Analysis Overview
Threat Level: Likely malicious
The file https://www.virtualbox.org/ was found to be: Likely malicious.
Malicious Activity Summary
Detect jar appended to MSI
Sets service image path in registry
Drops file in Drivers directory
Looks for VMWare Tools registry key
Downloads MZ/PE file
Looks for VMWare drivers on disk
Looks for VMWare services registry key.
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Registers COM server for autorun
Enumerates connected drives
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: LoadsDriver
Suspicious behavior: AddClipboardFormatListener
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Uses Task Scheduler COM API
NTFS ADS
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 20:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 20:58
Reported
2024-02-22 21:28
Platform
win10v2004-20240221-en
Max time kernel
1779s
Max time network
522s
Command Line
Signatures
Detect jar appended to MSI
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\SET39B2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\drivers\SET56FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET57E8.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET34F1.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET3CA3.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnet.sys | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET39B2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\SET56FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\vmci.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vsock.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1757.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnet.sys | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetadapter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1DCF.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1ED9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET3CA3.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1C08.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET5299.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmx86.sys | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1DCF.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1ED9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET36F.tmp | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetbridge.sys | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1C18.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\vmnetuserif.sys | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET36F.tmp | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\hcmon.sys | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET34F1.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1757.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET57E8.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1756.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1756.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1C08.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1C18.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET5299.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe | N/A |
Looks for VMWare drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\Windows\System32\drivers\vmci.sys | C:\Windows\system32\DrvInst.exe | N/A |
Looks for VMWare services registry key.
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci | C:\Windows\system32\DrvInst.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware | C:\Windows\system32\msiexec.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "system32\\DRIVERS\\vsock.sys" | C:\Windows\System32\MsiExec.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmnetbridge.dll" | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSVC.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSDS.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32 | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxProxyStub.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vmware-tray.exe = "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{410c0ee1-00bb-41b6-9772-e12c2828b02f} = "\"C:\\ProgramData\\Package Cache\\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\\VC_redist.x86.exe\" /burn.runonce" | C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1524.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1525.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\SET3272.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\SETE0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\netadapter.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\SET3A6F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET381C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\SET57F9.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET382E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_1b7e5f451712307a\netadapter.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_1b7e5f451712307a\vnetinst.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\vmx86_0EB6D425AF13AF7EF7CCBE7DA93B4388751906C3\vmx86.inf | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vnetinst.dll | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\system32\SET1C19.tmp | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\PerfStringBackup.TMP | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1524.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\SETDF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vmusb.inf_amd64_bb336ccced75363c\vmusb.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET381B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5577.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5588.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\SET1FA4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\SET1FA5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\vnetlib64.dll | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5577.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE\hcmon_AE2641AF84DF5670FA8422233CEAC89B307A0500\hcmon.inf | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| File created | C:\Windows\SysWOW64\vmnat.exe | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.cat | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_bg.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_fr.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\vmdbCOM.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\messages\ja\vmui-ja.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\x64\libcrypto-3-x64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\Vix_ReleaseHandle.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\isodata.vlcl | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\features\featuresList.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixSnapshot_GetParent.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_nl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\ico\import.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\pcre.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\perf.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\security_toc.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\vkd\spherelet-initrd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\x64\EFI32.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgrader9x.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\readme.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\opclassList.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_CopyFileFromGuestToHost.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\gobject-2.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_Delete.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\schemas\DMTF\CIM_VirtualSystemSettingData.xsd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixHost_UnregisterVM.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\ico\vd.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw15-config-option.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_hr_HR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_response_files.rsp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\x64\SAS1068.ROM | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\icudt44l.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\32bit\libcrypto-3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\vmnetBridge.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\swagger.zip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\evc.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\gos.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\stask.vmsg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_WaitForToolsInGuest.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw99-config-option.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\vmacore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\32bit\vix.lib | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\64bit\libxml2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAudioTest.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\glib-2.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_hr_HR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\sigc-2.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VMware\VMware Workstation\containerd-shim-crx-v2.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UserManual.qhc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI53C8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI39F0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3DAC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6BF7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIACCD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\VMware\vmPerfmon.ini | C:\Windows\syswow64\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\e590a57.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5e6988.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI623D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI39D0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI81A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAC30.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI61FC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDC5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\VMware\vmPerfmon.ini | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem7.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC4FC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5e69cb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI620D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI172F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\Installer\e5e6987.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\inf\oem8.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E32.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e590a57.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6FD1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIABE1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFC19.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\e5e69b1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFCB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem7.PNF | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\inf\oem9.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5DB0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICE97.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1FA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICB0A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICF92.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}\_generic.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB48F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem8.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C64.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem9.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1181.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\syswow64\MsiExec.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D782DBA7-CD4F-4ACE-951A-58321C23E258}\NumMethods\ = "46" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.VMPolicy\ = "VMware policy" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E28E227A-F231-11EA-9641-9B500C6D5365}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D803B4-9B2D-4377-BFE6-9702E881516B}\ = "ISnapshotRestoredEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CC49055-DAD4-4496-85CF-3F76BCB3B5FA}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1A686E3A-D57E-4B5C-A0A1-68D9BAB64C82}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7B98D2B-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{a6dcf6e8-416b-4181-8c4a-45ec95177aef} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B5191A7C-9536-4EF8-820E-3B0E17E5BBC8} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{D7B98D2B-30E8-447E-99CB-E31BECAE6AE4} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E121724-EB62-476B-B55C-B14FCE7EACF5}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35FCE01E-8917-496E-A509-497C5F2FA365}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1E8D3F27-B45C-48AE-8B36-D35E83D207AA}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{813C99FC-9849-4F47-813E-24A75DC85615}\TypeLib | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{92ED7B1A-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{52F40B16-520E-473F-9428-3E69B0D915C3}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{755E6BDF-1640-41F9-BD74-3EF5FD653250}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{883DD18B-0721-4CDE-867C-1A82ABAF914C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAC6C7CB-A371-4C58-AB51-0616896B2F2C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9709DB9B-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.vmac | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\NumMethods\ = "44" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{431685DA-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b79de686-eabd-4fa6-960a-f1756c99ea1c} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{67099191-32E7-4F6C-85EE-422304C71B90}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3D5F1EE-BCB2-4905-A7AB-CC85448A742B}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78861431-D545-44AA-8013-181B8C288554}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Applications\vmplayer.exe\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{41A033B8-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\ = "ITrustedPlatformModule" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{455F8C45-44A0-A470-BA20-27890B96DBA9} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.36,bundle\Dependents | C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9622225A-5409-414B-BD16-77DF7BA3451E}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1d89e2b3-c6ea-45b6-9d43-dc6f70cc9f02} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08889892-1ec6-4883-801d-77f56cfd0103} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{E8F79A21-1207-4179-94CF-CA250036308F} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70401eef-c8e9-466b-9660-45cb3e9979e4} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7191CF38-3E8A-11E9-825C-AB7B2CABCE23}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724E960E-F6FC-43F5-AF3F-98319A1306EF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\ = "IPCIDeviceAttachment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B31C4052-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9EA9227C-E9BB-49B3-BFC7-C5171E93EF38}\NumMethods\ = "17" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\VBoxSDS.exe | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator\CurVer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 195198.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 626250.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 958167.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\balena-etcher-updater\installer.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virtualbox.org/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa607d46f8,0x7ffa607d4708,0x7ffa607d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe
"C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding AF8EB236342B1B07FA45F6ACBF0A2B86 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 86728EE103FB8415B5047F36E4085F69
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0E3DBF13CEE7102C867E6A90691DDCEE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding F2EE3AE68AD95A974FA693A197D95288 E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000140" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 741661FD3F24BDB84111001F31549A26 M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000154" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000178" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe
"C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe"
C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe" /Q /norestart
C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe
"C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /Q /norestart
C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe
"C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{881F2CCF-C1E6-4275-A8E2-0200BC2112DB} {165F0AD8-DFE2-4455-A756-90E7B460B9E5} 5512
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=1048 -burn.embedded BurnPipe.{52C127BF-DC83-410E-98BC-D11613B0D556} {3948549F-2D73-4439-B0CC-65EE2D88072D} 5324
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=548 -burn.filehandle.self=568 -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=1048 -burn.embedded BurnPipe.{52C127BF-DC83-410E-98BC-D11613B0D556} {3948549F-2D73-4439-B0CC-65EE2D88072D} 5324
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2EAF8BD1-343D-4516-99CD-498A37A25A65} {54D24B07-D79A-468F-90D4-E8E6FA6D8434} 1456
C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe" /Q /norestart
C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe
"C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /Q /norestart
C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D429AB89-DA3B-4D35-989E-4609944F6AE6} {BD61717A-0F36-4809-B4C2-2398978FAFF3} 1820
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1120 -burn.embedded BurnPipe.{325C2A92-4856-4EA3-B29C-D38B489E4856} {F9D9BEBA-74FF-437C-9606-ACBD646E8FA5} 5888
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1120 -burn.embedded BurnPipe.{325C2A92-4856-4EA3-B29C-D38B489E4856} {F9D9BEBA-74FF-437C-9606-ACBD646E8FA5} 5888
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{FDB2DB0B-2EBC-498E-8043-8BBD75DEDF99} {9FCFB21D-B618-43C7-8F5A-A426CEEA365B} 4700
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1A1C0657D4DD9B297175BC9A132BA348 C
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5924 -ip 5924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 908
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding DB6F46351D1F4650D9DB39F7D3E2FB73 C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 24EF5928076BE90ADB559B11E3058651
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding FB326B9F5D59F4753F93BD3B9969F1CA
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 699F2290C47137299427F08E764446C1 E Global\MSI0000
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 632D866DB7CC431DFD74C9E1AF265961 E Global\MSI0000
C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- uninstall usb
C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- install vmusb Win8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.inf" "9" "454492f13" "0000000000000134" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8"
C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe" -- install hcmoninf 5;Win7
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet0
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet1
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet2
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet3
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet4
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet5
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet6
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet7
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet8
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet9
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet10
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet11
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet12
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet13
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet14
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet15
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet16
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet17
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet18
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet19
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- uninstall bridge
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- uninstall userif 5;None
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install bridge
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Workstation\netbridge.inf" "9" "498636d73" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\VMware\VMware Workstation"
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install userif 5;None
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- add adapter vmnet1
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Workstation\netadapter.inf" "9" "4d396c847" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\VMware\VMware Workstation"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWARE\0000" "C:\Windows\INF\oem8.inf" "oem8.inf:fc9f1aa2477c2bb3:VMnetAdapter1.Install:14.0.0.8:*vmnetadapter1," "4cbdd083b" "0000000000000154"
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {91B041CF-3EF3-4B71-AC7B-2D6FC74A82EE} 532
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {7026C9E7-F05D-42C0-9309-2097059C2AC7} 564
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- add adapter vmnet8
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWARE\0001" "C:\Windows\INF\oem8.inf" "oem8.inf:fc9f1aa2df34f6ba:VMnetAdapter8.Install:14.0.0.8:*vmnetadapter8," "47eb20b4f" "0000000000000158"
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {B4B91284-CA70-47F4-B573-B728DABDF2E6} 784
\??\c:\windows\system32\NetCfgNotifyObjectHost.exe
c:\windows\system32\NetCfgNotifyObjectHost.exe {60479B93-4246-45CC-B0EA-4965608FF5FD} 612
C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install vmx86inf 5;Win8
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.inf" "9" "4d941d7e3" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\VMWVMCIHOSTDEV\0000" "C:\Windows\INF\oem9.inf" "oem9.inf:9c00c72d390d9e8f:vmci.install.x64:9.8.18.0:root\vmwvmcihostdev," "42936a687" "0000000000000188"
