Malware Analysis Report

2025-08-10 12:06

Sample ID 240222-zsdg4afb2x
Target https://www.virtualbox.org/
Tags
bootkit discovery evasion persistence
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://www.virtualbox.org/ was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion persistence

Detect jar appended to MSI

Sets service image path in registry

Drops file in Drivers directory

Looks for VMWare Tools registry key

Downloads MZ/PE file

Looks for VMWare drivers on disk

Looks for VMWare services registry key.

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Registers COM server for autorun

Enumerates connected drives

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious behavior: LoadsDriver

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

Uses Task Scheduler COM API

NTFS ADS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:58

Reported

2024-02-22 21:28

Platform

win10v2004-20240221-en

Max time kernel

1779s

Max time network

522s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virtualbox.org/

Signatures

Detect jar appended to MSI

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\SET39B2.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SET56FE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET57E8.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET34F1.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET3CA3.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnet.sys C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET39B2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\SET56FE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\vmci.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vsock.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxUSBMon.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxNetLwf.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1757.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnet.sys C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetadapter.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRIVERS\SET1DCF.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET1ED9.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET3CA3.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1C08.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET5299.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmx86.sys C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1DCF.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1ED9.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET36F.tmp C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetbridge.sys C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1C18.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\vmnetuserif.sys C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxSup.sys C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET36F.tmp C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\hcmon.sys C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET34F1.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET1757.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET57E8.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1756.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET1756.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET1C08.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRIVERS\SET1C18.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET5299.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A

Looks for VMWare drivers on disk

evasion
Description Indicator Process Target
File opened (read-only) C:\Windows\System32\drivers\vmci.sys C:\Windows\system32\DrvInst.exe N/A

Looks for VMWare services registry key.

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmx86 C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\syswow64\MsiExec.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vmci C:\Windows\system32\DrvInst.exe N/A
Key security queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VMware C:\Windows\system32\msiexec.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "system32\\DRIVERS\\vsock.sys" C:\Windows\System32\MsiExec.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ = "C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmnetbridge.dll" C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSVC.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSDS.exe\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32 C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxProxyStub.dll" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vmware-tray.exe = "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{410c0ee1-00bb-41b6-9772-e12c2828b02f} = "\"C:\\ProgramData\\Package Cache\\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\\VC_redist.x86.exe\" /burn.runonce" C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1524.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1525.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\SET3272.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\perfh007.dat C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\SETE0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\netadapter.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\SET3A6F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET381C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\SET57F9.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\perfc00A.dat C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET382E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_1b7e5f451712307a\netadapter.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netadapter.inf_amd64_1b7e5f451712307a\vnetinst.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\vmx86_0EB6D425AF13AF7EF7CCBE7DA93B4388751906C3\vmx86.inf C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxUSBMon_4DC22822E5ED15CFAF42864CC0F1E63EBC74D076\VBoxUSBMon.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vnetinst.dll C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\system32\SET1C19.tmp C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\SET1524.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_6389ef9a2a816fc1\VBoxUSB.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\SETDF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vmusb.inf_amd64_bb336ccced75363c\vmusb.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\SET381B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5577.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5588.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\SET1FA4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\SET1FA5.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\vnetlib64.dll C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File created C:\Windows\system32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\SysWOW64\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\SET5577.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\hcmon_AE2641AF84DF5670FA8422233CEAC89B307A0500\hcmon.inf C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
File created C:\Windows\SysWOW64\vmnat.exe C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\SysWOW64\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\perfh00A.dat C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.cat C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Oracle\VirtualBox\nls\qt_bg.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_fr.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\vmdbCOM.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\messages\ja\vmui-ja.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\x64\libcrypto-3-x64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\Vix_ReleaseHandle.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\isodata.vlcl C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\features\featuresList.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixSnapshot_GetParent.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_nl.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\ico\import.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\pcre.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\perf.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\security_toc.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\vkd\spherelet-initrd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\VirtualBox_constants.py C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\x64\EFI32.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgrader9x.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\readme.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\opclassList.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_CopyFileFromGuestToHost.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\gobject-2.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_Delete.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\schemas\DMTF\CIM_VirtualSystemSettingData.xsd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixHost_UnregisterVM.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\ico\vd.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw15-config-option.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Win8\vsock.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_hr_HR.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_response_files.rsp C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\x64\SAS1068.ROM C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\icudt44l.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\32bit\libcrypto-3.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sk.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\vmnetBridge.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\swagger.zip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\evc.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\gos.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\en\stask.vmsg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\doc\lang\c\functions\VixVM_WaitForToolsInGuest.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw99-config-option.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\vmacore.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\32bit\vix.lib C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware VIX\Workstation-17.0.0\64bit\libxml2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxAudioTest.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\glib-2.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_hr_HR.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\sigc-2.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VMware\VMware Workstation\containerd-shim-crx-v2.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UserManual.qhc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_el.qm C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI53C8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI39F0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI3DAC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6BF7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIACCD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\VMware\vmPerfmon.ini C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\Installer\e590a57.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e6988.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI623D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI39D0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI81A7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC30.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI61FC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDC5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\VMware\vmPerfmon.ini C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIC4FC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e69cb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI620D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI172F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File created C:\Windows\Installer\e5e6987.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe N/A
File opened for modification C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI5E32.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e590a57.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI6FD1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIABE1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFC19.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\Installer\e5e69b1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFCB7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem7.PNF C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI5DB0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}\IconVirtualBox C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICE97.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\MSI1FA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICB0A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICF92.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}\_generic.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
File opened for modification C:\Windows\Installer\MSIB48F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI1F9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI5C64.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI1181.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\syswow64\MsiExec.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\System32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\SerialController C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\SerialController C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\SerialController C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DFC76A6B-4873-458C-AB00-40B1FC028001}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{420F0000-71EB-4757-B979-418F039FC1F9}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BC1F4B6F-13AB-4239-8C79-D6DCADC52BAA}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87C1D1F5-564D-4E72-9AF7-E9D6211225F0}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\TypeLib C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D782DBA7-CD4F-4ACE-951A-58321C23E258}\NumMethods\ = "46" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\NumMethods C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VMware.VMPolicy\ = "VMware policy" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E28E227A-F231-11EA-9641-9B500C6D5365}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D803B4-9B2D-4377-BFE6-9702E881516B}\ = "ISnapshotRestoredEvent" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CC49055-DAD4-4496-85CF-3F76BCB3B5FA}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\TypeLib\Version = "1.3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1A686E3A-D57E-4B5C-A0A1-68D9BAB64C82}\TypeLib\Version = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7B98D2B-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{a6dcf6e8-416b-4181-8c4a-45ec95177aef} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B5191A7C-9536-4EF8-820E-3B0E17E5BBC8} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{D7B98D2B-30E8-447E-99CB-E31BECAE6AE4} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E121724-EB62-476B-B55C-B14FCE7EACF5}\TypeLib C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35FCE01E-8917-496E-A509-497C5F2FA365}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\TypeLib C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1E8D3F27-B45C-48AE-8B36-D35E83D207AA}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{813C99FC-9849-4F47-813E-24A75DC85615}\TypeLib C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{92ED7B1A-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{52F40B16-520E-473F-9428-3E69B0D915C3}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{755E6BDF-1640-41F9-BD74-3EF5FD653250}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{883DD18B-0721-4CDE-867C-1A82ABAF914C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AAC6C7CB-A371-4C58-AB51-0616896B2F2C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9709DB9B-3346-49D6-8F1C-41B0C4784FF2}\TypeLib\Version = "1.3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.vmac C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\NumMethods\ = "44" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{431685DA-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b79de686-eabd-4fa6-960a-f1756c99ea1c} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{392F1DE4-80E1-4A8A-93A1-67C5F92A838A}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{67099191-32E7-4F6C-85EE-422304C71B90}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D3D5F1EE-BCB2-4905-A7AB-CC85448A742B}\TypeLib\Version = "1.3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78861431-D545-44AA-8013-181B8C288554}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Applications\vmplayer.exe\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{41A033B8-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\ = "ITrustedPlatformModule" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{455F8C45-44A0-A470-BA20-27890B96DBA9} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.36,bundle\Dependents C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9622225A-5409-414B-BD16-77DF7BA3451E}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1d89e2b3-c6ea-45b6-9d43-dc6f70cc9f02} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08889892-1ec6-4883-801d-77f56cfd0103} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E8F79A21-1207-4179-94CF-CA250036308F} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{70401eef-c8e9-466b-9660-45cb3e9979e4} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7191CF38-3E8A-11E9-825C-AB7B2CABCE23}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724E960E-F6FC-43F5-AF3F-98319A1306EF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E459BB84-7D3A-4FDD-B1E5-969E88F61DB6}\TypeLib\ = "{68C57A6A-2F94-4D7A-A1F9-3433C46E6D0F}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{59A235AC-2F1A-4D6C-81FC-E3FA843F49AE} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\ = "IPCIDeviceAttachment" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B31C4052-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9EA9227C-E9BB-49B3-BFC7-C5171E93EF38}\NumMethods\ = "17" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\VBoxSDS.exe C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.HostDeviceInfos C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Elevated.VMXCreator\CurVer C:\Windows\syswow64\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 195198.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 626250.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 958167.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\AppData\Local\balena-etcher-updater\installer.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe N/A
N/A N/A C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe N/A
N/A N/A C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe N/A
N/A N/A C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5024 wrote to memory of 2348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virtualbox.org/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa607d46f8,0x7ffa607d4708,0x7ffa607d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

"C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding AF8EB236342B1B07FA45F6ACBF0A2B86 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 86728EE103FB8415B5047F36E4085F69

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0E3DBF13CEE7102C867E6A90691DDCEE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding F2EE3AE68AD95A974FA693A197D95288 E Global\MSI0000

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000140" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 741661FD3F24BDB84111001F31549A26 M Global\MSI0000

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000154" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000178" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding

C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8

C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe

"C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe"

C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe

"C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe" /Q /norestart

C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe

"C:\Windows\Temp\{607A9D54-F800-41BB-9146-1AE89E1B83C0}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x86.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /Q /norestart

C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe

"C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{881F2CCF-C1E6-4275-A8E2-0200BC2112DB} {165F0AD8-DFE2-4455-A756-90E7B460B9E5} 5512

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=1048 -burn.embedded BurnPipe.{52C127BF-DC83-410E-98BC-D11613B0D556} {3948549F-2D73-4439-B0CC-65EE2D88072D} 5324

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=548 -burn.filehandle.self=568 -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=1048 -burn.embedded BurnPipe.{52C127BF-DC83-410E-98BC-D11613B0D556} {3948549F-2D73-4439-B0CC-65EE2D88072D} 5324

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2EAF8BD1-343D-4516-99CD-498A37A25A65} {54D24B07-D79A-468F-90D4-E8E6FA6D8434} 1456

C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe

"C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe" /Q /norestart

C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe

"C:\Windows\Temp\{A8B301F7-410F-47BA-9FDB-3D329ED953B0}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\vcredist_x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /Q /norestart

C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D429AB89-DA3B-4D35-989E-4609944F6AE6} {BD61717A-0F36-4809-B4C2-2398978FAFF3} 1820

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1120 -burn.embedded BurnPipe.{325C2A92-4856-4EA3-B29C-D38B489E4856} {F9D9BEBA-74FF-437C-9606-ACBD646E8FA5} 5888

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1120 -burn.embedded BurnPipe.{325C2A92-4856-4EA3-B29C-D38B489E4856} {F9D9BEBA-74FF-437C-9606-ACBD646E8FA5} 5888

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{FDB2DB0B-2EBC-498E-8043-8BBD75DEDF99} {9FCFB21D-B618-43C7-8F5A-A426CEEA365B} 4700

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1A1C0657D4DD9B297175BC9A132BA348 C

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5924 -ip 5924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 908

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding DB6F46351D1F4650D9DB39F7D3E2FB73 C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 24EF5928076BE90ADB559B11E3058651

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding FB326B9F5D59F4753F93BD3B9969F1CA

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 699F2290C47137299427F08E764446C1 E Global\MSI0000

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 632D866DB7CC431DFD74C9E1AF265961 E Global\MSI0000

C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- uninstall usb

C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\DriverCache\vnetlib64.exe" -- install vmusb Win8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8\vmusb.inf" "9" "454492f13" "0000000000000134" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Common Files\VMware\Drivers\vmusb\Win8"

C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\vnetlib64.exe" -- install hcmoninf 5;Win7

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet0

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet1

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet2

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet3

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet4

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet5

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet6

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet7

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet8

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet9

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet10

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet11

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet12

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet13

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet14

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet15

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet16

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet17

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet18

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- remove adapter vmnet19

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- uninstall bridge

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- uninstall userif 5;None

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install bridge

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Workstation\netbridge.inf" "9" "498636d73" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\VMware\VMware Workstation"

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install userif 5;None

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- add adapter vmnet1

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files (x86)\VMware\VMware Workstation\netadapter.inf" "9" "4d396c847" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\VMware\VMware Workstation"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWARE\0000" "C:\Windows\INF\oem8.inf" "oem8.inf:fc9f1aa2477c2bb3:VMnetAdapter1.Install:14.0.0.8:*vmnetadapter1," "4cbdd083b" "0000000000000154"

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {91B041CF-3EF3-4B71-AC7B-2D6FC74A82EE} 532

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {7026C9E7-F05D-42C0-9309-2097059C2AC7} 564

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- add adapter vmnet8

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWARE\0001" "C:\Windows\INF\oem8.inf" "oem8.inf:fc9f1aa2df34f6ba:VMnetAdapter8.Install:14.0.0.8:*vmnetadapter8," "47eb20b4f" "0000000000000158"

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {B4B91284-CA70-47F4-B573-B728DABDF2E6} 784

\??\c:\windows\system32\NetCfgNotifyObjectHost.exe

c:\windows\system32\NetCfgNotifyObjectHost.exe {60479B93-4246-45CC-B0EA-4965608FF5FD} 612

C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib64.exe" -- install vmx86inf 5;Win8

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.inf" "9" "4d941d7e3" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\VMWVMCIHOSTDEV\0000" "C:\Windows\INF\oem9.inf" "oem9.inf:9c00c72d390d9e8f:vmci.install.x64:9.8.18.0:root\vmwvmcihostdev," "42936a687" "0000000000000188"

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,1869889814231578798,16823224911403238916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8

C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{13B6B196-AD7B-4C7F-9BDC-B1CB2EE86552}

C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe

"C:\Program Files (x86)\VMware\VMware Workstation\mkisofs" -o "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~1\autoinst.iso" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~1\boot"

C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe

"C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe" -d -e:{64A1C7C4-DC12-4A4A-87AC-298A13576763}

C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe

"C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe" -s "vmx.stdio.keep=TRUE" -# "product=1;name=VMware Workstation;version=17.5.0;buildnumber=22583795;licensename=VMware Workstation;licenseversion=17.0;" -@ "pipe=\\.\pipe\vmx892c93c72308d6e8;msgs=ui" "C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx"

C:\Program Files (x86)\VMware\VMware Workstation\mkisofs.exe

"C:\Program Files (x86)\VMware\VMware Workstation\mkisofs" -o "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~2\autoinst.iso" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table "C:\Users\Admin\DOCUME~1\VIRTUA~1\UBUNTU~2\boot"

C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe

"C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe" -s "vmx.stdio.keep=TRUE" -# "product=1;name=VMware Workstation;version=17.5.0;buildnumber=22583795;licensename=VMware Workstation;licenseversion=17.0;" -@ "pipe=\\.\pipe\vmx6a8407603c0a4c57;msgs=ui" "C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx"

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding

C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x460 0x308

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe

60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "ubuntu 22" --startvm 59e3b694-2f8e-49f0-83df-6292dbd2abec --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\ubuntu 22\Logs\VBoxHardening.log"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.0.1716049925\1837527951" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f07515f-df7b-4093-afa8-bb4e1df1d335} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 1964 29595cd4b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.1.1999964524\1069684868" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b20ef7d-14af-4d80-b25b-1439a2a5ca77} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 2364 2958926fe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.2.643125870\558094260" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3032 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e0590c-71bf-4a92-a899-6c6133b9f6d6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3380 29599ca2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.3.1970466414\719407274" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab06c274-1a59-40ca-af4a-ca870c92477e} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3568 29589267b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.4.700244460\1942460529" -childID 3 -isForBrowser -prefsHandle 3996 -prefMapHandle 3980 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f270a92b-70e8-476c-8968-673e3c3adc21} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 4008 2959b105958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.7.79536486\2115750093" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6611ebdf-24f6-42f3-b8ff-7a5ec480275c} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5468 2959c01ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.6.1775872103\55899259" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05910540-402f-4cda-97cd-1650b94ec80f} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5188 2959c01dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.5.762494885\601861403" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5084 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b7ebb9-45a6-4f0f-9153-806fe10d46fb} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5088 2959bfef258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.8.1030437557\484146624" -childID 7 -isForBrowser -prefsHandle 6084 -prefMapHandle 6080 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da525c4-67d9-4c24-aef3-10eadfa332a6} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 6092 2959d9e3458 tab

C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe

"C:\Users\Admin\Downloads\balenaEtcher-Setup-1.18.11.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq balenaEtcher.exe" | %SYSTEMROOT%\System32\find.exe "balenaEtcher.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "balenaEtcher.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq balenaEtcher.exe"

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe"

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\balena-etcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\balena-etcher\Crashpad --url=https://f.a.k/e --annotation=_productName=balena-etcher --annotation=_version=1.18.11 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=19.1.9 --initial-client-data=0x49c,0x4a0,0x4a4,0x498,0x4a8,0x7ff636968270,0x7ff636968280,0x7ff636968290

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1844 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

"C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\balena-etcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\balena-etcher\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2372 --field-trial-handle=1796,i,3009122724673295501,6364640554151706332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\Wbem\wmic path Win32_LogicalDisk Where DriveType="4" get DeviceID,ProviderName > "C:\Users\Admin\AppData\Local\Temp\etcher\tmpa89a42a1cf6a.tmp""

C:\Windows\System32\Wbem\WMIC.exe

C:\Windows\System32\Wbem\wmic path Win32_LogicalDisk Where DriveType="4" get DeviceID,ProviderName

