fbec596bb2d9
SHA256 03f1bc3865768becb0d12e40f4203543daea25d94e85e224b8e151438a9f112a
SHA512 39dbf3cbd415bf2ab2f4f7ff1289fce156f4d454e79d44e50cdc5c15f8bf116c96b44249432d7ad7657728900fee8f0008368feebf2524b22473f07fc114f8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

MD5 a437ec38f0e9ba319c6b2b2f696266cb
SHA1 16cdd5a8761dc905904655eabcccfa7129db7dfe
SHA256 d7105627ec61036e7153a05745e676b5c128f510aa89e117c059ebed6db17394
SHA512 3801a2e633484672877046495ac428647edf764071fdab085cbaa6eb8342f081a98f8f3db47d0009cf819b985ff0396c0d2f1f5194a86a480ea73b17556b62b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

MD5 14878349bc4c92494b322e97ab559c22
SHA1 bb0fc6f129e3e3f5c48219dcf2945cdf18be015c
SHA256 3309c5e347f3eda385708ef98c51a875c1623c25eaffee33311268287f0e356c
SHA512 760b9c47bdd3ef2d5ae39933041834fb50ce299f21366bf3e7af407ac94b05dcb856f6fa74509cdddb35678d17c8b890df6c05c40b126ac2cbc609d6295cadd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

MD5 5573c63865e00206bd1b2d2682136077
SHA1 3fa8765954436acf90140934de2bc26a01a0cc81
SHA256 b8cc5dbcf324c87997987d0f8daef777bc6beef240b37ffc5a8542321b7fffa5
SHA512 1b170db64c3f41fe9e26ebab0e6f0759d196732f2930d31af7bac1d3e59fb9e89ca9be79fb061bf6c3b706003e6f83b37f2e20599629597a14601d4608d70aec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

MD5 248e7c5430f8352b94627fe306a9f86c
SHA1 c5f60ccd742d6693da51fc57f5d87532a4b652d4
SHA256 5c9393eac024e837e7be7c62cac7e8d8daed3cde99819338a734d38d98346399
SHA512 f39c7196c0eab6f54e7e0442bf8ea83cc4bcd4575572f1ff6eb2231b285ea42ced2d7ca85f855cf33e3143ea4580facc6967cb7c21519b65f430dcd82c25af40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c14ab547821ae16e0563e7a04e4558c9
SHA1 a283684d589d0b69f1074472d8a499ddfe37ea9d
SHA256 8b2bfd7ff7711a32ad2da504babfce71614f2490123f48fcd375b604444d9fac
SHA512 0fff104c977be3febc06c3a1bf3372aac0ffdd579715947ce07e11d6faf88d3fab5d194cc61caf128d9b56a01f5fcab404a3dcf87c8eba79ae9a4aab1c3d36eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5a868d4e29c4522b_0

MD5 fe66a8ca68de40ca337e395a78e8f065
SHA1 a9fd6899f1305b867066dd5c4146b1c73dcef812
SHA256 5aec3f1d9494a3af4d1019d90bc5d88fc9d1bca8d572f09e8d89f72872c2fac7
SHA512 8b03452543fa9693c8f033a81131bc076efa2f683c1fcc5dbd58aa45d4fe1526859db9d40e752818fda10044a18e3a48c9a32f6b3695bff7a46550d37b14d8d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\775d776ed426628a_0

MD5 343e4640e7d64aed5d62413ed8406036
SHA1 067460f216233a7c70ef43b1176678aa70751ab9
SHA256 8d9836e7adceb4d3142f858ba707b0001d089b90f15762aa404689908d2c9e98
SHA512 749f4c1fbec38bb1b1c8e9fc58dfa986a373c4cf01589ca6c5430d37e89b38eb17ef549be69a6eb9e2e7a54908576edf7eca444c37460436ea520e1f245b7488

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\945c2ec20732ddcd_0

MD5 a4845c7a8ec3031edae2fa9e9b9b5c22
SHA1 549179a99932a4c4685735f69cbcad617d085c32
SHA256 20c6c3aba0e348f0208915527f386afac55b05e15d7f81094d7fadf8f13b8888
SHA512 62f50df710b5689d99892c880a1acf79635a7721a4df60d3819f41d665aaebcbd90d09302a1ddc1a9e503a93588532d1356218d72d8880a623d39b18b073969b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1da6077444e3fc09_0