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{13B6B196-AD7B-4C7F-9BDC-B1CB2EE86552}
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe
"C:\Program Files (x86)\VMware\VMware Workstation\mkisofs" -o "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~1\autoinst.iso" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~1\boot"
C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe" -d -e:{64A1C7C4-DC12-4A4A-87AC-298A13576763}
C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe
"C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe" -s "vmx.stdio.keep=TRUE" -# "product=1;name=VMware Workstation;version=17.5.0;buildnumber=22583795;licensename=VMware Workstation;licenseversion=17.0;" -@ "pipe=\\.\pipe\vmx892c93c72308d6e8;msgs=ui" "C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx"
C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe
"C:\Program Files (x86)\VMware\VMware Workstation\mkisofs" -o "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~2\autoinst.iso" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~2\boot"
C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe
"C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe" -s "vmx.stdio.keep=TRUE" -# "product=1;name=VMware Workstation;version=17.5.0;buildnumber=22583795;licensename=VMware Workstation;licenseversion=17.0;" -@ "pipe=\\.\pipe\vmx6a8407603c0a4c57;msgs=ui" "C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx"
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x308
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.0.1716049925\1837527951" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f07515f-df7b-4093-afa8-bb4e1df1d335} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 1964 29595cd4b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.1.1999964524\1069684868" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b20ef7d-14af-4d80-b25b-1439a2a5ca77} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 2364 2958926fe58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.2.643125870\558094260" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3032 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e0590c-71bf-4a92-a899-6c6133b9f6d6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3380 29599ca2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.3.1970466414\719407274" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab06c274-1a59-40ca-af4a-ca870c92477e} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3568 29589267b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.4.700244460\1942460529" -childID 3 -isForBrowser -prefsHandle 3996 -prefMapHandle 3980 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f270a92b-70e8-476c-8968-673e3c3adc21} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 4008 2959b105958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.7.79536486\2115750093" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6611ebdf-24f6-42f3-b8ff-7a5ec480275c} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5468 2959c01ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.6.1775872103\55899259" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05910540-402f-4cda-97cd-1650b94ec80f} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5188 2959c01dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.5.762494885\601861403" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5084 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b7ebb9-45a6-4f0f-9153-806fe10d46fb} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5088 2959bfef258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.8.1030437557\484146624" -childID 7 -isForBrowser -prefsHandle 6084 -prefMapHandle 6080 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da525c4-67d9-4c24-aef3-10eadfa332a6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 6092 2959d9e3458 tab
C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe
"C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq balenaEtcher.exe" | %SYSTEMROOT%\System32\find.exe "balenaEtcher.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "balenaEtcher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq balenaEtcher.exe"
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe"
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\balena-etcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\balena-etcher\Crashpad --url=https://f.a.k/e --annotation=_productName=balena-etcher --annotation=_version=1.18.11 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=19.1.9 --initial-client-data=0x49c,0x4a0,0x4a4,0x498,0x4a8,0x7ff636968270,0x7ff636968280,0x7ff636968290
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1844 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\balena-etcher\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2372 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\Wbem\wmic path Win32_LogicalDisk Where DriveType="4" get DeviceID,ProviderName > "C:\Users\Admin\AppData\Local\Temp\etcher\tmpa89a42a1cf6a.tmp""
C:\Windows\System32\Wbem\WMIC.exe
C:\Windows\System32\Wbem\wmic path Win32_LogicalDisk Where DriveType="4" get DeviceID,ProviderName
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virtualbox.org | udp |
| GB | 23.204.236.126:443 | www.virtualbox.org | tcp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.236.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.virtualbox.org | udp |
| GB | 23.37.0.104:443 | download.virtualbox.org | tcp |
| GB | 23.37.0.104:443 | download.virtualbox.org | tcp |
| US | 8.8.8.8:53 | 104.0.37.23.in-addr.arpa | udp |
| GB | 23.37.0.104:443 | download.virtualbox.org | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.9.0.8.e.0.4.7.8.6.1.0.f.8.8.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 255.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.56.168.192.in-addr.arpa | udp |
| GB | 92.123.128.133:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ubuntu.com | udp |
| GB | 185.125.190.21:80 | www.ubuntu.com | tcp |
| GB | 185.125.190.21:80 | www.ubuntu.com | tcp |
| GB | 185.125.190.21:443 | www.ubuntu.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ubuntu.com | udp |
| US | 8.8.8.8:53 | res.cloudinary.com | udp |
| US | 8.8.8.8:53 | assets.ubuntu.com | udp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 104.19.167.65:443 | res.cloudinary.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 21.190.125.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.190.125.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.167.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 23.204.224.203:443 | munchkin.marketo.net | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.224.204.23.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 066-eov-335.mktoresp.com | udp |
| US | 192.28.147.68:443 | 066-eov-335.mktoresp.com | tcp |
| US | 192.28.147.68:443 | 066-eov-335.mktoresp.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.147.28.192.in-addr.arpa | udp |
| BE | 64.233.184.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | serve.nrich.ai | udp |
| US | 8.8.8.8:53 | scout-cdn.salesloft.com | udp |
| US | 104.17.1.41:443 | scout-cdn.salesloft.com | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| FR | 51.178.78.162:443 | serve.nrich.ai | tcp |
| GB | 88.221.135.104:443 | snap.licdn.com | tcp |
| GB | 151.101.60.157:443 | static.ads-twitter.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 41.1.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.147.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.78.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10451423.fls.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| GB | 216.58.204.70:443 | 10451423.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | scout.salesloft.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 54.221.81.76:443 | scout.salesloft.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 216.58.204.70:443 | 10451423.fls.doubleclick.net | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.81.221.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| US | 8.8.8.8:53 | pagestates-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | assets-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | js.zi-scripts.com | udp |
| DE | 54.230.206.29:443 | pagestates-tracking.crazyegg.com | tcp |
| DE | 18.155.153.110:443 | assets-tracking.crazyegg.com | tcp |
| IE | 34.248.96.227:443 | w.usabilla.com | tcp |
| US | 104.18.37.212:443 | js.zi-scripts.com | tcp |
| US | 8.8.8.8:53 | tracking.crazyegg.com | udp |
| US | 104.18.37.212:443 | js.zi-scripts.com | tcp |
| IE | 34.248.100.15:443 | tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | 29.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.96.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.100.248.34.in-addr.arpa | udp |
| US | 104.16.136.15:443 | ws.zoominfo.com | tcp |
| US | 104.16.136.15:443 | ws.zoominfo.com | tcp |
| US | 8.8.8.8:53 | 15.136.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | releases.ubuntu.com | udp |
| GB | 185.125.190.37:443 | releases.ubuntu.com | tcp |
| GB | 185.125.190.37:443 | releases.ubuntu.com | tcp |
| US | 8.8.8.8:53 | 37.190.125.185.in-addr.arpa | udp |
| GB | 185.125.190.29:443 | assets.ubuntu.com | tcp |
| US | 8.8.8.8:53 | www.vmware.com | udp |
| GB | 2.22.68.23:80 | www.vmware.com | tcp |
| GB | 2.22.68.23:80 | www.vmware.com | tcp |
| GB | 2.22.68.23:443 | www.vmware.com | tcp |
| US | 8.8.8.8:53 | 23.68.22.2.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | vmware.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| US | 8.8.8.8:53 | tags.tiqcdn.com | udp |
| DE | 18.155.153.4:443 | tags.tiqcdn.com | tcp |
| DE | 18.155.153.4:443 | tags.tiqcdn.com | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| DE | 18.155.153.70:443 | api.company-target.com | tcp |
| IE | 66.235.152.156:443 | vmware.tt.omtrdc.net | tcp |
| US | 8.8.8.8:53 | 4.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.131.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 96.16.108.176:443 | s.go-mpulse.net | tcp |
| GB | 96.16.108.176:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.fullstory.com | udp |
| US | 8.8.8.8:53 | feedback.esp.vmware.com | udp |
| US | 35.201.112.186:443 | edge.fullstory.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| DE | 52.222.191.127:443 | feedback.esp.vmware.com | tcp |
| US | 8.8.8.8:53 | 186.112.201.35.in-addr.arpa | udp |
| DE | 52.222.191.127:443 | feedback.esp.vmware.com | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | lumos.vmware.com | udp |
| DE | 54.230.206.25:443 | lumos.vmware.com | tcp |
| US | 8.8.8.8:53 | 127.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.224.39.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.206.230.54.in-addr.arpa | udp |
| DE | 54.230.206.25:443 | lumos.vmware.com | tcp |
| US | 8.8.8.8:53 | apigw.vmware.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| GB | 104.84.71.199:443 | apigw.vmware.com | tcp |
| GB | 104.84.71.199:443 | apigw.vmware.com | tcp |
| GB | 104.84.71.199:443 | apigw.vmware.com | tcp |
| DE | 52.222.191.127:443 | feedback.esp.vmware.com | tcp |
| US | 8.8.8.8:53 | 199.71.84.104.in-addr.arpa | udp |
| DE | 52.222.191.127:443 | feedback.esp.vmware.com | tcp |
| US | 8.8.8.8:53 | crl.godaddy.com | udp |
| US | 192.124.249.36:80 | crl.godaddy.com | tcp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 684dd327.akstat.io | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| GB | 104.77.160.199:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| GB | 88.221.134.121:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 199.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.134.221.88.in-addr.arpa | udp |
| GB | 88.221.135.107:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| GB | 88.221.135.107:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | lgkroo3ijwqmozoxw2iq-phaaz2-5c13fd0f0-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 107.135.221.88.in-addr.arpa | udp |
| GB | 104.77.160.211:443 | lgkroo3ijwqmozoxw2iq-phaaz2-5c13fd0f0-clientnsv4-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 211.160.77.104.in-addr.arpa | udp |
| GB | 96.16.108.176:443 | 684dd327.akstat.io | tcp |
| IE | 66.235.152.156:443 | vmware.tt.omtrdc.net | tcp |
| US | 8.8.8.8:53 | lgkrooycczcbozoxw2pa-f-08a6bc59a-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | download3.vmware.com | udp |
| GB | 2.17.148.30:443 | download3.vmware.com | tcp |
| US | 8.8.8.8:53 | 30.148.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
| GB | 23.37.1.150:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| N/A | 192.168.210.1:0 | icmp | |
| N/A | 192.168.10.1:0 | icmp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.97.4.131:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 23.37.1.150:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 23.37.1.150:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.16.108.176:443 | tcp | |
| GB | 96.16.108.176:443 | tcp | |
| N/A | 127.0.0.1:53203 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.44.232.27:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:54363 | tcp | |
| N/A | 127.0.0.1:54419 | tcp | |
| N/A | 127.0.0.1:54711 | tcp | |
| N/A | 127.0.0.1:54771 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.44.234.16:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| N/A | 23.44.234.16:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| N/A | 127.0.0.1:55133 | tcp | |
| N/A | 127.0.0.1:55139 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.117.237.239:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.160.144.191:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.24.144.241:443 | tcp | |
| N/A | 34.149.100.209:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.107.243.93:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 172.67.203.7:80 | tcp | |
| N/A | 172.67.203.7:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 63.35.51.142:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.21.59.251:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.21.59.251:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.149.100.209:443 | tcp | |
| N/A | 172.217.169.42:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 151.101.1.229:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.222.191.32:443 | tcp | |
| N/A | 54.230.55.116:443 | tcp | |
| N/A | 104.16.122.175:443 | tcp | |
| N/A | 52.85.92.124:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 172.217.169.42:443 | udp | |
| N/A | 151.101.1.229:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.213.3:443 | tcp | |
| N/A | 142.250.179.234:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 140.82.121.6:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.213.3:443 | udp | |
| N/A | 142.250.179.234:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 18.134.250.23:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 18.134.250.23:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.179.227:443 | tcp | |
| N/A | 142.250.179.227:443 | tcp | |
| N/A | 142.250.179.227:443 | tcp | |
| N/A | 142.250.179.227:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.179.227:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 18.134.250.23:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.192.142.23:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 216.58.204.67:443 | udp | |
| US | 216.239.32.36:443 | tcp | |
| N/A | 64.233.184.157:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 216.239.32.36:443 | udp | |
| N/A | 64.233.184.157:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 140.82.121.4:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 185.199.108.133:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.44.234.16:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.12.102:443 | tcp | |
| N/A | 140.82.121.4:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.12.102:443 | udp | |
| N/A | 185.199.108.133:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.120.195.249:443 | tcp | |
| N/A | 34.120.195.249:443 | tcp | |
| US | 8.8.8.8:443 | tcp | |
| US | 8.8.8.8:443 | tcp | |
| US | 8.8.8.8:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:443 | udp | |
| N/A | 34.120.195.249:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 35.244.181.201:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.160.144.191:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 88.221.134.155:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.212.238:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.212.238:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 74.125.108.201:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 74.125.156.72:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 74.125.156.72:443 | udp | |
| N/A | 34.117.237.239:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.149.100.209:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 35.244.181.201:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 44.230.179.24:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9e3e150cfe464e9ebf0a6db1aa5e7a2 |
| SHA1 | 3cb184e2781c07ac000661bf82e3857a83601813 |
| SHA256 | 2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc |
| SHA512 | f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039 |
\??\pipe\LOCAL\crashpad_5024_PXSTKYHDDVIJVZEL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e189354a800c436e6cec7c07e6c0feea |
| SHA1 | 5c84fbda33c9276736ff3cb01d30ff34b032f781 |
| SHA256 | 826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427 |
| SHA512 | ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ddcb72ab4096716269c5e95b4311ff4 |
| SHA1 | 17ef3a53aaac7c7199e10a3c41a3e55097414042 |
| SHA256 | 4c2ad88b0da6e46d95b5392bc2fd59cf803b99dd5bbaded8150b6509ac174a8a |
| SHA512 | 33058dea1b5ce3f28ae9f3de80e6a51e9c9192f3adee519b52b013e61164a7b1574693b99d1e98b4948050d18ac2d0d127cdf9871ed02c237bafacccecccb46a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfa8f69d8c8f6c9645da4d3f1b71016e |
| SHA1 | fd0ca2e534298f803012ff8de01e8d1610bf86e4 |
| SHA256 | 9147f4ce9a70ce3e7f5ed89a57d2c6cd0cd87b6013a0ba15feecc1e938f21c8f |
| SHA512 | 83800eb6ed54ed224ea8447fdedf6cd972bafcae1b2c5f7b5acb5425785ac5ffaf698b1bc1f9f4f149e431af1c69ec2be59ccf62aa05b31db777f588dc906a43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72455f9da37b26be26dacf7de82ed643 |
| SHA1 | 7a3faceb4002333b7eeba7b2194f110545a881d7 |
| SHA256 | 2a6bae0e24d010350e60b687456c566f1c5d44d934db262a2c512ded9c3148ae |
| SHA512 | 8d0e9f983e58c52167a4573f397417b02770354f5fd3f69a2775ceb53cde721987afb9ae5e8b9341071fb2e148a3b7a13268fc7bb228ba10a5e489f716a6ca8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6d0b2b8e0b4fa2244e68c02796b99ab |
| SHA1 | d4cb2bfbd9de870f63adbaadbe242a01ab1eddc4 |
| SHA256 | c7dc1ca52f832b6c814c7ee0c863f614cc6da40dee6c0f095ab91e4f5a3b6b60 |
| SHA512 | e9be1adb0b11119b69b0ce37adcf84030b611e37077f1188e7883fefc15ed4e4e5942bd9c793767236521e93ecd4aa708331c6ae2d92da4bb1e60c8360e06f6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3a9d71a52e30b447ae56bb375f79d970 |
| SHA1 | 536e4826b6a434583f241c28a7dcd315c54da3cb |
| SHA256 | 156d1957e3661e2dab75de7107b2b413a7ffb494b8206b62c6a2f5fe7836ba4d |
| SHA512 | 1240ef87b4c1f6dafd9b69e30b4cb5a95e286a2ad15f231c24a55b543a35f54cb7e0694cf45fe8987262044e993faecbe359e80ac459b1c5bf7b186184f06464 |
C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe
| MD5 | 9070fca76ac3e59db857c306118eb7c0 |
| SHA1 | 72ea852dadf64820a674c470025bcc628c0ab419 |
| SHA256 | b8f00fa0b953a55beadc00e40f70bfeb2202558b942d89fe015116cfeeb48ffd |
| SHA512 | df5b67f7dcc77dbf69edb7e366248bccad9f2bf8f64aea76bc2d7509c3f064abc1490d677e0ec7c51ce0e997832208839a2ad0f27aa410f66b07ce243258f8f5 |
C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe
| MD5 | ae14c26963d51b83e7bb1c3416edd98c |
| SHA1 | 26e4a0d91ca11f33e71883945df8f569aab29894 |
| SHA256 | 11b024618b452ce50876512f05db8ce32432fc85a0150ec0bd0c142e2a85d4cc |
| SHA512 | 34ff6221f15963523391dc79d269a444606668324cd31948b1f067ae8e6a3af3caa0fcd0c87cda5f630702e1b785e08711c6977ef7854dd6f8142052e914d2eb |
C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe
| MD5 | afc2bb702a9f291b5703045f7b22d87e |
| SHA1 | a02b7eb7ed10b74f28b3aff3019e51b65cfc5958 |
| SHA256 | b9c410c228af5afbb4199b1cdc33473283bf5fa057393bf3944d094f46023e2b |
| SHA512 | 1fc9fd2d534d774b8a75a247fc3ae8141c21793928df705d093370d8bca18dfff82853a35974836c5f67ac12c78699b924f74e14042848088589f9da57020bc7 |
C:\Users\Admin\AppData\Local\Temp\mesfcxa75z8pr50s2fh2nl37\w0tibl39ll6kpfb77yd95vdv.msi
| MD5 | 0a458aeb24962a2faacda7efc9fb24e1 |
| SHA1 | 89a410f23b745f29d73937ec1e8ab4809144e3af |
| SHA256 | 9b08d90b8924e9b2ec23f91c620a02452001b5817859cf0ae632af20433a2a7e |
| SHA512 | c7b3e581684e6199cb566ea32e372689dbb2fa004151c12bc5c93a013723034062343ef5b57eef49deed4e54688080c436aa56a62b556e4fdb2fc49a7c9a13b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | de23a3699a43134cdb715cfc55f5e30d |
| SHA1 | bbce9687d401119fe877fae50457c19c53fbeb91 |
| SHA256 | a8d20051eb6a2bac7e6e2d27279eab80b6bdb2b2929f2d3eebefbf02621f94c5 |
| SHA512 | 82b0ab6a7ca20f4960f1c3d76dd17ce6eea934b3a26caabca94b4a5f663ef5ad7fd2f018d04c51d3383ae60412ead843b776d27d3814c10decc460a78144175b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B
| MD5 | c9c1a7a74b38d0e792e2c2c067e74b69 |
| SHA1 | 06fbb962f96801c9041d746956d1db6963d787db |
| SHA256 | 215217b7af6e0cc27acbfae8406ab4b471c6c9eb935e99bf9af58b37311848c6 |
| SHA512 | 821c39aa5c60f8db1c187c85fbae00cb47c1aefa84e2c4291923082ee68be284cb349c399a907e3be69b6a5ddaa1f67e173788387355df1bf0cd25c206a6402e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | cae4cc6ca18a1f5efea6cae002085fd4 |
| SHA1 | d830f8e657a1511963892a96c4ee42afff7ec7d1 |
| SHA256 | 28ddb98234263947dabdf5cfe3dd573575c532b6ee49764397429a8633f7601b |
| SHA512 | 60b672cb2c359eef5dd2c3b36bc283e2b7c2a8c25dcd2d4deb99c5c854d7916d6cf4976ac863859d2435ad5f17a56d84dfdd21bb67e5bb6da7c94d40fa43c9e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | ad9a3a502aba259711a9ec801a31efe6 |
| SHA1 | cff4a15f1fd21556415b0faaa2ef163b24b65727 |
| SHA256 | 0dce01334797803142855a4bf9fa453890db599b9befa7d7411e966afe19867b |
| SHA512 | c68047617eaf7c73c90e85f1861b3e0048397ea3efde624eaaf246d40e0a284e6c35c046e86748e4346014693390cae4ab3ec4d625186d098f396aec600a520e |
C:\Users\Admin\AppData\Local\Temp\MSI1921.tmp
| MD5 | e19598d97a3e2d9f008b30245287ac75 |
| SHA1 | cfe5892df94467f09bbb634f64aadd8eb6539f27 |
| SHA256 | 9f160ff8762b7fbc1512932a33d8234739866110a752046c030fb9f9847d516b |
| SHA512 | 802a3716590bf6098489fe4075d21330bdae3f96063999842134a05657079e9a08fef483947b306b537b00a510a309915b27204415e34db6f80cd7ca175cc5a6 |
C:\Users\Admin\AppData\Local\Temp\MSI1921.tmp
| MD5 | 3402df7633d957c241c00eb7f30b11d3 |
| SHA1 | d784de8b73d22f42c0222987eee633cfd287d014 |