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.virtualbox.org udp
GB 23.204.236.126:443 www.virtualbox.org tcp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 38.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 126.236.204.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 download.virtualbox.org udp
GB 23.37.0.104:443 download.virtualbox.org tcp
GB 23.37.0.104:443 download.virtualbox.org tcp
US 8.8.8.8:53 104.0.37.23.in-addr.arpa udp
GB 23.37.0.104:443 download.virtualbox.org tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 c.9.0.8.e.0.4.7.8.6.1.0.f.8.8.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa udp
N/A 255.255.255.255:67 udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 255.56.168.192.in-addr.arpa udp
US 8.8.8.8:53 1.56.168.192.in-addr.arpa udp
GB 92.123.128.133:443 www.bing.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.ubuntu.com udp
GB 185.125.190.21:80 www.ubuntu.com tcp
GB 185.125.190.21:80 www.ubuntu.com tcp
GB 185.125.190.21:443 www.ubuntu.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 ubuntu.com udp
US 8.8.8.8:53 res.cloudinary.com udp
US 8.8.8.8:53 assets.ubuntu.com udp
GB 185.125.190.29:443 assets.ubuntu.com tcp
GB 185.125.190.29:443 assets.ubuntu.com tcp
GB 185.125.190.29:443 assets.ubuntu.com tcp
GB 185.125.190.29:443 assets.ubuntu.com tcp
GB 185.125.190.29:443 assets.ubuntu.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 104.19.167.65:443 res.cloudinary.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 21.190.125.185.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.190.125.185.in-addr.arpa udp
US 8.8.8.8:53 65.167.19.104.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
GB 185.125.190.29:443 assets.ubuntu.com tcp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 23.204.224.203:443 munchkin.marketo.net tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 203.224.204.23.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 066-eov-335.mktoresp.com udp
US 192.28.147.68:443 066-eov-335.mktoresp.com tcp
US 192.28.147.68:443 066-eov-335.mktoresp.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.147.28.192.in-addr.arpa udp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 script.crazyegg.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 www.redditstatic.com udp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 serve.nrich.ai udp
US 8.8.8.8:53 scout-cdn.salesloft.com udp
US 104.17.1.41:443 scout-cdn.salesloft.com tcp
US 34.117.77.79:443 ml314.com tcp
US 104.19.147.8:443 script.crazyegg.com tcp
FR 51.178.78.162:443 serve.nrich.ai tcp
GB 88.221.135.104:443 snap.licdn.com tcp
GB 151.101.60.157:443 static.ads-twitter.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 41.1.17.104.in-addr.arpa udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 8.147.19.104.in-addr.arpa udp
US 8.8.8.8:53 157.60.101.151.in-addr.arpa udp
US 8.8.8.8:53 162.78.178.51.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 10451423.fls.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.19.147.8:443 script.crazyegg.com tcp
GB 216.58.204.70:443 10451423.fls.doubleclick.net tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 scout.salesloft.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.197:443 t.co tcp
US 54.221.81.76:443 scout.salesloft.com tcp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 151.101.1.140:443 alb.reddit.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
GB 216.58.204.70:443 10451423.fls.doubleclick.net udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 76.81.221.54.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 w.usabilla.com udp
US 8.8.8.8:53 pagestates-tracking.crazyegg.com udp
US 8.8.8.8:53 assets-tracking.crazyegg.com udp
US 8.8.8.8:53 js.zi-scripts.com udp
DE 54.230.206.29:443 pagestates-tracking.crazyegg.com tcp
DE 18.155.153.110:443 assets-tracking.crazyegg.com tcp
IE 34.248.96.227:443 w.usabilla.com tcp
US 104.18.37.212:443 js.zi-scripts.com tcp
US 8.8.8.8:53 tracking.crazyegg.com udp
US 104.18.37.212:443 js.zi-scripts.com tcp
IE 34.248.100.15:443 tracking.crazyegg.com tcp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 29.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 227.96.248.34.in-addr.arpa udp
US 8.8.8.8:53 110.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 212.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 15.100.248.34.in-addr.arpa udp
US 104.16.136.15:443 ws.zoominfo.com tcp
US 104.16.136.15:443 ws.zoominfo.com tcp
US 8.8.8.8:53 15.136.16.104.in-addr.arpa udp
US 8.8.8.8:53 releases.ubuntu.com udp
GB 185.125.190.37:443 releases.ubuntu.com tcp
GB 185.125.190.37:443 releases.ubuntu.com tcp
US 8.8.8.8:53 37.190.125.185.in-addr.arpa udp
GB 185.125.190.29:443 assets.ubuntu.com tcp
US 8.8.8.8:53 www.vmware.com udp
GB 2.22.68.23:80 www.vmware.com tcp
GB 2.22.68.23:80 www.vmware.com tcp
GB 2.22.68.23:443 www.vmware.com tcp
US 8.8.8.8:53 23.68.22.2.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 vmware.tt.omtrdc.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 tags.tiqcdn.com udp
DE 18.155.153.4:443 tags.tiqcdn.com tcp
DE 18.155.153.4:443 tags.tiqcdn.com tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
DE 18.155.153.70:443 api.company-target.com tcp
IE 66.235.152.156:443 vmware.tt.omtrdc.net tcp
US 8.8.8.8:53 4.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 96.16.108.176:443 s.go-mpulse.net tcp
GB 96.16.108.176:443 s.go-mpulse.net tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 176.108.16.96.in-addr.arpa udp
US 8.8.8.8:53 edge.fullstory.com udp
US 8.8.8.8:53 feedback.esp.vmware.com udp
US 35.201.112.186:443 edge.fullstory.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
DE 52.222.191.127:443 feedback.esp.vmware.com tcp
US 8.8.8.8:53 186.112.201.35.in-addr.arpa udp
DE 52.222.191.127:443 feedback.esp.vmware.com tcp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 lumos.vmware.com udp
DE 54.230.206.25:443 lumos.vmware.com tcp
US 8.8.8.8:53 127.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
US 8.8.8.8:53 25.206.230.54.in-addr.arpa udp
DE 54.230.206.25:443 lumos.vmware.com tcp
US 8.8.8.8:53 apigw.vmware.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
GB 104.84.71.199:443 apigw.vmware.com tcp
GB 104.84.71.199:443 apigw.vmware.com tcp
GB 104.84.71.199:443 apigw.vmware.com tcp
DE 52.222.191.127:443 feedback.esp.vmware.com tcp
US 8.8.8.8:53 199.71.84.104.in-addr.arpa udp
DE 52.222.191.127:443 feedback.esp.vmware.com tcp
US 8.8.8.8:53 crl.godaddy.com udp
US 192.124.249.36:80 crl.godaddy.com tcp
US 8.8.8.8:53 23.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 684dd327.akstat.io udp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
GB 104.77.160.199:443 trial-eum-clientnsv4-s.akamaihd.net tcp
GB 88.221.134.121:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 199.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 121.134.221.88.in-addr.arpa udp
GB 88.221.135.107:443 trial-eum-clienttons-s.akamaihd.net tcp
GB 88.221.135.107:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 lgkroo3ijwqmozoxw2iq-phaaz2-5c13fd0f0-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 107.135.221.88.in-addr.arpa udp
GB 104.77.160.211:443 lgkroo3ijwqmozoxw2iq-phaaz2-5c13fd0f0-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 211.160.77.104.in-addr.arpa udp
GB 96.16.108.176:443 684dd327.akstat.io tcp
IE 66.235.152.156:443 vmware.tt.omtrdc.net tcp
US 8.8.8.8:53 lgkrooycczcbozoxw2pa-f-08a6bc59a-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 download3.vmware.com udp
GB 2.17.148.30:443 download3.vmware.com tcp
US 8.8.8.8:53 30.148.17.2.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
GB 23.37.1.150:80 tcp
NL 52.142.223.178:80 tcp
N/A 192.168.210.1:0 icmp
N/A 192.168.10.1:0 icmp
US 8.8.8.8:53 udp
N/A 104.97.4.131:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 23.37.1.150:80 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 udp
GB 23.37.1.150:80 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
GB 96.16.108.176:443 tcp
GB 96.16.108.176:443 tcp
N/A 127.0.0.1:53203 tcp
US 8.8.8.8:53 udp
N/A 23.44.232.27:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:54363 tcp
N/A 127.0.0.1:54419 tcp
N/A 127.0.0.1:54711 tcp
N/A 127.0.0.1:54771 tcp
US 8.8.8.8:53 udp
N/A 23.44.234.16:80 tcp
US 8.8.8.8:53 udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
N/A 23.44.234.16:80 tcp
NL 52.142.223.178:80 tcp
N/A 23.44.234.16:80 tcp
NL 52.142.223.178:80 tcp
N/A 127.0.0.1:55133 tcp
N/A 127.0.0.1:55139 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 34.117.237.239:443 tcp
US 8.8.8.8:53 udp
N/A 34.160.144.191:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.24.144.241:443 tcp
N/A 34.149.100.209:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 34.107.243.93:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 172.67.203.7:80 tcp
N/A 172.67.203.7:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 63.35.51.142:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.21.59.251:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.21.59.251:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 34.149.100.209:443 tcp
N/A 172.217.169.42:443 tcp
US 8.8.8.8:53 udp
GB 172.217.16.228:443 tcp
US 8.8.8.8:53 udp
N/A 151.101.1.229:443 tcp
US 8.8.8.8:53 udp
N/A 52.222.191.32:443 tcp
N/A 54.230.55.116:443 tcp
N/A 104.16.122.175:443 tcp
N/A 52.85.92.124:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 172.217.169.42:443 udp
N/A 151.101.1.229:443 udp
GB 172.217.16.228:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.213.3:443 tcp
N/A 142.250.179.234:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 140.82.121.6:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.213.3:443 udp
N/A 142.250.179.234:443 udp
US 8.8.8.8:53 udp
N/A 18.134.250.23:443 tcp
US 8.8.8.8:53 udp
N/A 18.134.250.23:443 tcp
US 8.8.8.8:53 udp
N/A 142.250.179.227:443 tcp
N/A 142.250.179.227:443 tcp
N/A 142.250.179.227:443 tcp
N/A 142.250.179.227:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 142.250.179.227:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 18.134.250.23:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.192.142.23:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 216.58.204.67:443 udp
US 216.239.32.36:443 tcp
N/A 64.233.184.157:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 216.239.32.36:443 udp
N/A 64.233.184.157:443 udp
US 8.8.8.8:53 udp
N/A 140.82.121.4:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 185.199.108.133:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 23.44.234.16:80 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
N/A 104.18.12.102:443 tcp
N/A 140.82.121.4:443 tcp
US 8.8.8.8:53 udp
N/A 104.18.12.102:443 udp
N/A 185.199.108.133:443 tcp
US 8.8.8.8:53 udp
N/A 34.120.195.249:443 tcp
N/A 34.120.195.249:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:443 udp
N/A 34.120.195.249:443 udp
US 8.8.8.8:53 udp
N/A 35.244.181.201:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 34.160.144.191:443 tcp
US 8.8.8.8:53 udp
N/A 88.221.134.155:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.212.238:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.212.238:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 74.125.108.201:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 74.125.156.72:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 74.125.156.72:443 udp
N/A 34.117.237.239:443 tcp
US 8.8.8.8:53 udp
N/A 34.149.100.209:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 35.244.181.201:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 44.230.179.24:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9e3e150cfe464e9ebf0a6db1aa5e7a2
SHA1 3cb184e2781c07ac000661bf82e3857a83601813
SHA256 2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc
SHA512 f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

\??\pipe\LOCAL\crashpad_5024_PXSTKYHDDVIJVZEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e189354a800c436e6cec7c07e6c0feea
SHA1 5c84fbda33c9276736ff3cb01d30ff34b032f781
SHA256 826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427
SHA512 ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ddcb72ab4096716269c5e95b4311ff4
SHA1 17ef3a53aaac7c7199e10a3c41a3e55097414042
SHA256 4c2ad88b0da6e46d95b5392bc2fd59cf803b99dd5bbaded8150b6509ac174a8a
SHA512 33058dea1b5ce3f28ae9f3de80e6a51e9c9192f3adee519b52b013e61164a7b1574693b99d1e98b4948050d18ac2d0d127cdf9871ed02c237bafacccecccb46a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfa8f69d8c8f6c9645da4d3f1b71016e
SHA1 fd0ca2e534298f803012ff8de01e8d1610bf86e4
SHA256 9147f4ce9a70ce3e7f5ed89a57d2c6cd0cd87b6013a0ba15feecc1e938f21c8f
SHA512 83800eb6ed54ed224ea8447fdedf6cd972bafcae1b2c5f7b5acb5425785ac5ffaf698b1bc1f9f4f149e431af1c69ec2be59ccf62aa05b31db777f588dc906a43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72455f9da37b26be26dacf7de82ed643
SHA1 7a3faceb4002333b7eeba7b2194f110545a881d7
SHA256 2a6bae0e24d010350e60b687456c566f1c5d44d934db262a2c512ded9c3148ae
SHA512 8d0e9f983e58c52167a4573f397417b02770354f5fd3f69a2775ceb53cde721987afb9ae5e8b9341071fb2e148a3b7a13268fc7bb228ba10a5e489f716a6ca8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6d0b2b8e0b4fa2244e68c02796b99ab
SHA1 d4cb2bfbd9de870f63adbaadbe242a01ab1eddc4
SHA256 c7dc1ca52f832b6c814c7ee0c863f614cc6da40dee6c0f095ab91e4f5a3b6b60
SHA512 e9be1adb0b11119b69b0ce37adcf84030b611e37077f1188e7883fefc15ed4e4e5942bd9c793767236521e93ecd4aa708331c6ae2d92da4bb1e60c8360e06f6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a9d71a52e30b447ae56bb375f79d970
SHA1 536e4826b6a434583f241c28a7dcd315c54da3cb
SHA256 156d1957e3661e2dab75de7107b2b413a7ffb494b8206b62c6a2f5fe7836ba4d
SHA512 1240ef87b4c1f6dafd9b69e30b4cb5a95e286a2ad15f231c24a55b543a35f54cb7e0694cf45fe8987262044e993faecbe359e80ac459b1c5bf7b186184f06464

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 9070fca76ac3e59db857c306118eb7c0
SHA1 72ea852dadf64820a674c470025bcc628c0ab419
SHA256 b8f00fa0b953a55beadc00e40f70bfeb2202558b942d89fe015116cfeeb48ffd
SHA512 df5b67f7dcc77dbf69edb7e366248bccad9f2bf8f64aea76bc2d7509c3f064abc1490d677e0ec7c51ce0e997832208839a2ad0f27aa410f66b07ce243258f8f5

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 ae14c26963d51b83e7bb1c3416edd98c
SHA1 26e4a0d91ca11f33e71883945df8f569aab29894
SHA256 11b024618b452ce50876512f05db8ce32432fc85a0150ec0bd0c142e2a85d4cc
SHA512 34ff6221f15963523391dc79d269a444606668324cd31948b1f067ae8e6a3af3caa0fcd0c87cda5f630702e1b785e08711c6977ef7854dd6f8142052e914d2eb

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 afc2bb702a9f291b5703045f7b22d87e
SHA1 a02b7eb7ed10b74f28b3aff3019e51b65cfc5958
SHA256 b9c410c228af5afbb4199b1cdc33473283bf5fa057393bf3944d094f46023e2b
SHA512 1fc9fd2d534d774b8a75a247fc3ae8141c21793928df705d093370d8bca18dfff82853a35974836c5f67ac12c78699b924f74e14042848088589f9da57020bc7

C:\Users\Admin\AppData\Local\Temp\mesfcxa75z8pr50s2fh2nl37\w0tibl39ll6kpfb77yd95vdv.msi

MD5 0a458aeb24962a2faacda7efc9fb24e1
SHA1 89a410f23b745f29d73937ec1e8ab4809144e3af
SHA256 9b08d90b8924e9b2ec23f91c620a02452001b5817859cf0ae632af20433a2a7e
SHA512 c7b3e581684e6199cb566ea32e372689dbb2fa004151c12bc5c93a013723034062343ef5b57eef49deed4e54688080c436aa56a62b556e4fdb2fc49a7c9a13b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

MD5 de23a3699a43134cdb715cfc55f5e30d
SHA1 bbce9687d401119fe877fae50457c19c53fbeb91
SHA256 a8d20051eb6a2bac7e6e2d27279eab80b6bdb2b2929f2d3eebefbf02621f94c5
SHA512 82b0ab6a7ca20f4960f1c3d76dd17ce6eea934b3a26caabca94b4a5f663ef5ad7fd2f018d04c51d3383ae60412ead843b776d27d3814c10decc460a78144175b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

MD5 c9c1a7a74b38d0e792e2c2c067e74b69
SHA1 06fbb962f96801c9041d746956d1db6963d787db
SHA256 215217b7af6e0cc27acbfae8406ab4b471c6c9eb935e99bf9af58b37311848c6
SHA512 821c39aa5c60f8db1c187c85fbae00cb47c1aefa84e2c4291923082ee68be284cb349c399a907e3be69b6a5ddaa1f67e173788387355df1bf0cd25c206a6402e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 cae4cc6ca18a1f5efea6cae002085fd4
SHA1 d830f8e657a1511963892a96c4ee42afff7ec7d1
SHA256 28ddb98234263947dabdf5cfe3dd573575c532b6ee49764397429a8633f7601b
SHA512 60b672cb2c359eef5dd2c3b36bc283e2b7c2a8c25dcd2d4deb99c5c854d7916d6cf4976ac863859d2435ad5f17a56d84dfdd21bb67e5bb6da7c94d40fa43c9e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 ad9a3a502aba259711a9ec801a31efe6
SHA1 cff4a15f1fd21556415b0faaa2ef163b24b65727
SHA256 0dce01334797803142855a4bf9fa453890db599b9befa7d7411e966afe19867b
SHA512 c68047617eaf7c73c90e85f1861b3e0048397ea3efde624eaaf246d40e0a284e6c35c046e86748e4346014693390cae4ab3ec4d625186d098f396aec600a520e

C:\Users\Admin\AppData\Local\Temp\MSI1921.tmp

MD5 e19598d97a3e2d9f008b30245287ac75
SHA1 cfe5892df94467f09bbb634f64aadd8eb6539f27
SHA256 9f160ff8762b7fbc1512932a33d8234739866110a752046c030fb9f9847d516b
SHA512 802a3716590bf6098489fe4075d21330bdae3f96063999842134a05657079e9a08fef483947b306b537b00a510a309915b27204415e34db6f80cd7ca175cc5a6