MD5 8329d0861005ac00ef70f75a127382b9
SHA1 9b4a60250aed339bceec65229cc6f0c8d49dd51b
SHA256 b06e76332f1a00ad38e59861b51a05d3907e4195b05495859f562a117574dc42
SHA512 5dc92f32c2bc113c5d863cb79061ddb7da8e833b75937dbf9ce1140627bc220e92ae03842927bbf1936644f348bd020e2dcc6d8d62b36d1608568dd45d106b3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af2f770d22b3b1387a15b0cd2dddfc8b
SHA1 b8231a1f7b3989c86644cd81da158299f82a713e
SHA256 f8b9e1db5186fe40edc74db2f1636575d8bbc5d1596f9fc4458bca67a242d933
SHA512 ba98696d8732d308a356a3288436a0325b586b85769933f6cf82dd49c358b648b0d0a8503cc56f4f436d95650ab134a7030793eb583469c2beedf45571d6d3e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a246ca895feb87d9023181e6fe273840
SHA1 a3b5fbafceadd7ec9a3d9a836f7853c3a3b976c7
SHA256 a1c1b6d08e5bbd833b4ddaa37b388ed50aa4cebe14d7fdc28df369eb06fe438b
SHA512 54092d8122cd2c2f0358381313841b6e1f8433118e80d014731d2735dcc8a8297107a8f4ca7c03790766f69f58136c174a3b2c2850b466e394434fb33639ad8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89308f07a2f2cc68b530b44ddd532916
SHA1 59007a92574a534846abb02a7e7cb9d45b40a96f
SHA256 9c140b182802b96729844f84321af4ea69f921603ba91815aaf547615a079c3b
SHA512 ffd09f86235adb6329d654b37b66f16e1de9af42bb002bc30d32853ce4410a842ad6911eb1af71e93d58dac0ac01bb0ee9f0b6fa877ed85895310f875cf5a485

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a8c365b3e459626f5abc155b8d499752
SHA1 e5738b12f2b5b0c883973e17183f6069ea6ebd24
SHA256 95320148549b48aa6ad132bac3425a67d137407262923982a964896e5704d8ef
SHA512 d4bd1d12dde3fd76f51cf66c2359daf5e3b5b40358069fa35601e8cdb432d00b1a12d65596d45c79c9f62eda42f5bc9d115f31644c7085bc21d9288ca9a113da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a445fef2c07e8ada95f55c3e692644ea
SHA1 d00f7dfc42a58d1ff143523af865faabd9438ffd
SHA256 4f0a0a4afe09a7bcf668098248d5b228146981b5fdfe25f7249e9d9b3d4de864
SHA512 57cdf4b0abd9cf1a252d284fa57b9c3f65bb8611a225bba02b8e254e89bbc844c2f20b44f8cdca3ffa576dbdc26b8593ab670cd97903d18a8eb6adf01dfdf2da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d699cd04392b8bd345d2a8a9f4360b46
SHA1 a42526599b34b9507b427e3e4aa88dd75bfac604
SHA256 e49fbe09dd1347c210ab5d94ad804bf9231863266871bf850381178082d7995f
SHA512 3be72be3e58a9adf7b277bac8bde504976f0fea371dbe7501bd5fbfea4c50dabb9ce5cd7afc63a3c35d4d8e9c1feb835e52f33929801556cc653ffe61b4ffd3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cef40508d696531b46591142558c2b6
SHA1 32bf05052d05e5719e7cfbb3685a67ea79c9c68f
SHA256 278c97e25a1a7914e40796db438b2e65e6e1620a6ac2ae7f9b07cb8d368a6672
SHA512 15a09820e17a0024e9bf05dd03d0d4bdbba649b7d75a5f6bfcc271deef9e2ae6309a3bbcf81af7dd406dd1b60da4aebc5d8aaef45ed83211bce66139e25dbe6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 208d189711cbd56e159fc7df716dcf14
SHA1 d3e1181db52f7fb0a394145b24ce7078ed361ac2
SHA256 2eec1ffcbc3b7a26b55dbfd835fd5545cd72b288423fe833efc1a66382d4927f
SHA512 a1c51f635f35e04e29a3f19990de69720a10a4d41b702589174e721f57ca25f0a1a6c0ef14301d69853621867cec0decad26d5d7dcdf870bec5abac48d06d847