| SHA256 | 74d9ac9e195ea20e1c6afd9d7dd428d77630c433c61ae8b0960714195b09b800 |
| SHA512 | 8c5a6a0c34aad4833461ec12e0678b4dc123319fa3179fed7c56a59da5d33fbdc571490f9c52336b34b99655c74a8661f43587188c2ad47ccf133c2cc082502f |
C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp
| MD5 | 1a482118dee8ada517d03a6092ec0fbc |
| SHA1 | 2be447a338da0fa16df7d0e8e954f08e3032a440 |
| SHA256 | 56f5a9fb5a791827c28e2c2444a3a9aed0c6ffd7ea6d934fd892cdf7ad379b5b |
| SHA512 | 019c1eeccb448914379cf278b4102a11e8e99b67069e79d07aa83f56eea4175c0d67ba3b15e15989a737d3bcf5183b5352bb4d472cb893aa559eb2b4c330e850 |
C:\Users\Admin\AppData\Local\Temp\MSI19B0.tmp
| MD5 | 31bc9f3b4be1ca8b4a4682fa2db9e16d |
| SHA1 | e4fc3059f40cc553328830494eac2a1a5a22f323 |
| SHA256 | 6c9ca8e58bebdb8e901a490d6605325a223c126b73c899fa3a54eca1e5c421f7 |
| SHA512 | 9c7cda6cf8c029878ba60b65706ddc51c30eec55948fd98be4abfbd4a24f9f9b3d75cbb6b937e31f7025b67b52fc6143db1403d82b9ffde11e2e425455568725 |
C:\Users\Admin\AppData\Local\Temp\MSI19B0.tmp
| MD5 | 96f92881929052c599f15430dda6a47c |
| SHA1 | b1a7afc69bacdcc8234a579c637292258eee2390 |
| SHA256 | 3e16c5daedd820f01957ac085a915cc9b267c1ceedf9613a96804283bfe11890 |
| SHA512 | 6cfa79ede859ab6f42cf8615dd5621e1251160538201f9969463ec95752858ee65c0a83ec3889052d272757c5e08b81f8b38d2508646d6980ced012de89edfce |
C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp
| MD5 | 5e04694e97290252c55f8fd855a8315e |
| SHA1 | ae0befb2448c78d08cb6c6895a9429408fac956d |
| SHA256 | ef8d8144b1462d8c2a90968880c1706b22e054ff43b182348269e749aa7f0c5f |
| SHA512 | 586add600a82b4d4e34dfd1841e523380d45dfa850ff694b9d8935f1b37ff11e85aba2b333d61ba8397d11ce1a887f678d498e74d03d7c21465fcd384a723931 |
C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp
| MD5 | 3e96d4bbea9f87cccdb9f1ba6d14309e |
| SHA1 | 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3 |
| SHA256 | b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff |
| SHA512 | e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87e321dee9fc98d68a1b46d26d48a35a |
| SHA1 | 096cc862475ec5f50b53c58d59bdcda73a5ee6f6 |
| SHA256 | 6b90f4596617ffe5f522c93ade4043ac8d47cbe98d8d92794f4f773760258433 |
| SHA512 | 166ea63071563012d8e431d719632fca6143dd679773fb269c9863622ad18ed39a74b3f2de7d3ef533f1f25a521dddc6be578acd8cfe59b88f5acbc19214ef50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9c7c1e4359798fb65aeb96176a3428a4 |
| SHA1 | 332d6ccb7ddb5918eac8822f2ecb3311df6cea86 |
| SHA256 | 731fd9782abd70f3c7e4bf776ddf08fd6e664487d0a940591f70a395f3f75cd9 |
| SHA512 | dd449c1fd012b68cdd331a205c2eac40dc94ac7f8aa647c4464b65564c23912a524bc31dd064f932cd5f4101cb1246d275efd8290446a750366ad424b2db456f |
C:\Users\Admin\AppData\Local\Temp\mesfcxa75z8pr50s2fh2nl37\w0tibl39ll6kpfb77yd95vdv.msi
| MD5 | 44b650efeb2e9a34fbf89ab916190ef6 |
| SHA1 | 201b1836361273c0ec80bae316f4a650314684c3 |
| SHA256 | 5747fa25731c99b296ef76813a4e9d12478a54ce3dd0a495acffa71d270a6901 |
| SHA512 | f693236022f4992f48bce546a0649fe4f27a1c6d39dc140805fd3a40d26d4b0e5b3dfcfb85ff8defae9363c4c2a8e5d49208fe9bcfeffd01d05d998f33cba02b |
\??\Volume{0f39e613-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d1248578-a9f9-4831-b3cc-daca1d4d52cf}_OnDiskSnapshotProp
| MD5 | e8db1018d81163a4ecf188f36da510f8 |
| SHA1 | ff76019162b6e9479df6c0adbe288f4ce1c9e9fa |
| SHA256 | 224a7eeb09ddf6e977ef764f4fb89b37df86ea06b36d3edbd448ea003ebf3a7d |
| SHA512 | e476e8f824f238b0e13b197b5e1489d8f86e88f76cc171831d73c4d739a244c89d77e269c0c6e51a834a2901eaff8d580f003ad67af1112d63c00ac0f0abbc1c |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 4b59807783c7f2800990a20059b5b212 |
| SHA1 | 8ac36f3c51ff31bb6eb905eda7860391dd18c933 |
| SHA256 | ee83804c1f73b90562d2ebf29a236f12d11739c7b61ae192c562a6c935293532 |
| SHA512 | 17add5ce7a78286a33014030a5463f37e49324bf5002802dd1b341f21aa047222943c176a9fccb59c95d6e193477f55d3d9f94858dc27943f809c133abe87f6e |
C:\Windows\Installer\MSID85.tmp
| MD5 | 144e14746fe03511df113f299670aa4b |
| SHA1 | 47491317b5eea81eb6a4aec2e2c54cfc2e86bdc4 |
| SHA256 | f8a5db567b11a9f3371b00558f82a138ea14861b1cbe2be580271d9cfdabda69 |
| SHA512 | 123b86857b53cd63802cbcc584007f3489b0d0d5267ea2361a2d76412810998bd818489c02d63072df8b5219eaf8e4614f6ed18a90c78ef7bdbad8a2c526f45f |
C:\Windows\Installer\MSID85.tmp
| MD5 | 67dbe47342af3dea098dd0720f87c95c |
| SHA1 | 621daaedf18ec093fd545d09bdf7e03446894e60 |
| SHA256 | 24cd33251defdc7e17a0c5963b8a564e6505e5c829ab2d79b340d56b6bb0e812 |
| SHA512 | 24380fd52298cdc1d3b842d397f7445fd105b4b66ece6ffb4cf8da2db17d11719d8671895832ed001b21d2d6f50c7ac8104a71d09c6d75bd3ec88a32c36d648a |
C:\Windows\Installer\MSIDC5.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI1181.tmp
| MD5 | 418322f7be2b68e88a93a048ac75a757 |
| SHA1 | 09739792ff1c30f73dacafbe503630615922b561 |
| SHA256 | ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b |
| SHA512 | 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef |
C:\Windows\Installer\MSI1D1C.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf
| MD5 | 73baef81f0ea58b6dd1b8e38e199e567 |
| SHA1 | 66e89f5fee1ebfa980160984940bd5fa910b7180 |
| SHA256 | b24d35b010526a896ddd4108f10e235054593d79f5939a2d484da12517d351a0 |
| SHA512 | 978a94895e7a9d88eff50f4b552ba7ebdf73b4654d48590afda8b09cddd3d188d11d4bfcad3cac374348237b69d249467ccf04159c88da9fb783fb65d49f14aa |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat
| MD5 | 0b017252806546852e7808267d223e93 |
| SHA1 | 5018924056e84eaba285bb0de5b18677dc64c518 |
| SHA256 | dd54bdd004785dc8e0b0824f49b6ec0665ac0d4623162c3d9dd636ec11dd3a25 |
| SHA512 | 155c330306ca91a4991ee9a5107a2339630e9cd34696206c7ae1526cd2b9fd092753f52cba2ff8bb0da6bb69fdb19fc6f9aaaef6473b5f5765aacd201573dff7 |
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys
| MD5 | 6276906d6a4ee29b29ca50b4825d4098 |
| SHA1 | b542ea87c12b788c87ed693d549fcffd562c354f |
| SHA256 | 73fa8b463ee9a95930d98da3f9dd0637e63f06e8cd510bcaa285d91e4dcae2c7 |
| SHA512 | bab6e0947bcc54b95e504e24d5305dbfb7d6c1e60795655a5c308c0a9fd2433bf4449b838f8cbb021479dcf6383f853445f719c8347a7e13f1e05b622b09207a |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
| MD5 | 16ea0763f8e734401a17973aa0aa366c |
| SHA1 | f206e753616e3ffda643a2f9c657df591020ee93 |
| SHA256 | 23cfad6bdfdac3f08ac6f9d7b79292affe78c834d19939a3a554c2844f54f452 |
| SHA512 | 0d7504e67cdab21733f95188776f1238c2f532d7aeb372963c221c33f2d971e0745ddc86862935c15ab8ed812a0cd77818cffefab221d5f4cac6ac8d8cf43563 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
| MD5 | 421e43a41fac5422bead785c7dafece6 |
| SHA1 | 4dc22822e5ed15cfaf42864cc0f1e63ebc74d076 |
| SHA256 | 0d80dc9215057156589b2345f793df8884b6d684e83b1ac725c4e47debd6759e |
| SHA512 | 2d3af370d66e54b260c4ee27c01dd6f97111949593b05fdddd9d1b4a58f882982a96a3ae1628a3ddc7dc7a6e2729842723c1fcd62a180700390c6214b1d751c1 |
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
| MD5 | ea4f74bf86589c6e8f0fb2866b3820aa |
| SHA1 | 17a542351d8cefbc25ba2a184f80a6897566ac7b |
| SHA256 | ade2e8d684cb59bfea99ad09e55bc5f2a808d824c2905ded1366b7d32e906529 |
| SHA512 | 397a2129d9df502636776d49c62ce2887999f3e24f975905f108bf7c2a7196e0227f20f7644cceba9513384781f2988c6e1ce8047f705c872fb3970ce15466cb |
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf
| MD5 | 9cbb45c10d1d5920e4d9320e8dde36d4 |
| SHA1 | 3efb47a5381654a7f996c4049ffcb7ad671f2c3f |
| SHA256 | b97746731c3f8ceb709020ef1be969721b004f001ea2e55f61a0c395d611b109 |
| SHA512 | e72d534560789d15a6bdaa481d022fb5111b75e8321f0e1947e653c598e7cb8ed1ca25dcc01a4c341cc7bb0fca133f6c92bbb7f3cfb188fdafa0babc7d558ee1 |
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
| MD5 | 351ea41c61b4b84fbc0a461b1768e104 |
| SHA1 | e9fb74d027a25e4298eb751e2ae156c8806428c6 |
| SHA256 | 36b73da2bc1b809022fa8c8072a52d082a869243dd78b08dfcf75f1146255a31 |
| SHA512 | d0b2f30bcce8e324856f6184f50f7bc24ecf220b575c14166a81ebad7acaa3b14250aefce10e095bb90ea0565be85c7638a03ea289f61c46921b800d3b5a5b5f |
C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\VBoxUSB.sys
| MD5 | 4669d1db0f07515d41f21f308b4b390d |
| SHA1 | 3400d9f8ce5541e5fd59f546a7a44d98ca7eb331 |
| SHA256 | a6c70813d6afd3c9e191de5127c219d912a11db1a6fda80fd6793a97e5a9e692 |
| SHA512 | 3b285fa9b2fc63cd8f7b756dfcba56022b67aa4ddf5d40fd4611037af92a31502df43b0c2ffe8f28faf5ae97e69497d540cc4028be1abf42b34cc6433eb307a3 |
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
| MD5 | be3cbab296ab1c9fbbe7dc8e97b06e07 |
| SHA1 | 1f6a242ff2039606ac558c56e4237cc9a9fe28fd |
| SHA256 | f640902d85cbeed89f1f2237297b2eba3240cb4431c64131f2253331e0b67f6d |
| SHA512 | 2742b09e99d45201d2f70df76d9d69369eb666194c39b99627c0d8a06da4de19f3bdc5b83fee7e7f84e7a26db123b5463060b748f4b27eeb3a27049a8589e28a |
C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.inf
| MD5 | 6016637d32182738bfc71e7e86bfa1a3 |
| SHA1 | ee76c95ba76286743ab9d3420c58c41e0f1793eb |
| SHA256 | 68fca318c6f63b1d46f3a75ad62aedf1977d135411d82e850f09a6e6e7e8765d |
| SHA512 | dc1c2584c8f25b527df9aaebba3ff7cb5ea9427825b1af9f72005f6789aa8502bfe2a16ce1c2229d1ee62b3d553b7792ff943807d753fb5dd50f084cc1815ddc |
C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.cat
| MD5 | 75eb3dc02a8ee04f1f3c96bd80e253a2 |
| SHA1 | ace2f9f1eac41cf6bd3dbb2d69530c6f044afefb |
| SHA256 | a27ffe3f719b5f87c694b273af7e5796cf93a495cd195aff25e44e24fecf8e1b |
| SHA512 | 3d451852408ac7045c1558fb97a21a61d99bae207e3e28050109170999fcaf7f091108d3a15596946aed55497611110040726bccb939850744c5b628db369a75 |
C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.sys
| MD5 | 2ac0caba931fd7736866c3867f8ca6eb |
| SHA1 | 610700909bb66d0842706dbdeb6540bc843a5d89 |
| SHA256 | 4e619bb6370f4bc4be52f43d6c43f3a86e3e2ce7bb04baadff17d3b731f18f3f |
| SHA512 | cfb1dbd3227941e3f04f366ae661ebe3503ef789e70bc0a438569fbbdc2a2bd89e8d3b978db44e5182f81a0b98b01cc5d70690ebc8d0b5b24a00bba48c3eb866 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | ef5f07931b513cd0cb6a9ec4b168378e |
| SHA1 | 1a84537c554f32a39d39e8b4f1af14dcb4c57649 |
| SHA256 | 07f5aa29f062c45f55ea6acb30f02f2afcbce6c847ac85e6133f5e6351e77935 |
| SHA512 | 3be9a79de415fe8f39af9a169a84e231d4925e1064fcc8a110eac313862c087453d750f13746be32e39484a0c35dc353e37e1be278d58a6b6770c861e62273e7 |
C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.cat
| MD5 | 6d9d62401ebc8d8b48e6724c2e162d2e |
| SHA1 | 7d64d6c2b98e6545382a5c3ec31bc71e2d6b3035 |
| SHA256 | e308cfc6edf3b6e969a115eeb111d0fefe0be93e00856ab1280459dd83a9f93f |
| SHA512 | 46244a02f61d6048630312a0827f0141b8e99501d367a6feeaa5d9ae5c157f98969dc50642ad4d03b5863b196456d8d903241b1077809d280b860bd6aba6bee4 |
C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.sys
| MD5 | 96a60dbff3c4c7217741e0007d0f4abb |
| SHA1 | 1651f89d9ab8455dd4458f605bee3a4ce429e42c |
| SHA256 | cd3af3b853c27626fcfc85997feead0a48e56d618e2129f62fe1b96a203a44c7 |
| SHA512 | bb7de376b7fbb8e8dcf2a49f9c4e195510ae5895d0f612dd9f80fa56197b55b81cd31151bdcacafc616c7998513cca81192460e09b9a433f9b688d706ebf3d48 |
C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.inf
| MD5 | 4b79c4041164c4d8b24a4f51f25b026a |
| SHA1 | e877f526967674a90108da7be7cf38744e5969c9 |
| SHA256 | dbcc2c6f3dc2a68eabc698d2d7d94837e9f79711dd13b414299e20c00c016779 |
| SHA512 | 8c7ab281df799538f0dd1a2b353c072cb1cada3b57e6aceba5e7f228cecfe5634e26ff05b927d46a6fe0f9e6cdabb4c266cfc1e1a425f04f0f2be9a179bd4a30 |
C:\Config.Msi\e590a58.rbs
| MD5 | 1eb0b33452b56be83178be17797bba14 |
| SHA1 | 34517569675aa10e3b4494188012a5018b32b31f |
| SHA256 | 5680c24dc61be42917bdc61af6a1678e7b8c7b16fb4c414dba93f14cdcb71fe3 |
| SHA512 | c9d111a44add2274d44805b2339695286859f83d8cb292b82c76a49ea7c25557c2215d622efdc00be8b9348e34e17301ccb8f6781bdc1e3f9dbd3310add28a8d |
memory/5184-715-0x00007FFA45C00000-0x00007FFA46141000-memory.dmp
memory/5184-714-0x00007FF775CC0000-0x00007FF775F44000-memory.dmp
memory/5184-716-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/5184-717-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/5184-718-0x00007FF775CC0000-0x00007FF775F44000-memory.dmp
memory/5184-719-0x00000275E5600000-0x00000275E5610000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | d9d28bd2ef7192fb0efb99607d7a0807 |
| SHA1 | 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a |
| SHA256 | dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5 |
| SHA512 | e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13 |
memory/5184-757-0x00000275E5600000-0x00000275E5610000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a2a0f.TMP
| MD5 | b90dd2d8e8933ae2c61979c3fe66758f |
| SHA1 | caf4ecf2a8c4353960a8b50ce8bc10415282c59f |
| SHA256 | 116093ff3e9517f41ff97bbae0fc445d025c327209d7fdd7749dc6d71b10b345 |
| SHA512 | 5459975b137cf70d57097afb54a0c7de70e0c82914fdd46bd6040e4ca3aaa10e85da957fcaaa7df8095fd1f4af7a18bb5ea7a011a74a2bbd7604f290ea154ff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a932585a8e4648a957eaa57cddbed2c |
| SHA1 | 96f65cc3c75c5c167acea3e79ea25cc2e7f7e5cf |
| SHA256 | 4bded79272c9aa9667101d9fc24b975d3bbb81e25d2488e317f0a5476bc741b9 |
| SHA512 | 6cb8e1e36a529ff158324d2082ce7b64755d5c85177c71db57115ae64aceb181b0876773cdaaef0829d2a2d3096d84d8367848c636c4334d6c5118d21c8c62f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09246288a39c7bfd598820792e5c2200 |
| SHA1 | c273771090ba660630922a22fd0a1ac007e3d496 |
| SHA256 | 447479c66fab06c52391686f75064841124f758db4eab411879875f0476b1474 |
| SHA512 | d22c5f7afd1c55da00dd2f7f7c9f521908ca44ce83f8a325d8febaeb655e25301cd6b83dcbbd021525d42848a1c7dc68310d3bbcfebe56b050b96fad40eb2163 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01ceb70563c2e167fe131edcc4dce845 |
| SHA1 | 68a7e9cbedd88319351d9e105e3d375f2fe3c8ac |
| SHA256 | 4b58e1c8531593efaec0eb485421c6f6c177facc3f195365c46677b39034b992 |
| SHA512 | d96002641d47018db87d23888c8b67e7a9902cacb92647635b9ac175aec17c9833d87db07e2cca29825ae0173138367c0c3ad6bcf0e961e2c35836cfe206c230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cb43b724a9999ff52fdbb13f43606b60 |
| SHA1 | b962734e362b0be91737881b8298296956c00fcc |
| SHA256 | 28f5b09993c4a6ac42a41fa32a71b992808b98057efdf18c53be564007cd7693 |
| SHA512 | 7e06133fb63a09399de6f4a2aa5b8560eee23a289557f5ce6c72416cdbc85a662d1f2292d204aba477ba02f14c94b2cfe4ea16b6eba2a869f5ce5bbbf3390705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 875f4a7baf769673ea2b854c32e1b523 |
| SHA1 | a59693a985f446ffb1c932e6331b795e229094d1 |
| SHA256 | b8a5926247da35baee74903b8b50e4f475fd281aa4bafc8e81b123f76e19983e |
| SHA512 | c6e6e7ca8dfd036c8231f538fddf2de5b9ca48768d182949bfb0640be7c77a6e5363f80f71e1d52bcf3808f485404aa5cb4377a3b26520af7785519bff4130d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c715367f5a3cdc3656f3e82e23d29485 |
| SHA1 | c69b9a88a2432b15022d1b6ab4f871d754c2d5ad |
| SHA256 | 7d28f5e8f00debcb0b4fd5e6d7e576a2bce85a39ba29efe390b266cd06a29751 |
| SHA512 | 69fea565768a6bd5ddbe24db58bda972f2702c0b8a1495a1c0d327ab3bcdd49abe1f527484f4e2565b26a1ca1a4a43bc595a0b1237bbb28860981c0fdd716102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7408aa4e22cbf6c4b5f7359660ea6b2d |
| SHA1 | f0f51dafb45060bd1af9db55427428273b3d2620 |
| SHA256 | f33c4d32e12c4f83e807d7272503accbc6d05c24b36e8e6aea75a0261d308c26 |
| SHA512 | 62615fb7d4f23d3b66102f5c90e74a4901a68c0aca03291c2dfc6a25335c97fb8d373a95c1b2653f30e65bc880d9aa081dbb3edede87f8a47e619bb0fbe231d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea4e7640d8e6e020e2df4e05576bee6b |
| SHA1 | ac6040811e21ad768969f36b5fb32365a6f32d7b |
| SHA256 | ccc16ca70840d33483e6e26180100d7abcadba5ddee8a824ff565e79393a7eca |
| SHA512 | 193e39f3dca7d51a5e7da61d1dae6f3494658efcb1a7ea4197282f259d865472411b26a7dd694f6d43e1362281bde611497e9e4dc8132c80be11a88dc88c8685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bcdef0b26319e2d1fc55313ee9c185c3 |
| SHA1 | 4a56520aafdd707be097b89a253cb65959346fe5 |
| SHA256 | 8003243e62962a8f847de19a041faae7c58a17d0d714d1549be6c4961d07b18f |
| SHA512 | 67486791e3d20e3920fe52b465bf8fed75952e2b92c5cdb2c94486e88c3d643734168dc1023bea59caa7d989c94b423172d213ae6b5eb9bed35bcd4919b06ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | beb26d43889e8824a42e362a2947495a |
| SHA1 | 22326132c967de0a3848b9a27a3d9b077076a7cd |
| SHA256 | e84a8b30abb92b172a9ae15819b6f70d78560672da4fa3db999594b210ea0140 |
| SHA512 | 2d46922c7c9e403bd88bbbf018cb8d4b9b500e87b8f5da5cf548d40781531c6c534b2eb0a773aba92abd6d492d16ea6f0ad6f268fa21edf4667656711c9b7f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9afb75d953992b598fc8cb08968917fd |
| SHA1 | 6664a249c306abfd005c13b2cece49081cffdedf |
| SHA256 | 5de6da78cd72222b963bae81836c2393aac86fb08d9082d1370d93ea5e2b72ca |
| SHA512 | a681e1b7743c15bcebe0cc6ef88127207a37e5a0298e43a2613aadb06aa73c19e26bc14d89a89a1072cd329950957603e52dc42a4dea18a061919775680f63d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 259bb3f43bec9df083564526c485c5c9 |
| SHA1 | 57bec9a24a04f60d0dd091538138e93de3fe1b29 |
| SHA256 | f9925830dcd58ca1e3ecedb7e9da79871753a549247b3d972a8db380b481599a |
| SHA512 | cb5ed986c96667458165c0d4ef0ab22f7213182a86fc59e7bfee76ea559b32f688a1b545708ee78e6ca283d3001ef6921e1cca010b5418a43f63a6f988f5d7e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 288d268a4fc15d27e407ea39cc8fc61f |
| SHA1 | c7d7497781931244d23db8d86cb80925e36b3eec |
| SHA256 | 98eea9a4ca12a51f3af0abe77782e81145dde292205cd06540d22310e3c05c97 |
| SHA512 | 59f4ec124cce58bd016ab41d195698dceff8f8e2dbff5ed0b60a9d79c5f29657f15c31d5982fada1eabbe22b20ce07aaf7a1cac244dfbd33845f50cd6dfee23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 653f23892a1eb6ad94b7ece23544fa9e |
| SHA1 | 9dc2ec7ba28af165c6d31cd9f68dc089e1f53ff9 |
| SHA256 | 79c7148c84225f2e0beda88cc9713cbf525f77a48dfbfa15ac768e32ed52a60e |
| SHA512 | 27afe610f43082964a6fe3a786e2a4d635c4fb190b570ed3e9065ee5facf41539d0189442f70cfb4e890fe77e70fb3552b7db0a9d17ebd1776fab0851043fc2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 388dde7fe39b67f45048a53916aea426 |
| SHA1 | d551afa2add049f314d065dcc27dbda0bd3a5a8a |
| SHA256 | fd19fe27962027d48165bfb8ee5f03a0c493d04b6a4c48323cfce88db804e011 |
| SHA512 | 16a8382f6a82afc059830cbbdd544b7c2aad8ecaafdf133ec103da93d49182942a9b4001513c9cd9e4ab51c8a1b7fab7b59edbb1e1134569d5a2ecc2c3fc5b78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 26422ea4ca71a539edbb137cbcd574a4 |
| SHA1 | 75da16bdf8fc4937d255ed769091b9e2f6e5a3a6 |
| SHA256 | de82e43a97e2c48a628081d70a0130cd6fbfc41be15dda795115e917fb3f12b3 |
| SHA512 | 73889f9188534ef5104a47e4e673a43b612714cfad88e88be4ccf0696c1acf4a3d86c0bcb87a1a4785e33ca561691d44c4983ad2a3c760d9af8092456484a919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70b6dfec313ac1bd1e2f86a17ba94279 |
| SHA1 | 7b99afce8f0a92d522484143f313b8d7b96663be |
| SHA256 | 299f756789061fa3198b5e436a667d2f9c431db1c3155b025a67e9a0197b9837 |
| SHA512 | 18f52246273d4dac52cc93cbe3cecbbb3256f629e519a25da3f0947ca15dd4e1010d2c4a69bc499b7b234c3e9886b7210937a80fe543c9018dc9c5efbc910665 |
C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe
| MD5 | c5048b7b69b088892d602a0afa5d3634 |
| SHA1 | cf57773ce041a3a5dda4d99a07b60b31a5a6c473 |
| SHA256 | 50a5f26c2c5bfa20be77af2cc2102a0f6057eb78d8aa723974ee0b01c510eced |
| SHA512 | a1f4bb65627a8c672a0824e7c918530ec7c2483e3e15e58eb9e228b995231a68844c990489a67bcb0df875f9e237e9ec1ea32dbe0ea9353ce52bd6e460bb9a33 |
C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe
| MD5 | 415e8d504ea08ee2d8515fe87b820910 |
| SHA1 | e90f591c730bd39b8343ca3689b2c0ee85aaea5f |
| SHA256 | e0e642106c94fd585782b75d1f942872d2bf99d870bed4216e5001e4ba3374c0 |
| SHA512 | e51f185c0e9d3eb4950a4c615285c6610a4977a696ed9f3297a551835097b2122566122231437002c82e2c5cf72a7a8f67362bff16b24c0abe05fe35dddbf6a1 |
C:\Windows\Installer\e5e6987.msi
| MD5 | 7c87329a66d4c22f03acea4e817971f9 |
| SHA1 | 12a2134fa09fd7df026ffc20bfe58a7d30d6ae73 |
| SHA256 | c78bc45113d0270c2154930761c3b74db714987a16c0fbe5e7a05fa3a853d0c8 |
| SHA512 | 73f11aa3f9b3dbfba157a0d47dc61ff2a22509b61339882a9c2cee53ee335b18820700d7a413b81b426e71c83443f0d99bea8b3638b8b87ee9a42f01f404f955 |
C:\Config.Msi\e5e697b.rbs
| MD5 | 674ac8e4de5df593cad73d56f8b3c8ea |
| SHA1 | 1b962ad96640ea512c7de1d5784c21a855882880 |
| SHA256 | 5f5631f317b7e33cfc94a926fd2b2f61c4a5d1bf078cf36a9a031f1b0ed0ed08 |
| SHA512 | 50b64d9055fcb84499b9a0d65f143c7696684f6569ec738c7f77b18d1e041c242a827dab875cdd3d9c9260de812e6558ef4f2be3e632e2ce93cb1f486440116c |
C:\Config.Msi\e5e6980.rbs
| MD5 | a5ec5a76f2f5dc3db54b0ba4a60d4787 |
| SHA1 | e37b84d48a89bb3c2e558e85e5178d9f5b446fdc |
| SHA256 | 7b7498f5fa4db313b7f7946722c887699a65149bdafb4ec7fcdee3c2ac17a39b |
| SHA512 | 4b482a0b3fa58c4a28f74cdcdfece520f1cf7d7f7786e5b1edaf71e1aa3ab1f6ae87f7d620e391da867ad5c2da7487c15d193decc99f169b5bae2a1245c99408 |
C:\Config.Msi\e5e699c.rbs
| MD5 | 0c712ffc482639db3e206888398f3393 |
| SHA1 | 8a6b49a5fa95fb9bde2579b45b4f38dcaa32d09b |
| SHA256 | 60590dd8735dde8345478416b08c1bd7a21b721e4ba1c37ffbc25c197e97f4fb |
| SHA512 | 40ddc0d04bfb2bd1ba6e2f2d3c15fe59ad6c4a32e76df0729f4c44b1d8ddc0bdf260a251e0ec05c8c26f1b8792dbca8ae402a795af5254fe0e9cf5d1581f0323 |
C:\Config.Msi\e5e698d.rbs
| MD5 | f458bdc0d2d4e7c65a59e4823ea78631 |
| SHA1 | 8da8ab0dc3c2b85b1c9045850ca91417f7ac3177 |
| SHA256 | 6fa6ae62df975251a04461177ec063a8b83b9f320a44183a18302ad8f849c59f |
| SHA512 | 7a839b4440baebc88a80f1a9ea28b0c833edcd62895d7fd49078760f21ffd826efebfa0eee0a29d0b2ccd1cdf488284de205dd365d70273f9355cfc580a126cb |
C:\Windows\Temp\{0AB0BCAB-3585-4B97-A45B-52D64B8ABEE0}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\license.rtf
| MD5 | 04b33f0a9081c10e85d0e495a1294f83 |
| SHA1 | 1efe2fb2d014a731b752672745f9ffecdd716412 |
| SHA256 | 8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b |
| SHA512 | d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685 |
C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\thm.xml
| MD5 | f62729c6d2540015e072514226c121c7 |
| SHA1 | c1e189d693f41ac2eafcc363f7890fc0fea6979c |
| SHA256 | f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916 |
| SHA512 | cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471 |
C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe
| MD5 | 35e545dac78234e4040a99cbb53000ac |
| SHA1 | ae674cc167601bd94e12d7ae190156e2c8913dc5 |
| SHA256 | 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6 |
| SHA512 | bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3 |
C:\Config.Msi\e5e69af.rbs
| MD5 | 20a95834c68b96d52a67a656f754ae0c |
| SHA1 | de0b1b412d54bb8e84c558b2e34b797eaa3464f4 |
| SHA256 | 78646130a29ead7b508f65878bef9532225c43689cf7bb8c400e160be5057104 |
| SHA512 | d3e522ea3ca47cd1822a85649cac6c3debd8da283708c4627ffe35adf30c9b1731e1b248cf19307b931250db41f7cc761ddae727d5ca32455efa21d6ffa090af |
C:\Config.Msi\e5e69a3.rbs
| MD5 | 7d11e3f2231def1cab5dd26ef8721608 |
| SHA1 | bca565c5394d6b39a59cd94e8b774b10286f9113 |
| SHA256 | da3dea06cd3595c201b977ff92c113a062e3980f86dda437da00655a27822528 |
| SHA512 | f32f7b052c446a287f88f42f1e4b1c9abd8061e9b9a5fd89b62288c107b59fb32328599c707035d672b24bca74cff2540e5e70aacf08e68f0ce67e776d5c9a66 |
C:\Config.Msi\e5e69c5.rbs