C:\Users\Admin\AppData\Local\Temp\MSI1921.tmp

MD5 3402df7633d957c241c00eb7f30b11d3
SHA1 d784de8b73d22f42c0222987eee633cfd287d014
SHA256 74d9ac9e195ea20e1c6afd9d7dd428d77630c433c61ae8b0960714195b09b800
SHA512 8c5a6a0c34aad4833461ec12e0678b4dc123319fa3179fed7c56a59da5d33fbdc571490f9c52336b34b99655c74a8661f43587188c2ad47ccf133c2cc082502f

C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp

MD5 1a482118dee8ada517d03a6092ec0fbc
SHA1 2be447a338da0fa16df7d0e8e954f08e3032a440
SHA256 56f5a9fb5a791827c28e2c2444a3a9aed0c6ffd7ea6d934fd892cdf7ad379b5b
SHA512 019c1eeccb448914379cf278b4102a11e8e99b67069e79d07aa83f56eea4175c0d67ba3b15e15989a737d3bcf5183b5352bb4d472cb893aa559eb2b4c330e850

C:\Users\Admin\AppData\Local\Temp\MSI19B0.tmp

MD5 31bc9f3b4be1ca8b4a4682fa2db9e16d
SHA1 e4fc3059f40cc553328830494eac2a1a5a22f323
SHA256 6c9ca8e58bebdb8e901a490d6605325a223c126b73c899fa3a54eca1e5c421f7
SHA512 9c7cda6cf8c029878ba60b65706ddc51c30eec55948fd98be4abfbd4a24f9f9b3d75cbb6b937e31f7025b67b52fc6143db1403d82b9ffde11e2e425455568725

C:\Users\Admin\AppData\Local\Temp\MSI19B0.tmp

MD5 96f92881929052c599f15430dda6a47c
SHA1 b1a7afc69bacdcc8234a579c637292258eee2390
SHA256 3e16c5daedd820f01957ac085a915cc9b267c1ceedf9613a96804283bfe11890
SHA512 6cfa79ede859ab6f42cf8615dd5621e1251160538201f9969463ec95752858ee65c0a83ec3889052d272757c5e08b81f8b38d2508646d6980ced012de89edfce

C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp

MD5 5e04694e97290252c55f8fd855a8315e
SHA1 ae0befb2448c78d08cb6c6895a9429408fac956d
SHA256 ef8d8144b1462d8c2a90968880c1706b22e054ff43b182348269e749aa7f0c5f
SHA512 586add600a82b4d4e34dfd1841e523380d45dfa850ff694b9d8935f1b37ff11e85aba2b333d61ba8397d11ce1a887f678d498e74d03d7c21465fcd384a723931

C:\Users\Admin\AppData\Local\Temp\MSI1990.tmp

MD5 3e96d4bbea9f87cccdb9f1ba6d14309e
SHA1 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3
SHA256 b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff
SHA512 e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87e321dee9fc98d68a1b46d26d48a35a
SHA1 096cc862475ec5f50b53c58d59bdcda73a5ee6f6
SHA256 6b90f4596617ffe5f522c93ade4043ac8d47cbe98d8d92794f4f773760258433
SHA512 166ea63071563012d8e431d719632fca6143dd679773fb269c9863622ad18ed39a74b3f2de7d3ef533f1f25a521dddc6be578acd8cfe59b88f5acbc19214ef50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9c7c1e4359798fb65aeb96176a3428a4
SHA1 332d6ccb7ddb5918eac8822f2ecb3311df6cea86
SHA256 731fd9782abd70f3c7e4bf776ddf08fd6e664487d0a940591f70a395f3f75cd9
SHA512 dd449c1fd012b68cdd331a205c2eac40dc94ac7f8aa647c4464b65564c23912a524bc31dd064f932cd5f4101cb1246d275efd8290446a750366ad424b2db456f

C:\Users\Admin\AppData\Local\Temp\mesfcxa75z8pr50s2fh2nl37\w0tibl39ll6kpfb77yd95vdv.msi

MD5 44b650efeb2e9a34fbf89ab916190ef6
SHA1 201b1836361273c0ec80bae316f4a650314684c3
SHA256 5747fa25731c99b296ef76813a4e9d12478a54ce3dd0a495acffa71d270a6901
SHA512 f693236022f4992f48bce546a0649fe4f27a1c6d39dc140805fd3a40d26d4b0e5b3dfcfb85ff8defae9363c4c2a8e5d49208fe9bcfeffd01d05d998f33cba02b

\??\Volume{0f39e613-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d1248578-a9f9-4831-b3cc-daca1d4d52cf}_OnDiskSnapshotProp

MD5 e8db1018d81163a4ecf188f36da510f8
SHA1 ff76019162b6e9479df6c0adbe288f4ce1c9e9fa
SHA256 224a7eeb09ddf6e977ef764f4fb89b37df86ea06b36d3edbd448ea003ebf3a7d
SHA512 e476e8f824f238b0e13b197b5e1489d8f86e88f76cc171831d73c4d739a244c89d77e269c0c6e51a834a2901eaff8d580f003ad67af1112d63c00ac0f0abbc1c

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 4b59807783c7f2800990a20059b5b212
SHA1 8ac36f3c51ff31bb6eb905eda7860391dd18c933
SHA256 ee83804c1f73b90562d2ebf29a236f12d11739c7b61ae192c562a6c935293532
SHA512 17add5ce7a78286a33014030a5463f37e49324bf5002802dd1b341f21aa047222943c176a9fccb59c95d6e193477f55d3d9f94858dc27943f809c133abe87f6e

C:\Windows\Installer\MSID85.tmp

MD5 144e14746fe03511df113f299670aa4b
SHA1 47491317b5eea81eb6a4aec2e2c54cfc2e86bdc4
SHA256 f8a5db567b11a9f3371b00558f82a138ea14861b1cbe2be580271d9cfdabda69
SHA512 123b86857b53cd63802cbcc584007f3489b0d0d5267ea2361a2d76412810998bd818489c02d63072df8b5219eaf8e4614f6ed18a90c78ef7bdbad8a2c526f45f

C:\Windows\Installer\MSID85.tmp

MD5 67dbe47342af3dea098dd0720f87c95c
SHA1 621daaedf18ec093fd545d09bdf7e03446894e60
SHA256 24cd33251defdc7e17a0c5963b8a564e6505e5c829ab2d79b340d56b6bb0e812
SHA512 24380fd52298cdc1d3b842d397f7445fd105b4b66ece6ffb4cf8da2db17d11719d8671895832ed001b21d2d6f50c7ac8104a71d09c6d75bd3ec88a32c36d648a

C:\Windows\Installer\MSIDC5.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Windows\Installer\MSI1181.tmp

MD5 418322f7be2b68e88a93a048ac75a757
SHA1 09739792ff1c30f73dacafbe503630615922b561
SHA256 ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b
SHA512 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

C:\Windows\Installer\MSI1D1C.tmp

MD5 8deb7d2f91c7392925718b3ba0aade22
SHA1 fc8e9b10c83e16eb0af1b6f10128f5c37b389682
SHA256 cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4
SHA512 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf

MD5 73baef81f0ea58b6dd1b8e38e199e567
SHA1 66e89f5fee1ebfa980160984940bd5fa910b7180
SHA256 b24d35b010526a896ddd4108f10e235054593d79f5939a2d484da12517d351a0
SHA512 978a94895e7a9d88eff50f4b552ba7ebdf73b4654d48590afda8b09cddd3d188d11d4bfcad3cac374348237b69d249467ccf04159c88da9fb783fb65d49f14aa

C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat

MD5 0b017252806546852e7808267d223e93
SHA1 5018924056e84eaba285bb0de5b18677dc64c518
SHA256 dd54bdd004785dc8e0b0824f49b6ec0665ac0d4623162c3d9dd636ec11dd3a25
SHA512 155c330306ca91a4991ee9a5107a2339630e9cd34696206c7ae1526cd2b9fd092753f52cba2ff8bb0da6bb69fdb19fc6f9aaaef6473b5f5765aacd201573dff7

C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys

MD5 6276906d6a4ee29b29ca50b4825d4098
SHA1 b542ea87c12b788c87ed693d549fcffd562c354f
SHA256 73fa8b463ee9a95930d98da3f9dd0637e63f06e8cd510bcaa285d91e4dcae2c7
SHA512 bab6e0947bcc54b95e504e24d5305dbfb7d6c1e60795655a5c308c0a9fd2433bf4449b838f8cbb021479dcf6383f853445f719c8347a7e13f1e05b622b09207a

C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf

MD5 16ea0763f8e734401a17973aa0aa366c
SHA1 f206e753616e3ffda643a2f9c657df591020ee93
SHA256 23cfad6bdfdac3f08ac6f9d7b79292affe78c834d19939a3a554c2844f54f452
SHA512 0d7504e67cdab21733f95188776f1238c2f532d7aeb372963c221c33f2d971e0745ddc86862935c15ab8ed812a0cd77818cffefab221d5f4cac6ac8d8cf43563

C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat

MD5 421e43a41fac5422bead785c7dafece6
SHA1 4dc22822e5ed15cfaf42864cc0f1e63ebc74d076
SHA256 0d80dc9215057156589b2345f793df8884b6d684e83b1ac725c4e47debd6759e
SHA512 2d3af370d66e54b260c4ee27c01dd6f97111949593b05fdddd9d1b4a58f882982a96a3ae1628a3ddc7dc7a6e2729842723c1fcd62a180700390c6214b1d751c1

C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys

MD5 ea4f74bf86589c6e8f0fb2866b3820aa
SHA1 17a542351d8cefbc25ba2a184f80a6897566ac7b
SHA256 ade2e8d684cb59bfea99ad09e55bc5f2a808d824c2905ded1366b7d32e906529
SHA512 397a2129d9df502636776d49c62ce2887999f3e24f975905f108bf7c2a7196e0227f20f7644cceba9513384781f2988c6e1ce8047f705c872fb3970ce15466cb

C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf

MD5 9cbb45c10d1d5920e4d9320e8dde36d4
SHA1 3efb47a5381654a7f996c4049ffcb7ad671f2c3f
SHA256 b97746731c3f8ceb709020ef1be969721b004f001ea2e55f61a0c395d611b109
SHA512 e72d534560789d15a6bdaa481d022fb5111b75e8321f0e1947e653c598e7cb8ed1ca25dcc01a4c341cc7bb0fca133f6c92bbb7f3cfb188fdafa0babc7d558ee1

C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat

MD5 351ea41c61b4b84fbc0a461b1768e104
SHA1 e9fb74d027a25e4298eb751e2ae156c8806428c6
SHA256 36b73da2bc1b809022fa8c8072a52d082a869243dd78b08dfcf75f1146255a31
SHA512 d0b2f30bcce8e324856f6184f50f7bc24ecf220b575c14166a81ebad7acaa3b14250aefce10e095bb90ea0565be85c7638a03ea289f61c46921b800d3b5a5b5f

C:\Windows\System32\DriverStore\Temp\{8a1c257d-5f5f-b247-a6d4-be9dce5d70d8}\VBoxUSB.sys

MD5 4669d1db0f07515d41f21f308b4b390d
SHA1 3400d9f8ce5541e5fd59f546a7a44d98ca7eb331
SHA256 a6c70813d6afd3c9e191de5127c219d912a11db1a6fda80fd6793a97e5a9e692
SHA512 3b285fa9b2fc63cd8f7b756dfcba56022b67aa4ddf5d40fd4611037af92a31502df43b0c2ffe8f28faf5ae97e69497d540cc4028be1abf42b34cc6433eb307a3

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

MD5 be3cbab296ab1c9fbbe7dc8e97b06e07
SHA1 1f6a242ff2039606ac558c56e4237cc9a9fe28fd
SHA256 f640902d85cbeed89f1f2237297b2eba3240cb4431c64131f2253331e0b67f6d
SHA512 2742b09e99d45201d2f70df76d9d69369eb666194c39b99627c0d8a06da4de19f3bdc5b83fee7e7f84e7a26db123b5463060b748f4b27eeb3a27049a8589e28a

C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.inf

MD5 6016637d32182738bfc71e7e86bfa1a3
SHA1 ee76c95ba76286743ab9d3420c58c41e0f1793eb
SHA256 68fca318c6f63b1d46f3a75ad62aedf1977d135411d82e850f09a6e6e7e8765d
SHA512 dc1c2584c8f25b527df9aaebba3ff7cb5ea9427825b1af9f72005f6789aa8502bfe2a16ce1c2229d1ee62b3d553b7792ff943807d753fb5dd50f084cc1815ddc

C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.cat

MD5 75eb3dc02a8ee04f1f3c96bd80e253a2
SHA1 ace2f9f1eac41cf6bd3dbb2d69530c6f044afefb
SHA256 a27ffe3f719b5f87c694b273af7e5796cf93a495cd195aff25e44e24fecf8e1b
SHA512 3d451852408ac7045c1558fb97a21a61d99bae207e3e28050109170999fcaf7f091108d3a15596946aed55497611110040726bccb939850744c5b628db369a75

C:\Windows\System32\DriverStore\Temp\{17ed5df3-c243-0d41-b669-4995eec0fe3d}\VBoxNetAdp6.sys

MD5 2ac0caba931fd7736866c3867f8ca6eb
SHA1 610700909bb66d0842706dbdeb6540bc843a5d89
SHA256 4e619bb6370f4bc4be52f43d6c43f3a86e3e2ce7bb04baadff17d3b731f18f3f
SHA512 cfb1dbd3227941e3f04f366ae661ebe3503ef789e70bc0a438569fbbdc2a2bd89e8d3b978db44e5182f81a0b98b01cc5d70690ebc8d0b5b24a00bba48c3eb866

C:\Windows\System32\catroot2\dberr.txt

MD5 ef5f07931b513cd0cb6a9ec4b168378e
SHA1 1a84537c554f32a39d39e8b4f1af14dcb4c57649
SHA256 07f5aa29f062c45f55ea6acb30f02f2afcbce6c847ac85e6133f5e6351e77935
SHA512 3be9a79de415fe8f39af9a169a84e231d4925e1064fcc8a110eac313862c087453d750f13746be32e39484a0c35dc353e37e1be278d58a6b6770c861e62273e7

C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.cat

MD5 6d9d62401ebc8d8b48e6724c2e162d2e
SHA1 7d64d6c2b98e6545382a5c3ec31bc71e2d6b3035
SHA256 e308cfc6edf3b6e969a115eeb111d0fefe0be93e00856ab1280459dd83a9f93f
SHA512 46244a02f61d6048630312a0827f0141b8e99501d367a6feeaa5d9ae5c157f98969dc50642ad4d03b5863b196456d8d903241b1077809d280b860bd6aba6bee4

C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.sys

MD5 96a60dbff3c4c7217741e0007d0f4abb
SHA1 1651f89d9ab8455dd4458f605bee3a4ce429e42c
SHA256 cd3af3b853c27626fcfc85997feead0a48e56d618e2129f62fe1b96a203a44c7
SHA512 bb7de376b7fbb8e8dcf2a49f9c4e195510ae5895d0f612dd9f80fa56197b55b81cd31151bdcacafc616c7998513cca81192460e09b9a433f9b688d706ebf3d48

C:\Windows\System32\DriverStore\Temp\{85ec6cfd-1830-124b-86a8-797b5ff1b828}\VBoxNetLwf.inf

MD5 4b79c4041164c4d8b24a4f51f25b026a
SHA1 e877f526967674a90108da7be7cf38744e5969c9
SHA256 dbcc2c6f3dc2a68eabc698d2d7d94837e9f79711dd13b414299e20c00c016779
SHA512 8c7ab281df799538f0dd1a2b353c072cb1cada3b57e6aceba5e7f228cecfe5634e26ff05b927d46a6fe0f9e6cdabb4c266cfc1e1a425f04f0f2be9a179bd4a30

C:\Config.Msi\e590a58.rbs

MD5 1eb0b33452b56be83178be17797bba14
SHA1 34517569675aa10e3b4494188012a5018b32b31f
SHA256 5680c24dc61be42917bdc61af6a1678e7b8c7b16fb4c414dba93f14cdcb71fe3
SHA512 c9d111a44add2274d44805b2339695286859f83d8cb292b82c76a49ea7c25557c2215d622efdc00be8b9348e34e17301ccb8f6781bdc1e3f9dbd3310add28a8d

memory/5184-715-0x00007FFA45C00000-0x00007FFA46141000-memory.dmp

memory/5184-714-0x00007FF775CC0000-0x00007FF775F44000-memory.dmp

memory/5184-716-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/5184-717-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/5184-718-0x00007FF775CC0000-0x00007FF775F44000-memory.dmp

memory/5184-719-0x00000275E5600000-0x00000275E5610000-memory.dmp

C:\Users\Admin\.VirtualBox\VirtualBox.xml

MD5 d9d28bd2ef7192fb0efb99607d7a0807
SHA1 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a
SHA256 dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5
SHA512 e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13

memory/5184-757-0x00000275E5600000-0x00000275E5610000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a2a0f.TMP