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Cache\Cache_Data\f_000001

MD5 a78ad14e77147e7de3647e61964c0335
SHA1 cecc3dd41f4cea0192b24300c71e1911bd4fce45
SHA256 0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa
SHA512 dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity~RFe65fcbb.TMP

MD5 138bcb9e081a079e66a974620e1b0988
SHA1 c62bf33d8404afc29e3390a10bd512f9a258fc3b
SHA256 f7ffe4fecf72bf056d631acf6302f5cd71f702fddb02747059bd3f2b95a7b2b6
SHA512 9b99716e917bbdcc10f639ded67dd62212bd6080b4531d02bb73a0bbe98bda206b3e8b2fda72ab1903a30f1e22dd3c4e4d608473a59a364601f6f9874216115b

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 dda070aa0571456a2fb99a49e9ef8ed9
SHA1 2c45536c02cb9a8d94a5ccebd112998e090c0a82
SHA256 274752c3f601f0ecadacebd6e8766ef93ae7038fff68c7d50ba9ff73cb1041bb
SHA512 e7a3a69cb1fabe4afddde34521d4fe5cd46eadea02d343fab99808b6cd64ff88156a786d2cc2386e64b7e67bdc9cbc67f0b25bd4a6fb57dff270118db570562f

C:\Program Files (x86)\Minecraft Launcher\game\media\icons.zip

MD5 4bf23583625dd16cff556633bea4ceee
SHA1 0fd4885d5b1d3cc834e761dac9ca8b190738da8f
SHA256 9a3bd6bbacb1d1dc4b90e1635abacf6f4864f6af2fbab0fc907c332df8b463bf
SHA512 c823607477ad26644836587defe9d7b84a9bb431f601633bf3c52ba2c6a65d5c9e7a3e5f626eead0fd6c07f00b98fca365154c9c4e561b503d4a93155df615fb

C:\Program Files (x86)\Minecraft Launcher\game\media\onevanilla.zip

MD5 8f1737e03943b5864e1f38504bc23788
SHA1 d7e8745d0c80d9f0196189e2838299756e54b4f6
SHA256 b2866344d678bdd2446f1bf685b68def4e6e6a895719b1498fa3ed21c2b8a6c7
SHA512 864077f224c2801717442370968a6f163554c1929c1f8222419bc8fb068f362fcb242f28e8dd0b7d512110fa6b4a34717f74744e3a6b9e934c5243fae4fd3e0e

C:\Program Files (x86)\Minecraft Launcher\game\media\logos.zip

MD5 f8eb6d299d44a288c16575658944fb82
SHA1 f45ae1dd98eaf997a1785df3673f2d3c459e8db5
SHA256 4caa4323c7c658b612ae37b400d72c920c142911c601c4653b86be0de81212b6
SHA512 de03a7a9a96d824cf25c9ce7e489c11b17f045f74bdabfa1256e41fb7c407ae457b7ebdc3af6f870d3411348b82434ee92ef1d2df326dd2b9ae1d7b33942cd97

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index

MD5 ffd67ab378626cbdaa48f86c4357e70a
SHA1 ffbd0254117714f7fb1c7a59520e026bf008d223
SHA256 44a4106a8db829c728e0975dafa366a6dc92a0e181f617df5c7824258b5e4f09
SHA512 5b599162131ba06339b3bc56789c0a1b48a83fbd75cc3856c3dc4246e775f45470deb3934901814dbfc01f5a0fe7186bb915d971d504dd388272a7947eb0b7e6

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 03c232825934f21d612ec507a3d93bcc
SHA1 0e0a35b0cc55f0e5a77abec57edc81fe1355b683
SHA256 5990bf891f23d41b118c566549bf95c2ce18e4b699751f58fe7ab192ab09aebf
SHA512 c9286e60c02490ec89e64988729c1acc96d5e81d23b4c97d0f0a7405ba70a799d3e8658c0e2e25c586cf02fa55de8c0ab5997faefd71bf0a543793ebda38b388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ac