| MD5 | 08185f6ead74cbba1a1904868bc593aa |
| SHA1 | fe2a96424d83af183bdc2a4cf303a138fd2a0e06 |
| SHA256 | 2215b29412c71c12b0f5ce273b5dce8a541ef9c2a1f2861f5fd4995adae23cf1 |
| SHA512 | 4ab9723d6be8d866bb3a3fa6a58531ff655d9f58d5bc8a21202a50954cb82fa5ba7be5ae21dd146557dc26eb2275771d3e6f3f52742393312fe969c85a0cbf50 |
C:\Config.Msi\e5e69b6.rbs
| MD5 | bd07e64324824aa15124fda0bb39377c |
| SHA1 | 4f29e2dce5f29a821e244d2d4d3c18eecf77d498 |
| SHA256 | 93ff47053a1c099c8c5406e6192e3e9a109a7fc92e3e066de524a78283f7d8da |
| SHA512 | b73616130779374084dd774b1b184116cc8a98470c96b0b9335d258acf3bc676ce4182332b5b0b6b4cf146be6b1826b3efa96c5926ea9995d0f4529a1d581657 |
C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\VMwareWorkstation.msi
| MD5 | 9de59bbaff0031ccd0c5ffc0d146b016 |
| SHA1 | bf8650497c5a35672a154855c8f5cdc132524f50 |
| SHA256 | e07b69e3a884cf6d76c674fc290b1b864653692cd5eb291f38b5e83c2bc20cfe |
| SHA512 | b0fcdb5e887760f6da301807b55285e12163fdc68856d7c384d3136faf60613f728750c5e496bebba47c12eb16ab2c7dc470e4709fd42e9842a676b0fbfbcfa6 |
C:\Users\Admin\AppData\Local\Temp\MSI917F.tmp
| MD5 | 02fa1ecf741cdf5e6b05540bbdda424b |
| SHA1 | ab15a90ec37b900c8bcb6961c41ef8a519676c2f |
| SHA256 | f88377c29ab7b75d14d366e27ccb7ad81536f2233aedc6f2d05a1ee9d7dde0e0 |
| SHA512 | f9b32a5af2ce3befda29562d081483f4a87ef94e738202d27ef47a2d0ee4a81bad5793d6d2f08cf4db2391b4b32f38690ac153458cffd2ba6cd10fd95d082295 |
C:\Users\Admin\AppData\Local\Temp\vminst.log
| MD5 | be78724fc25f9412358cb5c04c8a571d |
| SHA1 | 5de528d3de443323889b02719e1ba2b2a84ce900 |
| SHA256 | e3a1a1e0399fa4019b74d988cf3b2f542befe5c001bedf9c095d23e563af1ca2 |
| SHA512 | dc10a1b88ee597c5e472aa12ba233536b0dc49fd02a1ce175eed6507a476a6d7ec3c86333484e5f22f479b109fe4d9a4bf66e1b26d426c383084ead9e93bc24a |
C:\Windows\Installer\MSID820.tmp
| MD5 | 2ebde9d1a578ed1c78a79b2279be5f1b |
| SHA1 | f55b8c2511d82032e4e8d503b4874396b91fff07 |
| SHA256 | fe793fc1b303f85837fc6a990caed01289c02e24f3ca497566108198fe6af5de |
| SHA512 | f92709052fefc3fc89ba07562a093d7a22dbd62e0a38d3178a93275b9050984430bb4ef5908871d29f591bca75b2a19f9202794a07deecaa1a8df86d0ca94f20 |
C:\Program Files (x86)\VMware\VMware Workstation\vmwarebase.dll
| MD5 | a2ef706e1ede9b52477ba4bccc08717c |
| SHA1 | c47638776b019c4dd729eee8d3f451c51cf65eb7 |
| SHA256 | ca16d280520998b822f17f4fd825443c57814d6db008ab90ee85341186a707bf |
| SHA512 | 873b00dae7ab7f8e33fa39c35d8150dde7f8e1fc29bb456daed012253fed51a2ae91cb48a4d1806ff71614b4153b97a8947ac34aeaedd56bb54aaf4bfb32070d |
C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw9-config-option.xml
| MD5 | cdae15f623a66d694d299f1390fff656 |
| SHA1 | fbfc1a118aec4ad7558b82fb5378fca06a12fa9f |
| SHA256 | 6a846f6e1e5112a3efd76dc23d97b9c36abb7bf62f9bc202c1f840a3f8dc182e |
| SHA512 | a79ca6d4399b2c65090f45d0de1016806396ad05184d02ed54a55e6f8af1a2833220c1efaaebaca4fb777d224e409f5291d340df783a3db0963f8b01c39f76e2 |
C:\Program Files (x86)\VMware\VMware Workstation\solaris.iso
| MD5 | b5aba6636c365a4925cc345793acfc18 |
| SHA1 | 92dfab989f193c072641fc3cd909d88851d0034c |
| SHA256 | 1f90f0511d9a89a0e16401c3411f42d2f1ddb5147c605f1e5a535ba179deb864 |
| SHA512 | c3b6489bacb51102e73d34c443ee2e3b44ead48da0e7e2b666d3c206b5deba46d6d222a3aa93a8dd3b50384d57157671ad01ea1829a38faaf2155640b95b1674 |
C:\Windows\Installer\MSIF2BE.tmp
| MD5 | ba3165ec14e657e6235d6d789e9e25ca |
| SHA1 | f626fcc0e7e7f26a092da6a995f5936a45c4f71a |
| SHA256 | bf93de4755822425f3fd3928b52d2a6e6c91ab069213aaaa95695ed3e17e72e9 |
| SHA512 | 6d83dd60b1f8e8d93ddbda657b1c75f86c1f5f6eac899123f6ce498f5dd1a5abf05e29776144044c6a848e8fdd2b9a6a5367c4b249b879a310a260fb6b55b6da |
C:\Program Files (x86)\VMware\VMware Workstation\x64\icudt44l.dat
| MD5 | 84e14155c9e93c98f80207fb91cc3a61 |
| SHA1 | 22786e7d14b7af1019100211ca512fa835ddb41d |
| SHA256 | cdb07d4d84bad2ae8fe1d0e188ff1921db083f8b3976361fa3efa2c3f6748ae9 |
| SHA512 | 3020466948b8a6e8d926b7dbeec2652280cf08d58d2bc1412af537ef32204fb5bb44d87d1ac95edba69a7a6faf15dc6055777188354d012fd0d371e17a4330c9 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation Pro.lnk
| MD5 | 5b85058c3553aa567217c87b4b051464 |
| SHA1 | 6b251343ee54cc6124bb16caad3f05f0a8fd84a1 |
| SHA256 | a466d7531f46452ce23a3b428c500fb420e69a2115d47e8eff0e972e1b5af97e |
| SHA512 | a34828f0f7a0cfd6d365ab6f1e789445bed1fa1b780319ab106fc7c3f393a041d1969d5672b774e5910c98030faf9c10efbb3d50a989373bf083f1915c251a69 |
C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
| MD5 | 073031b8b6c10cc6f42eccb1bc88cc8d |
| SHA1 | 19a8726329aee9a917f984a8d122126bb3a2abee |
| SHA256 | 89cdedfa74709317d5c46faf464aa104a7dbf8c64ae2413cd93020923441f1e0 |
| SHA512 | 31b41573b16237b81e03bd5df14327828f9f9ffef7d44d29c92ec7ee24523ae5cdd77cbc4b60fa0fe1155b2814fb829d5fc001b0889dfb151002a5749945eca0 |
C:\Users\Public\Desktop\VMware Workstation Pro.lnk~RFe5ff4f8.TMP
| MD5 | 25652bbe13be426fc73600b26929081f |
| SHA1 | 85844ccb3327522e896bb254343da588492df22d |
| SHA256 | dcd05d9fdaabfb5be703ef79c85bfc9f7d6c413eaa357b5ae78123f3bbcd1265 |
| SHA512 | 803274f11d8f699ccc62b127b3704dea7413d4205313c8e20ee93463a9a2da3f21b7ec40f8904eff643aa811950939b2498f9b7347bc8e59ed526d3408729828 |
C:\Users\Public\Desktop\VMware Workstation Pro.lnk
| MD5 | b7b8678eaa4486e57368142c361faf91 |
| SHA1 | 9676d6285caccb0c4c9f3fd081270d4899094010 |
| SHA256 | 28b341ff2161fa78f0d76744acc449a54790a6e22336b23dfb1c5417a048cba2 |
| SHA512 | 84a3fafe937dee9145edfac4fb32b08e99a4019b1e8dc3854ade8e38c6d431a2f2763f5ea1f7a22be62ed91cf661e92db745addd28cbb6608f518f15d0ab89fd |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk
| MD5 | 6fcd500ddd66d433edc6fea47ece5698 |
| SHA1 | 56bc8af248546e7ef9c440e076cd6e396480ca63 |
| SHA256 | f81c8d98e4282b7e4d41459f6353251d2ece2891350a8ff9f90784db3009533a |
| SHA512 | 49aa069453297ec5a23bb96d893902147a0fa6b192438705bd99efb9b9b0c4aea8f2412d258bd9d2aac19c3537af99411c07b886e35fc48d5ac6cfce3260fa2a |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk~RFe5ff546.TMP
| MD5 | 405cf3a34e49e7aa88395af4d7a13f22 |
| SHA1 | ed014f907d6aec02fd47fddb46b38a1b9c424571 |
| SHA256 | d2d6dc785f77aa5cedafa96352ad64ee5686e14c13c7564ef9f4689a5ceff69f |
| SHA512 | b0b4bbc08023f5971f806e33b57540adbf091a4777713eeedc5dd5439c498020be453d287e9c330a3ae95d2643be0acc6c35abf9e9b3f080a6df8569d14db6eb |
C:\Windows\Installer\MSIFCC8.tmp
| MD5 | 4aa882a8a87d248e6b2d4144f47bd568 |
| SHA1 | 6a949550f3c7fac710ea7d7801fd809f397c2d91 |
| SHA256 | 6081f9d9040dd70c74c1f5ae51db1320ba3b3e9e6a5cdfda22a6f5e72ef38d4a |
| SHA512 | 9a91daf5c128e09912ffb6e8673d0088825ba13b0151cf23b17d531b855fb1271637ddd3c92e63c704fc135ce3b703d05dd3d1cddfe452b8844af78cdd2ba6f1 |
C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.inf
| MD5 | 8d997d8d1105556cea9726b2aa38949e |
| SHA1 | 57f9c467fa48ad4585f58f40120778080d4003ef |
| SHA256 | 9cbf08670ee83cb7956473072d7d51a709da49522a1109ea582425d86d88d8f4 |
| SHA512 | d52e6ae4e66d33f3632e349fba6e13eda805764cc4d87920048af779148ac87a7918fcfa4f307a9fb19ae9b5c58b94247ac09433ba61afc0515a5bec3a5ae314 |
C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.cat
| MD5 | c969983ba8f120def2953afe08b2f164 |
| SHA1 | 2aff93389846c5b107d67ec0886a342ea18eea76 |
| SHA256 | ea696506747d3ab4a9c8b8d486b4a886ba4cba7b65eceb1d89c6ce54be6c9c20 |
| SHA512 | 30f69f57ff3eb07cc0f787a22aa42245246d9b6e657b656c82335d6fa78b3f8534027c4ca28998d72872cbed099ed45b8ac59bd3c7e69ffcc133510a37632ad6 |
C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.sys
| MD5 | 092cdfca61db22f6ec3ac01255bad56e |
| SHA1 | 565788f4cdaf423078006d4bf480eb4b022bfe72 |
| SHA256 | 965c2e680140329f56f253f9a5bce8745a9664fc56aedb58bdb57e126b0aa1c5 |
| SHA512 | 7d5e98e33a60d259f5bceb9431c1d9630bf43f479631b9ede5ba8f8d4e761f9c67971ed5347fb7d3c1234f15a75e252b4e93aa002a5d85fed751ca0b64a5e24c |
C:\Windows\System32\DRVSTORE\hcmon_AE2641AF84DF5670FA8422233CEAC89B307A0500\hcmon.sys
| MD5 | 0f300657289a1a2d168b8b80e900055a |
| SHA1 | c5f93e3ef6c8227009736ac8b5d314ff21f48c51 |
| SHA256 | 94938835f53b968665eda2a7a082788dac0a13ee486e3186387c0ff7ececfe8a |
| SHA512 | 035d0e1430ec7206cd7995f912f11310089367a452f10924f79dc2edbb958bf080e86c4501e3b7096ec07e7f4b503ec4751b475f60927a333edd9458b41f36d9 |
C:\Windows\INF\oem6.PNF
| MD5 | ea436ff1f464872273072e441dd8de60 |
| SHA1 | b9809fc4cd4ed73bec238d5918c2b9a19bab7d46 |
| SHA256 | 1feb5078e691248db3fed44291ec2540a47626312207f446e06a8b0fa5529ea7 |
| SHA512 | 985b8a4c0dc26c04aa401d28023c64922fe6952038815476603e6bc0913db277ad3087cae86c8df5692ccf7e63523ea3cb1604d297a4c6d1bb9a114dfe051814 |
C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.cat
| MD5 | 24236822ba4e710e9fbd3401c78131db |
| SHA1 | 83ffc5830cfcb98b6957f7802e4e7fd7816dc1ff |
| SHA256 | a58b885df4777c61b577af7569eaa5ac0202ea50f55fe141e9be0ffc77743a50 |
| SHA512 | 714f005f882ad0551fbcb74ca4fe4a0ab6f3bd998879dc51ab2911190919080a55727f4590ddb96f866a02f6ff9cfa0cab9a48a543edd35e684f28b3391171e9 |
C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\netbridge.inf
| MD5 | 76e07de9fe56a25f27a695691c9bdade |
| SHA1 | 53fef434d80383dfa266c632e6d374611c38319e |
| SHA256 | a3bbff5810e7d94a7490e06d5b420f734ec02f4fce66274930e024761e01049b |
| SHA512 | 813eb5cefc1075357dd70285e05e765ba911fbf65cf11975b1b241d2ae3bdb8520f07de9daaf29b28f979c97ef59bd079f63c297b8218072d0f405986fe4364e |
C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnet.sys
| MD5 | acc036a64af0be34d7925e24f5bbce36 |
| SHA1 | 8b9b372250219c3d08b153f630b36dfdd2823084 |
| SHA256 | 7e3af2553ce93dca2a7b2c42e1c839573ba37e393e9e7a5e200dcc2df4f7fda7 |
| SHA512 | e2190fd5e3644acd73ca86485e8d8bc1886a5ce767dfc452cc8178fb6f24ede82baecbc9e1693982307efa442ee39c19911dbe8dd19eb291595ec671979f63f6 |
C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.sys
| MD5 | 11e92a49a113d80fc43219ce21468bcd |
| SHA1 | 7401c5adec3f548195c1cf3fa85c266e476f1283 |
| SHA256 | 9237ac240f3bef26001bc33a670245d368b727fc43e031b6a48fbf698fdc1def |
| SHA512 | bd7dbe2b786a7b0de0377abfc3a7a97667750e842ab5d0e42ef898151cc8a81e615a70536753e243f5a61b727acf3a837536534e65c110a26799c9a2e3b7a7c4 |
C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.dll
| MD5 | 70d6c2e1940824e5c9deac0a2467603d |
| SHA1 | 5dd4a84bfed0eb199a228abfd1804c142e3fcbfa |
| SHA256 | 0e8d73db78847ff2956c471c009088c1754640a06f877e9dea061bf9b6c287fd |
| SHA512 | 6bc3dba5d026896f64bc2131d37f155b3dab6a3c8bac758433b8776255aabb10e24b8553c05131ee13de31b323620b4d844c141e267eabfaa9c0d62084ca8417 |
C:\Windows\System32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vnetinst.dll
| MD5 | f2338bf0d8f10fdc55b712e9c5240937 |
| SHA1 | f6e0b2151d08d2316b685aa1a8fda38af9c888fc |
| SHA256 | 11e605295b184468b69d444edf35707567615d16fe5b9ba924edcb76527f9002 |
| SHA512 | d15c92ef1e438fa4313332cc57d39a9ef19584cde8c02d328983215544d823ad838d68b975b825afaff2a6549eb06331d7fa0833fdbf2fcf43d5fedaeab2434b |
C:\Windows\System32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vmnetuserif.sys
| MD5 | 502d7759a8ea951315b74ee12a629f3d |
| SHA1 | 0f045b7a26a8ec4e5647be4c423c7cb4327fc213 |
| SHA256 | 26b2cd990adeb32ef7e4c00c0e447c64c9a7811de2f398d6a227ccf26e33da72 |
| SHA512 | 33b270a48413e0478432ea3d1e1fec8d71d876deef63f106905dc57bbabf6aeea74f01ef539a2c17d583e4e10d9262187a6bd9531220c8278ab4a44191aa9c52 |
C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\vmnetadapter.cat
| MD5 | f705d1b2884dd89de05b5be1b5f091cc |
| SHA1 | 15fda464b0e6152f20be66478e5637bac6738a44 |
| SHA256 | 2fed201cfaabf39aa9d32531759ffb01b93e890ab28137983ac0a0f1b76cf4f6 |
| SHA512 | 740331cb30d323bcd5ae0789ffbb0620baa7a485241b6c2e4064265397f40e8510fc6de9758b5f5cfd41888b29ed95392b73b3b0812a1e207e46d72e6d521eb4 |
C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\netadapter.inf
| MD5 | 513ea5ad5d0192b4fab604bebaeba1ca |
| SHA1 | 37cadf97b3de820bb8a9cc82da50f969bd9ee742 |
| SHA256 | 8d3180911c7397eda186969813dd6aa6447b2e247d1dddf8cf15c82f8c187c7b |
| SHA512 | 8459e0f67773be7ec6d3ef08c3c9018e78719797292e92471b7b8ba210cb5fe3946e3f99d23930d5454a223907bddf40e3d7c8cad8aa6063c1c26ae7f1744b33 |
C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\vmnetadapter.sys
| MD5 | 83b9f3a1bd3afd531c19b5314525eaef |
| SHA1 | f857b40f1d837ee9bbd0e33cf4795d4e8f20b1b9 |
| SHA256 | a75125186847fb0e6d4cd755ccd68431df3a64c8786125b6110589054f9c2389 |
| SHA512 | b48f3b039d8d11e25b9978eb9b38b7282793a264878258ceac12a243cbd344dbfcb9d5e071a422209a83f5330b7388caa8344cb6c11598e1fce1bc43f649384e |
C:\Windows\Temp\vminst.log
| MD5 | 47f11b72ac3b70fe73999c9ac9a32e78 |
| SHA1 | 1555ff3853940ada3c91ca306f198b3e27096f23 |
| SHA256 | d804014cb51b54b3a965f626d2dc98f370e933534f95d1d526f9924f473eaa06 |
| SHA512 | e9a91271568929b47a6f117c2a5ec8c214db58f3c3d6be340407cd303b862b0f3d0fe565cba4d03b84989a62120a498d29846502734e2feac21649e7b171ab1d |
C:\Windows\System32\DRVSTORE\vmx86_0EB6D425AF13AF7EF7CCBE7DA93B4388751906C3\vmx86.sys
| MD5 | 73ebcf23e0e1ee82dedc376c1d312803 |
| SHA1 | aa6ee9d5798254b715ba1ac254ee11cbd70df864 |
| SHA256 | e8de7c03018755a37a2993b2688c5258b46919b15c5e55a85590d8ae3abf1eb3 |
| SHA512 | 03863edc55d819378ed9aaab1771a7be6acc627b3512bf7555111135b486b5bdf709bee5e32f717112397e5db4579ff496fcbd6c92e96ed8d5c7321e1315f86a |
C:\Users\Admin\AppData\Local\Temp\TCQC618.tmp.dir\DIFXAPI.dll
| MD5 | 116eaa5c9bb2cce346a42eafde2dc152 |
| SHA1 | 13c433306ebdafcd983410482fd42685bebadeb9 |
| SHA256 | 57afba202253a7736e7296ca9ad606b9640ad6f5e9c231ee291f511dd469c783 |
| SHA512 | 57d2ce75bd4a645eda5a9a77a6e92789cc527412722b2fcdcbb271c0d6eb8014b596d16e9ed0e72c9e1153e60549d13be2241fbd13223779dd9596e52ee8f944 |
C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.inf
| MD5 | fdb3c5882438a6e996d13a7ab48cf467 |
| SHA1 | 7257251e1b43912d15defbdf01056aef80d043a2 |
| SHA256 | 1e71d0b7aa6a8835986a2d603c7218e792886fec4ea889f13200cf0fdc78a73b |
| SHA512 | 551678e245c37c61433bb06f5bbc1075b76c1b86b06907b0a8d4c1e240b62d13922a0465919f361a6584388d80333201b5b6202b3fa1c6ff7771a58ba9ea8716 |
C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.cat
| MD5 | c888f61b9b09bda1f1fc1506123753d4 |
| SHA1 | bc2be72275b899d848737bfac8e0ba1ea72af63e |
| SHA256 | b69004749d69e2d826a4341d2ac409711fb984fe2ebb4afa2b3dbc03368493cd |
| SHA512 | 9a90df4b4e4eefb48e81853d02e3f2f9b6280636322436b717f0763bf7feca79660fc860f8142b915fc475a20de4d876c1a29687061468609e9cedcb725b88d4 |
C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.sys
| MD5 | 339e79b21cd73fe1174b56d6032e40d2 |
| SHA1 | d85e6a6a585fe4eba6f2601ae97a9db171f2b5b1 |
| SHA256 | 91e68a9891339a8db757c9eceb65371db83822fa56305d61330e50194dc97131 |
| SHA512 | 10d5783d92bcdcd536abbb3650321f150f4f8a0850e99a974dc3e445dd6421b41fd9ce0da951efcc553b5bb00719e11c4c22c01f2c0882e35380a15de0076484 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys
| MD5 | 64ba085bb02e9ecf3b21f0377199289f |
| SHA1 | bf00ebb018e9b0fe63ef3af971ab395fc0ecb7f1 |
| SHA256 | dfdb2166d3010a1e7ccfdc38f0b1524fdc4b79b17b06093b7f9820b637d28343 |
| SHA512 | b2d3e43f291cfc0215c1e1df1d61b94c7e7d7780bdfa8d627edcb58b1298fcc96beb8eaff7567629e2ae1c7ae1b0ef60af6abd6fd9ec0b380c5e20ebb0a8a8f1 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll
| MD5 | abe700a6459d2d6fc9774e0277350ecf |
| SHA1 | cefe9bb79520b3cadf6d1bbf44fdd771487b3d7e |
| SHA256 | 952603279b8851c3739d562247f3f0a373b5fd0eb5a9c3baf1e6b1e608ebc6c8 |
| SHA512 | c6fa33ff10523d408be2e5653100fb3aabf1cecaa810916a0cbcd32c5bc2da76ebfb73256719843700ee4d05a7adf7b18c9130dab1127b7bd8b1d089b8219349 |
C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x86.dll
| MD5 | f7d359d175826bf28056ae1cbe1a02d9 |
| SHA1 | 19409b176561fa710d37e04c664c837f5bf80bff |
| SHA256 | af1df28834936aef92e142c14b1439ca64d070840b2c07b87351174ec0f71d8a |
| SHA512 | e2d78cb2d6f1b2f3c410ccd5272d0b3e34f3cdf25c41605b12e9a1f408308084c28c4b427c915ed87e28f21d662846529711fa07f4357a7f7f727b96a5d0e7f7 |
C:\Config.Msi\e5e69c8.rbs
| MD5 | 484b10c1fc85329c0b4a6a9f71c27a4e |
| SHA1 | 991f0c25f75a4331c1cf067e677e857f3ee4cf33 |
| SHA256 | cf62e131f928c0c7fa6def6d5e86c3718fdbea3b7deccf95d4681c1397f4c177 |
| SHA512 | 994d02ef647cb6f6b02a8ed1e9c2a0aa3ddbff8239d27216aeff08f4267b06870245db6a36df518bc4edecdb3a1887db526b4ff59e99f33b625b0eabfa848d27 |
C:\Users\Admin\AppData\Local\Temp\vmmsi.log_20240222_210854.log
| MD5 | 3b236e40f60911e16fe89f75f0cc13de |
| SHA1 | 85a3602cade7320b2195a12ee9ee5c6d60857a0e |
| SHA256 | 2d02986c3591fa6cfeb19de34c0ecb585d639be1e2deca8e2259699dfba8c795 |
| SHA512 | a61427b0ed43b5d20759030827198aaed816a6534167542fe0fcdf3e0ec0ffd2ed5d1091f6b113f0338bd8d55686826d1b15c2c9e2c4b914a950fba768255722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b574d68444edd93096c5391185863ec2 |
| SHA1 | ef1ba741ec8f94f03afcfeeee34d75ed38097cbf |
| SHA256 | a3429d72708fb2d13e5409d0e667fd31124e8c82fb811d8f6e8c052af468213c |
| SHA512 | 2b7843b776f176146abc7980df3f395f322a8e86c57b8ea7454b54e054ef981e67c58b1b84fcc080625fdfe127cda0034c2851f84986ff1e6baa928771c89f19 |
C:\Users\Admin\Downloads\Unconfirmed 958167.crdownload
| MD5 | db8922c69e6e8dc63f54ca7a62f31810 |
| SHA1 | a405ff6e3f7d79964f26bfd0bf5ec7dea18f7048 |
| SHA256 | 51ca94ed2352f08334cc288061a2747cddffdc138203b43d8f257408f497848d |
| SHA512 | 5e66559dcf7b06def71d0b8b663db1a24851fee4b3451a23b411f6516b311ba5f53925cb44c7b98c223f100eb699fd1c069c17535a173acc8e28bfc38cc66e45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd84f828ac13259f41ddf829522c5034 |
| SHA1 | 9367efc60afc9cfae34272226c18acbdfa2d58ea |
| SHA256 | c49a2a02a8fd5815d854de6368fcdd92baae91c512c6f4f2cc158e8ddf783629 |
| SHA512 | b3acac460b2790a9a8366cec58c41d0e1edc0ab19fbe035990f98c2bdc46633f188548e8438a92dc8cb5da78b969df511b46eed3e299f0bbcc7815ec9b96449a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 442ba7f7744e74db3a6033ffb52d3161 |
| SHA1 | f9e1eb3be778e553e65ec4fb9e9081a5040f9255 |
| SHA256 | 202ba2f8f9bd28e5e300225d082e30c6f9b737699177c22594b31150e214f29d |
| SHA512 | fea1a1c8cb49c8aec9254f3f5e65cee1340d6e02c606853757464ddd12832bb68d812715bd1ce020519fcd4c8acc6880aed58dd5b0044cc7c956ca5e3cbd5547 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f93c4a5b381766b9c8ec183cd04ab3c2 |
| SHA1 | c5fdda080dbcdeffefe618d534b55de8a19287ef |
| SHA256 | 9d67e825b475ed70f05d5e9d9197eae9d70c56c712d8439b1ade104b5bea52f9 |
| SHA512 | a03e9633cca09470442284edff3e0306113065cb09bd8fc8290f6b6139e41a02d0725edea2603c4a8ba4f719b22043dbe20f8b96e4d2857e3cdead4e0d6eb51d |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 9204cced870b901f286cc9284278fb1f |
| SHA1 | 8650fc4df1284bc9c83544a408dfe3f1cc839d73 |
| SHA256 | cbdf1a0ea40b3e1edb55247d0bd345bb9392e58eb3dc03a005a892dc712ca201 |
| SHA512 | 7cc3398a3113924fe1fa39b07058baee7fb1ebd9836fc9ae8c6ba37bb15aa1cfff02c4483371c3c6fb302184f727e62a98d4c7dc30194e9ca5c68a658df3665b |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | a222a15523815db1179142c24ce1e955 |
| SHA1 | 721f2f1774c99ba2cce5149b1be41e3a2d9da7a4 |
| SHA256 | a4b98dc3bc866b0582cca516cee0da1eeee006307fe96e980bd4f62ec4538949 |
| SHA512 | d2b811e78cec9691c1f15b2287d7f01a9cd0c18fd5476d06dc86abfe5cdee269e193b8ee5e523d4e39cbc5a689481de7183c2e1a303004f6eb3d8701d73e89bc |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e5a11cdccd400d6ad46cec7ef0ba70fd |
| SHA1 | 9852195dc379b67987876d94827375544c9726ba |
| SHA256 | 8d9d0ba6c5edaf123ec36a4ede8a35a44e976cd3391f33e863eff45ee67cd0e7 |
| SHA512 | 522b6deb499f4add361dc41bfc4a6d8c2adc9d61d27ec131f707228356067b42a24bac42035eda18d9189f133ab7aafd2a43c2bba936d3043ee59b3dbeb1c13e |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e198ef52276329c4879ad43abc9e0e1e |
| SHA1 | a4555c80a352c44c36159f8e30e8864add372fee |
| SHA256 | 0f53f96fbeea6d3d091155a5e0931ad0a6d033bc429ec135204f0a75dfd97e73 |
| SHA512 | d674f4aa3950fa1e5b44dea0423d00f479be7d9b1cb03d520670b7a115c18ecc3835d5b1a9cf3eea0959a08705283d29920005f91fa4d3afb40c91d5d55a5108 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 9cb85993fc3bc78b68f3f0c0e5525676 |
| SHA1 | a79522c763639a5a0ad276fc5f9e6d65683997fd |
| SHA256 | e8c3eac07c6a7e3841b568c6397eba1aba09f877ccdcd076beae7abdf6676b52 |
| SHA512 | 1d29194fa92fd65c58898cb68936b5c63fa1c6d63d178267e0426fdb5cd102a871044f96e9f48e847cac0007665ca7eec47859c844f14059fb9de56931d3e18c |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 2ae7e8a4e7cdf9f8c146b391706058a5 |
| SHA1 | 9ef69c1e365021c14e190e043c41bd909d59938c |
| SHA256 | 7665f06c50291405f7748174361bc9f35ef3c6dffcb9db4ee1d9785098ee7b8a |
| SHA512 | 303bbc3db16bfebb84a54deee3608af310a58868e6fe32311d8ce83e8e6a5c3c7929d18562c59f88bbcaf8cee731c965c1a93f125ea88d24d0b9eec546ebc3a7 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 805904bf2c5e8f5479221579d1b5539a |
| SHA1 | 601788db693b18f356866571db833d8d161761cc |
| SHA256 | a7b64df21ffcc0649dcff50f94b42f32333860b0a96070e9fc645b5c541d413b |
| SHA512 | b1397c80c9bf468839816068d5e8cea98f609e4e509a63c599e605570e61badb239301035038b4a6b65d23582ba8d87a6da1d4fea88045df4e9060c5d2a2dc2a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 83c42e3023294e8bf6ca871783f7b5b6 |
| SHA1 | 0e137d0893796d78f25cc23cd8474fca7bff3fa6 |
| SHA256 | 064348f30182c330d5fe8da6d3ad5d52f9cd5b094905299f3c355e21e0dd9d62 |
| SHA512 | c0aeeba77ec14b1c5cf974b3cd9daf2333a145722eb8a0ff0353e73dc3258aafc70b9f00656e11a0074d2a8921a4cab4ccfee5f4056845c764d8d717a742d71f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 3c3e66115920872d084d91f2081b2981 |
| SHA1 | 2f4b666791ccb3aba7b200e5fa80fe902007d298 |
| SHA256 | a886239277e057f5feb5b2b04d7f805f5bb7c594d5f335f4fe3fdd01986dba8d |
| SHA512 | 6e8ee493b3e34a4effa1e40612404fd8e40408b741e5939ecb21795b44d934369caaf2fd795c9642c3dad589cf52ca4a8960ddf5a13406d4b85619a9befd24f5 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | b4b181533b26a0953fdb1a6d1fd7ae7b |
| SHA1 | 9644de4162f7fceb9403924c38637173128361d3 |
| SHA256 | 7e77a39c27d92e3913b581df7385180f8313c9e39fac119dd86fb3c236d0f852 |
| SHA512 | b2eb9a72c2a67b1e8d518936039264c83ae858bf92bc03df1529317ea087957c048a9309b72062dd5891a9308fe277197d774d75f82340d50c6bbbfa220c29e1 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 1ddeea700df20e8cf0bd5aa92b64195d |
| SHA1 | 22b944330492a4dddf01380d82d1429b923e05e9 |
| SHA256 | a74e05f620ebd8c6d5841bd2f293b13981307c68a91fc41a9d36a4938906473f |
| SHA512 | 77f6922e03ec1eecbadc4fccc618eff8c0bc2af85ff7ae2b49aca06d050c1711e06721f2dc9779a111336de10f48b5f5b98a0784bf6f8e76c69768a81dab8522 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4068b3f762fcba488c4ac834b443d4a8 |
| SHA1 | 13c843525d58136a6dc833ee9479544af0011b3d |
| SHA256 | 76aebd94d3f980903390b47420c3348f3b4f534ba3c3133f558be590970e459b |
| SHA512 | c9df809ad761365f98af442a6e188d729738ec10368afad1a744b51c180ae1a8f9d4d1f69a3621f65d0519b3bb79f00595a41ddfcd9a5344ff7ae8c8d9adbffa |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | c2c99c1e0a17437b20b6998fa7ee515d |
| SHA1 | e62fd9a994a688f3945638b32067838f02ef5399 |
| SHA256 | d0c473decaa5ceea45d3a6d326c7b84ae8b21405f2c5501141e9cfdf082fc4d9 |