MD5 b90dd2d8e8933ae2c61979c3fe66758f
SHA1 caf4ecf2a8c4353960a8b50ce8bc10415282c59f
SHA256 116093ff3e9517f41ff97bbae0fc445d025c327209d7fdd7749dc6d71b10b345
SHA512 5459975b137cf70d57097afb54a0c7de70e0c82914fdd46bd6040e4ca3aaa10e85da957fcaaa7df8095fd1f4af7a18bb5ea7a011a74a2bbd7604f290ea154ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2a932585a8e4648a957eaa57cddbed2c
SHA1 96f65cc3c75c5c167acea3e79ea25cc2e7f7e5cf
SHA256 4bded79272c9aa9667101d9fc24b975d3bbb81e25d2488e317f0a5476bc741b9
SHA512 6cb8e1e36a529ff158324d2082ce7b64755d5c85177c71db57115ae64aceb181b0876773cdaaef0829d2a2d3096d84d8367848c636c4334d6c5118d21c8c62f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09246288a39c7bfd598820792e5c2200
SHA1 c273771090ba660630922a22fd0a1ac007e3d496
SHA256 447479c66fab06c52391686f75064841124f758db4eab411879875f0476b1474
SHA512 d22c5f7afd1c55da00dd2f7f7c9f521908ca44ce83f8a325d8febaeb655e25301cd6b83dcbbd021525d42848a1c7dc68310d3bbcfebe56b050b96fad40eb2163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01ceb70563c2e167fe131edcc4dce845
SHA1 68a7e9cbedd88319351d9e105e3d375f2fe3c8ac
SHA256 4b58e1c8531593efaec0eb485421c6f6c177facc3f195365c46677b39034b992
SHA512 d96002641d47018db87d23888c8b67e7a9902cacb92647635b9ac175aec17c9833d87db07e2cca29825ae0173138367c0c3ad6bcf0e961e2c35836cfe206c230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb43b724a9999ff52fdbb13f43606b60
SHA1 b962734e362b0be91737881b8298296956c00fcc
SHA256 28f5b09993c4a6ac42a41fa32a71b992808b98057efdf18c53be564007cd7693
SHA512 7e06133fb63a09399de6f4a2aa5b8560eee23a289557f5ce6c72416cdbc85a662d1f2292d204aba477ba02f14c94b2cfe4ea16b6eba2a869f5ce5bbbf3390705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 875f4a7baf769673ea2b854c32e1b523
SHA1 a59693a985f446ffb1c932e6331b795e229094d1
SHA256 b8a5926247da35baee74903b8b50e4f475fd281aa4bafc8e81b123f76e19983e
SHA512 c6e6e7ca8dfd036c8231f538fddf2de5b9ca48768d182949bfb0640be7c77a6e5363f80f71e1d52bcf3808f485404aa5cb4377a3b26520af7785519bff4130d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c715367f5a3cdc3656f3e82e23d29485
SHA1 c69b9a88a2432b15022d1b6ab4f871d754c2d5ad
SHA256 7d28f5e8f00debcb0b4fd5e6d7e576a2bce85a39ba29efe390b266cd06a29751
SHA512 69fea565768a6bd5ddbe24db58bda972f2702c0b8a1495a1c0d327ab3bcdd49abe1f527484f4e2565b26a1ca1a4a43bc595a0b1237bbb28860981c0fdd716102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7408aa4e22cbf6c4b5f7359660ea6b2d
SHA1 f0f51dafb45060bd1af9db55427428273b3d2620
SHA256 f33c4d32e12c4f83e807d7272503accbc6d05c24b36e8e6aea75a0261d308c26
SHA512 62615fb7d4f23d3b66102f5c90e74a4901a68c0aca03291c2dfc6a25335c97fb8d373a95c1b2653f30e65bc880d9aa081dbb3edede87f8a47e619bb0fbe231d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea4e7640d8e6e020e2df4e05576bee6b
SHA1 ac6040811e21ad768969f36b5fb32365a6f32d7b
SHA256 ccc16ca70840d33483e6e26180100d7abcadba5ddee8a824ff565e79393a7eca
SHA512 193e39f3dca7d51a5e7da61d1dae6f3494658efcb1a7ea4197282f259d865472411b26a7dd694f6d43e1362281bde611497e9e4dc8132c80be11a88dc88c8685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcdef0b26319e2d1fc55313ee9c185c3
SHA1 4a56520aafdd707be097b89a253cb65959346fe5
SHA256 8003243e62962a8f847de19a041faae7c58a17d0d714d1549be6c4961d07b18f
SHA512 67486791e3d20e3920fe52b465bf8fed75952e2b92c5cdb2c94486e88c3d643734168dc1023bea59caa7d989c94b423172d213ae6b5eb9bed35bcd4919b06ee0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 beb26d43889e8824a42e362a2947495a
SHA1 22326132c967de0a3848b9a27a3d9b077076a7cd
SHA256 e84a8b30abb92b172a9ae15819b6f70d78560672da4fa3db999594b210ea0140
SHA512 2d46922c7c9e403bd88bbbf018cb8d4b9b500e87b8f5da5cf548d40781531c6c534b2eb0a773aba92abd6d492d16ea6f0ad6f268fa21edf4667656711c9b7f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9afb75d953992b598fc8cb08968917fd
SHA1 6664a249c306abfd005c13b2cece49081cffdedf
SHA256 5de6da78cd72222b963bae81836c2393aac86fb08d9082d1370d93ea5e2b72ca
SHA512 a681e1b7743c15bcebe0cc6ef88127207a37e5a0298e43a2613aadb06aa73c19e26bc14d89a89a1072cd329950957603e52dc42a4dea18a061919775680f63d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 259bb3f43bec9df083564526c485c5c9
SHA1 57bec9a24a04f60d0dd091538138e93de3fe1b29
SHA256 f9925830dcd58ca1e3ecedb7e9da79871753a549247b3d972a8db380b481599a
SHA512 cb5ed986c96667458165c0d4ef0ab22f7213182a86fc59e7bfee76ea559b32f688a1b545708ee78e6ca283d3001ef6921e1cca010b5418a43f63a6f988f5d7e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 288d268a4fc15d27e407ea39cc8fc61f
SHA1 c7d7497781931244d23db8d86cb80925e36b3eec
SHA256 98eea9a4ca12a51f3af0abe77782e81145dde292205cd06540d22310e3c05c97
SHA512 59f4ec124cce58bd016ab41d195698dceff8f8e2dbff5ed0b60a9d79c5f29657f15c31d5982fada1eabbe22b20ce07aaf7a1cac244dfbd33845f50cd6dfee23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 653f23892a1eb6ad94b7ece23544fa9e
SHA1 9dc2ec7ba28af165c6d31cd9f68dc089e1f53ff9
SHA256 79c7148c84225f2e0beda88cc9713cbf525f77a48dfbfa15ac768e32ed52a60e
SHA512 27afe610f43082964a6fe3a786e2a4d635c4fb190b570ed3e9065ee5facf41539d0189442f70cfb4e890fe77e70fb3552b7db0a9d17ebd1776fab0851043fc2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 388dde7fe39b67f45048a53916aea426
SHA1 d551afa2add049f314d065dcc27dbda0bd3a5a8a
SHA256 fd19fe27962027d48165bfb8ee5f03a0c493d04b6a4c48323cfce88db804e011
SHA512 16a8382f6a82afc059830cbbdd544b7c2aad8ecaafdf133ec103da93d49182942a9b4001513c9cd9e4ab51c8a1b7fab7b59edbb1e1134569d5a2ecc2c3fc5b78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26422ea4ca71a539edbb137cbcd574a4
SHA1 75da16bdf8fc4937d255ed769091b9e2f6e5a3a6
SHA256 de82e43a97e2c48a628081d70a0130cd6fbfc41be15dda795115e917fb3f12b3
SHA512 73889f9188534ef5104a47e4e673a43b612714cfad88e88be4ccf0696c1acf4a3d86c0bcb87a1a4785e33ca561691d44c4983ad2a3c760d9af8092456484a919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70b6dfec313ac1bd1e2f86a17ba94279
SHA1 7b99afce8f0a92d522484143f313b8d7b96663be
SHA256 299f756789061fa3198b5e436a667d2f9c431db1c3155b025a67e9a0197b9837
SHA512 18f52246273d4dac52cc93cbe3cecbbb3256f629e519a25da3f0947ca15dd4e1010d2c4a69bc499b7b234c3e9886b7210937a80fe543c9018dc9c5efbc910665

C:\Users\Admin\Downloads\VMware-workstation-full-17.5.0-22583795.exe

MD5 c5048b7b69b088892d602a0afa5d3634
SHA1 cf57773ce041a3a5dda4d99a07b60b31a5a6c473
SHA256 50a5f26c2c5bfa20be77af2cc2102a0f6057eb78d8aa723974ee0b01c510eced
SHA512 a1f4bb65627a8c672a0824e7c918530ec7c2483e3e15e58eb9e228b995231a68844c990489a67bcb0df875f9e237e9ec1ea32dbe0ea9353ce52bd6e460bb9a33

C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Windows\Temp\{B4AF19F6-2E9D-4716-A824-51E08F13A2CB}\.be\VC_redist.x86.exe

MD5 415e8d504ea08ee2d8515fe87b820910
SHA1 e90f591c730bd39b8343ca3689b2c0ee85aaea5f
SHA256 e0e642106c94fd585782b75d1f942872d2bf99d870bed4216e5001e4ba3374c0
SHA512 e51f185c0e9d3eb4950a4c615285c6610a4977a696ed9f3297a551835097b2122566122231437002c82e2c5cf72a7a8f67362bff16b24c0abe05fe35dddbf6a1

C:\Windows\Installer\e5e6987.msi

MD5 7c87329a66d4c22f03acea4e817971f9
SHA1 12a2134fa09fd7df026ffc20bfe58a7d30d6ae73
SHA256 c78bc45113d0270c2154930761c3b74db714987a16c0fbe5e7a05fa3a853d0c8
SHA512 73f11aa3f9b3dbfba157a0d47dc61ff2a22509b61339882a9c2cee53ee335b18820700d7a413b81b426e71c83443f0d99bea8b3638b8b87ee9a42f01f404f955

C:\Config.Msi\e5e697b.rbs

MD5 674ac8e4de5df593cad73d56f8b3c8ea
SHA1 1b962ad96640ea512c7de1d5784c21a855882880
SHA256 5f5631f317b7e33cfc94a926fd2b2f61c4a5d1bf078cf36a9a031f1b0ed0ed08
SHA512 50b64d9055fcb84499b9a0d65f143c7696684f6569ec738c7f77b18d1e041c242a827dab875cdd3d9c9260de812e6558ef4f2be3e632e2ce93cb1f486440116c

C:\Config.Msi\e5e6980.rbs

MD5 a5ec5a76f2f5dc3db54b0ba4a60d4787
SHA1 e37b84d48a89bb3c2e558e85e5178d9f5b446fdc
SHA256 7b7498f5fa4db313b7f7946722c887699a65149bdafb4ec7fcdee3c2ac17a39b
SHA512 4b482a0b3fa58c4a28f74cdcdfece520f1cf7d7f7786e5b1edaf71e1aa3ab1f6ae87f7d620e391da867ad5c2da7487c15d193decc99f169b5bae2a1245c99408

C:\Config.Msi\e5e699c.rbs

MD5 0c712ffc482639db3e206888398f3393
SHA1 8a6b49a5fa95fb9bde2579b45b4f38dcaa32d09b
SHA256 60590dd8735dde8345478416b08c1bd7a21b721e4ba1c37ffbc25c197e97f4fb
SHA512 40ddc0d04bfb2bd1ba6e2f2d3c15fe59ad6c4a32e76df0729f4c44b1d8ddc0bdf260a251e0ec05c8c26f1b8792dbca8ae402a795af5254fe0e9cf5d1581f0323

C:\Config.Msi\e5e698d.rbs

MD5 f458bdc0d2d4e7c65a59e4823ea78631
SHA1 8da8ab0dc3c2b85b1c9045850ca91417f7ac3177
SHA256 6fa6ae62df975251a04461177ec063a8b83b9f320a44183a18302ad8f849c59f
SHA512 7a839b4440baebc88a80f1a9ea28b0c833edcd62895d7fd49078760f21ffd826efebfa0eee0a29d0b2ccd1cdf488284de205dd365d70273f9355cfc580a126cb

C:\Windows\Temp\{0AB0BCAB-3585-4B97-A45B-52D64B8ABEE0}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\license.rtf

MD5 04b33f0a9081c10e85d0e495a1294f83
SHA1 1efe2fb2d014a731b752672745f9ffecdd716412
SHA256 8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b
SHA512 d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.ba\thm.xml

MD5 f62729c6d2540015e072514226c121c7
SHA1 c1e189d693f41ac2eafcc363f7890fc0fea6979c
SHA256 f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916
SHA512 cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

C:\Windows\Temp\{C12F56E6-F97B-437D-9481-6BBD6C9B9395}\.be\VC_redist.x64.exe

MD5 35e545dac78234e4040a99cbb53000ac
SHA1 ae674cc167601bd94e12d7ae190156e2c8913dc5
SHA256 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6
SHA512 bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

C:\Config.Msi\e5e69af.rbs

MD5 20a95834c68b96d52a67a656f754ae0c
SHA1 de0b1b412d54bb8e84c558b2e34b797eaa3464f4
SHA256 78646130a29ead7b508f65878bef9532225c43689cf7bb8c400e160be5057104
SHA512 d3e522ea3ca47cd1822a85649cac6c3debd8da283708c4627ffe35adf30c9b1731e1b248cf19307b931250db41f7cc761ddae727d5ca32455efa21d6ffa090af

C:\Config.Msi\e5e69a3.rbs

MD5 7d11e3f2231def1cab5dd26ef8721608
SHA1 bca565c5394d6b39a59cd94e8b774b10286f9113
SHA256 da3dea06cd3595c201b977ff92c113a062e3980f86dda437da00655a27822528
SHA512 f32f7b052c446a287f88f42f1e4b1c9abd8061e9b9a5fd89b62288c107b59fb32328599c707035d672b24bca74cff2540e5e70aacf08e68f0ce67e776d5c9a66

C:\Config.Msi\e5e69c5.rbs

MD5 08185f6ead74cbba1a1904868bc593aa
SHA1 fe2a96424d83af183bdc2a4cf303a138fd2a0e06
SHA256 2215b29412c71c12b0f5ce273b5dce8a541ef9c2a1f2861f5fd4995adae23cf1
SHA512 4ab9723d6be8d866bb3a3fa6a58531ff655d9f58d5bc8a21202a50954cb82fa5ba7be5ae21dd146557dc26eb2275771d3e6f3f52742393312fe969c85a0cbf50

C:\Config.Msi\e5e69b6.rbs

MD5 bd07e64324824aa15124fda0bb39377c
SHA1 4f29e2dce5f29a821e244d2d4d3c18eecf77d498
SHA256 93ff47053a1c099c8c5406e6192e3e9a109a7fc92e3e066de524a78283f7d8da
SHA512 b73616130779374084dd774b1b184116cc8a98470c96b0b9335d258acf3bc676ce4182332b5b0b6b4cf146be6b1826b3efa96c5926ea9995d0f4529a1d581657

C:\Users\Admin\AppData\Local\Temp\{00BF49FA-E6A3-4227-A18E-4A9036594E9D}~setup\VMwareWorkstation.msi

MD5 9de59bbaff0031ccd0c5ffc0d146b016
SHA1 bf8650497c5a35672a154855c8f5cdc132524f50
SHA256 e07b69e3a884cf6d76c674fc290b1b864653692cd5eb291f38b5e83c2bc20cfe
SHA512 b0fcdb5e887760f6da301807b55285e12163fdc68856d7c384d3136faf60613f728750c5e496bebba47c12eb16ab2c7dc470e4709fd42e9842a676b0fbfbcfa6

C:\Users\Admin\AppData\Local\Temp\MSI917F.tmp

MD5 02fa1ecf741cdf5e6b05540bbdda424b
SHA1 ab15a90ec37b900c8bcb6961c41ef8a519676c2f
SHA256 f88377c29ab7b75d14d366e27ccb7ad81536f2233aedc6f2d05a1ee9d7dde0e0
SHA512 f9b32a5af2ce3befda29562d081483f4a87ef94e738202d27ef47a2d0ee4a81bad5793d6d2f08cf4db2391b4b32f38690ac153458cffd2ba6cd10fd95d082295

C:\Users\Admin\AppData\Local\Temp\vminst.log

MD5 be78724fc25f9412358cb5c04c8a571d
SHA1 5de528d3de443323889b02719e1ba2b2a84ce900
SHA256 e3a1a1e0399fa4019b74d988cf3b2f542befe5c001bedf9c095d23e563af1ca2
SHA512 dc10a1b88ee597c5e472aa12ba233536b0dc49fd02a1ce175eed6507a476a6d7ec3c86333484e5f22f479b109fe4d9a4bf66e1b26d426c383084ead9e93bc24a

C:\Windows\Installer\MSID820.tmp

MD5 2ebde9d1a578ed1c78a79b2279be5f1b
SHA1 f55b8c2511d82032e4e8d503b4874396b91fff07
SHA256 fe793fc1b303f85837fc6a990caed01289c02e24f3ca497566108198fe6af5de
SHA512 f92709052fefc3fc89ba07562a093d7a22dbd62e0a38d3178a93275b9050984430bb4ef5908871d29f591bca75b2a19f9202794a07deecaa1a8df86d0ca94f20

C:\Program Files (x86)\VMware\VMware Workstation\vmwarebase.dll

MD5 a2ef706e1ede9b52477ba4bccc08717c
SHA1 c47638776b019c4dd729eee8d3f451c51cf65eb7
SHA256 ca16d280520998b822f17f4fd825443c57814d6db008ab90ee85341186a707bf
SHA512 873b00dae7ab7f8e33fa39c35d8150dde7f8e1fc29bb456daed012253fed51a2ae91cb48a4d1806ff71614b4153b97a8947ac34aeaedd56bb54aaf4bfb32070d

C:\Program Files (x86)\VMware\VMware Workstation\OVFTool\env\ovftool-hw9-config-option.xml

MD5 cdae15f623a66d694d299f1390fff656
SHA1 fbfc1a118aec4ad7558b82fb5378fca06a12fa9f
SHA256 6a846f6e1e5112a3efd76dc23d97b9c36abb7bf62f9bc202c1f840a3f8dc182e
SHA512 a79ca6d4399b2c65090f45d0de1016806396ad05184d02ed54a55e6f8af1a2833220c1efaaebaca4fb777d224e409f5291d340df783a3db0963f8b01c39f76e2

C:\Program Files (x86)\VMware\VMware Workstation\solaris.iso

MD5 b5aba6636c365a4925cc345793acfc18
SHA1 92dfab989f193c072641fc3cd909d88851d0034c
SHA256 1f90f0511d9a89a0e16401c3411f42d2f1ddb5147c605f1e5a535ba179deb864
SHA512 c3b6489bacb51102e73d34c443ee2e3b44ead48da0e7e2b666d3c206b5deba46d6d222a3aa93a8dd3b50384d57157671ad01ea1829a38faaf2155640b95b1674