MD5 d5702da1770bed517ede8b122775849b
SHA1 12fcd75ad031745d2d686609a3eace54a6445cd2
SHA256 f88d4fddd2de1125ab24590db59daa08dbfd4c9b36922380d0b48a2559e8ee1f
SHA512 6f8abf58d7c10c45ed098632f226f5d2d1180a39b2f89841efaab0ecbd613e012f79a957f77c2cfcb5c855e2cbbb1c95d446084904569d31ce789188e48dd215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3f11ce26ee495d441ac362405cd8ddba
SHA1 3d64f1ddb15d904fc63f8d831924d3312b9382e8
SHA256 647a498b7bf20a136fa58db04847f59497d871a2a0be1f7f6d64070c6ba671ba
SHA512 ed2d7f44c327211eb95af7513044f8aeb41b912058258bf0224648ecd5aef85c7a3e8a814749a76e55767213f9fe39c1236c29e1092c978dc8d8dca81703f9a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d79d3c12107cd8ca3a76c0dfa0768301
SHA1 8365ac09374a5b5ff4c6145f21551a0c06fe1eeb
SHA256 e161c3a2a53981d896b6f421b363a7e86a4cd1cb3085789f18602dfcf4cb724e
SHA512 cd01461d125c6a6f3e6d1878b850b35ebaf2d26a7e0be3e0030be3f040f79d3c3a53b0e04d4a01f187adf4c27f6769b8c0d70786e945eeea389a14dee153bdaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c7a72aa238a3c5e_0

MD5 ba566e88827b1649c4a79f43c04f94cd
SHA1 6a92c3b8986e85376db9674a16c387e790c73ca5
SHA256 f634bbd3ea48f39aaa77b94e88c84b981ddd2faf38e39357743e2dcf45027d98
SHA512 691525301876d57676d7e6f4c5412071fb0e07dc95fe429e2b4794c1b68e819de74586d70bc83a60e98341c734f4df7671746ec869005650d2db94f5bceeacde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb4dff0a5551a44b_0

MD5 20a93be9c39056d503b6410d0afc0d9c
SHA1 5a43e6ebe70387120a01e7b6a1be1af43ef2e683
SHA256 8a62cae145185ed281be5333a3a946e0dcbff7b2a1b09ba26e8a7f088ebb1e14
SHA512 406e4d4c7b1665bc94afc93c4773e458a40bee8f7055a9f7ab9f9736ff9de34c35b536139d42d116674334beb2dddb31491863acd99e05b0e6789964818d8183

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 6657efc4b6020ee2ba3cca11b304fa8d
SHA1 cfac02e0f0963ef26fbe20513af0827efba28af5
SHA256 2397a147407cba8e1e5db579f7a77331776e998707a4a1c5e39daa5bc6097d9f
SHA512 0da3d2128062854c4825dad5f97dfc8b2add1cbf57e515979aef99512bb2110a91fe2a871e8749bcb805149c8eec157bee11af4b3ac7f53d83634c87dbdab835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aefad9f8673d6c0ae957463bd46c8420
SHA1 ff900a55154bd8ee3b8637f72838f6a0fd8a38ab
SHA256 f2c49b898ad671f8ad8dc5570a0ed721ef7d9db477037129a0fcdbb04f9abdb8
SHA512 228d0bb56dec15f971fc92c3cee36a2f133e8f4b6c638e583ce0df4ef2d339360a69a7fd91dae9e641823e52c8c9584e99103b5171b5c5b7cf7dea86ab3650bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f139020e2d4c2fa3_0

MD5 6b03ca75a4704270082aac42c05f7d7d
SHA1 f4b270e8c06748dfaa414818467fdf34129a2e7a
SHA256 6c290dce7153c1a2d17fbe42746930977048dfdc8b750e060febaa60178b8c68
SHA512 e2e249890e093f4e8b006cbcd59f1c919ba31447960a9df4b0fdf0264e6a2dde94385decc8e4d8bb0ebae2df758555486f5202709d508b4533da79408e3c079b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce726e8fa67e8d8135757d62318c55aa
SHA1 ca4765191db2483aa01963366df22a0d63b99b7f
SHA256 cf1bbfbf1bd278431d6331b79d0fa39717519360b97c245afc1db80ec43e8333
SHA512 0a2b672c5d34781d02dba37f01fd6d72da10b585927b57816336bb1dd80e9f7818042c115e1191fd5bf3d7be41f34b1605b2307204fe9aff48f6b67412280ef8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcbdef1133dcb5a6f4afdf9cc9ab7c6a
SHA1 67c329c54ad90efde762092c75836dfcde59c72d
SHA256 d1729a82b0f21d966c3e02a4b7d2a134237488246bd272e0bd65325bdf243f4f
SHA512 b3d9fd98aa38b721a88cba8510f4ded9056d1d85387f2e16c02f69a4ce33046b150aadc849b0590c1f70df6d128d4391aeb96cccbab97d8b087621b7a0a7de95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30f924ca286a4a2c_0