| SHA512 | 2f08e1355fe52c26cead0fc661fbdd38687a660810e525f8464f4b3b9fa315c0c12557927e8b783088120c198179ce7b76f84465918c5633a704e5937612ee9a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | da54180b32e88a4f9fff306b6e095345 |
| SHA1 | 73ab35be40ccfea70a7e5bb7fcb68d3ed3a7380d |
| SHA256 | aca12fd6b7d4c6079aff017968975b0d5fca69ab450cd84b900381cb9d270abf |
| SHA512 | e97dda09e6849bc63aa9e7bda3eead7a3889fdb3e097c4d1e45ef5f3a42509d685c89810e63ce172b7be50b8bfa16a972764582f297bb7fdb5d65116d5773bee |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 1113be3f51de6140c00fd93f7dee9343 |
| SHA1 | f44715b238f68c5601b72d9dc6cc3fa856f01805 |
| SHA256 | 9d4f69f356f2fb1a929775d981979f563a1f3cf733c968071c399efbc6179cf6 |
| SHA512 | 490233ca844565994d30d9e393db28b520b9b5c151b8307924b4ba8228d60227b818febb11c22271e50ea0bfae992a02ed83c1231824deb7d5fdcfdbd32d081b |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 470521bdf7f1feec50cbf54315386da9 |
| SHA1 | 974d7da34b22bdaff7a558ae1a29f06faf572263 |
| SHA256 | 8f31d28a63134854b9b28c220214a676c5d89a08f48aee7dd1a6961af8ce57df |
| SHA512 | 711425945a78ddb1650092665bbed005adec8f600abcab10263a72db810746069eaf3b97c62c04fd6840f44efb2c742f4e5640101229cc7a7c6cad26491d8094 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ddcd7255b46484757107670bc9f8a1ef |
| SHA1 | 7dbf526bf179529422833b0a48cc910558f7b55b |
| SHA256 | 2e7fdf0458bccd7e60f406ed03d818d0bd092a19ae3a182fab484036fb7f0145 |
| SHA512 | 23131cd6130f6bdc0dea89554739f6fed14f3768bf1809f2a2a9a40a70cbb7aa28c198000b827af809e82fac292848a25fdf5ed4dd11e60b98ff4cf2493b1e7c |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 313dfa2aa35a839929e1c595fd6d2db5 |
| SHA1 | 5b096f7db8963ea22ea5707fc020a5cff6980c92 |
| SHA256 | 5961a40f5720684d4ab865cf560aadb53ad1a8511e216c26f4ee10d07aeac117 |
| SHA512 | 5f7d20740968137d25cb0ccd6f2b2de243ccfcd4bc0121af60f3afa6b5dff08ca1f1a247c2b59a643a1fe3199ccd06f7015f62edf93627096e9dad861116a431 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | a53b82ab7b141dbb545115f223d68d13 |
| SHA1 | 9092383404c994a7425ce3db00f03648b66f8401 |
| SHA256 | 1b584df0f78fcb0cca128b16a4e554a8bc1eda78a3d2788029e0e6c110ccd7d7 |
| SHA512 | 3ef6289ba86d37c3c9875b46c702fc8c791e95f468abe89f4db2285047582a56afe371c17a1bb1dbb1d31a5269caf6ec7cbf88d3163517015b77aa48bcec32c2 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4d2fb2e9f6819428226336bca70476db |
| SHA1 | 900720107eac8d4e46dcc372d8f34e49df070a43 |
| SHA256 | b7eee4d3bd09767c7bdbb34c3ce8551968476c2775e98d9933622382b6612c7f |
| SHA512 | aff9a07f96be29d4342a926ec3dec5b1a77daec7297bb9753215604f3f98db377ca9570bf987f67d6224361728cbab89769710386200fd052ac2847050311fda |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e5e1c189212d36d82093ec1a052960e6 |
| SHA1 | 3b78649a853cf9cc1d8f446e42aa981eea5499df |
| SHA256 | a6e4fbf91491179e27d9326affba3542e4fa420bfa419431a69e07be8de9bfca |
| SHA512 | 44b490060b049f27eac47bcc4a43625b8b357447e3253d460c93626bd132da8e2ccbab939cb600610845c34ddcb5dd8c37d161b9f17448b3f5eb734ef95a502d |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | cd5dc5fbf0ce2116e3536f4f9015fef9 |
| SHA1 | c91a630f5a7a6239b305fd55ff2977746aa1b584 |
| SHA256 | c909a412051db483e279a76f5a1b504371a9dee07d28ecc6779e31672a2116da |
| SHA512 | 433d4ab06f8d9e22c0c8e3c2136483364f2d7c41cf064b6ec2564b54aa01b83927fe1f96d384a56c87d8412ea60529f076ebb699d3aeed0dc7f457cb594dff1f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 121dee88af5d288898a9b51bb89dffea |
| SHA1 | d66effcddf0d047ce5bece3ed8c26dcabab47c49 |
| SHA256 | ebee38876126535f2e12f315d522155218de78e658d6621797a4a0b080ae5f25 |
| SHA512 | 2078286ccb71978f416fdd257bd4a37be030dc3c155e0fbd61058f5c36a4da5b6ef36b240ccbbd3cdfe35a078205c54d644b81b99968bec6610851e1e8242cda |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4f05a7eb29793dbd55cbb31b5e542ddc |
| SHA1 | 21f0ed5d1f4601da3e1e1983f4f1ec1fca9cd115 |
| SHA256 | e21340a7fa30afd1b49441d240f0c6ddf884212914a80c033988cb53780c2dbd |
| SHA512 | 5dc423b1c625b838773ac9fb74ae56bb33ee265c53e7b9ac1bb3e883f6dde96d0b99533c6e2580b250d4c2753ffd8d98db5bdf13111e2b078f833e403600ec88 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 3ec568550df71ac6fd01b0fbd7316cb1 |
| SHA1 | 4b2bc058378c7b94ba957258254b4d598e548664 |
| SHA256 | e844c87ac76264ec36e2167042f041f6f4af638b9611a566bb2d7cf8a8cf5422 |
| SHA512 | 88171dccc00003c9d8fd8a7c41a8aad39d5040b3ea49f4c075f8441379d91b1b12ea4c27bd191e19610562fc231f09d25a2da9ebefc6996fbbf97000033b6f31 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 880428cb7b2be04f282e2f5e57109495 |
| SHA1 | a1648182dce21f7983461aff868de39a5ec2637d |
| SHA256 | c2db90a3aaf248723b2f3eeff40af04b6ce876983e4e98459941eec20ebdbebc |
| SHA512 | ceedfbdcad7336935f7a9b7ec7d61f420ab8ef6f45364291319d08ffb929ed18c495ec9cbbc04173bf9e8c4c68795b70673169a93d716f3945aaf0e4bd475b2f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 04c77f4df4b4b3648259ee6c38429597 |
| SHA1 | 042f14ddd26fd07ad4b9cbeaef37ff9d27f9cbb9 |
| SHA256 | b1f4560d3f30776c5be9223b2a26655c8638837d63a665dfa2d8076a7e57e8b7 |
| SHA512 | e6155e9b1c86755f904eb22dbff4f7cac68714a0921f61e73b92dbd2efb287cc97f6e3d8ae7a3606329a0735c0e6429576f6a04bb1187e60422cc7a2a7719dec |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 42d8c4ffdf2e4be78115af772a12f867 |
| SHA1 | dc02603206bdb4f0197110546b43bf045ef28ad9 |
| SHA256 | 0594fe1a74ea38f1382761929113691635cb831fc34b4149f9d9927d8e886209 |
| SHA512 | aeeecc1efd343a0fa5379e0f92b12d796b77477b702014d4c3114ff691fbed40f1a7165be9c2f83ba8509a727482a07e8be5cff6366a88f63638da81d617a04b |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | bcd2220f5ed694a9cacbb10404a6773a |
| SHA1 | 32a7febd60e68fa3d9813e41d41978986f0b303a |
| SHA256 | a83b7688912a6d5f59f885c4bbfe182a29668abc5074d43707c158a93fe86370 |
| SHA512 | f92c58a528bcfeac01fcf1196038c458f6a08a091969359b0d5dc6ddd4b7cbf4c466343093d37de9cb6bee216fc8f665ed2eefa5535534510035d275f2b89a69 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e5cc4ae2d09034078a48b638bbbca017 |
| SHA1 | b1bb84bccce0ee0ecabaa1dd2a86bc294e38aa0b |
| SHA256 | ce8c044824a77b3234f2ef8ae7daf0435f2d5360fcddc38ba5a7cafe2c93f9d6 |
| SHA512 | 0ecd5e8cab93a01bd89f303b5c70c8761940bffa672a6ef83cdbb6fc88816d3e897e7bb0e665a8293ed60f367d4350cb53f5dd8a719bb8940a499b4544620c88 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4833d3e422eff9a193e76e3cff03f0e6 |
| SHA1 | 506003d58ee409019800ea8322babe3c8dde1423 |
| SHA256 | 25e8c053252707e9b9c9b17a08066d894648c28ccbfa913a128127c64043e6c8 |
| SHA512 | 0e6bb3de5c1ae92eefc505c0a1c62985ae22afb49dca021c3286a1c699dae751d72b3006906364e0b6c57554842bbe969bdfadae869dee69eb0b7d21dea47696 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 3413365a9a9556a476207ae8ae148d39 |
| SHA1 | 07112bb7cf36838ebc02563705370d2c25cda423 |
| SHA256 | c98b7814408ec2434c9505b7405ca52dcb4f64bb7523a5c681ed6331e6e52448 |
| SHA512 | b6d159530e42d601f71d32887c4603e2b2ba55abaac2f642a7c762e315d162e8c2ac84eabc8f23842a7b2c233822fbd264f0ee8b0716ba8a432e2f3f1b70a126 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 518cf672c1389da078f6957a5c4104b7 |
| SHA1 | b15f9ba9aa3eb1db6f5949cccbdc0a37bd6cdaf1 |
| SHA256 | 06d6fb90d3367692c2d3f23c5c437696eccb410f7da74103aa9dd27b1a8feb83 |
| SHA512 | 68235a8a5b94a561475a8aeaa5265e36236d5548b5e211f18fd6c36a2033d2eeb7fb5ef8b95fed924bab6f8170cd1d166a531f8dd59d76c579139a74a4cd1d4a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | d302e558f759730a5459c1e9040b2f33 |
| SHA1 | 7f64c73b0da614e47354630b41fbd465e73025ef |
| SHA256 | 1dec339beb649205f38e5044c7f5d3bf81e074e9289e39b1726ec2c0839d84c1 |
| SHA512 | 09328335e728d4c8f0e2f5a229cf4be73cf13f4541ad01741a46732f80c89d52c4f2011117743e175de5ceb072eb9085a65f62b0ed63cf8faf66ca63315137b3 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 54a6bfef323e51dd38c466c9370b3311 |
| SHA1 | 49b0115358bd0b25879e8a98d96e42b4867dc49a |
| SHA256 | 464971bb7842653249df21569776f6b710649252934062e7c55bbc831312e24c |
| SHA512 | 0bc8898ca73fe3aa9752c9c77520481498f7870602e67b0653df338c04dafabec45152307c3a2c7d31775ab81788526ab0dc8fa61a4cfb6ea2f49af9f205ab12 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | efe83ea3d11ac91020e48f7c53d6f060 |
| SHA1 | 6c8696bb02bdf15c33a13f2cd675131db52c22fe |
| SHA256 | f63e07b5391c6f5077d310a20e0bb3e0228b83342c7fefb14bd416f17ca930e0 |
| SHA512 | f4498a614816369d91b03fa8d92859e08da3373595fceda5d5a46b353add6fc220c1c652e76adba6c58aa3339d26ea9ff92cda210cdd7eebf062dc02fda5b3a7 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | a254a957c6968ab5b343f4eb22b8fc26 |
| SHA1 | b29ebf88008ca13ffa5af8bfcd76053056e20a6c |
| SHA256 | 402d9ed227c7535215a748925d095564bad7554c867bcbad349b3410885ce2aa |
| SHA512 | 74b472e38e7919e530bc2ceed81aa507d11c58ed8180fb0d8eb3c71340c37e4078607ea7a1cc5213b9cca736c20bb338592b9a355a30de9b8a4ff4624af356c6 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 7ec3b3a7ccbed03985d34a0d9c23d8da |
| SHA1 | 64f974f03bfbc4a90514d7238dd7a43b18ce14d5 |
| SHA256 | 0b4ce8bbb67272cbe384f6e9a032b638f6ef7a0d3e69ae32ac0558634838c698 |
| SHA512 | 7242abd0596913168b5b52830b65bdd7a80af06a59cb0ddb155e86f967bdf1c5a690aa9302f991d03f9a4b843a91e68f3bdf600f76e735c14bc9950c107db791 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 7337c8b8c1c1ac88da8ad07b913cffe6 |
| SHA1 | d498a425cb0f9ba30b5d09631e91457d4ef1a0b0 |
| SHA256 | 72c64103c86aa8428e1ea1ffbf01c6a9137887e72d0c241b87b0e3629d461460 |
| SHA512 | c537b22a339c2cd136095d1d24b405a524cae0d1fd6c095337028fa5e0ccc4cffef75ba75a15de8936e3ac421fd66fca80afd2156226b789ceee9f4cd090811d |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | a568ea8c8061a3a28bfca8270a223913 |
| SHA1 | a99b377ecd15136e028fa01f0b799c0e3d1910d3 |
| SHA256 | c925934486a56fb9035f6671c75277d8daa65f6157f640df649bdec044c87fb9 |
| SHA512 | 85f867d0dc5b0568bccdc480efb8fc8ceb0dcc966e8001ecd5af76749f58cea2c1fdd1bc2baf9d02494d45d0fee2297736157711dc27d36dc7fca1af53c9bf66 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 00ad6bf757b77dc8fa7a0fe7b9528766 |
| SHA1 | 172c614f711fd8e8228e5b9fe2b4ec086b08ac45 |
| SHA256 | c4f601c1717fb987240ae2881589c6e555910cfa5828924c5a1c066a90c2e64b |
| SHA512 | da5b54d79a415fe090fe061c0f5dbe6343d586239531e117a48f9b8b1d173849b45b0a4581fdde358181ba05016a8de4a83637f1ca7c34e176a512861eafa55a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | d89d5b2e5d7e7d8bb4ba2486fb13586f |
| SHA1 | 0f01145049834361376acf087d3bdb2a01de20c7 |
| SHA256 | a30d172a38c187572ee50a7ec58cd335b8552a9dbadb16fea20d416b27d4078b |
| SHA512 | bc55ac2b9d99d869a9bfa979f72be88a5b22793628d7fe320f3f6c996304fa8e05d5d49eec25832181adcc3de465d23b578045d53b668a0a9704df9d4c2518e6 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ae38826a0397ee1ed8487420a7e969f0 |
| SHA1 | 35d041c9b7c7bfac9ea141d0011e4965655a8fa8 |
| SHA256 | 2acce48e0fedadc8ebefc9834948969c7703b1bb263aae24b29d75b3a57db5ff |
| SHA512 | 73b404785f9c079d8dfd785dd8a4b02baf5820cbbd703a56c69c8de1e7053c355647a090a83f221278018ac3ebfeac8b645e304ab73f63576cd75f23197707d6 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | d6305210b66dddd95eff4169d871618f |
| SHA1 | 6c44fc3e0d684ff6808e77ac44a5ac8edb85cea9 |
| SHA256 | a34152f51209ba1c28e00dc4464e171df1ca63e8fe14d37337f3c3d49616c4c8 |
| SHA512 | afe9e234c800a95199a6bf926509b21074d80df0f1e783ffda171e7f78972cbc860dbc9ac1b4bd8e53155193125f70cb29dec406418760bcdf7d023527ac5cc6 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 38009d2974393b9a0dd6949575433739 |
| SHA1 | 4eab2ea819f448f08e5540fec92164a12d1cd66d |
| SHA256 | db0957d30e3bf5f15d0f663f9422dfef75829f2fae41b56786c0adf2e80c79b1 |
| SHA512 | bae97177020411f914755e084639c76873324d84088a09170a7c10a126d5e4567779d90c2d64e2b97e5c7dbfe44bb5b1bdaf8568edded130bb155212464893b2 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ba74767308ca22b8a25390b514d09f6b |
| SHA1 | 6e3e7825d05f2845729908862fb42facaff41d4c |
| SHA256 | 0a0fd8020eaf8d6f937ae248a38949df635f403ec1d679fb6ef67e12d54d5798 |
| SHA512 | 5a6851987edfd87d2ea2f20c6c0afd985aca1b58f7f2206d48e1fdfd16f3c825b26e69c1241f00cdf5f2459bf2be0f462225a88569ce184ac46d93cdbdc1951b |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 2133aab86e9df96eeda416cfe449ea56 |
| SHA1 | 8a1b5b3d2ed0d1c86de2523a0a36b245fdb57143 |
| SHA256 | c845ee938de15dc5d7a66aefef884249f1b39d47e5c947312b81bb0df2f59609 |
| SHA512 | 8af58b5580ed7e3dec072610c3f0e23f7316a82667d273f9e4b8230376142298f50b7003417a7ef21a31dac73e98ef91eae783844be0520ec79ae065d0851438 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | f631834766d81b91d12322e314f96312 |
| SHA1 | b04ab2502ad76dcdabf1b61f2fb0f766ba9b1601 |
| SHA256 | e10db293261bd758f45fec5b6540b64bd820f30af0054dc76f60c9281b3ee349 |
| SHA512 | 9ced3313bf6cdd60d86ef9fc052493fa7e5ae93fdff7b442aa8abce11172d498b6e1b6b723d73eace0895976d8b111142dd69a9a34c4bad959f85424b9aec499 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | f2d667f92b686a8ab760c772c102c69e |
| SHA1 | 0c79105f3cb569ff773e9eba657d226f3ca41030 |
| SHA256 | 13e9f27c8103d84c6e0038d0d079d0efbcb2ce6dcf68b776c947b9ede4b32211 |
| SHA512 | f0cd0fc5e74d6b345e517210a43cf7552b7facadb9fcd45eff74708ffa65b04cbdcfcf67e8a53ee71db952ce93c1be42969f796f7682ce49750822a3f5299a73 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | b478b32ac6c4a32b8882de9d95ff93fe |
| SHA1 | 8c325d52fb1f7ae4a912a87f0148f3f39607172d |
| SHA256 | 7027e691c58e616ced69f0972b132ab038856d516c6ac28a7455b77b009196c1 |
| SHA512 | de8e7f743e38ee6085b2c22692ff2c57ce62683fc20a5f00ba6f11bc584c56d83c68c4f369b552064b57e6d571b554277a53b12f3371479fe3ffa21f3d5a7bf8 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 51a914395b29421cdf5d7ec3ede74af6 |
| SHA1 | df859a73d65f66244dc68170af1ca7d99f3c0cd6 |
| SHA256 | 41332eede3074c6f922d3bb615fd8cf03dbd48303b3671ce5e4ae07f9dc650bc |
| SHA512 | 8dca101db0e7ef208b87a2fd7d19fc7701d49e0426682adc3e698c549322ddc7d00aa1214140ef862e634116788c57f0676d4a4638351d0e5685761ffd828fc8 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 8d64462a84f4949b5228192278afaf7f |
| SHA1 | 0e835d5f7413aa877ee5890955b74b96705dd85b |
| SHA256 | cb228e60167d1919cecc8db36444c9b0a22a3668fe806eeb01d06c2f8fc238e2 |
| SHA512 | 6db9bbae73a485073562d928c0fee855eac5a8945403739f5c82a8c67e1d6ada067da084a99de24c47abc7c661c00ceff6ce6e2fcda9919cd7b3bfc932a01066 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 289ccfa0acb0bf07643a5854c3234cdd |
| SHA1 | 9654719137bb3e79592085f20f7802915bbe6542 |
| SHA256 | 734c344fb233827079b8c00270e4a92c6a35999640a29806f148dc085c8aa29b |
| SHA512 | 84bfd076f2aa6f80a548f6892f5aec4fd2b749f333020ef7695d6d5c8c2a17c817de655f57a8b152c836362825f8bc5dd89f5f1c4174ee7a10799a7afa4a315c |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | bbaf359ab566498d9188759ac6be26a2 |
| SHA1 | 01a0b813c9fb5bab16c6319c64d15d0328d0fc5f |
| SHA256 | 4abb76aeb7ac6fb2c02dd73d7e6e6b805bc6188ca71e1f4f9a08a203aaa4435a |
| SHA512 | 9b0c97baebd11523a4151c3b7e80b21dd4d99763216f909ca823fc299bd1a94504ecac31879d36d3dd710be7442d78296dc8049bc90e335a658f093752f7e0db |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 1cadc3d0a44a3a9b447d4ad2f73751b8 |
| SHA1 | 5552f8c2a3326d1c8314ef9cc2d022a0ac7fe279 |
| SHA256 | 05a83e698c06acd3e2341b9f68bc30c0b3ec0ce4d283b1fba17cae546e25d21e |
| SHA512 | 6af1feba7fa8f6d4247686dbbe0eb2eb6a2f6951387ce99a9ea3c19be578d5b774e709474955d5b44449f95780fcb65b5ba06ed20be335aaa79123339a429c66 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ef316a535b55bb0493bc1ff5bc5ae237 |
| SHA1 | 20615f095b393a264cb768c19c9cc58d352e44a4 |
| SHA256 | 4c9feb05ad629c4eaaa3119e998e9295fbc879c59624aebd35904343f5284fb9 |
| SHA512 | 51fcfff4cc83b602d3b4b461e5b0591ea416ff133c085992f301cc2a98467edf97df311894b471b7fded4ca0a55a496eeae0027fb8eaadde055ce1ff29ff25be |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | f13cee2ad66eb87851ae6e4cbf279aba |
| SHA1 | e70254a138b3f5e44654419acc702c3c7fbf7555 |
| SHA256 | cc4594f2ddf194a4f74eb2b59942d554f97a9b6c123c175dfa511ea85076e1e3 |
| SHA512 | a787a521bfd40c268954a9c91c4b710e32657ce5d06c32428de9c32c4fd61a8d71d00730e03477636862511ba51c262dff3ac6fd9826b22e575ff0f8a71bee4f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ab606c2afb6d00a6f4d8ec3da41d4c3a |
| SHA1 | 9f8e842e2f1f117fe8128d2dc11c593295d995b6 |
| SHA256 | 38e58dfaae019615aaf119663d29dad1ccca953b5566a143d279db90ab295eab |
| SHA512 | bf1a00e4c094240e95d220a4f1ba04e7da0f3b2e50f21590a88874f8f2c825ee7b738febeb8da6f8e42730e607e33650461518a48baf220f8046febb9942543a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 078fb14a64595be056a9aa784860bb1c |
| SHA1 | 16b857ad08a723c167258853fab5bed4b5815c75 |
| SHA256 | ffa4be0db5b75f7404723cdc89098350065b9fd1946985007a6014d3af85c4ac |
| SHA512 | a5c7244f8a8b8cee6f74d1c57b35b11f9be91f50ed715682dc2481eb414ba0d6b544aa9369ffa2cad54bd6ac4b01bee5693f98e4ed1109dcb394a77f6c2d0365 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | c259678aa2aef050974398d20736abaa |
| SHA1 | 29d971908339559b1cbbf56262c90e23edd93704 |
| SHA256 | 7819ad0682573954f5d856fd1eaa932356ef6dc2f367b798a5a8a3a1df030570 |
| SHA512 | 3e0386279715614e6f6f85492043cd65167da2b2cf40c425d02ca172170aecd7e94d6406971810278ace920f8f1b0c6237e725aa4a67b9ca24234f63cb3e2e90 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | b0004ff58b976f9e51ea61f9ccbc927e |
| SHA1 | e8d122f81e8d2646102736e37818769bf8931ea8 |
| SHA256 | bef3ed79477893b78a28c25e83cdb174906943bd03211de5b3a93fc386f57b04 |
| SHA512 | de765362370ccf0d0109a840b570e8dea6e9e2fd5ee9ebe61f7d72d154253db1cb1a8c5a96509a0e15806d75e379fa343cb457bc8e22c26e4c093410fd0daeea |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 21a77651b76c00f76912363b7d128dda |
| SHA1 | 31ff5e33cb068ff02f374c2f19e622e5dfc8bfa3 |
| SHA256 | 9d94afed28691017fd7a4b4121001212b3287760935cf36006668bd142629d0e |
| SHA512 | 1fed3a9739b23f02886b29f14c3082317d3378fa50ea721a578afc4728b2c9fd485407b24c32eef5be12f1b9e606a6c9a64b84b6fb02f7442c6c9d38b854ff43 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 448b24eea6db2a2aa061f4276f1ba16c |
| SHA1 | 144d7678d367b0c1f428a131d06954d19e633673 |
| SHA256 | 75a04b06d9264472c60617e1d29922d1f8f98cb1da4cab53aee8c580bb16cabe |
| SHA512 | 1f1afb6cac70b1de38ba02d1d9f3f8420c9f00b32ad42ae67d9cb3cc7da84f52fa7e87908a22290f2116a4a746cc2e1aca3ca4bd590419366682a7a655945749 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 0832b0602bd0aa780d78396b3646c4cc |
| SHA1 | dd6b05b5fb5048852b55b087cbfd8c507775db48 |
| SHA256 | 5de14d539b10e20bca0a2ffdc37263b0035257b1900bdadfc7db47c7443397d9 |
| SHA512 | aed1ab482acc2fd859b67a255ac4890782f234b2eb23e9a596d7d30406146231fa7eea347062dab73208384f37a882adf51214d34334081b0c59f6074298854f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | f9307b3354faf6a26c1cfec815bd5267 |
| SHA1 | e5e52bea893385619c527acf2f2e550e7a4af116 |
| SHA256 | beacdbbf6d49b075f52766f4284e01d9383e3eed56653083225427b9b7315175 |
| SHA512 | ecaf87a045dcb470754d9a4c7ac25c50bfb839d1ac3cbdcd25a5f9a83f3ef5491dcd79d4ffca75d4f462265e047277b8cb697cc75e1323f9009608492d04cab1 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 5205d92f95a91feaa7205d1c2aa47979 |
| SHA1 | 33cd9ba83d0f7742db6882e7d0ea5fc964576bfa |
| SHA256 | 38480ce329c987aaba1b2f270ca1f1bed4ba0b8d8ab34def901374041d1e2b0b |
| SHA512 | cc298adaa6ed6a31db29f5ea882d42103614d78b655ed2d07fb0fad36b131c58ca1a7d74b5051838533eeb990030335b58fc8442312c859705534ae24d395b9a |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 9dc005a69daf01ee472aacc0cb25c3fb |
| SHA1 | a774e6c39d289ffc0a5b2ced6a81c4502a8f1e38 |
| SHA256 | 8e585637e562927f409e0eca115a48c4799ae4224ee6d9fbaa8245cc7816cff0 |
| SHA512 | 38bf90d96dfa4299b1ea8c531f819cff94b5043510ffae07394c1b8c92b11fb8213abd4558240e24dbb847414a7d6ac4a77d5297d6674373b4f12091b7b35435 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 563d569efbf30a570f9633cbeb3bb9d7 |
| SHA1 | 9cafa82f08f885d7bcd401f48544e25f4e84aaa8 |
| SHA256 | 8ab638aeaa542ec829341ce44094bd7e0f5ff6fb5f47ac1e0e9bcf87a843c32e |
| SHA512 | fd4f88158ecc9d1ebfca71667081a1d8307f1223bbb1399246756964d6170fb042fb6b6225dc9660cdf07cba36d6f50dee81b5e17eec1369aca67da799c3dad1 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 50db7aef9b24255a1c2a1199f696cd0a |
| SHA1 | 4bc06133064957f36b2f28412a326c7bfc934ca5 |
| SHA256 | 15734a6bcc9a7f4d2a21dea7285f5cd3951f9f3a3813807c8b45fe4be8795da1 |
| SHA512 | f8400042077e60d0dc245e4892679c464726f91c0dd82c314fb53fa340191efca20e5c5d283e62bc7fc030f4dd3c1c7d531f483cec8c0cd7e6decf8ca0db515f |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 40807f391dd3651e285470da5ffdda5e |
| SHA1 | 35fb5fc132162effdc6147705e80ef020d4fd94d |
| SHA256 | 29175fcd6142c59a35870f43e9354011660b374ba2d700d8e49a4450d060216a |
| SHA512 | eb303cf7815524ee816d1d55593d6e98f41bca2fdb2a5743d7f6993d30e9086a618486e269af9debca89cdd1c1288149edac5b8cee4c3015054e8578206d2572 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | dd823eab9fd3eb6643bb379e891fa0ae |
| SHA1 | 82bee92983984d267465cd2e95a56b00e21bf971 |
| SHA256 | f5685f7ecf9f6b127d28268a7e7838b946ca3dfaa73379a08f5a01c18751cf5c |
| SHA512 | 32b1cbc141314a6ef71f75680f2940bd40a899cb0d642a27d51202c6fff58d32c60e448dc394e87cb44ff7462280d83955182b52339baec647e245c143323dbc |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ff37ea5775aa8037b1a072b8da85985d |
| SHA1 | 46eb92124336270dd57a67d6b4b145199a3dfe62 |
| SHA256 | 064f71ec44c04eef52e90f933568d6db535d3f36f54e0a6d3ff179bcb90c0862 |
| SHA512 | cb38195a73d1a217171d3de8b9ab9b298b87b37a104b667de4c7642bd1f37e082688211702559028fc66a93f5253c4514f90fbc65a4b3600019a32ea0cef8ab5 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | bfff807ccf06945978706b270eebcacd |
| SHA1 | 254586fbcd04cdfa84c5ff3476e860a495e2cec0 |
| SHA256 | b6a568a3a090f34e4af4b3f6e6d98bc425aa5659b225980bb6b682cd4a3caac9 |
| SHA512 | b42aa1a27283ccab0faf8d0b4d7a59824bdf745eea5c91caff4c21a7a455f9b0307b26b806cd52b439bee58c2f8b1a556a5c6bbba72fbdb3caa6f7005a0d5558 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 546b2a70fb244b0f78102916b659c50a |
| SHA1 | 9f20f6d7f1365f6bf7b286775a5095c3d2870a1a |
| SHA256 | f13757742f7dfb8fb55a3cbbebb7fa6b1949936fd0f1ac93b009de20d67ad495 |
| SHA512 | a7462b90bcfbc80edcb945038d76484d24f039486ca7765c0389c87f75b61885dc26f9193585927a35af62fcb13557438d4631cec42c2bdeb304a783d834f9f9 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 47a9cb29c67b65472f68193f4a1ea240 |
| SHA1 | 04f37ce5d83c98eb5ecb18e9bf5b6887082a8701 |
| SHA256 | 123a9b93a77d81eb0480a4a343c5cf4132a89f8d90ea1c7c8442b5c1c59a4e11 |
| SHA512 | 03d3492e50de0a9554c2edd39434e08151836104791020aaaf91e30aee6256cab22e270918269a9eddd281436f4d317a711271c7cb59317d9b7163cf12ed42fa |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 20ab214b0d7b6e4a28e84d6e7d0128cb |
| SHA1 | debea16a0be3b8cf7571a43faf37eaa438c4e42c |
| SHA256 | c8b41f0717c150c69dfb0ca1e3cac025c7addb83a68953405dc9f8f158373f73 |
| SHA512 | c25d5b6ea9572e0ffb0512ec51d4b524207531d0b9efcfd81df6b8744fa7233ac4a108df47e1a8b964df13aff038388fddaaeda3e4c3573572c12feea403f1c8 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | be070a710ea45c7577a3c37a57fe3a9c |