C:\Windows\Installer\MSIF2BE.tmp

MD5 ba3165ec14e657e6235d6d789e9e25ca
SHA1 f626fcc0e7e7f26a092da6a995f5936a45c4f71a
SHA256 bf93de4755822425f3fd3928b52d2a6e6c91ab069213aaaa95695ed3e17e72e9
SHA512 6d83dd60b1f8e8d93ddbda657b1c75f86c1f5f6eac899123f6ce498f5dd1a5abf05e29776144044c6a848e8fdd2b9a6a5367c4b249b879a310a260fb6b55b6da

C:\Program Files (x86)\VMware\VMware Workstation\x64\icudt44l.dat

MD5 84e14155c9e93c98f80207fb91cc3a61
SHA1 22786e7d14b7af1019100211ca512fa835ddb41d
SHA256 cdb07d4d84bad2ae8fe1d0e188ff1921db083f8b3976361fa3efa2c3f6748ae9
SHA512 3020466948b8a6e8d926b7dbeec2652280cf08d58d2bc1412af537ef32204fb5bb44d87d1ac95edba69a7a6faf15dc6055777188354d012fd0d371e17a4330c9

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation Pro.lnk

MD5 5b85058c3553aa567217c87b4b051464
SHA1 6b251343ee54cc6124bb16caad3f05f0a8fd84a1
SHA256 a466d7531f46452ce23a3b428c500fb420e69a2115d47e8eff0e972e1b5af97e
SHA512 a34828f0f7a0cfd6d365ab6f1e789445bed1fa1b780319ab106fc7c3f393a041d1969d5672b774e5910c98030faf9c10efbb3d50a989373bf083f1915c251a69

C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe

MD5 073031b8b6c10cc6f42eccb1bc88cc8d
SHA1 19a8726329aee9a917f984a8d122126bb3a2abee
SHA256 89cdedfa74709317d5c46faf464aa104a7dbf8c64ae2413cd93020923441f1e0
SHA512 31b41573b16237b81e03bd5df14327828f9f9ffef7d44d29c92ec7ee24523ae5cdd77cbc4b60fa0fe1155b2814fb829d5fc001b0889dfb151002a5749945eca0

C:\Users\Public\Desktop\VMware Workstation Pro.lnk~RFe5ff4f8.TMP

MD5 25652bbe13be426fc73600b26929081f
SHA1 85844ccb3327522e896bb254343da588492df22d
SHA256 dcd05d9fdaabfb5be703ef79c85bfc9f7d6c413eaa357b5ae78123f3bbcd1265
SHA512 803274f11d8f699ccc62b127b3704dea7413d4205313c8e20ee93463a9a2da3f21b7ec40f8904eff643aa811950939b2498f9b7347bc8e59ed526d3408729828

C:\Users\Public\Desktop\VMware Workstation Pro.lnk

MD5 b7b8678eaa4486e57368142c361faf91
SHA1 9676d6285caccb0c4c9f3fd081270d4899094010
SHA256 28b341ff2161fa78f0d76744acc449a54790a6e22336b23dfb1c5417a048cba2
SHA512 84a3fafe937dee9145edfac4fb32b08e99a4019b1e8dc3854ade8e38c6d431a2f2763f5ea1f7a22be62ed91cf661e92db745addd28cbb6608f518f15d0ab89fd

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk

MD5 6fcd500ddd66d433edc6fea47ece5698
SHA1 56bc8af248546e7ef9c440e076cd6e396480ca63
SHA256 f81c8d98e4282b7e4d41459f6353251d2ece2891350a8ff9f90784db3009533a
SHA512 49aa069453297ec5a23bb96d893902147a0fa6b192438705bd99efb9b9b0c4aea8f2412d258bd9d2aac19c3537af99411c07b886e35fc48d5ac6cfce3260fa2a

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 17 Player.lnk~RFe5ff546.TMP

MD5 405cf3a34e49e7aa88395af4d7a13f22
SHA1 ed014f907d6aec02fd47fddb46b38a1b9c424571
SHA256 d2d6dc785f77aa5cedafa96352ad64ee5686e14c13c7564ef9f4689a5ceff69f
SHA512 b0b4bbc08023f5971f806e33b57540adbf091a4777713eeedc5dd5439c498020be453d287e9c330a3ae95d2643be0acc6c35abf9e9b3f080a6df8569d14db6eb

C:\Windows\Installer\MSIFCC8.tmp

MD5 4aa882a8a87d248e6b2d4144f47bd568
SHA1 6a949550f3c7fac710ea7d7801fd809f397c2d91
SHA256 6081f9d9040dd70c74c1f5ae51db1320ba3b3e9e6a5cdfda22a6f5e72ef38d4a
SHA512 9a91daf5c128e09912ffb6e8673d0088825ba13b0151cf23b17d531b855fb1271637ddd3c92e63c704fc135ce3b703d05dd3d1cddfe452b8844af78cdd2ba6f1

C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.inf

MD5 8d997d8d1105556cea9726b2aa38949e
SHA1 57f9c467fa48ad4585f58f40120778080d4003ef
SHA256 9cbf08670ee83cb7956473072d7d51a709da49522a1109ea582425d86d88d8f4
SHA512 d52e6ae4e66d33f3632e349fba6e13eda805764cc4d87920048af779148ac87a7918fcfa4f307a9fb19ae9b5c58b94247ac09433ba61afc0515a5bec3a5ae314

C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.cat

MD5 c969983ba8f120def2953afe08b2f164
SHA1 2aff93389846c5b107d67ec0886a342ea18eea76
SHA256 ea696506747d3ab4a9c8b8d486b4a886ba4cba7b65eceb1d89c6ce54be6c9c20
SHA512 30f69f57ff3eb07cc0f787a22aa42245246d9b6e657b656c82335d6fa78b3f8534027c4ca28998d72872cbed099ed45b8ac59bd3c7e69ffcc133510a37632ad6

C:\Windows\System32\DriverStore\Temp\{9a702726-625e-8f47-bcc9-25d163c7eb43}\vmusb.sys

MD5 092cdfca61db22f6ec3ac01255bad56e
SHA1 565788f4cdaf423078006d4bf480eb4b022bfe72
SHA256 965c2e680140329f56f253f9a5bce8745a9664fc56aedb58bdb57e126b0aa1c5
SHA512 7d5e98e33a60d259f5bceb9431c1d9630bf43f479631b9ede5ba8f8d4e761f9c67971ed5347fb7d3c1234f15a75e252b4e93aa002a5d85fed751ca0b64a5e24c

C:\Windows\System32\DRVSTORE\hcmon_AE2641AF84DF5670FA8422233CEAC89B307A0500\hcmon.sys

MD5 0f300657289a1a2d168b8b80e900055a
SHA1 c5f93e3ef6c8227009736ac8b5d314ff21f48c51
SHA256 94938835f53b968665eda2a7a082788dac0a13ee486e3186387c0ff7ececfe8a
SHA512 035d0e1430ec7206cd7995f912f11310089367a452f10924f79dc2edbb958bf080e86c4501e3b7096ec07e7f4b503ec4751b475f60927a333edd9458b41f36d9

C:\Windows\INF\oem6.PNF

MD5 ea436ff1f464872273072e441dd8de60
SHA1 b9809fc4cd4ed73bec238d5918c2b9a19bab7d46
SHA256 1feb5078e691248db3fed44291ec2540a47626312207f446e06a8b0fa5529ea7
SHA512 985b8a4c0dc26c04aa401d28023c64922fe6952038815476603e6bc0913db277ad3087cae86c8df5692ccf7e63523ea3cb1604d297a4c6d1bb9a114dfe051814

C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.cat

MD5 24236822ba4e710e9fbd3401c78131db
SHA1 83ffc5830cfcb98b6957f7802e4e7fd7816dc1ff
SHA256 a58b885df4777c61b577af7569eaa5ac0202ea50f55fe141e9be0ffc77743a50
SHA512 714f005f882ad0551fbcb74ca4fe4a0ab6f3bd998879dc51ab2911190919080a55727f4590ddb96f866a02f6ff9cfa0cab9a48a543edd35e684f28b3391171e9

C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\netbridge.inf

MD5 76e07de9fe56a25f27a695691c9bdade
SHA1 53fef434d80383dfa266c632e6d374611c38319e
SHA256 a3bbff5810e7d94a7490e06d5b420f734ec02f4fce66274930e024761e01049b
SHA512 813eb5cefc1075357dd70285e05e765ba911fbf65cf11975b1b241d2ae3bdb8520f07de9daaf29b28f979c97ef59bd079f63c297b8218072d0f405986fe4364e

C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnet.sys

MD5 acc036a64af0be34d7925e24f5bbce36
SHA1 8b9b372250219c3d08b153f630b36dfdd2823084
SHA256 7e3af2553ce93dca2a7b2c42e1c839573ba37e393e9e7a5e200dcc2df4f7fda7
SHA512 e2190fd5e3644acd73ca86485e8d8bc1886a5ce767dfc452cc8178fb6f24ede82baecbc9e1693982307efa442ee39c19911dbe8dd19eb291595ec671979f63f6

C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.sys

MD5 11e92a49a113d80fc43219ce21468bcd
SHA1 7401c5adec3f548195c1cf3fa85c266e476f1283
SHA256 9237ac240f3bef26001bc33a670245d368b727fc43e031b6a48fbf698fdc1def
SHA512 bd7dbe2b786a7b0de0377abfc3a7a97667750e842ab5d0e42ef898151cc8a81e615a70536753e243f5a61b727acf3a837536534e65c110a26799c9a2e3b7a7c4

C:\Windows\System32\DriverStore\Temp\{fa213c0b-5d0a-fc4f-ab86-f9c2fbfba35b}\vmnetbridge.dll

MD5 70d6c2e1940824e5c9deac0a2467603d
SHA1 5dd4a84bfed0eb199a228abfd1804c142e3fcbfa
SHA256 0e8d73db78847ff2956c471c009088c1754640a06f877e9dea061bf9b6c287fd
SHA512 6bc3dba5d026896f64bc2131d37f155b3dab6a3c8bac758433b8776255aabb10e24b8553c05131ee13de31b323620b4d844c141e267eabfaa9c0d62084ca8417

C:\Windows\System32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vnetinst.dll

MD5 f2338bf0d8f10fdc55b712e9c5240937
SHA1 f6e0b2151d08d2316b685aa1a8fda38af9c888fc
SHA256 11e605295b184468b69d444edf35707567615d16fe5b9ba924edcb76527f9002
SHA512 d15c92ef1e438fa4313332cc57d39a9ef19584cde8c02d328983215544d823ad838d68b975b825afaff2a6549eb06331d7fa0833fdbf2fcf43d5fedaeab2434b

C:\Windows\System32\DRVSTORE\netuserif_58711DA5F5777EBD18942543251CD2F96A4E1EE5\vmnetuserif.sys

MD5 502d7759a8ea951315b74ee12a629f3d
SHA1 0f045b7a26a8ec4e5647be4c423c7cb4327fc213
SHA256 26b2cd990adeb32ef7e4c00c0e447c64c9a7811de2f398d6a227ccf26e33da72
SHA512 33b270a48413e0478432ea3d1e1fec8d71d876deef63f106905dc57bbabf6aeea74f01ef539a2c17d583e4e10d9262187a6bd9531220c8278ab4a44191aa9c52

C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\vmnetadapter.cat

MD5 f705d1b2884dd89de05b5be1b5f091cc
SHA1 15fda464b0e6152f20be66478e5637bac6738a44
SHA256 2fed201cfaabf39aa9d32531759ffb01b93e890ab28137983ac0a0f1b76cf4f6
SHA512 740331cb30d323bcd5ae0789ffbb0620baa7a485241b6c2e4064265397f40e8510fc6de9758b5f5cfd41888b29ed95392b73b3b0812a1e207e46d72e6d521eb4

C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\netadapter.inf

MD5 513ea5ad5d0192b4fab604bebaeba1ca
SHA1 37cadf97b3de820bb8a9cc82da50f969bd9ee742
SHA256 8d3180911c7397eda186969813dd6aa6447b2e247d1dddf8cf15c82f8c187c7b
SHA512 8459e0f67773be7ec6d3ef08c3c9018e78719797292e92471b7b8ba210cb5fe3946e3f99d23930d5454a223907bddf40e3d7c8cad8aa6063c1c26ae7f1744b33

C:\Windows\System32\DriverStore\Temp\{1aff8bbf-1a43-524e-8ad0-7625d3666e5a}\vmnetadapter.sys

MD5 83b9f3a1bd3afd531c19b5314525eaef
SHA1 f857b40f1d837ee9bbd0e33cf4795d4e8f20b1b9
SHA256 a75125186847fb0e6d4cd755ccd68431df3a64c8786125b6110589054f9c2389
SHA512 b48f3b039d8d11e25b9978eb9b38b7282793a264878258ceac12a243cbd344dbfcb9d5e071a422209a83f5330b7388caa8344cb6c11598e1fce1bc43f649384e

C:\Windows\Temp\vminst.log

MD5 47f11b72ac3b70fe73999c9ac9a32e78
SHA1 1555ff3853940ada3c91ca306f198b3e27096f23
SHA256 d804014cb51b54b3a965f626d2dc98f370e933534f95d1d526f9924f473eaa06
SHA512 e9a91271568929b47a6f117c2a5ec8c214db58f3c3d6be340407cd303b862b0f3d0fe565cba4d03b84989a62120a498d29846502734e2feac21649e7b171ab1d

C:\Windows\System32\DRVSTORE\vmx86_0EB6D425AF13AF7EF7CCBE7DA93B4388751906C3\vmx86.sys

MD5 73ebcf23e0e1ee82dedc376c1d312803
SHA1 aa6ee9d5798254b715ba1ac254ee11cbd70df864
SHA256 e8de7c03018755a37a2993b2688c5258b46919b15c5e55a85590d8ae3abf1eb3
SHA512 03863edc55d819378ed9aaab1771a7be6acc627b3512bf7555111135b486b5bdf709bee5e32f717112397e5db4579ff496fcbd6c92e96ed8d5c7321e1315f86a

C:\Users\Admin\AppData\Local\Temp\TCQC618.tmp.dir\DIFXAPI.dll

MD5 116eaa5c9bb2cce346a42eafde2dc152
SHA1 13c433306ebdafcd983410482fd42685bebadeb9
SHA256 57afba202253a7736e7296ca9ad606b9640ad6f5e9c231ee291f511dd469c783
SHA512 57d2ce75bd4a645eda5a9a77a6e92789cc527412722b2fcdcbb271c0d6eb8014b596d16e9ed0e72c9e1153e60549d13be2241fbd13223779dd9596e52ee8f944

C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.inf

MD5 fdb3c5882438a6e996d13a7ab48cf467
SHA1 7257251e1b43912d15defbdf01056aef80d043a2
SHA256 1e71d0b7aa6a8835986a2d603c7218e792886fec4ea889f13200cf0fdc78a73b
SHA512 551678e245c37c61433bb06f5bbc1075b76c1b86b06907b0a8d4c1e240b62d13922a0465919f361a6584388d80333201b5b6202b3fa1c6ff7771a58ba9ea8716

C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.cat

MD5 c888f61b9b09bda1f1fc1506123753d4
SHA1 bc2be72275b899d848737bfac8e0ba1ea72af63e
SHA256 b69004749d69e2d826a4341d2ac409711fb984fe2ebb4afa2b3dbc03368493cd
SHA512 9a90df4b4e4eefb48e81853d02e3f2f9b6280636322436b717f0763bf7feca79660fc860f8142b915fc475a20de4d876c1a29687061468609e9cedcb725b88d4

C:\Windows\System32\DriverStore\Temp\{cc42a6c8-4f3f-394b-aab9-eaed73c32570}\vmci.sys

MD5 339e79b21cd73fe1174b56d6032e40d2
SHA1 d85e6a6a585fe4eba6f2601ae97a9db171f2b5b1
SHA256 91e68a9891339a8db757c9eceb65371db83822fa56305d61330e50194dc97131
SHA512 10d5783d92bcdcd536abbb3650321f150f4f8a0850e99a974dc3e445dd6421b41fd9ce0da951efcc553b5bb00719e11c4c22c01f2c0882e35380a15de0076484

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsock.sys

MD5 64ba085bb02e9ecf3b21f0377199289f
SHA1 bf00ebb018e9b0fe63ef3af971ab395fc0ecb7f1
SHA256 dfdb2166d3010a1e7ccfdc38f0b1524fdc4b79b17b06093b7f9820b637d28343
SHA512 b2d3e43f291cfc0215c1e1df1d61b94c7e7d7780bdfa8d627edcb58b1298fcc96beb8eaff7567629e2ae1c7ae1b0ef60af6abd6fd9ec0b380c5e20ebb0a8a8f1

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x64.dll

MD5 abe700a6459d2d6fc9774e0277350ecf
SHA1 cefe9bb79520b3cadf6d1bbf44fdd771487b3d7e
SHA256 952603279b8851c3739d562247f3f0a373b5fd0eb5a9c3baf1e6b1e608ebc6c8
SHA512 c6fa33ff10523d408be2e5653100fb3aabf1cecaa810916a0cbcd32c5bc2da76ebfb73256719843700ee4d05a7adf7b18c9130dab1127b7bd8b1d089b8219349

C:\Windows\System32\DRVSTORE\vsock_91D4AA923191C17024EC2122FC89C72E5812E906\vsocklib_x86.dll

MD5 f7d359d175826bf28056ae1cbe1a02d9
SHA1 19409b176561fa710d37e04c664c837f5bf80bff
SHA256 af1df28834936aef92e142c14b1439ca64d070840b2c07b87351174ec0f71d8a
SHA512 e2d78cb2d6f1b2f3c410ccd5272d0b3e34f3cdf25c41605b12e9a1f408308084c28c4b427c915ed87e28f21d662846529711fa07f4357a7f7f727b96a5d0e7f7

C:\Config.Msi\e5e69c8.rbs

MD5 484b10c1fc85329c0b4a6a9f71c27a4e
SHA1 991f0c25f75a4331c1cf067e677e857f3ee4cf33
SHA256 cf62e131f928c0c7fa6def6d5e86c3718fdbea3b7deccf95d4681c1397f4c177
SHA512 994d02ef647cb6f6b02a8ed1e9c2a0aa3ddbff8239d27216aeff08f4267b06870245db6a36df518bc4edecdb3a1887db526b4ff59e99f33b625b0eabfa848d27