MD5 6ffbba593f0b0478178bf0e9025882bd
SHA1 5f477f6107fe1819d9742f3ce7fe033417e3aa6f
SHA256 98821271cf07b63f9e4b6299bafdc27069c2913a7a9ba86fc9d213e3224b7b1c
SHA512 bd27749d820e82e3118f3d49a44b90b660c09f131e1398ec5b5a763cebb55604b3b24aecc6dda4b37fe52a4436b887702791613b39383ade0cba3117c997d088

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6e5ee4b440963c9_0

MD5 fe93d439aa9a828064b90d3262d216e0
SHA1 fa5e9960eb6db9f658c1cbd4bf61aade8d34306a
SHA256 21e96dde8af14f57bc65c4a6e273b68cd1c10bd57d3419d5d5b98bbf3bbf3516
SHA512 c9522ec741b87696a48a43f71de3c9c92187a719c12e805e9e424ad9ff01d7ebc4a947c60044c5e0eb2dc383729f8b921bdb58da03ff5dad5f60abd12a39fc9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a43872aa1ae7b0f4_0

MD5 b92b3bc0d4109367c5d96d00212e882b
SHA1 0ca1f76842d8bd3a133a3b35c39513aed62eab0f
SHA256 11ab73cb7f37d872f23e89ffdd23f706d269d80f9efac22642ea2471c8a45949
SHA512 9bed0797aa6821748e9222e318c7ba79dcad6b71eaebde9b2ecb50a7072a957591ceafd2ace79ff9424ee041fbe6ee2b22fee7d871d5fabcc637df97fedc27c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cc11f5047a277ec_0

MD5 d4759331d03afb65a9edbfb25f6c48d3
SHA1 6d50a1d591c8fc6db63ef3f1d2cd6f0d9842970c
SHA256 37519fc40a5e5044eb89d7780f63278d57874ba91cfe66cf4f7fbc8c723d22ca
SHA512 b092ad263c0580b749e11f288edb30bb4ea06ee4d6e36a1e6372a985e4a6e230304d5a801d0565b90e028f78ecd846c4e4bf5b7c29c543b4008c30871a4550af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f8e83f57f7176eb_0

MD5 554c4ab5e3927f6b7daec5231a0c75f4
SHA1 87337ae56fbbbfbead77db3ad3d8534df06028c6
SHA256 67254aec27e521e50dc42f1c658cb70ca4d769a3a0a8f656ce515d670fa29169
SHA512 06c410d41bd9d43c03093501e249205a4dc49f518f650070246b588a0dbf2d7f4f743c1754242a317bf9e07a3dde82a74b0624d95bcb4edeea7df9f8fd859a7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a4b47a1c6b79546_0

MD5 83f952d2d99ae95ea1963ebb8eaaa91b
SHA1 50c9266a932249e1245318519d5afe2f7eadee58
SHA256 4fc394b60030f9c485d2f9b5524f42c18920b45d9c0137912cd1cc4eda120230
SHA512 f81db0c27e7cf8c016046d048ef5d5347e5d1c19f5cd0222fb00d889064f23947fdb939afe18bdc3210982be2576caff6b6dfb92ac4255cc2a758b474826630a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 2ed622f63b586d0bca78f0f2da84b32d
SHA1 2b5e9a2aae395a30e2851ccfb4fd4119bd451ef2
SHA256 5a7cc0a9ec0dfcdc8fdbb506036c2773bf80f39970c33d5dc85e0c498ec56a69
SHA512 c827997684af82dabee63653de0f6371bc2f244b89c02ff6afa4ba2b4223ff5aa310374d828827ddb2c373487424bcd8deb90236ceaf46bc9efa6e92b0cbc61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\466847db2b4a71b4_0