| SHA1 | cc2d14f82762414567be8f490b26121aebf6025e |
| SHA256 | 65ca1152a43b65a240e71dcb3e1eb3f2869d6ebd59733307077447c72a6b4a26 |
| SHA512 | ab532c350423cbeec6f09fa4e563cf1455c13c32b33ed390ad19d5639c1b3de1e023bb7720a74f93fb1700cec68418d0e0236f56cd7882f64c8ad887a7558047 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 33ca0f24e8fb5918ac1e17b69e92330a |
| SHA1 | ae0dd532130c08a522347d47b267057b78a83af9 |
| SHA256 | 1a9d927d465e03f10c5d733a01a49b15de6a7638446d2aaa587494e9ca41e040 |
| SHA512 | d5f06fb4f6c977e29914367c10e4ce49d898420b80182be7747327283d99993bda8b71f87223b095ea97295dd5605a43e120eb37916055095b19e58b3fb25054 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 27620235cc7238257b2e78b70c1d70d9 |
| SHA1 | dceb77a5c06dbe09f29ff62d7cbfb2a6498f95e5 |
| SHA256 | 539dd63b71106de095793c6cd0c4b18a2b5088861b9dc2ff969b47535aa2dc16 |
| SHA512 | e874de86b07a9ed797ac372a0f940164aa09f005702f5fffbaa9d739a38bf18f99df3eb1b5c6855b2d518a2f6e0073643326b9594023679f0bd20ec06c9eb354 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 8bdbd6efb02bce6c10fa1fb3c13b0d7f |
| SHA1 | 6c2c696f24ef7ff565a4bd0938ad81949beaf2ee |
| SHA256 | aa4f9425e84e0fabb9f780fc93711be65cd6930fc2f8cb2f753e189d9fed6c15 |
| SHA512 | b6afe8a77e31a18170c41454a4ef916d3f224d343f4ecb0ecc29e8ba6dadcdb18f2c111ab9002403f4c1420521237a7240d2e858168480009281eb1f303d2567 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 64c319f745c1e38f246aa7fdf7d5a301 |
| SHA1 | ce6be4ce1e708b8a74548fbaf5e6da400c7250b3 |
| SHA256 | 7f398f3caecebbf6b0897fd1eefa183d8c819eb305841debc6011b6257a3be5e |
| SHA512 | a8e15c5d87006fb4bfdac3bb66c39a96146ae421d371992cdfd0aeb1efa8e3e470c72924341d818ec29d3265c1c63265de5fe1588414bc7e224b8395733ef1fa |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | ec1c288473a3e8d7b965e8c8214b9872 |
| SHA1 | 6a3bace328df72346d6c17c95170f3b370ad6137 |
| SHA256 | cf96fa3684cf8dd251ee8181964e535c47d81f600db33ef2ff048c37d61edbe6 |
| SHA512 | 80d4551aaee82b9a92f9dd96abb055f6a42480ad3aef316bbc775fb507668339594fbb850daee57fe0c5e817d14958e0a036e173c9f3bd395caf88ac00bd8e36 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 2baf294c4a6c2b75bab336586e13c7af |
| SHA1 | ea0fbd3b446a991f5c67296e637c9e14c85df4cb |
| SHA256 | 22f1b79fea1d08015275332455faa0b36802984f2fc642982e4e846c7786a6ec |
| SHA512 | 3a1c12baa554247fdefbaa1abf83a240f7bbb4264aa63a55b04d9ba957410e3fcaf1672c44e07778d8913daa3c980a6135812a5c82835d56e6cca9a9d6b5faef |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 8b522e8a7283085ce98d487f69f6e32b |
| SHA1 | 230dc28a56772b590dfa9c52c06bd9ce9050bded |
| SHA256 | 2b204bf24e4d822860e925b9223915bcd67a49f8e15bce75f2619c677e81bef6 |
| SHA512 | 64a0f2e347798e5c0388ad12a6f87c724ac579a6a0fc6725e39c39bd595a64c447c35c7bc1de6421539804a28a260cc3761d3a3107641a9792bd73ac2d8e98b1 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 2080e3746da65a3bd11a08e10e87a378 |
| SHA1 | 722c3d6b07d6974020248d7b13d4e05d231c9ba4 |
| SHA256 | e91b1bbc3bf615374b4c697208a5f349bbc490696000df3e4b6dbc071c201533 |
| SHA512 | fbf37b47ff3ec9431a8da3981edbcdddcebf17c5214c9171a68a39a047ef2ea42d34558bcfec72a845ee5d1e5596ce2c1b83064b628c164a32586998c5d6fd2e |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 962bb8bce3068882ee7444ea6a3315ee |
| SHA1 | 20178deb8959def517ac0d4d2c5e637e07ed8ef1 |
| SHA256 | 4386e02d8fa55684428619a4acd1dcaeb261a9729f4f9ad0ebd73398be965553 |
| SHA512 | 27d237c8e289d09e91c5482e536b6853823fd10512eb1793f0c54abf69df5812c48a36a26321ca8b38b10351390cd33933bfbade0072ca529d4c8727d97a1f67 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 6bc6039f1457c6a72371821893967eac |
| SHA1 | 002adc68b584a17b3cbd2547333f4efef1e1f649 |
| SHA256 | e5e4348e792b9b093a588ccb1247f0c243bca4ffc4005450b156bed1fb9c9581 |
| SHA512 | 5ee3a83e36cee13ee310a1f8a3f147014718bc562b9f2118560d0a0b5478552f700ed1c866559857b10d391507c4e655d1fe9cd21c49461c46e24de887f31fb0 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e26c887f8bc670b77ae22ec2e7170f81 |
| SHA1 | cc15effa429e3f9c8993a56c1258efd556e9a012 |
| SHA256 | a20c1bb688ce2beff863af7b79a20243dcf797333261ad3d5026284329850ec8 |
| SHA512 | 19e2554962c076a32d11df3cbfa8b2864b1b4e765a52b12d4d946273ec6898cc0d9548cf9490b8d67b770050d51d33208fffd87d30290a4d81473831340069bc |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | d8a634722c014c9455203d0d453b9a0e |
| SHA1 | 3da79e5170e04ee94c8bc9b02490776c3420a414 |
| SHA256 | 9033d4951ba4e69a2a6e60c84596213d7e69ddf7c756c16b451408c7e948e2df |
| SHA512 | 56383073fa1028c46d737a39314fa09229efedcf61a9bf65768003840c384e565ee0638196b9c144cb1565bef39157652d4213851cee2b4563d21694fc5c1743 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4081ac678ed294e6bff45b3b2df51db9 |
| SHA1 | a0efc1e34f83c5d9ff10bab5aa535c1e73216485 |
| SHA256 | 0d6ff05a4fdbab8c643229e6d4a134505bdede5e59f41868841e6852a71d691f |
| SHA512 | 5fd13f6181852ece9683446551bd1eb9fa25170c888ed522919416bcc20cb2bfcefe9c53c1e02f131c5fc975a4fb9c7d4e8af6f162f161c551c848b1d14ab8c4 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 98ab4e669ab6deeac6a3e05dce40dd5d |
| SHA1 | fc89cb2a3b25cb6e7a01cda1666458cdf896b1e2 |
| SHA256 | 52fa0c9157a769b3e3d178099b38b041490e62305b72a8201817becc44902643 |
| SHA512 | 54de4e4979808f93ab929f193f0775d9fedeb240dd71fcb67aca459b340440837c7aecfa8229c1a75a1c3df251cce428ab751a851035731f21e6f1ae0b72dea7 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 912a1c104e04f3f82680604b8f8b8e25 |
| SHA1 | d6f0ef9d5652d29cd42d50d41e77014ca5cb6d21 |
| SHA256 | 78657113c6b4d568458f5af93a1017240473a68a9ec0f1d7dfbbe0cf17b39dd0 |
| SHA512 | 826c8e70812825cd74811459808a0843933a18f8e514fe01525dcb82b2b58b37b81b745e81e4dbd2f33d925b54c8c0e32adc1938ae2309b3e4e90b5f73a38780 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 864a0b405f28404449408b6e41ce4a12 |
| SHA1 | 684a33b33829680ec0ee3063870ba6d6a83caac9 |
| SHA256 | 9f38290900c080bc0db10c0a390d2e4d2b3c2d011f5570c9933e37590a8fdab5 |
| SHA512 | a592f7ddbdbf0d919c244a1530048f432d5f8d38f782cb93ec72f54f6954a0eacda6ca28272d9163e07a0883c8b982dae18c7d7d42f60a143810ca538bcd8d80 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 3638626f5c369572dcf56875de31fec4 |
| SHA1 | 20e762d5c6c81b2142f7b4666224fb134bc3f415 |
| SHA256 | a74c406f3ab55a872080566d93391c7e4bf39775f7bef449b0d9018d5c44abd1 |
| SHA512 | d4a95ea576860db435d1564e98c898750521680ba1de6880bb3cd60ff3a18e10fe1d92e17799d966026e784b189248f8ee2a05ff9fbca820006c5d16bda036f9 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 88ada01b05b16f7d63eb6ec1f2265732 |
| SHA1 | 09fccf603366aa2413ee3a89fd8eb8b8900b108f |
| SHA256 | 0532ecf08a68b4c2d0450e93ffca4dd69fdba3af0d841288286103e078c24e09 |
| SHA512 | 2eaba0a52fc1e7f34f38d2dd43decc375e5db02eeba1ec7f83f4e7e7d10bd59ff4ddbe9d43fb96727d152753049769865d47af7d6654951c8b5fbf5effb75fa7 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | e2c5f718142785862387863a3d833af7 |
| SHA1 | ced4038c82453f92c498327412dea4f561cb6cab |
| SHA256 | df16682a0f7decab5c05140d80797d67287c4fddb690fd401d96b2c8d64fa8be |
| SHA512 | 51a21f061dd4e225731a40d2256107544cbf82178e57aa273519240ea5e4ac9aeac9a60d0b2fb5958fd04499f5018bc0ec38092fa2014658b6f43ea9e566f250 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 16923cd72c3283224096ec6794abf15b |
| SHA1 | 2d902998262b6697b10cd0c985835d183b2321e7 |
| SHA256 | 01e178e987b2d746977ccd5e58e9528aeb2c6f7ee545c8d532297042a2362893 |
| SHA512 | 5e2e1f1956355dbd07ad5d62d356cce744a28d1b53d41498ff54384cb1c24f320d43150b1bfb4e16f9b148ab1f3c03daff9912b5479de71188a3873bf715a9a3 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 0d8abaaf4d0963ba537253fdd1d710c6 |
| SHA1 | 6cb3eb898f483f3f74b0bab10963d36fe29b4fdb |
| SHA256 | 6af34f11062076fefd27aa628c7d73a04041bd755dded378f4cf3bb5c057960f |
| SHA512 | b6dd9936e1d7277422e7d81a50604c8ad7c0919a52e253dfdab21ab1ab3ee3a3562fb2a782ee91c7892750848044a39efe364c24bddbf0912482d421c80cc0c3 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | b7e8f90e0048f1506520816d1640384b |
| SHA1 | d8427fb290294759a8216332485edf9ce76a07b1 |
| SHA256 | 4dfbfa6cfc54e0a07e9e3d9abd90ef6730213a5f0b812baef9c615a014c5ba03 |
| SHA512 | d9ac2d25b32109ab87eeb89b24afc2e575736a68776fd949ab892e8d212d8e28d565840d5c37faf9e55fb1d80c910799b645babef46f0c045f03da9302067ea5 |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 4564050c3a667fff1a1bc3dec3a9c69d |
| SHA1 | 22d768f8dd1365586ca25c46e37464f9c66a3e06 |
| SHA256 | aed2eeaf446552caeada089d4b9f0b02b416e9e7c1539de4c80769356fd3f2e2 |
| SHA512 | ee74aa8c2595f218a89a5d2d4d67740a5d1b508ebbc010ea5dd343b9b51fe0495543907de841007b9454258e2fb8fa753da3afdb70a9f6ab99e2480be7f1828c |
C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0
| MD5 | 0b0c60db8926a8322c3704654d3c892c |
| SHA1 | 38b38ad4a0895d12bca63b38ced649967f0c5199 |
| SHA256 | 63917f0107cb009f529c8b44f35c20dd7fc163db8a8d58c213edf96601581cbb |
| SHA512 | aa2f9122b043cc250d4dd3fb9c773d672a0f88f50cf23a2299d06ad040491b0072946dd65da6f90645343c3bce39dc210c64d584233952dadf80c1454ffe86ee |
C:\Users\Admin\AppData\Roaming\VMware\preferences.ini
| MD5 | 575b1d27598062d357bba6981bfac631 |
| SHA1 | 878490b5f729fe29e12df2afe9bdaabdc5ca05e0 |
| SHA256 | ad9399c54988f80b381a5c5b27f94e7f1cdab61071c58a9e7cfef00126491801 |
| SHA512 | 1dc2bf6801bbcf20bb3146637c1ac9675a48ae4be2c9823ec7c8cb05d4b91eb0740d24fde980cefd6cf1f855554dc8d809a49ed68de197bc6cd047df28b3ea42 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | 31aaaa4323b0b68b651cb76cb1d1e0c8 |
| SHA1 | 79909ce9ec40f279c77be47bc37d62db72b652c8 |
| SHA256 | aa7c6733c1498eb2b9facff9b1bb013ab5d6839d8288178bcfd03da5312c4878 |
| SHA512 | 8b4d6c3e49ec8c7cd517dd6f7feef60f672c0230069b1c129faa72219c671276c734e50e363dfb2d6ec20c0996c1bb8fc618664d85a326aea48cf39335bbb03e |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | 787a3d448bb6adabbf557c19186f30bc |
| SHA1 | 121c4e15babac7649b14ae90519a571daee3711e |
| SHA256 | d74fa4c36b95e8c4b6bc9ff03cd5533d4499e0c8cbfcb57d80c30fd30670b4ec |
| SHA512 | 62dc8f78edd913421682a2efbce2d585d92dbfff77f79fb8abfd79dadda670a16a88a66a81f93fa48be286bdfbefc0ac5a2086c2d5990461c74966f9d3370a4a |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | d86757b3a232f01e3675866deea57ea0 |
| SHA1 | 873f872a85cb1a2b03e3ef48d8704718b7e36cec |
| SHA256 | d20c0c2cb2288ae379a9364e1f179e65c1557fb62f640ed6b6cada980fcb629f |
| SHA512 | c37e76d52b63a8f79dc36052490c2f0aa75af9cbf7147fb0be543f405a80713bd72102871c0f2f2898efc327c31b8fe9739d1ed7bf7da2b2e50cc6e7c9f48474 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | d7a0a892ada7b4d4194b2320328d8c2e |
| SHA1 | 70e85f27ae68034df78af2774f19322957c6372e |
| SHA256 | 5018c2c98f685a99dfaeaec34e132c3284c91a30db229a55cfe74ab88acad900 |
| SHA512 | 00e7eb8fc5b5a939e54eb9d7b5818b2ee8c6f3be2057ad9a5ca5a43c339167d5a7cfb39a0fd88c49c751db42975841810d35b6727fe29e765676fba5d6e6e399 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | a04ffef8cc64989a4ac96fbba207fae2 |
| SHA1 | 55dfdb627cbc73167297de9ae8b021a4ac6c2806 |
| SHA256 | 86db817ba6ad5d89cc13dece32389819ca4382bf775b4b6d671e384ae7d70419 |
| SHA512 | 129bccd656c89f51a98ac1af9b0cd5d8148b44e751de1cb36cf3323989ca6cbcef27d150606bb8a7123973fb6fbca7fb25d8874076e38ff890252e9904b9fb59 |
C:\Users\Admin\AppData\Roaming\VMware\preferences.ini
| MD5 | 1f32a7f6657a1ae6e38b8fd9e5252d21 |
| SHA1 | 1ee6b03bed5e342810f0353a506551a9fe2e644d |
| SHA256 | 647cced6ad28428a56c56834105e2c500e77c4dfe8d3a20adf295d82438e02dc |
| SHA512 | 1992234535971c495dd1f008386dfc8b1d95688882278e37436c68a0c0a3dd29dee2f01dc28877fb949ecbd680e50d854f460d2f277e385d2272864fcd191dcf |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk
| MD5 | 137e2128ddf20a856bf8a35efb58a391 |
| SHA1 | 222c869a6eb96b650997388e4d8af75b64e2cc1d |
| SHA256 | fbeb08e1d58c38d8d600108e163cc83075a467b13c095896c1bd79417070f4a7 |
| SHA512 | 999da11c2a28d8e17be3d012d05bf60bcc13a318da50455743c2c9a058cc9ee3234cceb95b44e15f6f9f19e566129c1d8f2f1bc16e39d0765735b7a75bd0ef8b |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk
| MD5 | f8ed51cba112334ac9cd091b090bbcb2 |
| SHA1 | 4fad2e1084a477abe612def4eb70af072edfa9ba |
| SHA256 | ba31d1b41efeb9154405e734e88acfd5de71a6c0f086f5cd843215b263c5aab6 |
| SHA512 | cdc7a6a56567ef4e143a7e37a3efc6accb83db16b9f6e8f4acbb2620d3eb262cc43b38d854f851d08d5552bcb2466badb9f9531a2786dcc02c008d9b3eeaf25c |
memory/912-4562-0x0000000000400000-0x0000000000469000-memory.dmp
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | 2fe3ca4e8142e58819ec438c303962ed |
| SHA1 | 5856f36ab931e7f45ef9f84d40b9f6b74ac2b6b3 |
| SHA256 | 056afe4cfd8de66267ea5d8358dbeba36be7f1035acd73fbbc7f9c7ae7e0b5ff |
| SHA512 | 6f0191a3feb9fe95664b348e7c5b9fa1d13d4fea85cc2ee54af161baef691853f0fbb72287412b2072b711ca367677b4b47b0de8ca43b0dfe35b8f32903bd277 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | 91588821a961e0a6996a058817de0c71 |
| SHA1 | bd1df97ba0f00b1dbdfdee4479d67075b74ccc91 |
| SHA256 | 31a8cec740f3ab077f004aee8690b81ed52370500d11282fa9e8376a404021f7 |
| SHA512 | 9ab20423536ea01bcb9eed671256e375280f7381f79f0d0a116db7dbcb6ae2bf9462551872a2962f97f3ae5b68c8baf693ef0e2862d9ab4a8bf861275637aed2 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmxf
| MD5 | b04b3d6e2db97b6073dd3894bccd371a |
| SHA1 | 8037083b26eb923af38d7a21f47ce358a113ed10 |
| SHA256 | b1a98c212898cc2ba1bdc1ec980dfcd5b43a4798c8f20ccca68b90a43838e227 |
| SHA512 | 3be1e0dd8af2cb3d052bb82d4994bddda69b68178010bad4b23f9cf347734ac13863f479d9778c7cf515f8b20e6ae87f253dceb214a9629f283457f756511604 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx
| MD5 | 308c12cd1c15d454bb8286005d9bebdd |
| SHA1 | 56e6563254e196b646d9f4bc05896a4fdb534d36 |
| SHA256 | 0c3251fb84dad84123e26d924ddfe19048ae6bdc51f367eebccf21155b898036 |
| SHA512 | 2d4deb3b2a8f0a510913ab9a206995ad6ba95091ef95313ceb2b0ae126c8f3650aaa03000559138297aed8339aa519bf05940229fb9861b02e788d91a20e1245 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmsd.lck\E01594.lck
| MD5 | 5f931e379554f9d9ff66dc0ea7ff34a3 |
| SHA1 | 9f766f5775f32fbf57040654f8f022ce47f838d3 |
| SHA256 | 3ae780b0d1a119fbe4442d5f19a0473987e14d0d10d2b45bf5532828db496f2b |
| SHA512 | 1caef1cd3691d1ffebc998124e5bf559dc082bba9aa963eeae75126c3af4185548b381a26df9ca59e7b84651e4b119c2e62b948f7e17c90ca8d030aaf8e3a5e2 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk
| MD5 | 705a9c41e33ca911cf8988609dd87551 |
| SHA1 | ce90fc342e6aefb11cdf63c971c013984baeea9f |
| SHA256 | a0216f6b627041042231707751eab5574490d32e5ec9d9b5b9e2ec5a55bed569 |
| SHA512 | 96c9b81d926b1ac3c18654942478da6d7035b8972fc47911d6e6fb509f3c982c2179d9f146066bcca88eee4d5258f7c959d047a2063cedfdcf46a0d8932f7658 |
memory/5564-4734-0x000001DD1A570000-0x000001DD1A571000-memory.dmp
memory/5564-4736-0x000001DD1A5B0000-0x000001DD1A5B1000-memory.dmp
memory/5564-4735-0x000001DD1A5A0000-0x000001DD1A5A1000-memory.dmp
memory/5564-4740-0x00007FFA6D790000-0x00007FFA6D84E000-memory.dmp
memory/5564-4741-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp
memory/5564-4778-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | b7808afdc3699564633df57a8a5bb776 |
| SHA1 | 718d339bce8cefbbacc1753a55bbb3ce6aec12db |
| SHA256 | 8962badf764d8c1b9bacb90ea963a6f144fc030bd0ffa23de310a3b527f4fd88 |
| SHA512 | 6bf1794f2b69b69738b7426b49c6f51b756568fa6f67b580d9054fde727417859631e23fe764f433f42429163fe5a5ec47eabc42fdfd04a026a04d3347787ef9 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | 12ac01fd8f60f302a77eb8f872f8941d |
| SHA1 | 9ffde4f3c2adabac464c645e074e4e2bcb921a79 |
| SHA256 | 4cd41b9d280cfb81f82897a4a9e7b4cd5e35b39fb1e554d005b9b8f276f5c6bf |
| SHA512 | 6eecf60c09a590158b2deb03425c33e3cc9f5e13bba0575f6fff828beda5abb01253f77f304701aace996fbfe8d1ffb2f3de54ef45da9d4578bf4070cf3a79c3 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | adf1d775aeaeb295c75216a4361e62e8 |
| SHA1 | 2653431bac9ec5514f9c6734605d35f41e861f6b |
| SHA256 | c458be3a34dc0b6a2b4b21cedc2801f7bf14bb20b453feff85bac052c1a86748 |
| SHA512 | 727dc4711e830479cc47627940c43d17ba7144c5ef33007fa6d15931b9ba7d0506e6cb8be65654fe45c9af9d2c3be71751752938300bee54f43071bdc0e8e64f |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | f689333423805fcb9574aec38059ef9f |
| SHA1 | 079d934164d1ea067acd0b6e00a3b472449a6a4d |
| SHA256 | b809551ba05596414dc5c34d5a14e71e68923eebf0968cd6007bc70ef6798c71 |
| SHA512 | 1319ac114f9d795cf12343e3f48ebe30ce5986f1e4941d89405234699dd902d2b67aa8e67f7797fbf8b4320cddbcff61c7a5f686464f6f133de78c05fb4183b5 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | bb324f399f82aff8bf87b3149e6d22f6 |
| SHA1 | f87a1006fdbe21061efd5941f588f7d921357416 |
| SHA256 | 9a0baf8d214a41777a83090c1627d7b46d918850b0261ac7231069cdac329e4d |
| SHA512 | c557516ffdf63d401a406d6d1c3e601d09651d0176f34302a5414b4151b40ca92bd8e5f5aa99d7576553060e142149bc1217d2099068bab71aa51baa68d6af7c |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | 270ea0ba1ae7fa13789f516a504a331b |
| SHA1 | 1619eded4f0cf8bbba0aa9800b27aad6fde1a2f9 |
| SHA256 | dc92e8ceeae21e242bef0c213e386d9f853f9924591dace5f8e3377bf411ef8f |
| SHA512 | 3077bd6e91420b12405ec60d1976a8645dafb515fdec63be69bc9b3e43e79d3e686d71972a8d9ac07b8d41c02c074883caa8bc7fbec9e6108ff56b4630c2bc64 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2)-s002.vmdk
| MD5 | 52ee0a3c88112817aca597776e97f5f9 |
| SHA1 | a5045078364fbaccf2126b911b928036aa9b2dff |
| SHA256 | 3353a565b6b7af4e6afe751fcb216d2da7d809b6c8faf9a8ad9a92dac590a628 |
| SHA512 | 8fa725b34ea561ec7d0d40604b57f8d6ca7522325f3867b692a286717ab0ed848476ddf2f1b4449875d148bc75ed359dcf99f15b01713d813ce352dc337cc980 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2)-s001.vmdk
| MD5 | 815d614a3cdfa6afbb2c997828bfbf9b |
| SHA1 | fed240831e9d39054251575d00650de7ad07be9a |
| SHA256 | 6c5f2dae081ea33e969a3e10384e2bf8b4dcca3492fc84469de39722f2464c4d |
| SHA512 | 0355411913d344ac6a3f28ad43ee29bfe8fb4cafa8a82e53363e00b39ed3188e4b8f75563c350d2845b5f9819ae415144751d3f767780f9e660a011e658220f8 |
memory/2168-4906-0x0000000000400000-0x0000000000469000-memory.dmp
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | ecd47e51809d7ebc8204231289680001 |
| SHA1 | 8fdf3e5b9a14a7b6b101564f42ede537643bb79f |
| SHA256 | b9ec6b76cc8d7725b851b67e19fdc97c4f2b1acad75932bc6aa127c99e09a7fe |
| SHA512 | 87ba5763102ce28191beb478b3bdfe4bbf80e72079a51a99670aacb77df4269ff2ff33e67bd0d134b208639c5c244747492512e3abd9c77c1791c0bea0f4d08f |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmxf
| MD5 | 84ae6d531d6d8c4b8177d3ad32da160d |
| SHA1 | 40ece4701d37109d29a2db0c2773134fef333aef |
| SHA256 | 3413c876fd66fa11af7881d19f91f27e156bbe838c5cce9fcb61dac99207df33 |
| SHA512 | dcb24b64e97e263089b43bfe401b1f44e4eae35ee7d70c17d2035d72d7ef7b416f1f105e25371bf8d285eaebdea291471e2affd1a9aef869d8ccd20d79f5783b |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx
| MD5 | 74159fe762e632264caced25f940a5a1 |
| SHA1 | a117c862237d1defdf718d053e3b78c454284676 |
| SHA256 | bec6a8b6b03415d5f89e690aa7e6f6c542cabb7a85e9c1a532df099870dfd281 |
| SHA512 | b65ca03ca8737db43f023d254de79737b7230e032aca0691811858884425ef98efa845d18ac6dc1c359bb4c04b5f6fac82668aec7eac220d0f68f2722e08d106 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmsd.lck\E47480.lck
| MD5 | 00c2eb9f0a0303ff0dc7b4dadade58cf |
| SHA1 | b6a420ae4371878def0d76bf7a6057d8aadff34a |
| SHA256 | f913cf74187fe9ffb6e836ff4dbade374856060452ec241313a36fa6466fb786 |
| SHA512 | 4e80d6014e974724ca2dfaf3f9b4d0b41fb872dce81e52914cfa590b555986edbb0b7703a2fbfb4d8ee98afd431c4d782b8b454048ff0f1aaa386c7a7127e7a3 |
C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmdk
| MD5 | cd6526cba6f4923055ceed1fcd13827f |
| SHA1 | 24a034ec83d84afab06aa66e357e11bd59b00146 |
| SHA256 | 9e3a95825e77929331ec28b0b58dfc728f45261980d534bbdfe3d3dc8248a311 |
| SHA512 | 7a0e368e8d4157268766b5060aaeddbf3afaaa8ee05afb217dda97aee49abfd2b0ca83c10ccd727a544d0d9e595dd7180bb511950a597b3b065466ecf897139e |
memory/1384-5081-0x00007FFA6D790000-0x00007FFA6D84E000-memory.dmp
memory/1384-5082-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\VMware\inventory.vmls
| MD5 | e90d35f7866413a33181d13851b51a9b |
| SHA1 | b9e5acf1a3bba22713dc6dd08f50387c6a26f7ab |
| SHA256 | 78fc7c69dcb020467ed8e7dbaaf6e0379274bee1fc17415fe0a335341ee9486e |
| SHA512 | 8c7fdbe0a557fc1cd7575e4a567e7a81369ffe3ca8c5f74e2268431f32031c61083a14b518a3acd704fd65e4fe5b26d408f57f57419a2f0fc46f8ab12df9815b |
C:\Users\Admin\AppData\Roaming\VMware\inventory.vmls
| MD5 | 5c1fc695572dba4092f186b94bcf6ff3 |
| SHA1 | 426bfa32091e19434b4755deb80ad0e2375b929b |
| SHA256 | da4bbdeb62229599b602ca6c7212d7c6fd6f32fa81b494c6c50c9746d40364c0 |
| SHA512 | 5ecf65f3deff077a57a038b0acb7dc78ab425378760ad8d89cef3e9fdc0f643005ce65c4c1cff26d59093c95b5b475a4be5a6c6844cdd14a743485a6db08ed17 |
memory/1384-5127-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp
C:\Users\Admin\AppData\Roaming\VMware\preferences.ini.lck\E30628.lck
| MD5 | 872a7d2501450932482886fe895d61f6 |
| SHA1 | 59d01c4f52ad06220c881ab83f3b73a6c47ac65e |
| SHA256 | 4b8b968aaa500b012a60e06ca503d3d60d72b35c9d215f6241adf5942afaa426 |
| SHA512 | 257eb39ee6ba1164d61face9644bdb1056b79135e5190fc8ef1250808a2f16d6429d4a009c4cfa538c47ab2a022cfb5c5a3a7bbdb4591dac129a87d7673215d6 |
C:\Users\Admin\AppData\Roaming\VMware\preferences.ini
| MD5 | 41f23caa7ef134da8b0d235271e5349d |
| SHA1 | ce3a5da27b11e81faf0dfe45191c6c76cff03001 |
| SHA256 | 110031285d7bd5b57ca685fc8be873bd2217811336afc1e5dc6be7a3c75e72d4 |
| SHA512 | 0320f884385b040c3b663ca032acb0fd8df37e59c0257ff02a8d7c815f60e8dd9e37424111ddcc004443b3d033b52cc58ac605e2d068c5705a6dda4f62e9593d |
memory/972-5197-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp
memory/972-5199-0x00007FF6108F0000-0x00007FF610B74000-memory.dmp
memory/972-5198-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/972-5200-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/972-5201-0x00007FF6108F0000-0x00007FF610B74000-memory.dmp
memory/972-5202-0x000002A0A4BD0000-0x000002A0A4BE0000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml-tmp
| MD5 | cf3f6e2c0c2880c6d887f48d29ce92db |
| SHA1 | cf1a02f27372e407b6aed7b4c6a691355741d7a8 |
| SHA256 | 7e2b53a87be27a2c267d9351b7bb6d4bdd6e325c3dd5d2c2679fc95b5fbf9073 |
| SHA512 | d4308dfdd6f513d2dffbe4d4f8219867fbbb18b453993dab3640113a133fe0a6443bd1155471e0373aabdaa0a2292ea1c6501338e0de3e08951fd76c5f9c7bad |
memory/972-5211-0x000002A0AA130000-0x000002A0AA140000-memory.dmp
memory/972-5212-0x000002A0AA140000-0x000002A0AA150000-memory.dmp
memory/972-5213-0x000002A0AA150000-0x000002A0AA160000-memory.dmp
memory/972-5214-0x000002A0AA160000-0x000002A0AA170000-memory.dmp
memory/972-5225-0x000002A0AA2F0000-0x000002A0AA300000-memory.dmp
memory/972-5224-0x000002A0AA200000-0x000002A0AA210000-memory.dmp
memory/972-5223-0x000002A0AA1F0000-0x000002A0AA200000-memory.dmp
memory/972-5222-0x000002A0AA1E0000-0x000002A0AA1F0000-memory.dmp
memory/972-5221-0x000002A0AA1D0000-0x000002A0AA1E0000-memory.dmp
memory/972-5220-0x000002A0AA1C0000-0x000002A0AA1D0000-memory.dmp
memory/972-5219-0x000002A0AA1B0000-0x000002A0AA1C0000-memory.dmp