C:\Users\Admin\AppData\Local\Temp\vmmsi.log_20240222_210854.log

MD5 3b236e40f60911e16fe89f75f0cc13de
SHA1 85a3602cade7320b2195a12ee9ee5c6d60857a0e
SHA256 2d02986c3591fa6cfeb19de34c0ecb585d639be1e2deca8e2259699dfba8c795
SHA512 a61427b0ed43b5d20759030827198aaed816a6534167542fe0fcdf3e0ec0ffd2ed5d1091f6b113f0338bd8d55686826d1b15c2c9e2c4b914a950fba768255722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b574d68444edd93096c5391185863ec2
SHA1 ef1ba741ec8f94f03afcfeeee34d75ed38097cbf
SHA256 a3429d72708fb2d13e5409d0e667fd31124e8c82fb811d8f6e8c052af468213c
SHA512 2b7843b776f176146abc7980df3f395f322a8e86c57b8ea7454b54e054ef981e67c58b1b84fcc080625fdfe127cda0034c2851f84986ff1e6baa928771c89f19

C:\Users\Admin\Downloads\Unconfirmed 958167.crdownload

MD5 db8922c69e6e8dc63f54ca7a62f31810
SHA1 a405ff6e3f7d79964f26bfd0bf5ec7dea18f7048
SHA256 51ca94ed2352f08334cc288061a2747cddffdc138203b43d8f257408f497848d
SHA512 5e66559dcf7b06def71d0b8b663db1a24851fee4b3451a23b411f6516b311ba5f53925cb44c7b98c223f100eb699fd1c069c17535a173acc8e28bfc38cc66e45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd84f828ac13259f41ddf829522c5034
SHA1 9367efc60afc9cfae34272226c18acbdfa2d58ea
SHA256 c49a2a02a8fd5815d854de6368fcdd92baae91c512c6f4f2cc158e8ddf783629
SHA512 b3acac460b2790a9a8366cec58c41d0e1edc0ab19fbe035990f98c2bdc46633f188548e8438a92dc8cb5da78b969df511b46eed3e299f0bbcc7815ec9b96449a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 442ba7f7744e74db3a6033ffb52d3161
SHA1 f9e1eb3be778e553e65ec4fb9e9081a5040f9255
SHA256 202ba2f8f9bd28e5e300225d082e30c6f9b737699177c22594b31150e214f29d
SHA512 fea1a1c8cb49c8aec9254f3f5e65cee1340d6e02c606853757464ddd12832bb68d812715bd1ce020519fcd4c8acc6880aed58dd5b0044cc7c956ca5e3cbd5547

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f93c4a5b381766b9c8ec183cd04ab3c2
SHA1 c5fdda080dbcdeffefe618d534b55de8a19287ef
SHA256 9d67e825b475ed70f05d5e9d9197eae9d70c56c712d8439b1ade104b5bea52f9
SHA512 a03e9633cca09470442284edff3e0306113065cb09bd8fc8290f6b6139e41a02d0725edea2603c4a8ba4f719b22043dbe20f8b96e4d2857e3cdead4e0d6eb51d

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 9204cced870b901f286cc9284278fb1f
SHA1 8650fc4df1284bc9c83544a408dfe3f1cc839d73
SHA256 cbdf1a0ea40b3e1edb55247d0bd345bb9392e58eb3dc03a005a892dc712ca201
SHA512 7cc3398a3113924fe1fa39b07058baee7fb1ebd9836fc9ae8c6ba37bb15aa1cfff02c4483371c3c6fb302184f727e62a98d4c7dc30194e9ca5c68a658df3665b

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 a222a15523815db1179142c24ce1e955
SHA1 721f2f1774c99ba2cce5149b1be41e3a2d9da7a4
SHA256 a4b98dc3bc866b0582cca516cee0da1eeee006307fe96e980bd4f62ec4538949
SHA512 d2b811e78cec9691c1f15b2287d7f01a9cd0c18fd5476d06dc86abfe5cdee269e193b8ee5e523d4e39cbc5a689481de7183c2e1a303004f6eb3d8701d73e89bc

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e5a11cdccd400d6ad46cec7ef0ba70fd
SHA1 9852195dc379b67987876d94827375544c9726ba
SHA256 8d9d0ba6c5edaf123ec36a4ede8a35a44e976cd3391f33e863eff45ee67cd0e7
SHA512 522b6deb499f4add361dc41bfc4a6d8c2adc9d61d27ec131f707228356067b42a24bac42035eda18d9189f133ab7aafd2a43c2bba936d3043ee59b3dbeb1c13e

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e198ef52276329c4879ad43abc9e0e1e
SHA1 a4555c80a352c44c36159f8e30e8864add372fee
SHA256 0f53f96fbeea6d3d091155a5e0931ad0a6d033bc429ec135204f0a75dfd97e73
SHA512 d674f4aa3950fa1e5b44dea0423d00f479be7d9b1cb03d520670b7a115c18ecc3835d5b1a9cf3eea0959a08705283d29920005f91fa4d3afb40c91d5d55a5108

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 9cb85993fc3bc78b68f3f0c0e5525676
SHA1 a79522c763639a5a0ad276fc5f9e6d65683997fd
SHA256 e8c3eac07c6a7e3841b568c6397eba1aba09f877ccdcd076beae7abdf6676b52
SHA512 1d29194fa92fd65c58898cb68936b5c63fa1c6d63d178267e0426fdb5cd102a871044f96e9f48e847cac0007665ca7eec47859c844f14059fb9de56931d3e18c

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 2ae7e8a4e7cdf9f8c146b391706058a5
SHA1 9ef69c1e365021c14e190e043c41bd909d59938c
SHA256 7665f06c50291405f7748174361bc9f35ef3c6dffcb9db4ee1d9785098ee7b8a
SHA512 303bbc3db16bfebb84a54deee3608af310a58868e6fe32311d8ce83e8e6a5c3c7929d18562c59f88bbcaf8cee731c965c1a93f125ea88d24d0b9eec546ebc3a7

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 805904bf2c5e8f5479221579d1b5539a
SHA1 601788db693b18f356866571db833d8d161761cc
SHA256 a7b64df21ffcc0649dcff50f94b42f32333860b0a96070e9fc645b5c541d413b
SHA512 b1397c80c9bf468839816068d5e8cea98f609e4e509a63c599e605570e61badb239301035038b4a6b65d23582ba8d87a6da1d4fea88045df4e9060c5d2a2dc2a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 83c42e3023294e8bf6ca871783f7b5b6
SHA1 0e137d0893796d78f25cc23cd8474fca7bff3fa6
SHA256 064348f30182c330d5fe8da6d3ad5d52f9cd5b094905299f3c355e21e0dd9d62
SHA512 c0aeeba77ec14b1c5cf974b3cd9daf2333a145722eb8a0ff0353e73dc3258aafc70b9f00656e11a0074d2a8921a4cab4ccfee5f4056845c764d8d717a742d71f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 3c3e66115920872d084d91f2081b2981
SHA1 2f4b666791ccb3aba7b200e5fa80fe902007d298
SHA256 a886239277e057f5feb5b2b04d7f805f5bb7c594d5f335f4fe3fdd01986dba8d
SHA512 6e8ee493b3e34a4effa1e40612404fd8e40408b741e5939ecb21795b44d934369caaf2fd795c9642c3dad589cf52ca4a8960ddf5a13406d4b85619a9befd24f5

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 b4b181533b26a0953fdb1a6d1fd7ae7b
SHA1 9644de4162f7fceb9403924c38637173128361d3
SHA256 7e77a39c27d92e3913b581df7385180f8313c9e39fac119dd86fb3c236d0f852
SHA512 b2eb9a72c2a67b1e8d518936039264c83ae858bf92bc03df1529317ea087957c048a9309b72062dd5891a9308fe277197d774d75f82340d50c6bbbfa220c29e1

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 1ddeea700df20e8cf0bd5aa92b64195d
SHA1 22b944330492a4dddf01380d82d1429b923e05e9
SHA256 a74e05f620ebd8c6d5841bd2f293b13981307c68a91fc41a9d36a4938906473f
SHA512 77f6922e03ec1eecbadc4fccc618eff8c0bc2af85ff7ae2b49aca06d050c1711e06721f2dc9779a111336de10f48b5f5b98a0784bf6f8e76c69768a81dab8522

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4068b3f762fcba488c4ac834b443d4a8
SHA1 13c843525d58136a6dc833ee9479544af0011b3d
SHA256 76aebd94d3f980903390b47420c3348f3b4f534ba3c3133f558be590970e459b
SHA512 c9df809ad761365f98af442a6e188d729738ec10368afad1a744b51c180ae1a8f9d4d1f69a3621f65d0519b3bb79f00595a41ddfcd9a5344ff7ae8c8d9adbffa

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 c2c99c1e0a17437b20b6998fa7ee515d
SHA1 e62fd9a994a688f3945638b32067838f02ef5399
SHA256 d0c473decaa5ceea45d3a6d326c7b84ae8b21405f2c5501141e9cfdf082fc4d9
SHA512 2f08e1355fe52c26cead0fc661fbdd38687a660810e525f8464f4b3b9fa315c0c12557927e8b783088120c198179ce7b76f84465918c5633a704e5937612ee9a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 da54180b32e88a4f9fff306b6e095345
SHA1 73ab35be40ccfea70a7e5bb7fcb68d3ed3a7380d
SHA256 aca12fd6b7d4c6079aff017968975b0d5fca69ab450cd84b900381cb9d270abf
SHA512 e97dda09e6849bc63aa9e7bda3eead7a3889fdb3e097c4d1e45ef5f3a42509d685c89810e63ce172b7be50b8bfa16a972764582f297bb7fdb5d65116d5773bee

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 1113be3f51de6140c00fd93f7dee9343
SHA1 f44715b238f68c5601b72d9dc6cc3fa856f01805
SHA256 9d4f69f356f2fb1a929775d981979f563a1f3cf733c968071c399efbc6179cf6
SHA512 490233ca844565994d30d9e393db28b520b9b5c151b8307924b4ba8228d60227b818febb11c22271e50ea0bfae992a02ed83c1231824deb7d5fdcfdbd32d081b

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 470521bdf7f1feec50cbf54315386da9
SHA1 974d7da34b22bdaff7a558ae1a29f06faf572263
SHA256 8f31d28a63134854b9b28c220214a676c5d89a08f48aee7dd1a6961af8ce57df
SHA512 711425945a78ddb1650092665bbed005adec8f600abcab10263a72db810746069eaf3b97c62c04fd6840f44efb2c742f4e5640101229cc7a7c6cad26491d8094

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ddcd7255b46484757107670bc9f8a1ef
SHA1 7dbf526bf179529422833b0a48cc910558f7b55b
SHA256 2e7fdf0458bccd7e60f406ed03d818d0bd092a19ae3a182fab484036fb7f0145
SHA512 23131cd6130f6bdc0dea89554739f6fed14f3768bf1809f2a2a9a40a70cbb7aa28c198000b827af809e82fac292848a25fdf5ed4dd11e60b98ff4cf2493b1e7c

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 313dfa2aa35a839929e1c595fd6d2db5
SHA1 5b096f7db8963ea22ea5707fc020a5cff6980c92
SHA256 5961a40f5720684d4ab865cf560aadb53ad1a8511e216c26f4ee10d07aeac117
SHA512 5f7d20740968137d25cb0ccd6f2b2de243ccfcd4bc0121af60f3afa6b5dff08ca1f1a247c2b59a643a1fe3199ccd06f7015f62edf93627096e9dad861116a431

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 a53b82ab7b141dbb545115f223d68d13
SHA1 9092383404c994a7425ce3db00f03648b66f8401
SHA256 1b584df0f78fcb0cca128b16a4e554a8bc1eda78a3d2788029e0e6c110ccd7d7
SHA512 3ef6289ba86d37c3c9875b46c702fc8c791e95f468abe89f4db2285047582a56afe371c17a1bb1dbb1d31a5269caf6ec7cbf88d3163517015b77aa48bcec32c2

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4d2fb2e9f6819428226336bca70476db
SHA1 900720107eac8d4e46dcc372d8f34e49df070a43
SHA256 b7eee4d3bd09767c7bdbb34c3ce8551968476c2775e98d9933622382b6612c7f
SHA512 aff9a07f96be29d4342a926ec3dec5b1a77daec7297bb9753215604f3f98db377ca9570bf987f67d6224361728cbab89769710386200fd052ac2847050311fda

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e5e1c189212d36d82093ec1a052960e6
SHA1 3b78649a853cf9cc1d8f446e42aa981eea5499df
SHA256 a6e4fbf91491179e27d9326affba3542e4fa420bfa419431a69e07be8de9bfca
SHA512 44b490060b049f27eac47bcc4a43625b8b357447e3253d460c93626bd132da8e2ccbab939cb600610845c34ddcb5dd8c37d161b9f17448b3f5eb734ef95a502d

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 cd5dc5fbf0ce2116e3536f4f9015fef9
SHA1 c91a630f5a7a6239b305fd55ff2977746aa1b584
SHA256 c909a412051db483e279a76f5a1b504371a9dee07d28ecc6779e31672a2116da
SHA512 433d4ab06f8d9e22c0c8e3c2136483364f2d7c41cf064b6ec2564b54aa01b83927fe1f96d384a56c87d8412ea60529f076ebb699d3aeed0dc7f457cb594dff1f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 121dee88af5d288898a9b51bb89dffea
SHA1 d66effcddf0d047ce5bece3ed8c26dcabab47c49
SHA256 ebee38876126535f2e12f315d522155218de78e658d6621797a4a0b080ae5f25
SHA512 2078286ccb71978f416fdd257bd4a37be030dc3c155e0fbd61058f5c36a4da5b6ef36b240ccbbd3cdfe35a078205c54d644b81b99968bec6610851e1e8242cda

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4f05a7eb29793dbd55cbb31b5e542ddc
SHA1 21f0ed5d1f4601da3e1e1983f4f1ec1fca9cd115
SHA256 e21340a7fa30afd1b49441d240f0c6ddf884212914a80c033988cb53780c2dbd
SHA512 5dc423b1c625b838773ac9fb74ae56bb33ee265c53e7b9ac1bb3e883f6dde96d0b99533c6e2580b250d4c2753ffd8d98db5bdf13111e2b078f833e403600ec88

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 3ec568550df71ac6fd01b0fbd7316cb1
SHA1 4b2bc058378c7b94ba957258254b4d598e548664
SHA256 e844c87ac76264ec36e2167042f041f6f4af638b9611a566bb2d7cf8a8cf5422
SHA512 88171dccc00003c9d8fd8a7c41a8aad39d5040b3ea49f4c075f8441379d91b1b12ea4c27bd191e19610562fc231f09d25a2da9ebefc6996fbbf97000033b6f31

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 880428cb7b2be04f282e2f5e57109495
SHA1 a1648182dce21f7983461aff868de39a5ec2637d
SHA256 c2db90a3aaf248723b2f3eeff40af04b6ce876983e4e98459941eec20ebdbebc
SHA512 ceedfbdcad7336935f7a9b7ec7d61f420ab8ef6f45364291319d08ffb929ed18c495ec9cbbc04173bf9e8c4c68795b70673169a93d716f3945aaf0e4bd475b2f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 04c77f4df4b4b3648259ee6c38429597
SHA1 042f14ddd26fd07ad4b9cbeaef37ff9d27f9cbb9
SHA256 b1f4560d3f30776c5be9223b2a26655c8638837d63a665dfa2d8076a7e57e8b7
SHA512 e6155e9b1c86755f904eb22dbff4f7cac68714a0921f61e73b92dbd2efb287cc97f6e3d8ae7a3606329a0735c0e6429576f6a04bb1187e60422cc7a2a7719dec

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 42d8c4ffdf2e4be78115af772a12f867
SHA1 dc02603206bdb4f0197110546b43bf045ef28ad9
SHA256 0594fe1a74ea38f1382761929113691635cb831fc34b4149f9d9927d8e886209
SHA512 aeeecc1efd343a0fa5379e0f92b12d796b77477b702014d4c3114ff691fbed40f1a7165be9c2f83ba8509a727482a07e8be5cff6366a88f63638da81d617a04b

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 bcd2220f5ed694a9cacbb10404a6773a
SHA1 32a7febd60e68fa3d9813e41d41978986f0b303a
SHA256 a83b7688912a6d5f59f885c4bbfe182a29668abc5074d43707c158a93fe86370
SHA512 f92c58a528bcfeac01fcf1196038c458f6a08a091969359b0d5dc6ddd4b7cbf4c466343093d37de9cb6bee216fc8f665ed2eefa5535534510035d275f2b89a69

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e5cc4ae2d09034078a48b638bbbca017
SHA1 b1bb84bccce0ee0ecabaa1dd2a86bc294e38aa0b
SHA256 ce8c044824a77b3234f2ef8ae7daf0435f2d5360fcddc38ba5a7cafe2c93f9d6
SHA512 0ecd5e8cab93a01bd89f303b5c70c8761940bffa672a6ef83cdbb6fc88816d3e897e7bb0e665a8293ed60f367d4350cb53f5dd8a719bb8940a499b4544620c88

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4833d3e422eff9a193e76e3cff03f0e6
SHA1 506003d58ee409019800ea8322babe3c8dde1423
SHA256 25e8c053252707e9b9c9b17a08066d894648c28ccbfa913a128127c64043e6c8
SHA512 0e6bb3de5c1ae92eefc505c0a1c62985ae22afb49dca021c3286a1c699dae751d72b3006906364e0b6c57554842bbe969bdfadae869dee69eb0b7d21dea47696

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 3413365a9a9556a476207ae8ae148d39
SHA1 07112bb7cf36838ebc02563705370d2c25cda423
SHA256 c98b7814408ec2434c9505b7405ca52dcb4f64bb7523a5c681ed6331e6e52448
SHA512 b6d159530e42d601f71d32887c4603e2b2ba55abaac2f642a7c762e315d162e8c2ac84eabc8f23842a7b2c233822fbd264f0ee8b0716ba8a432e2f3f1b70a126