MD5 a853f253d74f4d70c7e8cd32264ce90a
SHA1 d45692c6a4a2da46ef26945159f7af503c40d59d
SHA256 8a1d84605245f59045668df505081d7cb8e8ff20b6e364a67a60f3b9de8f7e7d
SHA512 25eb5317f1072c3c1dc3bc7e144cd80ca312ce93f725b26f7f32fafe3d00f52fe1e06bf222829d87ab0c660ab2dd247af33a40e44680087e415f7c9d34b83af1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\60a4c5a5cdffaff6_0

MD5 7bec7b0b1e6aa398c91b9ac6da29be5a
SHA1 ff4b18e52367849d71b2ceba57a79f605d211cf8
SHA256 d9e71ba211946a9afd178458db4d16c14b0353936dd1cc56f4e985ceaf507759
SHA512 56c91ee4a5592a5c306af19aebdf90f1abee3fbbe07ef12c355cbb52857cdd12b5e0be7f13fc88a6ffeeee0ee58cffbda7b80b23b47c4395a574615effd733ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e067d7f2fa00ddfc5aae27dc118c2b97
SHA1 9da440709b191d99470e9b4310060db11c9ecfdb
SHA256 7bad7070717b455b2272774e4c7adaf19cc9b3378178872ccd8339db29706995
SHA512 f7175aba1ace52a8cb9c1841ea4b2a1580aabc58f6da0763590f7d2e79d21dfd8eade94bdf083d6235bc3b20cb06776a75747d8b80e076be873801e0cc867883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 f8bd786507346697d039fda89a6d745e
SHA1 6c1b187e37ca3ba26db396360d7dcc114586ecbe
SHA256 410cb923172abe4c8bb860070a6c0f7f710c69c1817dea0e83772aafba8521e3
SHA512 31e82151ba3452a4969ea476e289ac4c7b243af0aa585f64d2622d8efa0bcba0bbdc5fcc7c564b88026f7eeb1d307efe14e29df832757310cc4558e964fca96f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 51284d8e33c5598b5d1fc418cb215b62
SHA1 9e2dc5f7072ccf349acbcd22f36d7e2f038c4047
SHA256 83a18edacf4b16c85c29ed83d14097150e11a42436291b803013ee3defccfaa9
SHA512 3cd328c5fef67d2b1ccec7ab9c561bcb0a900abecb1d6c0f19fac46beb00a573dee4de2f1c06eeec5a6cd34302e179b0ead212426abfc99a2ac8b6e37d011a41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 9596f49f32b4a2e5e33d847c2c719b92
SHA1 4a2768782fff271e2d5bddf89098a4780c014e03
SHA256 7ab3a9887ddaa4ca09336730fb75d1276c0fd9992839329c94b919541fe852ce
SHA512 52a9ccaffd86761c8ccaa0f180def3223e76ff44bbef5899b69f7ef24e8a074f612b9333dd5f6ffab1374c172da132d71cef76f2ce76c9a678fd9a1173cdf4fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6aea89775632c665_0

MD5 1c9beb962ed3f01f6fdad8e86e9f4feb
SHA1 d217598b6ebf947bdfe9a15c9cd8a89d6c3a60cb
SHA256 ebe6ebf957c38e5febb1a195f5db2d2913adb74682d96aa52ff06d75f72166da
SHA512 38cac148a765169da81569c45fb57b2d877cd03794438b1f0f7ae68e726843e2a57167103511d95cfbbe53a258ca054b55969a8b1b6292fb1fe241be6416c830

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8aa05b2bea09f81e_0

MD5 cd44d09d30435da87581c19bb0a14195
SHA1 f584007d7c4c93c979b6f5693c78998a5d7f8d8b
SHA256 b0967802c5aff3611c0ef3e6185a792e9427343cdf434ad7cf6c8f2a31524aa4
SHA512 63cc07e4e1013337cc4777cdfb1e370d25cbf73e5b722ede26bc3cfa307e3c6406fd2dbf0f000f89319b25a983982dafa9c227f70912fbdcd100012f3ccd1657

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3654e910-b57d-4262-957c-dc639d7c8bf4.tmp