memory/972-5218-0x000002A0AA1A0000-0x000002A0AA1B0000-memory.dmp
memory/972-5217-0x000002A0AA190000-0x000002A0AA1A0000-memory.dmp
memory/972-5216-0x000002A0AA180000-0x000002A0AA190000-memory.dmp
memory/972-5215-0x000002A0AA170000-0x000002A0AA180000-memory.dmp
memory/972-5226-0x000002A0AA800000-0x000002A0AA810000-memory.dmp
memory/972-5227-0x000002A0AA810000-0x000002A0AA820000-memory.dmp
memory/972-5228-0x000002A0AA820000-0x000002A0AA830000-memory.dmp
memory/972-5230-0x000002A0AA840000-0x000002A0AA850000-memory.dmp
memory/972-5231-0x000002A0AA850000-0x000002A0AA860000-memory.dmp
memory/972-5229-0x000002A0AA830000-0x000002A0AA840000-memory.dmp
memory/972-5233-0x000002A0AABE0000-0x000002A0AABF0000-memory.dmp
memory/972-5232-0x000002A0AA860000-0x000002A0AA870000-memory.dmp
memory/972-5234-0x000002A0AABF0000-0x000002A0AAC00000-memory.dmp
memory/972-5235-0x000002A0AAC00000-0x000002A0AAC10000-memory.dmp
memory/972-5236-0x000002A0A4BD0000-0x000002A0A4BE0000-memory.dmp
memory/972-5245-0x000002A0AAC00000-0x000002A0AAC10000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | d15afe024d963312d841a56f7cd13297 |
| SHA1 | 902b6d2fab0ec9a61fd2610fc278fd6efc111944 |
| SHA256 | 2dfb44fe173247ffa6854165068df6445b3a395f1eaeaa5ea30dc3a2bd61037c |
| SHA512 | c5dd0803ef47c52e25a31749ef8f0aff0e8fe344a1a28405e2eceb62c77abae8cf4130886a9c8f2d57c9dbdbde9467a3cd49a5b7433128493081508a1bce71bb |
memory/3496-5278-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/5868-5279-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/5868-5280-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/3496-5282-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/3496-5283-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp
memory/3496-5281-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/3496-5284-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/3496-5285-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/3496-5286-0x000001FF2A5F0000-0x000001FF2A600000-memory.dmp
memory/3496-5287-0x00007FF602960000-0x00007FF602A74000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | 4754e78dbe6cab9ac64014a5d73f4095 |
| SHA1 | a8e7f78e07163b87406bc752b06c6e951b7612a3 |
| SHA256 | b76d48404efb7ca1321e75a56627824c47d7d1d7dd645ae0811a1ab0fd8b6770 |
| SHA512 | f2c2f314953d293d9d197174bf77f981aeb44cd20b0218210cdc15496603d4cdfb4a123bcbed959a5af083b23794a788751ace7a8ddbd4b95d771ba5bd79bf0c |
C:\Users\Admin\VirtualBox VMs\ubuntu 22\ubuntu 22.vdi
| MD5 | 94ede82354ec700badc1b0c7b5a81905 |
| SHA1 | a80d4bc9646f6d6f636e0af40a3a6234b66cdeb8 |
| SHA256 | 397f3040af0b4432d7f9b2c7398c7b803e61af2126a8c0db3de030c3b0219522 |
| SHA512 | 80d0b5bd684bfbcadca2b7a060797d7354c9b87caa135063475f837ce533c6b692b00bd0936d9558388f70aea464d53735df747626fdcee3061b4616a969b4b2 |
memory/420-5315-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/2700-5316-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/420-5319-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp
memory/420-5317-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/420-5318-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/420-5320-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/420-5322-0x0000013362920000-0x0000013362930000-memory.dmp
memory/420-5321-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/420-5323-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/2880-5328-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/1544-5329-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/2880-5330-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/2880-5331-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/2880-5332-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp
memory/2880-5333-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp
memory/2880-5334-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp
memory/2880-5335-0x000002137D4B0000-0x000002137D4C0000-memory.dmp
memory/2880-5336-0x00007FF602960000-0x00007FF602A74000-memory.dmp
memory/972-5343-0x000002A0AABF0000-0x000002A0AAC00000-memory.dmp
memory/972-5342-0x000002A0AABE0000-0x000002A0AABF0000-memory.dmp
memory/972-5341-0x000002A0AA860000-0x000002A0AA870000-memory.dmp
memory/972-5340-0x000002A0AA850000-0x000002A0AA860000-memory.dmp
memory/972-5339-0x000002A0AA840000-0x000002A0AA850000-memory.dmp
memory/972-5338-0x000002A0AA830000-0x000002A0AA840000-memory.dmp
memory/972-5337-0x000002A0AA820000-0x000002A0AA830000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2a4329e1c47b5fa5a4581cba9af1ae82 |
| SHA1 | 9c51e737e562e377952ae9130711029dd668fb7c |
| SHA256 | 9032ea3551ab1916a5293c58ff4c8154b7b2fb7c43a8e83e5f420884e1ff3097 |
| SHA512 | 7e243f2ccdacf75570f4c32089795656aa6e3ba12ff968fbbe5d9d58585099addcf8a9a021669aab5979f01a5e3990c4cdde5e90cc93cd5dcff957f7789829e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\e1ae3af6-b746-4ccb-b3e6-1602b395288c
| MD5 | 2397e056797a40fb3b438e1362556879 |
| SHA1 | f00924a9e52476429d0646f445cef370df664091 |
| SHA256 | 7d51184d5a5c326e751c9a7ad462f60cad1a710ef0d68a406be96aa1f64a3014 |
| SHA512 | a2559b36a84f18560de19162a131810b2fee335ba23c38571b9bb84a6b01717bcd9e7f9e48e11a178f339285cc5ea9e4129919c371c5cb26a7a3d42e4c224eae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\a0fb5425-d0b2-444e-b5a3-ce94e15b77c9
| MD5 | bfb0019b4517218fa0e53a8e7f240924 |
| SHA1 | 6f5c9d531fea7dc07ac8f1120c54eefc6ee5e80e |
| SHA256 | 8dec34d753c0ede0f3a61946bfdb18e2460f48e876223a2ba486cd4418a9706f |
| SHA512 | 38d09f8c3a6f2f5d13180829e439bf93b7060e904c3dae48971bdb7b7cd919a8e1e2a7132bf967edaf5f2b5e27eeb1fd318c2dfdd54e37feec684d1755086b86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js
| MD5 | 4a7de3a8a322fae30c67f5f1da755243 |
| SHA1 | f7d476b94dcf603b0ea3f708b8d0c650991cfc00 |
| SHA256 | 8acebde2941f7f262abe577ac8c2aa779771913f2839308ecfbd830eba967bae |
| SHA512 | 1a72153b521ef33132457a90cdbd1278893504d7bd6985fa49001b83b8670eeeaf98e2488fd6dc2935373c3f66a8cfe5c4bcc790c2db1cf8e4d9f9c1a5192f61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dbf033a04e8cdd560dbe4c3772d8281b |
| SHA1 | 86f3df2dc8382dc0a01b598dc364a935c98617b6 |
| SHA256 | 67c1f1c3a39d563d6749f762fa0741cc803dff11ab3c619c53ade820f37f049a |
| SHA512 | 851a0a7dd1620e186f4b27a23419c54c042bc6ca692aeedc97457791d29222295fcec5762f638cec7c45f1730f5afafe2b7ed0dc45df961eedc1f1f0cf2bd4fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js
| MD5 | 870418114a4f77bde426491eb71f10b5 |
| SHA1 | cb736e83b6b8e1cadf41a22cf3958c6dad770be6 |
| SHA256 | ed1de9ef0cff3944007018b4f3902687b00714b74c93f21e6f162e16a3bfdcda |
| SHA512 | 4ca905347e83bb8dbd4365a96e8e8726c2984176d92121dd0ea6de23ea14013fb11845bca7b0c863e906757eb726adcf8f0789578d881a83b10f3b817bc4bfd9 |
C:\Users\Admin\Downloads\balenaEtcher-Setup-1.q3CnfjNr.18.11.exe.part
| MD5 | fbec950487efb6fea99d8f8e7b312116 |
| SHA1 | 1e77075feb9217051858dadc5b2cbd48e8c254de |
| SHA256 | 39e4d997310a7b8fd1f14e8e83ab433856ab425308f5b802ffc739311bd92b84 |
| SHA512 | 7a931898679eba4221deee449d6c67f8c51ce56d6de10225a41a0f7598e2281c264dd591f3804009a2bb50d65c5e8bd2ecde99ab8675ecf3ada3986079941de2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f6f029c1f29ee4a4ed00769b97a666ae |
| SHA1 | 0984aa10c1c0ef04bb3d8e8411ebd1e40b0928ed |
| SHA256 | 6efca0ffc0bbedcc719ef61c6e313efc08c6247d6195eeea6520160127e99968 |
| SHA512 | c2a1dadf01bc36683fdb59ff368e3dcd40267c3eea4e75118ab2f70cf3f0ea3fec518fbdf67f25e754ee168a3966726b57ae94571e2f3fedb0946b6c1ffb5820 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js
| MD5 | 169e1da3a242bbab255c6e8a60dc63d7 |
| SHA1 | 8a0aa95c5ac4683da52620fd14db2f70070b83d5 |
| SHA256 | 92dd8ea4684378913ebc7a507824a08590fd658a08c9fa4ec19432d2ec50ca6e |
| SHA512 | b515b459cde5074b52bfa5b8508dbf5d58f3d147f7e4faca40fdeaa3f3c3b3813e3f1cb023bcd0cd39ca084582a799206c84348785386a858e52219fd6447f11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js
| MD5 | 764539c529e29247ba139b0cc9e86544 |
| SHA1 | 9af3b95526c809323a5304e2d06f5ca59361470e |
| SHA256 | cfbbae632330fcae8c2d074799f0e104dbe20662475c74f5f389255600cdf661 |
| SHA512 | 47ac6c481859635990fefd630808ac77890323c59da6e055972e4b6c62d10d54908311f80708d4494f329b190fa81f1a0cb4fe1903728e66d95a44e6de8e2934 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe
| MD5 | 8f7704f2a910a1daae82ebf15945843c |
| SHA1 | 134803fdb7654d482f83c256407489a8475e9cce |
| SHA256 | d4905e0acaff7840bb89b411b3e0b6167d91aa935b7b7e492c25b5b4f415a538 |
| SHA512 | a12ce783a4f582b758a2bf4b7f004fba37926145bc4445cc494c43515d35731ff114c6de98e59573e05a630bb18117b8459a91c59039d68d44aef7cb9c7f917d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\chrome_200_percent.pak
| MD5 | d88936315a5bd83c1550e5b8093eb1e6 |
| SHA1 | 6445d97ceb89635f6459bc2fb237324d66e6a4ee |
| SHA256 | f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25 |
| SHA512 | 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\ffmpeg.dll
| MD5 | 469cf65fb73c9ebad0c607b1e7320ca4 |
| SHA1 | 04caceca06251dd8ca5d0dad8df99508566df16c |
| SHA256 | baa539b0ece82a6f5b21ef618f3494e886577fcfb206e1cba4a671dc156019e5 |
| SHA512 | ff6bd29cca637bab693af82bb53248ce98f3ed52b5e0642035f577baf358bcfe98e1bc10d94217eb47f5ba46a72ad5e981d74dda0d4c3fbde15242e98320780b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\af.pak
| MD5 | 46f982ccd1b8a98de5f4f9f1e8f19fe5 |
| SHA1 | 13165653f2336037d4fb42a05a90251d2a4bc5cf |
| SHA256 | 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf |
| SHA512 | 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\da.pak
| MD5 | 875c8eaa5f2a5da2d36783024bff40c7 |
| SHA1 | d0cba9cfbb669bbb8117eee8eccf654d37c3d099 |
| SHA256 | 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5 |
| SHA512 | 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\el.pak
| MD5 | 7dca85c1719f09ec9b823d3dd33f855e |
| SHA1 | 4812cb8d5d5081fcc79dbde686964d364bc1627e |
| SHA256 | 82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c |
| SHA512 | 8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fa.pak
| MD5 | a67bfd62dcf0ab4edd5df98a5bb26a72 |
| SHA1 | 5def04429a9d7b3a2d6cac61829f803a8aa9ef3b |
| SHA256 | 890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3 |
| SHA512 | 3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\it.pak
| MD5 | 23d70fc1cc74275719c4f882400150e1 |
| SHA1 | e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef |
| SHA256 | 75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0 |
| SHA512 | ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\mr.pak
| MD5 | be22080b1e45301c313d92d825a7a9ed |
| SHA1 | 84c9370a4845ddfa1eab8ae334c1f4cc02ffaba6 |
| SHA256 | c09d274406a36f90c75a1daf018c5373d697c42bbc20771a827f62ebe08dab57 |
| SHA512 | 9558690ae7ac41984553aea1e0133778301ee12e0dd6e16f5dc0380619b82a7a8d37cbe0ef59efcd53c05987ed6fdeb869dee8fe2224fda8880d473e932c2f87 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\th.pak
| MD5 | 5abd2a1b2749449a0cbba60e32393f4f |
| SHA1 | 31097bf4728f752508482c298710cffecfb78d60 |
| SHA256 | c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780 |
| SHA512 | 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\etcher.js
| MD5 | 1e119110f460128f96bc2bcb1f2334db |
| SHA1 | 0526fa4374b329131cbdb8731f1e19c08f8cd442 |
| SHA256 | a7a6e4a6c3cdabf2cdc092d2ccb0c7a100c48c76ed5b11ff34e99e1a4bc63979 |
| SHA512 | 5a45ee3d1f6c7099eef1ee7f08ccc2e8a98fba13d97206013a9fd913a29580be0ce1b0b3a586187055c736af1d945e076258d986ff87e16b61570db50dc18df3 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\lib\gui\app\css\fonts\SourceSansPro-SemiBold.ttf
| MD5 | 83476a890be79f84e97b792c9c40d743 |
| SHA1 | 9e10e37c75e13f896382fb5ff0475edc454f4589 |
| SHA256 | 3ba5c382a7ee6a8831bdf90192addceabe6db4278a679e67fe7e9c0226b729cf |
| SHA512 | fcf87cfefa1e700d47d59b05f9d427811a2104e0cf03ceecb7b0b52164540551725ca042dbfbfb65225c0792cef5ed5af76c6eb7af67fab4ef6cadd939a2c682 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\media\icon.png
| MD5 | 185ee8b41d0fdb31da295afc982f9094 |
| SHA1 | 1ef6574e7d7d2a278c4b43c25c91ffaa3f82745d |
| SHA256 | 21762dedff586bffa6fb48fdeedd32dc8e7aa5fb3b4424e2865033857a52a547 |
| SHA512 | 8abfa3077b1611d20f7994a4ff518417ceb80794e32db35e4c9227f3c5d6956dcc3bfd1d8d4b0da201d64b731ce3ac3d7d97537741e0fe98692abdbf098e35e1 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\@ronomon\direct-io\binding.node
| MD5 | 3875dd98cac12d8e124821f68537b919 |
| SHA1 | 31ef2da6a61d9a8c978b09c92610587b47bb028c |
| SHA256 | 1875078ca9ac6d52a381efb3f7dbee6713ebe4488b164651f7b790ed826deb9f |
| SHA512 | 4a24812afaa77ba072fed8657ff935ceeab81493a4d90b2cb7ac3cc87c8a6ff03f6c3c650888852bb3bc9e44a8ff1fc33584723b9852d746ddf7397a37ce6091 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\lib\gui\app\css\fonts\SourceSansPro-Regular.ttf
| MD5 | c1678b46f7dd3f50ceac94ed4e0ad01a |
| SHA1 | fa4e303960cd8bf37a2171c4bc6186684f2d4178 |
| SHA256 | c9868de61ff2bab0b5a3a6d01c4b76f299459f08c6ae2f2c0383b4f9f6bedbf3 |
| SHA512 | 1b3ee35f20fd8245f9178a34a7c7754e30eac6f863ebf686116f87f41eabf39465fa09f576a5df2369808a3c3cc0a8ecd2da9cf01a29e67db9123c5cd2be61b8 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\drivelist\build\Release\drivelist.node
| MD5 | 7d9819737d8dad569eb3ad4d5b615266 |
| SHA1 | 21c7d5bb6b02119cc61303341e17b71b4ec3a4c8 |
| SHA256 | bf464a84b9fb5c2754af379f575fd57224f2251617237c3b22ebfeaa623b9fbd |
| SHA512 | 0e1b8c3173e7a88d87d3c01284f4e280b0cc6dd6b811e61fbdb5aa7533bd5a45090276206a4fadbeadae7dbb3c515f973cbd66bc5b8d9aa01bed948908e590c8 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\lzma-native\prebuilds\binding\electron.napi.node
| MD5 | d2d128f02415b124386fb03333c35912 |
| SHA1 | 399712f32ce33c5c65e9a9b673117f386c2b3e17 |
| SHA256 | 1e4b7a157cc29a2dc14a8eb99fbd170a8c71e7009a9a7322c9273bae8920b535 |
| SHA512 | a976ea84e9005ca3b38c3fa765507e4b357f5406c34c1d60f564e4205d0b176476e5d99d2b1743a9b5c780992b5b27801cc6c539049a2c8ed242bb6b1a300e02 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\lzma-native\prebuilds\binding\liblzma.dll
| MD5 | 2e91129e126d90edccef94ebf7abd6e1 |
| SHA1 | a8d221d3475216c11f4beaed8c9b9f33ccee32fc |
| SHA256 | fc7348418be392d5ecebd7b9f07c1ae5bc530260fef923801b140088eddce96e |
| SHA512 | dbae0120c0b3709811fe9a738a4d66da4b47a1d09f0e5be373a77330d57fd87068963c76f294eac81723856dac500e3b824e7def828a1646fef611230d42898d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\index.html
| MD5 | 3e869155053ba30d71889308df6ec1b8 |
| SHA1 | c76c80fef0e1b28686bfa23f870f8d398816d470 |
| SHA256 | df168dfdcd2c6df4bfc54ecfc6214cfe288fad5e4746e4add90b2bac14248d16 |
| SHA512 | e46dec01c2fb25b1dbc7f9c815a4e684b8ea577c732fc67bc3474f92fef1b803aac0ea879ea4941d68f880133c91daac486d74eb76d8a9b074f0020e96e992c7 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\mountutils\build\Release\MountUtils.node
| MD5 | 7cbe1f9236798c2cce04587d3cc1adcd |
| SHA1 | 3b33b911fdd15e01026dee1089578172a8af2b42 |
| SHA256 | 0afbddbd457651fdf389954f01cba1903996e9da6738bdccce2884f1625087e1 |
| SHA512 | ee591b1ed8e32bfab15124e14394b8ae50c80915825ab85e859e31505245862c1c7da43519061fae75bf3936ab0128518efec91308867a0931a5011a5df8ee7b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\gui.js
| MD5 | 5e64c177ec4d2b87656cd451adddedc5 |
| SHA1 | ae148530902201c4ffbe6bff7c228e28b13d08ed |
| SHA256 | 0778f5199625c6d338f312371c8709edafcd354caf72799cb19d1fe9eeac44a9 |
| SHA512 | 39b4646bfc297efa4edee41eebe273c8bc0063cb7785bf5ae99cbecc76bbb769032f3bc1175cad1891b8f632068de88e1e38df4c7317f620658147a0683c8fe4 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\child-writer.js
| MD5 | b8dc9f52b4c6a75b2427d9a594263f7b |
| SHA1 | f882b50944b28235df26bc27bb748fbfb0c4350a |
| SHA256 | 57e7c65d1bf5aadf853f8da1a62992de8609fdfcac7797120d63b87a010bc696 |
| SHA512 | 964aff36cd87980c35f2c119044c45fb7ad24964889a1191deed8424e741d2e1936acf68311eaafb92591b9688d5ef6482eb1168eb11eca1c7e04015d15e5b52 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\cm4\start4.elf
| MD5 | 30828eb2808cbb3a4b5e95c120bc850e |
| SHA1 | b3148b971d75aea8338d22e0e184b74059de0b16 |
| SHA256 | 4ad25336aa8ff470f2ef135e8c9ac8012dd25701f5951ded25169f7a8d83ca34 |
| SHA512 | ffd10fa2987fc933ef34ab62e5a1325c8380a5b7c0535f5e97a11f9a7f98e74045493556914d59d7e3e406ad127bbecd3b795039cbbe5affefe86514f50f0b71 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\cm4\bootcode.bin
| MD5 | 40a3ad3088d52604b36ee221d0babe11 |
| SHA1 | b40b409d6d700e91663ebfbe21d1c8f7e46897f1 |
| SHA256 | 98fc25663aa6f3d54e8365909f82eb0572717cdd369ae23fc1f7e173eb520837 |
| SHA512 | 759ca1e33fb71b47bb40b9096b9ebfc1716b1bbf584c6405cf9d278b13b794ab72687ad0915877c9894dcc751fb1f8067f9e9e20e9648b1c0b9c06ae93d36f07 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-0-w.dtb
| MD5 | 3af08c06258856737339c44fd0d7d2dc |
| SHA1 | 4138cde7704b53ca49fac85a63befd690ccaf780 |
| SHA256 | 628dd911cd281df0b068c95f64f79442f9e7edf2753e83b848c51512684637ad |
| SHA512 | 73450c2fc0721fcfe73ab1ffc0138a5859654a2d0343f24d7f405e12a7048b058de1c91749be69e00e7df722cad369defaff2446b71023655100719dfbc5cb36 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\kernel.img
| MD5 | fe1c2cab2d8806716de1b5086618f29e |
| SHA1 | 295dcc555585bb252b10d27ac9a5f15e951dddbc |
| SHA256 | bf3cbaafdfc4bcc423fdcd17b6faec016fe633ea96083a435bad7cc8a44ab71c |
| SHA512 | b5d6190a37715702403a69ea9b6709aaed7269baeca509aafd950b5dc53de60753356d77922b57e049621474353c385ede45dd1ff54b953a998bdbf722a8e0f7 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\overlays\dwc2.dtbo
| MD5 | 96d7487944d606ff3417043b7ad99984 |
| SHA1 | 1dbaff02ebcecc688fe1b579a0c74a64e43172bd |
| SHA256 | ea7c51f1ffda25568b314fc33956f7f1d985bfd9d2fe994a70740124521996bd |
| SHA512 | d3b6f6d263a2a230d3741dadcbae4044b5cb49b51b1995153fae19d5174434175f6453e57538f7639ddec7d6c1a983b70f44e696e2dc465fb0bb7dc68b8fa174 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\usb\prebuilds\binding\node.napi.node
| MD5 | 68f44e5e23babee7c0ef9a6dd57e29d5 |
| SHA1 | ac84e592f84f035d22fcaa09e4814d8dfd114425 |
| SHA256 | 6fefbf9d7f12a1dd2cf9ce463b0e922dae4382ae76b77a4193b593f8bdc11180 |
| SHA512 | 3916a77b66c6e737f9e9ff5271a3164f4d16efe153c772b7e7d9e578a7d961575dd4dacfd480309a97ddbbc99f6c83bfd984057358ed3d1ef17a9b954021cc42 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\start_cd.elf
| MD5 | 6d39f0575059d6e28c75283bc20aafd4 |
| SHA1 | 8e42e548b07c1ba6362ae72c4b61e08c177f78ec |
| SHA256 | 587cd66a13408e032f8439cd6920b93a76cc985050619ecb326b4b55cb482b93 |
| SHA512 | c98dd6274d2ea50678e687e36a95c9e2344a2748143a634cb6a495b996e6cf3d3eff494dfa9e89e3e635c72ed559eacd35ecc3bcd486585dcb8794462e0a20d0 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\winusb-driver-generator\build\Release\Generator.node
| MD5 | 56d6f34724af40b7a41cb423306c3743 |
| SHA1 | 5942068dd821c931765fa634126ed0c64625f939 |
| SHA256 | b3ac337761f6899209b88af2653ec223295d6c24803ed4d3253f09d12b910c3d |
| SHA512 | a5d4b44c800fe6b091edca7ec0e746ee878cd9e88ee354dcefcaed35d6e0a6a2144a64fdfc982e7c50921f3cbfdf0321319801065ffbdcd7de57c06e79a7f179 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\LICENSE
| MD5 | 4a4d169737c0786fb9482bb6d30401d1 |
| SHA1 | f1f38225ca1d134b166921daff75ca1a4d4c9cdb |
| SHA256 | ba76edfc10a248166d965b8eaf320771c44f4f432d4fce2fd31fd272e7038add |
| SHA512 | 79a18b78ea9868b7053b7607f7d994f71f55458ca6079e883791b3a978d6bd9427d1922394cb570b70f735cb52eb2b25384a4cb11e5b7fb051f318be8acfa91e |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\xxhash-addon\build\Release\addon.node
| MD5 | 91d491c50cc7fce475754a48df813ab6 |
| SHA1 | 74ce6342ba58f12de5f65cf28132dbe1f64bf9ad |
| SHA256 | 2766e5c55baab5db65170d14a7cb444ad4603ee7713df4d18fc827c86c3ccf04 |
| SHA512 | 945e661f9e9118ab02895025b607dc6782d3641cd3daeba1cdca071ea9a5778b9654a8b3e6ae898a3f5de6c89509e0590d5335ace263a94258fb72f13f1d7d64 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\kernel7.img
| MD5 | a9f2daa2cded0b0b5f39d115e944268e |
| SHA1 | 4186985a1a95c729e5c66d5ad812de57840f8fbb |
| SHA256 | 18241df422ae349cf47165d1eb9530da436d661f19c65dda7af76b2c26ad80db |
| SHA512 | f88a04635a9042838904d295b99c0fe8ec5bf4c4bdda8e5ec31e07d2b01eb6f972daed288a4a87212f5a638fd69feae9998ae8c3655aab452d676aea973bc92f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\config.txt
| MD5 | 6ab057d0d65875dac099bc312f86f864 |
| SHA1 | abddfa985616d52cb55541ecf1ab2caa84fe92ec |
| SHA256 | 002a45280651457f4185ebbc5532afc4d7070c68a344012dc6a854075f932816 |
| SHA512 | 34169a6715313884608110934ae6d63bee3d4fa8c6c39724d828ff758b8a7c3612dc269e1515d824c0b569ea0d4f5c38faba12be7a963b38fcd73da980050eea |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\uk.pak
| MD5 | 8162ec467ac9a8dac71d22c630a3e6a3 |
| SHA1 | 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a |
| SHA256 | d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f |
| SHA512 | e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\vi.pak
| MD5 | 247e8cfc494fd37d086db9a747991abc |
| SHA1 | bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92 |
| SHA256 | 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3 |
| SHA512 | 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\zh-TW.pak
| MD5 | 96620581f25ac84ddd4b9d0cd29b0749 |
| SHA1 | 6413faf7b2e31755674f27de8cdab0788488526c |
| SHA256 | 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988 |
| SHA512 | 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sr.pak
| MD5 | 7cfb6dd166594df07bccb7c08774a667 |
| SHA1 | 1c06a8adb81c357909ade0307a67a122c94c0cb7 |
| SHA256 | c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d |
| SHA512 | 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\lib\shared\catalina-sudo\sudo-askpass.osascript-zh.js
| MD5 | bb4cbf5a010d9aa9f08e14a707ea36e1 |
| SHA1 | 7efdc63a95f46c191265e83b955e3ebc4d5fb816 |
| SHA256 | 1dbd2bfc3d0089480229d944cf0d58bc0e94f28ea03dc7c075a7c80e185b56db |
| SHA512 | c0f5ea287391796a7bc403f5e2c073405bbb1cdc8b3aa7ca08fa14846f314206a3224b82d6c98ee6b41e5fafa8ae72185aad125fae2b74bcc7811c067e269214 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\lib\shared\catalina-sudo\sudo-askpass.osascript-en.js
| MD5 | 47814f752439d2f82de579b954dece15 |
| SHA1 | cc7550cbc9a33aafa158a3c02cdca7617ea9b239 |
| SHA256 | 272e7d90c61bb7a45618c8c1e40a573f6db1f6961bad8acb41cf607f8983f8df |
| SHA512 | 673159a9584f8f4ecad73291949cec5f5da4a02a99944a25c15faa94247a5c2528c1c37f2495fb730ad377a08352b5d9f59c93001ff854f5870d4605dde78790 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ro.pak
| MD5 | 5f6af740e111066ba5245a7fb58c3d38 |
| SHA1 | bb09d9f89ec6e1db0a45cd15f84930dc34011b16 |
| SHA256 | b9fee8754a5307751f197d1968dd02e163dba30f09a36c72f88b63b4ee5bcd26 |
| SHA512 | d2c74477bfa01e8b5b51fbb4393368dc967be362833cc2ac61fc989f41896f17b957d10c0e03b442fba1f3d6059637f355dd6e537e6e00c382eaacfc1b5d64e2 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bootcode.bin
| MD5 | 61b2237ab2991e381de61089a998b768 |
| SHA1 | cedaeb8daa7728e9857d199b4f03d84936499b7f |
| SHA256 | 7b24659eb049333eec69f59cf0c5aa0d49eab5ed67726af3c6f0c9bcf1e3f9e3 |