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 518cf672c1389da078f6957a5c4104b7
SHA1 b15f9ba9aa3eb1db6f5949cccbdc0a37bd6cdaf1
SHA256 06d6fb90d3367692c2d3f23c5c437696eccb410f7da74103aa9dd27b1a8feb83
SHA512 68235a8a5b94a561475a8aeaa5265e36236d5548b5e211f18fd6c36a2033d2eeb7fb5ef8b95fed924bab6f8170cd1d166a531f8dd59d76c579139a74a4cd1d4a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 d302e558f759730a5459c1e9040b2f33
SHA1 7f64c73b0da614e47354630b41fbd465e73025ef
SHA256 1dec339beb649205f38e5044c7f5d3bf81e074e9289e39b1726ec2c0839d84c1
SHA512 09328335e728d4c8f0e2f5a229cf4be73cf13f4541ad01741a46732f80c89d52c4f2011117743e175de5ceb072eb9085a65f62b0ed63cf8faf66ca63315137b3

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 54a6bfef323e51dd38c466c9370b3311
SHA1 49b0115358bd0b25879e8a98d96e42b4867dc49a
SHA256 464971bb7842653249df21569776f6b710649252934062e7c55bbc831312e24c
SHA512 0bc8898ca73fe3aa9752c9c77520481498f7870602e67b0653df338c04dafabec45152307c3a2c7d31775ab81788526ab0dc8fa61a4cfb6ea2f49af9f205ab12

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 efe83ea3d11ac91020e48f7c53d6f060
SHA1 6c8696bb02bdf15c33a13f2cd675131db52c22fe
SHA256 f63e07b5391c6f5077d310a20e0bb3e0228b83342c7fefb14bd416f17ca930e0
SHA512 f4498a614816369d91b03fa8d92859e08da3373595fceda5d5a46b353add6fc220c1c652e76adba6c58aa3339d26ea9ff92cda210cdd7eebf062dc02fda5b3a7

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 a254a957c6968ab5b343f4eb22b8fc26
SHA1 b29ebf88008ca13ffa5af8bfcd76053056e20a6c
SHA256 402d9ed227c7535215a748925d095564bad7554c867bcbad349b3410885ce2aa
SHA512 74b472e38e7919e530bc2ceed81aa507d11c58ed8180fb0d8eb3c71340c37e4078607ea7a1cc5213b9cca736c20bb338592b9a355a30de9b8a4ff4624af356c6

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 7ec3b3a7ccbed03985d34a0d9c23d8da
SHA1 64f974f03bfbc4a90514d7238dd7a43b18ce14d5
SHA256 0b4ce8bbb67272cbe384f6e9a032b638f6ef7a0d3e69ae32ac0558634838c698
SHA512 7242abd0596913168b5b52830b65bdd7a80af06a59cb0ddb155e86f967bdf1c5a690aa9302f991d03f9a4b843a91e68f3bdf600f76e735c14bc9950c107db791

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 7337c8b8c1c1ac88da8ad07b913cffe6
SHA1 d498a425cb0f9ba30b5d09631e91457d4ef1a0b0
SHA256 72c64103c86aa8428e1ea1ffbf01c6a9137887e72d0c241b87b0e3629d461460
SHA512 c537b22a339c2cd136095d1d24b405a524cae0d1fd6c095337028fa5e0ccc4cffef75ba75a15de8936e3ac421fd66fca80afd2156226b789ceee9f4cd090811d

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 a568ea8c8061a3a28bfca8270a223913
SHA1 a99b377ecd15136e028fa01f0b799c0e3d1910d3
SHA256 c925934486a56fb9035f6671c75277d8daa65f6157f640df649bdec044c87fb9
SHA512 85f867d0dc5b0568bccdc480efb8fc8ceb0dcc966e8001ecd5af76749f58cea2c1fdd1bc2baf9d02494d45d0fee2297736157711dc27d36dc7fca1af53c9bf66

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 00ad6bf757b77dc8fa7a0fe7b9528766
SHA1 172c614f711fd8e8228e5b9fe2b4ec086b08ac45
SHA256 c4f601c1717fb987240ae2881589c6e555910cfa5828924c5a1c066a90c2e64b
SHA512 da5b54d79a415fe090fe061c0f5dbe6343d586239531e117a48f9b8b1d173849b45b0a4581fdde358181ba05016a8de4a83637f1ca7c34e176a512861eafa55a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 d89d5b2e5d7e7d8bb4ba2486fb13586f
SHA1 0f01145049834361376acf087d3bdb2a01de20c7
SHA256 a30d172a38c187572ee50a7ec58cd335b8552a9dbadb16fea20d416b27d4078b
SHA512 bc55ac2b9d99d869a9bfa979f72be88a5b22793628d7fe320f3f6c996304fa8e05d5d49eec25832181adcc3de465d23b578045d53b668a0a9704df9d4c2518e6

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ae38826a0397ee1ed8487420a7e969f0
SHA1 35d041c9b7c7bfac9ea141d0011e4965655a8fa8
SHA256 2acce48e0fedadc8ebefc9834948969c7703b1bb263aae24b29d75b3a57db5ff
SHA512 73b404785f9c079d8dfd785dd8a4b02baf5820cbbd703a56c69c8de1e7053c355647a090a83f221278018ac3ebfeac8b645e304ab73f63576cd75f23197707d6

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 d6305210b66dddd95eff4169d871618f
SHA1 6c44fc3e0d684ff6808e77ac44a5ac8edb85cea9
SHA256 a34152f51209ba1c28e00dc4464e171df1ca63e8fe14d37337f3c3d49616c4c8
SHA512 afe9e234c800a95199a6bf926509b21074d80df0f1e783ffda171e7f78972cbc860dbc9ac1b4bd8e53155193125f70cb29dec406418760bcdf7d023527ac5cc6

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 38009d2974393b9a0dd6949575433739
SHA1 4eab2ea819f448f08e5540fec92164a12d1cd66d
SHA256 db0957d30e3bf5f15d0f663f9422dfef75829f2fae41b56786c0adf2e80c79b1
SHA512 bae97177020411f914755e084639c76873324d84088a09170a7c10a126d5e4567779d90c2d64e2b97e5c7dbfe44bb5b1bdaf8568edded130bb155212464893b2

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ba74767308ca22b8a25390b514d09f6b
SHA1 6e3e7825d05f2845729908862fb42facaff41d4c
SHA256 0a0fd8020eaf8d6f937ae248a38949df635f403ec1d679fb6ef67e12d54d5798
SHA512 5a6851987edfd87d2ea2f20c6c0afd985aca1b58f7f2206d48e1fdfd16f3c825b26e69c1241f00cdf5f2459bf2be0f462225a88569ce184ac46d93cdbdc1951b

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 2133aab86e9df96eeda416cfe449ea56
SHA1 8a1b5b3d2ed0d1c86de2523a0a36b245fdb57143
SHA256 c845ee938de15dc5d7a66aefef884249f1b39d47e5c947312b81bb0df2f59609
SHA512 8af58b5580ed7e3dec072610c3f0e23f7316a82667d273f9e4b8230376142298f50b7003417a7ef21a31dac73e98ef91eae783844be0520ec79ae065d0851438

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 f631834766d81b91d12322e314f96312
SHA1 b04ab2502ad76dcdabf1b61f2fb0f766ba9b1601
SHA256 e10db293261bd758f45fec5b6540b64bd820f30af0054dc76f60c9281b3ee349
SHA512 9ced3313bf6cdd60d86ef9fc052493fa7e5ae93fdff7b442aa8abce11172d498b6e1b6b723d73eace0895976d8b111142dd69a9a34c4bad959f85424b9aec499

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 f2d667f92b686a8ab760c772c102c69e
SHA1 0c79105f3cb569ff773e9eba657d226f3ca41030
SHA256 13e9f27c8103d84c6e0038d0d079d0efbcb2ce6dcf68b776c947b9ede4b32211
SHA512 f0cd0fc5e74d6b345e517210a43cf7552b7facadb9fcd45eff74708ffa65b04cbdcfcf67e8a53ee71db952ce93c1be42969f796f7682ce49750822a3f5299a73

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 b478b32ac6c4a32b8882de9d95ff93fe
SHA1 8c325d52fb1f7ae4a912a87f0148f3f39607172d
SHA256 7027e691c58e616ced69f0972b132ab038856d516c6ac28a7455b77b009196c1
SHA512 de8e7f743e38ee6085b2c22692ff2c57ce62683fc20a5f00ba6f11bc584c56d83c68c4f369b552064b57e6d571b554277a53b12f3371479fe3ffa21f3d5a7bf8

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 51a914395b29421cdf5d7ec3ede74af6
SHA1 df859a73d65f66244dc68170af1ca7d99f3c0cd6
SHA256 41332eede3074c6f922d3bb615fd8cf03dbd48303b3671ce5e4ae07f9dc650bc
SHA512 8dca101db0e7ef208b87a2fd7d19fc7701d49e0426682adc3e698c549322ddc7d00aa1214140ef862e634116788c57f0676d4a4638351d0e5685761ffd828fc8

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 8d64462a84f4949b5228192278afaf7f
SHA1 0e835d5f7413aa877ee5890955b74b96705dd85b
SHA256 cb228e60167d1919cecc8db36444c9b0a22a3668fe806eeb01d06c2f8fc238e2
SHA512 6db9bbae73a485073562d928c0fee855eac5a8945403739f5c82a8c67e1d6ada067da084a99de24c47abc7c661c00ceff6ce6e2fcda9919cd7b3bfc932a01066

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 289ccfa0acb0bf07643a5854c3234cdd
SHA1 9654719137bb3e79592085f20f7802915bbe6542
SHA256 734c344fb233827079b8c00270e4a92c6a35999640a29806f148dc085c8aa29b
SHA512 84bfd076f2aa6f80a548f6892f5aec4fd2b749f333020ef7695d6d5c8c2a17c817de655f57a8b152c836362825f8bc5dd89f5f1c4174ee7a10799a7afa4a315c

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 bbaf359ab566498d9188759ac6be26a2
SHA1 01a0b813c9fb5bab16c6319c64d15d0328d0fc5f
SHA256 4abb76aeb7ac6fb2c02dd73d7e6e6b805bc6188ca71e1f4f9a08a203aaa4435a
SHA512 9b0c97baebd11523a4151c3b7e80b21dd4d99763216f909ca823fc299bd1a94504ecac31879d36d3dd710be7442d78296dc8049bc90e335a658f093752f7e0db

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 1cadc3d0a44a3a9b447d4ad2f73751b8
SHA1 5552f8c2a3326d1c8314ef9cc2d022a0ac7fe279
SHA256 05a83e698c06acd3e2341b9f68bc30c0b3ec0ce4d283b1fba17cae546e25d21e
SHA512 6af1feba7fa8f6d4247686dbbe0eb2eb6a2f6951387ce99a9ea3c19be578d5b774e709474955d5b44449f95780fcb65b5ba06ed20be335aaa79123339a429c66

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ef316a535b55bb0493bc1ff5bc5ae237
SHA1 20615f095b393a264cb768c19c9cc58d352e44a4
SHA256 4c9feb05ad629c4eaaa3119e998e9295fbc879c59624aebd35904343f5284fb9
SHA512 51fcfff4cc83b602d3b4b461e5b0591ea416ff133c085992f301cc2a98467edf97df311894b471b7fded4ca0a55a496eeae0027fb8eaadde055ce1ff29ff25be

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 f13cee2ad66eb87851ae6e4cbf279aba
SHA1 e70254a138b3f5e44654419acc702c3c7fbf7555
SHA256 cc4594f2ddf194a4f74eb2b59942d554f97a9b6c123c175dfa511ea85076e1e3
SHA512 a787a521bfd40c268954a9c91c4b710e32657ce5d06c32428de9c32c4fd61a8d71d00730e03477636862511ba51c262dff3ac6fd9826b22e575ff0f8a71bee4f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ab606c2afb6d00a6f4d8ec3da41d4c3a
SHA1 9f8e842e2f1f117fe8128d2dc11c593295d995b6
SHA256 38e58dfaae019615aaf119663d29dad1ccca953b5566a143d279db90ab295eab
SHA512 bf1a00e4c094240e95d220a4f1ba04e7da0f3b2e50f21590a88874f8f2c825ee7b738febeb8da6f8e42730e607e33650461518a48baf220f8046febb9942543a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 078fb14a64595be056a9aa784860bb1c
SHA1 16b857ad08a723c167258853fab5bed4b5815c75
SHA256 ffa4be0db5b75f7404723cdc89098350065b9fd1946985007a6014d3af85c4ac
SHA512 a5c7244f8a8b8cee6f74d1c57b35b11f9be91f50ed715682dc2481eb414ba0d6b544aa9369ffa2cad54bd6ac4b01bee5693f98e4ed1109dcb394a77f6c2d0365

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 c259678aa2aef050974398d20736abaa
SHA1 29d971908339559b1cbbf56262c90e23edd93704
SHA256 7819ad0682573954f5d856fd1eaa932356ef6dc2f367b798a5a8a3a1df030570
SHA512 3e0386279715614e6f6f85492043cd65167da2b2cf40c425d02ca172170aecd7e94d6406971810278ace920f8f1b0c6237e725aa4a67b9ca24234f63cb3e2e90

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 b0004ff58b976f9e51ea61f9ccbc927e
SHA1 e8d122f81e8d2646102736e37818769bf8931ea8
SHA256 bef3ed79477893b78a28c25e83cdb174906943bd03211de5b3a93fc386f57b04
SHA512 de765362370ccf0d0109a840b570e8dea6e9e2fd5ee9ebe61f7d72d154253db1cb1a8c5a96509a0e15806d75e379fa343cb457bc8e22c26e4c093410fd0daeea

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 21a77651b76c00f76912363b7d128dda
SHA1 31ff5e33cb068ff02f374c2f19e622e5dfc8bfa3
SHA256 9d94afed28691017fd7a4b4121001212b3287760935cf36006668bd142629d0e
SHA512 1fed3a9739b23f02886b29f14c3082317d3378fa50ea721a578afc4728b2c9fd485407b24c32eef5be12f1b9e606a6c9a64b84b6fb02f7442c6c9d38b854ff43

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 448b24eea6db2a2aa061f4276f1ba16c
SHA1 144d7678d367b0c1f428a131d06954d19e633673
SHA256 75a04b06d9264472c60617e1d29922d1f8f98cb1da4cab53aee8c580bb16cabe
SHA512 1f1afb6cac70b1de38ba02d1d9f3f8420c9f00b32ad42ae67d9cb3cc7da84f52fa7e87908a22290f2116a4a746cc2e1aca3ca4bd590419366682a7a655945749

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 0832b0602bd0aa780d78396b3646c4cc
SHA1 dd6b05b5fb5048852b55b087cbfd8c507775db48
SHA256 5de14d539b10e20bca0a2ffdc37263b0035257b1900bdadfc7db47c7443397d9
SHA512 aed1ab482acc2fd859b67a255ac4890782f234b2eb23e9a596d7d30406146231fa7eea347062dab73208384f37a882adf51214d34334081b0c59f6074298854f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 f9307b3354faf6a26c1cfec815bd5267
SHA1 e5e52bea893385619c527acf2f2e550e7a4af116
SHA256 beacdbbf6d49b075f52766f4284e01d9383e3eed56653083225427b9b7315175
SHA512 ecaf87a045dcb470754d9a4c7ac25c50bfb839d1ac3cbdcd25a5f9a83f3ef5491dcd79d4ffca75d4f462265e047277b8cb697cc75e1323f9009608492d04cab1

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 5205d92f95a91feaa7205d1c2aa47979
SHA1 33cd9ba83d0f7742db6882e7d0ea5fc964576bfa
SHA256 38480ce329c987aaba1b2f270ca1f1bed4ba0b8d8ab34def901374041d1e2b0b
SHA512 cc298adaa6ed6a31db29f5ea882d42103614d78b655ed2d07fb0fad36b131c58ca1a7d74b5051838533eeb990030335b58fc8442312c859705534ae24d395b9a

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 9dc005a69daf01ee472aacc0cb25c3fb
SHA1 a774e6c39d289ffc0a5b2ced6a81c4502a8f1e38
SHA256 8e585637e562927f409e0eca115a48c4799ae4224ee6d9fbaa8245cc7816cff0
SHA512 38bf90d96dfa4299b1ea8c531f819cff94b5043510ffae07394c1b8c92b11fb8213abd4558240e24dbb847414a7d6ac4a77d5297d6674373b4f12091b7b35435

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 563d569efbf30a570f9633cbeb3bb9d7
SHA1 9cafa82f08f885d7bcd401f48544e25f4e84aaa8
SHA256 8ab638aeaa542ec829341ce44094bd7e0f5ff6fb5f47ac1e0e9bcf87a843c32e
SHA512 fd4f88158ecc9d1ebfca71667081a1d8307f1223bbb1399246756964d6170fb042fb6b6225dc9660cdf07cba36d6f50dee81b5e17eec1369aca67da799c3dad1

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 50db7aef9b24255a1c2a1199f696cd0a
SHA1 4bc06133064957f36b2f28412a326c7bfc934ca5
SHA256 15734a6bcc9a7f4d2a21dea7285f5cd3951f9f3a3813807c8b45fe4be8795da1
SHA512 f8400042077e60d0dc245e4892679c464726f91c0dd82c314fb53fa340191efca20e5c5d283e62bc7fc030f4dd3c1c7d531f483cec8c0cd7e6decf8ca0db515f

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 40807f391dd3651e285470da5ffdda5e
SHA1 35fb5fc132162effdc6147705e80ef020d4fd94d
SHA256 29175fcd6142c59a35870f43e9354011660b374ba2d700d8e49a4450d060216a
SHA512 eb303cf7815524ee816d1d55593d6e98f41bca2fdb2a5743d7f6993d30e9086a618486e269af9debca89cdd1c1288149edac5b8cee4c3015054e8578206d2572

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 dd823eab9fd3eb6643bb379e891fa0ae
SHA1 82bee92983984d267465cd2e95a56b00e21bf971
SHA256 f5685f7ecf9f6b127d28268a7e7838b946ca3dfaa73379a08f5a01c18751cf5c
SHA512 32b1cbc141314a6ef71f75680f2940bd40a899cb0d642a27d51202c6fff58d32c60e448dc394e87cb44ff7462280d83955182b52339baec647e245c143323dbc

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ff37ea5775aa8037b1a072b8da85985d
SHA1 46eb92124336270dd57a67d6b4b145199a3dfe62
SHA256 064f71ec44c04eef52e90f933568d6db535d3f36f54e0a6d3ff179bcb90c0862
SHA512 cb38195a73d1a217171d3de8b9ab9b298b87b37a104b667de4c7642bd1f37e082688211702559028fc66a93f5253c4514f90fbc65a4b3600019a32ea0cef8ab5