MD5 0d7e3cb8036694dd32e7a9e255296b32
SHA1 c8bded49a5fc57061f3363ecf43f3c0bd0e1ae64
SHA256 9eef29c16309ad89871e9ff623771748f01a1039d9602dc258301737700e7e04
SHA512 73fd8eccbd230288249e291801510f5380b4e2d0990a51e0182de05cc371c940ba259e16d558c4aaed25bb17450ae3c59c7a61a0edc40dff9e6131a079544557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0b7516dec2d8a9f4ce9eb3be3e3cc44
SHA1 189e4765aa19b523c9a68f4ffb5f2f6d370b6a4e
SHA256 5189bfbc990ed1e31a6136759bd532ce11e72ab8fa75b50dc39911bc98bb724c
SHA512 312261979415b931c0f011034bf9ed773396672d3025fab02d5d0ec90ddb6ea0b107ae0743c49d6df918383218fbafb3fc8123cd6f211e2f81afc0f76fcdee1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb1599b40ff38a539d400673d054eb90
SHA1 fed9ecf3868147a50c71962c818e3e84044e642d
SHA256 3cebf4168bbd7f16aec8ecbad6a48914ba60929e71589cac057ae32175e31c34
SHA512 53f9524166608d7f102da257218d2e45f2787c769f01c9b02ac714735805e381cf7b0da454dd494c80c8eea3aafeaaeaea69f276d94f9e484acff788ccc21db3

C:\Users\Admin\Downloads\nox_setup_v7.0.5.9_full_intl.exe

MD5 4253db016bcc4cc5c282a2216aa0ceaa
SHA1 5019fd5c96a430a617807352f8fec67bfc34c156
SHA256 28fda55022f2394833e78a5328b7f1b87c1e4ebdcde6913be7783d8bfa10edd2
SHA512 2b4051a3bf9c88490481994c3f3675fe1c3d629f19996087449a6a12ad479b6dd48ba8e88a6c9bb52ebc8a4a6aff0d03d29669fd71885a9a0dc010bac26a58bf

C:\Users\Admin\AppData\Local\Temp\NOX685D.tmp

MD5 f529dd5c9109598721d753efaf306acd
SHA1 69aacdef7ebb9a1f974b659c8831a59107538dcc
SHA256 dfd55944df560ef7d1d9bb058f03e0d80e53a9d4eca0461cd67077da25f680c0
SHA512 689d35f0ca1889e52e55dbd50d5ae646ad8b52ad78cd76159a96508b7a4837c6d0a632584a462b4bfcd4676e7fbb62ac78d4b839874b5ed05ff36416dbe0c514

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17f5a6b677a9487ad23409097efc61ed
SHA1 534bb52f96a6b8a78986035ffa0d8e3f4a4d54e0
SHA256 ea68b3a790ba874d334fa4029ee4dd62c8be247c6cf31ca30dfd7612c8138028
SHA512 5c59423dfb28e1b176086386464b0a4d1d092d69cadb6a3f558db6a80b0adf4fbe326436c93a5681933373ffbf69feebae087365b652d7848bd4ff88cc4ca778

C:\Users\Admin\AppData\Local\Temp\NOX6A82.tmp

MD5 90d2edf41c693375a6246787ab76987f
SHA1 874d1df6f6fecbf714881134283af3005a1de431
SHA256 a1e348fd9ebf170ee6864f960c010fa89de32d992c6bd52c3960e7231ba04b74
SHA512 41f5028f4c0a41686ab77cd09770bfa38294d599bbc26db9c2591592f93f9c935ef0d0ab8b1a7a7fd83aac74f859a36b169d5ab59f484652f09a0f854cd3d4f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 41460b1cc99d60b2ad6127f59908de8f
SHA1 8e94dc4e5f4692fe76df86811eb6e69fbcc91a3a
SHA256 152c4e5ee2064c8bdac7fe42aec1667c178715e1b05fb06b408d746e9fccd830
SHA512 df31a80d745b52c7cea4bb748a85e88b6a312dd2ebbd080da67e4b437e9422f01334e6678bb60edfd3bab2f15739dac2d8294f121184992d4616bea6933b637c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170f69e02418ef88000fcf3f07050aee
SHA1 1b5a8e1123c56cd1b8148b7854b1c83d01f8fef8
SHA256 f9e023750685f9e82e535dd434f6ec126101a0d69169ce995fe54645ce002c22
SHA512 c4ffac4dc8f144753913af9c7f26985dcea20a7e7e7cf604bbb411aa6efbb6b639b18dc90d16932683f08f1bc7348d66b76a45a3ed5e79956933ffceeaa2e68b