| SHA512 | 8ea339244e4b6d4248a341eeafef3bc5e0a2dd1dc40eb9c44bbae6a617d6340e1390f80198f86c52d93615112a3e4f912529d2578980bdfac0faa221e3c4cf02 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-cm3.dtb
| MD5 | 8a7c953afe0a5fc484879c43b7737e8c |
| SHA1 | 2480dfd2043a69199d9fa4b7be10054f648f91b4 |
| SHA256 | deed502c6ed009f7141c18b94dd5077995e2fe74a9b8777d829db59f53414ac0 |
| SHA512 | d12e68267b42d9fbd0e8dc83e902296d3748d7ee8de2dd73d072982c84af9cb24a83ace648be84c452fb9c34519cb6467345f77cd5e47a5e708d25f7fdcf57b3 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-3-b.dtb
| MD5 | 20ce58eab8638692b6af0dba081c3763 |
| SHA1 | 19db51b441554ee5e0047989f30c721344b94be3 |
| SHA256 | aa0da4b66ebdbf16824b25b4d7afc090b585098758be205e4de83d9cdbd72034 |
| SHA512 | 4e5d45bd90523b6e4c24c3a1d7d60f25861f15f1e105b79bd9f59c66634dc25dd196a654c7a0c54fa2071f8f2362e9622ced5b94c99e5400df4c65cce3a54d29 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-3-b-plus.dtb
| MD5 | 604a83265187c6b495258f1029b26720 |
| SHA1 | d3acea7c1bf45438f67577d2112b6b911b446013 |
| SHA256 | ed9bcebb25ba378a8d2202686f93f6a55948c1883da1555e882c1ddd08110adf |
| SHA512 | 6aa35aca4921bcf8d344709fc9a01a907f001cf1b5081627c4fcaceb3111683712754a75c95b823ff3b167494843a4b67b066e38302fef74043cb4cf64b4a056 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2709-rpi-2-b.dtb
| MD5 | 5363e77af7557926ea254db85667bee0 |
| SHA1 | 339b61f3d66565a3cda65031b4bff2ea3b29b128 |
| SHA256 | 49cf69c7ebcacebd9d5604501a6e74892d42d6118f496098927aede84686d2d5 |
| SHA512 | 897f904ef81e0259a54064757d577b5fbebbba4a2853e2789219814f5727dd0081f3b0cab1018c362a55835d6568ff2323ba1f8d564602ab940df3a0cd6fcb47 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-cm.dtb
| MD5 | f8454543a07103caae04943933308371 |
| SHA1 | 8004f2ea79b06d4e854555313109fe9d19759ab0 |
| SHA256 | 5d6c87c59dbf2e93dec3f9453ed8a01a0f7d4d505682bb816f082ccd9fb4a89b |
| SHA512 | 56df097978a72cd5d5315359887ed2d75a94b7c28db109c483dbfa90f5f1bc003cf5a62a5611f9a29cde499d6fa91109bd76daf452830d35443cbcb5e31108c8 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-b.dtb
| MD5 | aaeca97637c02950f2d0a26640fd264a |
| SHA1 | b662622ab7f73e1f79e799255add860d73493e6f |
| SHA256 | 1beabd7549cd1dac94ad3cdaea2bc40bc5d8ca3ced2d2dfd5caf43a9c7745725 |
| SHA512 | 60c54b119ab92d666fddc044b456fb22748e69b69b8953848b22cc94fded8e421c1c7d61f4bf7a9790f54ab64f8396162052436cd73b6b3ff64a4a610f2b071d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-b-plus.dtb
| MD5 | 83ff064505cc83b1dc2e69e2d348ff8c |
| SHA1 | 3f598c67d10dcc6f539c40ce10ad987778d36920 |
| SHA256 | 358f22c60f89f4cce5c6bc12d83f94152a9f06dd5482bb02c7362f99e72c7939 |
| SHA512 | 8d85fa24468ca355c495f196fede8273b3a0766e12fec683f6d081f302c3368f2727a06006a28ffcd86f9c01af0ad37c5b0624a10aaa867e730150c12f7b14b1 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\package.json
| MD5 | 1787b1da712b1dd02b8bd7ff0ebd49ce |
| SHA1 | 187b01e8d0a19b2486e16801e3b0f98546865e20 |
| SHA256 | 2febe2a37b2758e04c5eea46a4348440410a76f06354b015c8e002309fc097d7 |
| SHA512 | c7bfb27179a17236f02bb3a8df405f001b2717ecaa6a4ff83622e537856c40aa5d520062a9e60f6036fe082fe642adbafa3855ec6d98c6f0f7acfe1ae09c48ec |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\elevate.exe
| MD5 | 4cc2b8d1c71ab0835e82c15fb2e1a443 |
| SHA1 | 4b3fc0b242f7f9ed9dbd394b5547a8d18b553823 |
| SHA256 | cc39cac86cc1f7b33981d7b05eae9d5a01d18d48b6cb3f94c536e1d63bfbd214 |
| SHA512 | c4d01a9c3fe7e3ac12e248fe204a41d4d132d39c8ae327929421a4f0df72e0a52dfa2d4fbbd7f0be9d4e80913847a66461c3ddc924cc3a646364b90d54fb1cb4 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app-update.yml
| MD5 | d4ff3f267ba34f37c967c40c1d9cbdbb |
| SHA1 | 63e8c264da051c7db1fa1559376694ce63acf3f2 |
| SHA256 | 08dc4a54ec6d94f3a6350d61d333b6a861f960b61f5229bc56a551e10d902908 |
| SHA512 | d50cb447efe9e8737a70225af9d2a17341dfbfdca1d2c248930f29abeaf5497e83322e9fb5b5f77f610f8d5247161394568fb13f8fbe8e26ff9a6ff674ec2154 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\zh-CN.pak
| MD5 | 7507e95fbb433aa97dd9c2e3c2e08d0b |
| SHA1 | f61227f2173ceece432289b099285d4a9322e2ef |
| SHA256 | bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1 |
| SHA512 | f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ur.pak
| MD5 | 30ce113bc3c466751bdf8d50cc568ff8 |
| SHA1 | d0b434b8f196a320995f49845d64054dcaedb97f |
| SHA256 | 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41 |
| SHA512 | a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\tr.pak
| MD5 | 08b737a1b8ecb81c8ef4d7b8f6b5f503 |
| SHA1 | 99d2cdbb720f114051627acbb79475ccc57ce6a6 |
| SHA256 | 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8 |
| SHA512 | 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\te.pak
| MD5 | 11c4c1ef8708db1f742333e71e312831 |
| SHA1 | ef432cf1d5df168039cb3d1b5f4d34bab76cd475 |
| SHA256 | 9889b8d2e5f5fc5ed199831954af7b05028ec7a68f448b19ba74d91b97c223d6 |
| SHA512 | 27c73d81271612bb2e4925d2091db9119859080484f5fa17536291c06bacdffadb1962ce56d0979d4f1f49add14990d73c5bafea45ce48141a36a2e55ade756c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ta.pak
| MD5 | ab1ece31afe29124d183b3826c7ef291 |
| SHA1 | e707a983f039310b867bf4b502165f1f512b9818 |
| SHA256 | 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22 |
| SHA512 | 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sw.pak
| MD5 | a5f4010de863114025b898d78036b336 |
| SHA1 | 0fa93fee8f60d1bf2fec4e01c5306404e831e94c |
| SHA256 | 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30 |
| SHA512 | 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sv.pak
| MD5 | b4d3ab3791e862711986bb585c1676fc |
| SHA1 | 2123c8879a70728657e72415d7056aac4a1527e2 |
| SHA256 | 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66 |
| SHA512 | b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sl.pak
| MD5 | c08d0d08fd48822c603a27aaad4e9557 |
| SHA1 | 8b7d616ef86bd955cbdf68197cdf748aaf99240a |
| SHA256 | ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65 |
| SHA512 | 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sk.pak
| MD5 | 7cedcf98e68f4001cc13f2b761571681 |
| SHA1 | fba32c46564452fee5697777b6d3c60d69589528 |
| SHA256 | e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb |
| SHA512 | c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ru.pak
| MD5 | 822750ab24d9ef1a54f3d987eee1acb5 |
| SHA1 | dc99948cfd029cc9d98c10e487625832db8f1855 |
| SHA256 | 3906f069e6e2a3a0235826e9382624e7a4cfba309f00bbd0963ff0c9f2c179fa |
| SHA512 | b0d9521e088c80470e5d15e310bf7e3e27b16464c5349f2bd6f29a78e7fdc7da36b3b1bee68e4496585b0e2f20098fa6b0b3360c4b43f2ed9718d292755f5be4 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pt-PT.pak
| MD5 | f7a822e3dedaa3df046c3172613e275d |
| SHA1 | 14c21d2cc296197a9a618f21dc103f0d6749b77f |
| SHA256 | e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e |
| SHA512 | 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pt-BR.pak
| MD5 | 54efb4172a7110a567ad87f67cfcd551 |
| SHA1 | ea8eac6f2328b8a1b27249fced7c16154060dcf3 |
| SHA256 | c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742 |
| SHA512 | ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pl.pak
| MD5 | bc72c8e2426765839539a3b8340fe19e |
| SHA1 | 630bd0e844e673454477b819c808b7e18bebe0db |
| SHA256 | 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755 |
| SHA512 | a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\nl.pak
| MD5 | 1e5b9d923d5f8cef49c913badd2784ba |
| SHA1 | 6e42a558a7207b2cee2452263eb661843fe74d0d |
| SHA256 | 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e |
| SHA512 | e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\nb.pak
| MD5 | 2f31dbf3f36906c58b68f7f88c433257 |
| SHA1 | 55552671f81a9b24ef05d16249bcf5135d5a98c9 |
| SHA256 | ca435b5ca91a253129bde2155592d9c3876005c4ca4389e4ecf97adab9a6de4a |
| SHA512 | 079ea4f01582e9ab05e2c63850b654ab84ce3b8bb72390899dfe662e2c4138b82f869829fad3ee645546dd8e27c749d2ef20a0d5bc94db174a59c6e0d43ea27c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ms.pak
| MD5 | bff5ea1dbedfab0da766909c2b0beed3 |
| SHA1 | 9ab6989c47ab4cea0d620fe70bba5c1e15a58a51 |
| SHA256 | 6240e885116732ae850542cab40c80950bf83171c17a84bf02d7df9b1a2a98a4 |
| SHA512 | 8bc32f7bade04932b51a2bc4e8d5d609d379a157accca63e43977a19f2604e87ba754bf545651a1237c74e05577f36d85e53d20fa1da41e7967e8ef8a657464d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ml.pak
| MD5 | a7f6cdc17eddc1550260489d478ec093 |
| SHA1 | 3308eb8f7d1958fe6b9f94602599cdc56460aa89 |
| SHA256 | 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577 |
| SHA512 | 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\lv.pak
| MD5 | 28eeee40b2722e1cc42905c70367fbdb |
| SHA1 | fd82465b1522d314b295207934a7641b3d257d66 |
| SHA256 | 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684 |
| SHA512 | a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\lt.pak
| MD5 | a3e29f4a3ca6f2058a6f464e49f914b6 |
| SHA1 | 3fc632eaccf91e86b365d444e7acba6f9302aa5c |
| SHA256 | ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47 |
| SHA512 | eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ko.pak
| MD5 | 27705557eb4977c33bc69f27c2ee9f96 |
| SHA1 | b0297538c4e68515b8f65d44371cb8f4cdbc489f |
| SHA256 | de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc |
| SHA512 | 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\kn.pak
| MD5 | 66867a2133ef0c73f385af7d5d2eed91 |
| SHA1 | 8ca6e7e6d679255c2c151d38cf70a5f25cce059f |
| SHA256 | 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35 |
| SHA512 | 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ja.pak
| MD5 | 781fec59b38a21dc663f3a482732196b |
| SHA1 | 1b660ba0bd9aaf67c5fe49a372687facd6d264ea |
| SHA256 | 3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da |
| SHA512 | f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\id.pak
| MD5 | f6d153fa3087dab3fcef255b5afe8538 |
| SHA1 | 99f123a133d3ce1a70349a7d1948a8d57981e1c4 |
| SHA256 | fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7 |
| SHA512 | c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hu.pak
| MD5 | 7317adfcba87621963e9cb2f44600e2f |
| SHA1 | 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4 |
| SHA256 | 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f |
| SHA512 | e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hr.pak
| MD5 | 209efaa890532ddbb1673852e42ded7e |
| SHA1 | 8e9a3e643183d4cbdfad9fd2a116e749b5313a95 |
| SHA256 | 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40 |
| SHA512 | 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hi.pak
| MD5 | 9697c9ecfa893db09d046e4feb8f1260 |
| SHA1 | db08fecfc31d278b3f74c85f98c34dc78b75f4fd |
| SHA256 | de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b |
| SHA512 | ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\he.pak
| MD5 | b2f893d17e118cd03055b55b0923206b |
| SHA1 | 99b6358438a3eaffae38dcf6a215d8c5f9bfdc26 |
| SHA256 | f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f |
| SHA512 | 34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\gu.pak
| MD5 | af5cc703c77e1a4b27233deb73c6ace8 |
| SHA1 | ea92dce379ec9405fd84274566d363ce302d7f1d |
| SHA256 | cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab |
| SHA512 | dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fr.pak
| MD5 | bc286000070c9a918a8e674f19a74e12 |
| SHA1 | 41221bb668e41c13fbf5f110e7f2c6d900cdffd1 |
| SHA256 | d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64 |
| SHA512 | 553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fil.pak
| MD5 | cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856 |
| SHA1 | c3b5900a38354ea00b63622bb9044ffb4788723b |
| SHA256 | 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e |
| SHA512 | 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fi.pak
| MD5 | aceed6757e21991632b063a7fe99c63c |
| SHA1 | 491b4aa5eaeb93e662f720c721736e892b9117e5 |
| SHA256 | 370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f |
| SHA512 | 664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\et.pak
| MD5 | 339133a26a28ae136171145ba38d9075 |
| SHA1 | 60c40c6c52effb96a3eb85d30fadc4e0a65518a6 |
| SHA256 | f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f |
| SHA512 | d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\es.pak
| MD5 | b1c6b6b7a04c5fb7747c962e3886b560 |
| SHA1 | 70553b72b9c382c0b25fa10fe2c967efbcfcb125 |
| SHA256 | e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736 |
| SHA512 | 7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\es-419.pak
| MD5 | d25865c02378b768ef5072eccd8b3bf0 |
| SHA1 | 548dbe6e90ece914d4b79c88b26285efc97ed70c |
| SHA256 | e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0 |
| SHA512 | 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\en-US.pak
| MD5 | f982582f05ea5adf95d9258aa99c2aa5 |
| SHA1 | 2f3168b09d812c6b9b6defc54390b7a833009abf |
| SHA256 | 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d |
| SHA512 | 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\en-GB.pak
| MD5 | db946e28e8cd67fc45a317a2d22943d3 |
| SHA1 | 0e096f66915f75d06f2ec20eae20f78ad6b235e7 |
| SHA256 | 7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe |
| SHA512 | b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\de.pak
| MD5 | 5e7ea3ab0717b7fc84ef76915c3bfb21 |
| SHA1 | 549cb0f459f47fc93b2e8c7eb423fd318c4a9982 |
| SHA256 | 6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403 |
| SHA512 | 976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\cs.pak
| MD5 | df23addc3559428776232b1769bf505e |
| SHA1 | 04c45a59b1c7dce4cfabbac1982a0c701f93eed0 |
| SHA256 | c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0 |
| SHA512 | fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ca.pak
| MD5 | 8fc109e240399b85168725bf46d0e512 |
| SHA1 | c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5 |
| SHA256 | 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62 |
| SHA512 | 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\bn.pak
| MD5 | be160a93d35402ed4f4404f2b1d05d95 |
| SHA1 | 52db7af673b6e5318e6663751938dbbce4f6280e |
| SHA256 | a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287 |
| SHA512 | c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\bg.pak
| MD5 | 470dde3136a8da5752fcde269d4b6b43 |
| SHA1 | 85196012cc0df090650244f7b55e51728c68806b |
| SHA256 | cd6701f8b682b6d677ae2010abfb4bfd19555bb42847e2ffddc54e203d50b373 |
| SHA512 | b39397c8a3a081e61dd52ebbc0a4cc2ac33f9427c1ea9215995cd8915d705f30d2d3290742155890a61fc3819b6076c1ae41d278171517622ad35fc6f430702a |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ar.pak
| MD5 | 1b55e90455877384795185791bc692c2 |
| SHA1 | 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46 |
| SHA256 | ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df |
| SHA512 | bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\am.pak
| MD5 | 15b05881e1927eda0e41b86698ce12da |
| SHA1 | d629f23b8a11700b410d25f3dc439c8c353b0953 |
| SHA256 | 4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd |
| SHA512 | 6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vulkan-1.dll
| MD5 | acc5484ae9cfff351ffc0341fae483dc |
| SHA1 | 616b6e2763a9e4ac5f1c959ebdc4d15b68ac0d7c |
| SHA256 | 1c7fe50af9f2c7722274ee55c28bc1e786effbed15943909d8da8f3492275574 |
| SHA512 | 25a47e2e7947f358f993fee1bd564c4e5df8db1f72ba7fb376b5aed0e671fc024e1b9d47754a78cac90082a84debb0eaef772e91f8121a2d6f35a5df41cb8fe1 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vk_swiftshader.dll
| MD5 | 11308456ed9d5a9ebfdbc0f86160e797 |
| SHA1 | a56a42951a4365b0228bdac44a31cca6b789a60e |
| SHA256 | 18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e |
| SHA512 | 062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 1270ddd6641f34d158ea05531a319ec9 |
| SHA1 | 7d688b21acadb252ad8f175f64f5a3e44b483b0b |
| SHA256 | 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29 |
| SHA512 | 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\snapshot_blob.bin
| MD5 | 2b09a6d421a1eb549237382c3cecd328 |
| SHA1 | 98722a09a5be2512ec55ff6462a200c71b16ad2a |
| SHA256 | f9c472794aa190e96eac204d6c2d86c9ef63bfd6fef8df69f39b85cf4ad853c0 |
| SHA512 | b3636d7d3c53326169dbd74087f1e1e9afe67ff794ed25eda0c9c86773a9068e2770857b47c1c4a49297128eaf628ea31078a852f9209d2e173fb7021146b721 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources.pak
| MD5 | c7b17b0c9e6e6aad4ffd1d61c9200123 |
| SHA1 | 63a46fc028304de3920252c0dab5aa0a8095ed7d |
| SHA256 | 574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66 |
| SHA512 | 96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\LICENSES.chromium.html
| MD5 | f0882b4f2a11c1f0c524388c3307aad7 |
| SHA1 | c8952b4076167de1374d0c1f62b1fde8fe69f4ae |
| SHA256 | 1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f |
| SHA512 | 1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\libGLESv2.dll
| MD5 | f96fc251bae55a5fc0f1ddaed8706015 |
| SHA1 | 532c2b51f5e3256777ae3b9f40c8067b20eee0a2 |
| SHA256 | 7897eb2441975523e3e78dbeabf2d9deba66534c69b6cefbf87ea638ee641ea6 |
| SHA512 | cf2f9f126204596e37bbe5517500a738ad06f306cb49e7a36bc050e38a61191a767e5d3fecd570410f08d67b64e77019101b2970867e8f0d41b35a6526d3d280 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\libEGL.dll
| MD5 | 5de7e395632af0d31d8165ee5e5267dd |
| SHA1 | 740ae64850e72e5ab3d49e3bbc785399a30a933e |
| SHA256 | 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a |
| SHA512 | 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\icudtl.dat
| MD5 | c6ae43f9d596f3dd0d86fb3e62a5b5de |
| SHA1 | 198b3b4abc0f128398d25c66455c531a7af34a6d |
| SHA256 | 00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee |
| SHA512 | 3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0cf9de69dcfd8227665e08c644b9499c |
| SHA1 | a27941acce0101627304e06533ba24f13e650e43 |
| SHA256 | d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88 |
| SHA512 | bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
memory/2448-6416-0x00007FFA6D850000-0x00007FFA6D851000-memory.dmp
C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 47acf6a72ef514b5bef757c6251993fc |
| SHA1 | ae9487e5f2501db1a0ac3140d422583ad9c0f724 |
| SHA256 | 3ba17d80d9074a77150505afe90ac0c2ae393c3f3135fce066300bcbe13bc6ec |
| SHA512 | c8b09282871f56c4b375b3c9544f1a981897ab6d103b6f46fedfabbe17582b09ffa5a699b373855c3304a6694039379257234f8f88900e3e5faea40056e40db4 |
C:\Users\Admin\AppData\Roaming\balena-etcher\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\balena-etcher\Preferences~RFe683258.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
memory/4428-6739-0x0000000063CC0000-0x0000000063CEC000-memory.dmp
C:\Users\Admin\AppData\Roaming\balena-etcher\sentry\scope_v2.json
| MD5 | 97493532e52f9b9fe4d2275da3bea142 |
| SHA1 | 29365e753093fe6e476fd16b23fb2e88db45e1f4 |
| SHA256 | b79fc4dccbd73259ef5be02a95e38807fb12ffc70260c4ca29c4367bdd547bb0 |
| SHA512 | 9892107b97dc985aedec376d58ba95c02e4f09c399804b0a618e41c069d1edb0b73ba69d040d66ff58b0ed57cdbe9360fad89710d472cc9404fe242e7f1de9cb |
C:\Users\Admin\AppData\Roaming\balena-etcher\sentry\queue\5fa6b78657364b109828be570e0888c2
| MD5 | b07785ff62036b52ce7cc22c62a9aba2 |
| SHA1 | b7a5318a4b1cf4a9c9f8b5e1f5f9120734f5ac04 |
| SHA256 | b6fc5fef392aedac2e1b0385031b57c75b8c323e82af7a5063191a3b1a31621c |
| SHA512 | 5bbcc4ea7990c5cae2bbbd6640df161896b3aeae598c4048aa7876ba6674afe2fe6838e01bf5a79852ac68b2a7425b57f6949c0653f22ad92317e096404d55ea |
C:\Users\Admin\AppData\Roaming\balena-etcher\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\balena-etcher\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\balena-etcher\Network\TransportSecurity
| MD5 | d26be3e3ca55660f1a08eafe6e9043f8 |
| SHA1 | ea9c38a00de0e3be0091e0881ce9d350385b9219 |
| SHA256 | 67484f71afb68a629952f60829054cebf2eed29d8749a4b1206e928f92533dc7 |
| SHA512 | 19899afe05d2950f5cbca53d0086068f182278c336d04a2218189367e558760a6be4d676684851080e95524bf2a83c08d5e03941723c9ae2f767bbd3c2440db1 |
C:\Users\Admin\AppData\Roaming\balena-etcher\Network\TransportSecurity~RFe688327.TMP
| MD5 | b3b38bac9c64a14fbe4ed0cf1663d417 |
| SHA1 | f27d3732e2b3c9d0b78e61509e38cda0d64e0514 |
| SHA256 | da003ed6c1c276593bfacba4e5963f514df09ea62d359ce4d914f866d47f8e01 |
| SHA512 | 302d5976c93bb526ffdbc4def441cb5554a2f59c4aade6a148957c1970f560ef300892390a4cc84626cbaa8316a56887a766cdda62fc371767d1c6d2510b7499 |
C:\Users\Admin\AppData\Roaming\balena-etcher\Network\Network Persistent State
| MD5 | cc582ec98c86447236180371c96db4f7 |
| SHA1 | beb45765310133e20ee8fc8e7dc2d28bfd14d58d |
| SHA256 | eda2e2945f79e51c28843158410f8140c5ea8f857feaf2073bad5c9704ee795c |
| SHA512 | a7f2febe714514dca8a4feb672a2c97c20e1c6f80ba37a412d311df39a07b80195fc1abdec7bcf04c1c9cb03fcb76b8d1bd7f37a90ce102561d44d6565d7b936 |
C:\Users\Admin\AppData\Roaming\balena-etcher\Network\Network Persistent State~RFe688327.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js
| MD5 | bae1d4ae7261a1816ea3598b86241e89 |
| SHA1 | 254bb34854a4460adf9761bf47591ccffae8c451 |
| SHA256 | 6b1927c64a9bb1ce566a4e75cf21de4f0e464e0e612960a28d84817430c12dc0 |
| SHA512 | f9c54275354fc596c1edc2d6e2e5582596cc0ba51999dd13523ee183d2055a5821ccb035d00e713dd9ad2957b01d948c33e5bfe24bd12619b109c2e076368134 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7a0baf68de52f508654bb01aaaf8116c |
| SHA1 | 0d6c7b6731c2df96d25853bce5b4faf4fd103f6d |
| SHA256 | 151be824e551a72d0b97e5b81b43b3d7efd06098ad4c489f77392d7d1e08f997 |
| SHA512 | c5298a532820afb41ca2012b7c18a65ba8c2e8c2e4e199f1f6d85f3e872cafe97f13b8c7363034c263cc10cb2188550fefbfe1159a04848e64076d30ed0db103 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js
| MD5 | d39c7bf588c73f2859d0ae25f56cbe1c |
| SHA1 | ac35cd19b38d1d6231ea91ccb8caa596e47aa4ac |
| SHA256 | c3c04d5881cfe809a2972194ec0913990084b015182287f9501fe5cd3b55aeb9 |
| SHA512 | c5bf61876031ef25e89a2a402a95da508c2c34dd6115628dd19c505cb2113b2c95f56c2828c034dc29f9ba777909e50d7082a298be99099b764b57d0ae176d0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\targeting.snapshot.json
| MD5 | 6b21b6fb29d0dc561d698955d995766c |
| SHA1 | ae6e68e6d51716c5116377dd7398f10c774067fa |
| SHA256 | 47172dc73934eacee5c90a291be84fc49501357259642c77f9c3db512882e6b7 |
| SHA512 | 2832d981a17a7136b8ec4e362fda31b159446bfd0bbedf417ff19db5f530ac11ba97a48ca9d934f678a3ecd9a6785c5853dc63d6da1288a4123dea78abd5cb8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\xulstore.json
| MD5 | 1995825c748914809df775643764920f |
| SHA1 | 55c55d77bb712d2d831996344f0a1b3e0b7ff98a |
| SHA256 | 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776 |
| SHA512 | c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\bookmarkbackups\bookmarks-2024-02-22_11_yGso89ZhjiFQzec63Sgphg==.jsonlz4
| MD5 | 70bd74227ce43aa7457075fdd890a524 |
| SHA1 | 94c002c2a1efb3f8bbcc5a0e02f26b229aadec67 |
| SHA256 | 22c7362db229e91520fe221004c8a931e59bd84337e311ab9016514e62cb6c6b |
| SHA512 | bca2d60de3774e0aefee4cd90106f269b37676a1890684792bf3113afa27d5f6a6ec7bbafa43970e792cfd25bd4a9eca24ca8c037aefceb5bbb368507611d6a9 |