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 bfff807ccf06945978706b270eebcacd
SHA1 254586fbcd04cdfa84c5ff3476e860a495e2cec0
SHA256 b6a568a3a090f34e4af4b3f6e6d98bc425aa5659b225980bb6b682cd4a3caac9
SHA512 b42aa1a27283ccab0faf8d0b4d7a59824bdf745eea5c91caff4c21a7a455f9b0307b26b806cd52b439bee58c2f8b1a556a5c6bbba72fbdb3caa6f7005a0d5558

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 546b2a70fb244b0f78102916b659c50a
SHA1 9f20f6d7f1365f6bf7b286775a5095c3d2870a1a
SHA256 f13757742f7dfb8fb55a3cbbebb7fa6b1949936fd0f1ac93b009de20d67ad495
SHA512 a7462b90bcfbc80edcb945038d76484d24f039486ca7765c0389c87f75b61885dc26f9193585927a35af62fcb13557438d4631cec42c2bdeb304a783d834f9f9

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 47a9cb29c67b65472f68193f4a1ea240
SHA1 04f37ce5d83c98eb5ecb18e9bf5b6887082a8701
SHA256 123a9b93a77d81eb0480a4a343c5cf4132a89f8d90ea1c7c8442b5c1c59a4e11
SHA512 03d3492e50de0a9554c2edd39434e08151836104791020aaaf91e30aee6256cab22e270918269a9eddd281436f4d317a711271c7cb59317d9b7163cf12ed42fa

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 20ab214b0d7b6e4a28e84d6e7d0128cb
SHA1 debea16a0be3b8cf7571a43faf37eaa438c4e42c
SHA256 c8b41f0717c150c69dfb0ca1e3cac025c7addb83a68953405dc9f8f158373f73
SHA512 c25d5b6ea9572e0ffb0512ec51d4b524207531d0b9efcfd81df6b8744fa7233ac4a108df47e1a8b964df13aff038388fddaaeda3e4c3573572c12feea403f1c8

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 be070a710ea45c7577a3c37a57fe3a9c
SHA1 cc2d14f82762414567be8f490b26121aebf6025e
SHA256 65ca1152a43b65a240e71dcb3e1eb3f2869d6ebd59733307077447c72a6b4a26
SHA512 ab532c350423cbeec6f09fa4e563cf1455c13c32b33ed390ad19d5639c1b3de1e023bb7720a74f93fb1700cec68418d0e0236f56cd7882f64c8ad887a7558047

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 33ca0f24e8fb5918ac1e17b69e92330a
SHA1 ae0dd532130c08a522347d47b267057b78a83af9
SHA256 1a9d927d465e03f10c5d733a01a49b15de6a7638446d2aaa587494e9ca41e040
SHA512 d5f06fb4f6c977e29914367c10e4ce49d898420b80182be7747327283d99993bda8b71f87223b095ea97295dd5605a43e120eb37916055095b19e58b3fb25054

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 27620235cc7238257b2e78b70c1d70d9
SHA1 dceb77a5c06dbe09f29ff62d7cbfb2a6498f95e5
SHA256 539dd63b71106de095793c6cd0c4b18a2b5088861b9dc2ff969b47535aa2dc16
SHA512 e874de86b07a9ed797ac372a0f940164aa09f005702f5fffbaa9d739a38bf18f99df3eb1b5c6855b2d518a2f6e0073643326b9594023679f0bd20ec06c9eb354

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 8bdbd6efb02bce6c10fa1fb3c13b0d7f
SHA1 6c2c696f24ef7ff565a4bd0938ad81949beaf2ee
SHA256 aa4f9425e84e0fabb9f780fc93711be65cd6930fc2f8cb2f753e189d9fed6c15
SHA512 b6afe8a77e31a18170c41454a4ef916d3f224d343f4ecb0ecc29e8ba6dadcdb18f2c111ab9002403f4c1420521237a7240d2e858168480009281eb1f303d2567

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 64c319f745c1e38f246aa7fdf7d5a301
SHA1 ce6be4ce1e708b8a74548fbaf5e6da400c7250b3
SHA256 7f398f3caecebbf6b0897fd1eefa183d8c819eb305841debc6011b6257a3be5e
SHA512 a8e15c5d87006fb4bfdac3bb66c39a96146ae421d371992cdfd0aeb1efa8e3e470c72924341d818ec29d3265c1c63265de5fe1588414bc7e224b8395733ef1fa

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 ec1c288473a3e8d7b965e8c8214b9872
SHA1 6a3bace328df72346d6c17c95170f3b370ad6137
SHA256 cf96fa3684cf8dd251ee8181964e535c47d81f600db33ef2ff048c37d61edbe6
SHA512 80d4551aaee82b9a92f9dd96abb055f6a42480ad3aef316bbc775fb507668339594fbb850daee57fe0c5e817d14958e0a036e173c9f3bd395caf88ac00bd8e36

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 2baf294c4a6c2b75bab336586e13c7af
SHA1 ea0fbd3b446a991f5c67296e637c9e14c85df4cb
SHA256 22f1b79fea1d08015275332455faa0b36802984f2fc642982e4e846c7786a6ec
SHA512 3a1c12baa554247fdefbaa1abf83a240f7bbb4264aa63a55b04d9ba957410e3fcaf1672c44e07778d8913daa3c980a6135812a5c82835d56e6cca9a9d6b5faef

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 8b522e8a7283085ce98d487f69f6e32b
SHA1 230dc28a56772b590dfa9c52c06bd9ce9050bded
SHA256 2b204bf24e4d822860e925b9223915bcd67a49f8e15bce75f2619c677e81bef6
SHA512 64a0f2e347798e5c0388ad12a6f87c724ac579a6a0fc6725e39c39bd595a64c447c35c7bc1de6421539804a28a260cc3761d3a3107641a9792bd73ac2d8e98b1

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 2080e3746da65a3bd11a08e10e87a378
SHA1 722c3d6b07d6974020248d7b13d4e05d231c9ba4
SHA256 e91b1bbc3bf615374b4c697208a5f349bbc490696000df3e4b6dbc071c201533
SHA512 fbf37b47ff3ec9431a8da3981edbcdddcebf17c5214c9171a68a39a047ef2ea42d34558bcfec72a845ee5d1e5596ce2c1b83064b628c164a32586998c5d6fd2e

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 962bb8bce3068882ee7444ea6a3315ee
SHA1 20178deb8959def517ac0d4d2c5e637e07ed8ef1
SHA256 4386e02d8fa55684428619a4acd1dcaeb261a9729f4f9ad0ebd73398be965553
SHA512 27d237c8e289d09e91c5482e536b6853823fd10512eb1793f0c54abf69df5812c48a36a26321ca8b38b10351390cd33933bfbade0072ca529d4c8727d97a1f67

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 6bc6039f1457c6a72371821893967eac
SHA1 002adc68b584a17b3cbd2547333f4efef1e1f649
SHA256 e5e4348e792b9b093a588ccb1247f0c243bca4ffc4005450b156bed1fb9c9581
SHA512 5ee3a83e36cee13ee310a1f8a3f147014718bc562b9f2118560d0a0b5478552f700ed1c866559857b10d391507c4e655d1fe9cd21c49461c46e24de887f31fb0

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e26c887f8bc670b77ae22ec2e7170f81
SHA1 cc15effa429e3f9c8993a56c1258efd556e9a012
SHA256 a20c1bb688ce2beff863af7b79a20243dcf797333261ad3d5026284329850ec8
SHA512 19e2554962c076a32d11df3cbfa8b2864b1b4e765a52b12d4d946273ec6898cc0d9548cf9490b8d67b770050d51d33208fffd87d30290a4d81473831340069bc

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 d8a634722c014c9455203d0d453b9a0e
SHA1 3da79e5170e04ee94c8bc9b02490776c3420a414
SHA256 9033d4951ba4e69a2a6e60c84596213d7e69ddf7c756c16b451408c7e948e2df
SHA512 56383073fa1028c46d737a39314fa09229efedcf61a9bf65768003840c384e565ee0638196b9c144cb1565bef39157652d4213851cee2b4563d21694fc5c1743

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4081ac678ed294e6bff45b3b2df51db9
SHA1 a0efc1e34f83c5d9ff10bab5aa535c1e73216485
SHA256 0d6ff05a4fdbab8c643229e6d4a134505bdede5e59f41868841e6852a71d691f
SHA512 5fd13f6181852ece9683446551bd1eb9fa25170c888ed522919416bcc20cb2bfcefe9c53c1e02f131c5fc975a4fb9c7d4e8af6f162f161c551c848b1d14ab8c4

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 98ab4e669ab6deeac6a3e05dce40dd5d
SHA1 fc89cb2a3b25cb6e7a01cda1666458cdf896b1e2
SHA256 52fa0c9157a769b3e3d178099b38b041490e62305b72a8201817becc44902643
SHA512 54de4e4979808f93ab929f193f0775d9fedeb240dd71fcb67aca459b340440837c7aecfa8229c1a75a1c3df251cce428ab751a851035731f21e6f1ae0b72dea7

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 912a1c104e04f3f82680604b8f8b8e25
SHA1 d6f0ef9d5652d29cd42d50d41e77014ca5cb6d21
SHA256 78657113c6b4d568458f5af93a1017240473a68a9ec0f1d7dfbbe0cf17b39dd0
SHA512 826c8e70812825cd74811459808a0843933a18f8e514fe01525dcb82b2b58b37b81b745e81e4dbd2f33d925b54c8c0e32adc1938ae2309b3e4e90b5f73a38780

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 864a0b405f28404449408b6e41ce4a12
SHA1 684a33b33829680ec0ee3063870ba6d6a83caac9
SHA256 9f38290900c080bc0db10c0a390d2e4d2b3c2d011f5570c9933e37590a8fdab5
SHA512 a592f7ddbdbf0d919c244a1530048f432d5f8d38f782cb93ec72f54f6954a0eacda6ca28272d9163e07a0883c8b982dae18c7d7d42f60a143810ca538bcd8d80

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 3638626f5c369572dcf56875de31fec4
SHA1 20e762d5c6c81b2142f7b4666224fb134bc3f415
SHA256 a74c406f3ab55a872080566d93391c7e4bf39775f7bef449b0d9018d5c44abd1
SHA512 d4a95ea576860db435d1564e98c898750521680ba1de6880bb3cd60ff3a18e10fe1d92e17799d966026e784b189248f8ee2a05ff9fbca820006c5d16bda036f9

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 88ada01b05b16f7d63eb6ec1f2265732
SHA1 09fccf603366aa2413ee3a89fd8eb8b8900b108f
SHA256 0532ecf08a68b4c2d0450e93ffca4dd69fdba3af0d841288286103e078c24e09
SHA512 2eaba0a52fc1e7f34f38d2dd43decc375e5db02eeba1ec7f83f4e7e7d10bd59ff4ddbe9d43fb96727d152753049769865d47af7d6654951c8b5fbf5effb75fa7

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 e2c5f718142785862387863a3d833af7
SHA1 ced4038c82453f92c498327412dea4f561cb6cab
SHA256 df16682a0f7decab5c05140d80797d67287c4fddb690fd401d96b2c8d64fa8be
SHA512 51a21f061dd4e225731a40d2256107544cbf82178e57aa273519240ea5e4ac9aeac9a60d0b2fb5958fd04499f5018bc0ec38092fa2014658b6f43ea9e566f250

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 16923cd72c3283224096ec6794abf15b
SHA1 2d902998262b6697b10cd0c985835d183b2321e7
SHA256 01e178e987b2d746977ccd5e58e9528aeb2c6f7ee545c8d532297042a2362893
SHA512 5e2e1f1956355dbd07ad5d62d356cce744a28d1b53d41498ff54384cb1c24f320d43150b1bfb4e16f9b148ab1f3c03daff9912b5479de71188a3873bf715a9a3

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 0d8abaaf4d0963ba537253fdd1d710c6
SHA1 6cb3eb898f483f3f74b0bab10963d36fe29b4fdb
SHA256 6af34f11062076fefd27aa628c7d73a04041bd755dded378f4cf3bb5c057960f
SHA512 b6dd9936e1d7277422e7d81a50604c8ad7c0919a52e253dfdab21ab1ab3ee3a3562fb2a782ee91c7892750848044a39efe364c24bddbf0912482d421c80cc0c3

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 b7e8f90e0048f1506520816d1640384b
SHA1 d8427fb290294759a8216332485edf9ce76a07b1
SHA256 4dfbfa6cfc54e0a07e9e3d9abd90ef6730213a5f0b812baef9c615a014c5ba03
SHA512 d9ac2d25b32109ab87eeb89b24afc2e575736a68776fd949ab892e8d212d8e28d565840d5c37faf9e55fb1d80c910799b645babef46f0c045f03da9302067ea5

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 4564050c3a667fff1a1bc3dec3a9c69d
SHA1 22d768f8dd1365586ca25c46e37464f9c66a3e06
SHA256 aed2eeaf446552caeada089d4b9f0b02b416e9e7c1539de4c80769356fd3f2e2
SHA512 ee74aa8c2595f218a89a5d2d4d67740a5d1b508ebbc010ea5dd343b9b51fe0495543907de841007b9454258e2fb8fa753da3afdb70a9f6ab99e2480be7f1828c

C:\Users\Admin\AppData\Local\Temp\cdstmp_4068_0

MD5 0b0c60db8926a8322c3704654d3c892c
SHA1 38b38ad4a0895d12bca63b38ced649967f0c5199
SHA256 63917f0107cb009f529c8b44f35c20dd7fc163db8a8d58c213edf96601581cbb
SHA512 aa2f9122b043cc250d4dd3fb9c773d672a0f88f50cf23a2299d06ad040491b0072946dd65da6f90645343c3bce39dc210c64d584233952dadf80c1454ffe86ee

C:\Users\Admin\AppData\Roaming\VMware\preferences.ini

MD5 575b1d27598062d357bba6981bfac631
SHA1 878490b5f729fe29e12df2afe9bdaabdc5ca05e0
SHA256 ad9399c54988f80b381a5c5b27f94e7f1cdab61071c58a9e7cfef00126491801
SHA512 1dc2bf6801bbcf20bb3146637c1ac9675a48ae4be2c9823ec7c8cb05d4b91eb0740d24fde980cefd6cf1f855554dc8d809a49ed68de197bc6cd047df28b3ea42

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 31aaaa4323b0b68b651cb76cb1d1e0c8
SHA1 79909ce9ec40f279c77be47bc37d62db72b652c8
SHA256 aa7c6733c1498eb2b9facff9b1bb013ab5d6839d8288178bcfd03da5312c4878
SHA512 8b4d6c3e49ec8c7cd517dd6f7feef60f672c0230069b1c129faa72219c671276c734e50e363dfb2d6ec20c0996c1bb8fc618664d85a326aea48cf39335bbb03e

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 787a3d448bb6adabbf557c19186f30bc
SHA1 121c4e15babac7649b14ae90519a571daee3711e
SHA256 d74fa4c36b95e8c4b6bc9ff03cd5533d4499e0c8cbfcb57d80c30fd30670b4ec
SHA512 62dc8f78edd913421682a2efbce2d585d92dbfff77f79fb8abfd79dadda670a16a88a66a81f93fa48be286bdfbefc0ac5a2086c2d5990461c74966f9d3370a4a

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 d86757b3a232f01e3675866deea57ea0
SHA1 873f872a85cb1a2b03e3ef48d8704718b7e36cec
SHA256 d20c0c2cb2288ae379a9364e1f179e65c1557fb62f640ed6b6cada980fcb629f
SHA512 c37e76d52b63a8f79dc36052490c2f0aa75af9cbf7147fb0be543f405a80713bd72102871c0f2f2898efc327c31b8fe9739d1ed7bf7da2b2e50cc6e7c9f48474

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 d7a0a892ada7b4d4194b2320328d8c2e
SHA1 70e85f27ae68034df78af2774f19322957c6372e
SHA256 5018c2c98f685a99dfaeaec34e132c3284c91a30db229a55cfe74ab88acad900
SHA512 00e7eb8fc5b5a939e54eb9d7b5818b2ee8c6f3be2057ad9a5ca5a43c339167d5a7cfb39a0fd88c49c751db42975841810d35b6727fe29e765676fba5d6e6e399

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 a04ffef8cc64989a4ac96fbba207fae2
SHA1 55dfdb627cbc73167297de9ae8b021a4ac6c2806
SHA256 86db817ba6ad5d89cc13dece32389819ca4382bf775b4b6d671e384ae7d70419
SHA512 129bccd656c89f51a98ac1af9b0cd5d8148b44e751de1cb36cf3323989ca6cbcef27d150606bb8a7123973fb6fbca7fb25d8874076e38ff890252e9904b9fb59

C:\Users\Admin\AppData\Roaming\VMware\preferences.ini

MD5 1f32a7f6657a1ae6e38b8fd9e5252d21
SHA1 1ee6b03bed5e342810f0353a506551a9fe2e644d
SHA256 647cced6ad28428a56c56834105e2c500e77c4dfe8d3a20adf295d82438e02dc
SHA512 1992234535971c495dd1f008386dfc8b1d95688882278e37436c68a0c0a3dd29dee2f01dc28877fb949ecbd680e50d854f460d2f277e385d2272864fcd191dcf

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk

MD5 137e2128ddf20a856bf8a35efb58a391
SHA1 222c869a6eb96b650997388e4d8af75b64e2cc1d
SHA256 fbeb08e1d58c38d8d600108e163cc83075a467b13c095896c1bd79417070f4a7
SHA512 999da11c2a28d8e17be3d012d05bf60bcc13a318da50455743c2c9a058cc9ee3234cceb95b44e15f6f9f19e566129c1d8f2f1bc16e39d0765735b7a75bd0ef8b

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk

MD5 f8ed51cba112334ac9cd091b090bbcb2
SHA1 4fad2e1084a477abe612def4eb70af072edfa9ba
SHA256 ba31d1b41efeb9154405e734e88acfd5de71a6c0f086f5cd843215b263c5aab6
SHA512 cdc7a6a56567ef4e143a7e37a3efc6accb83db16b9f6e8f4acbb2620d3eb262cc43b38d854f851d08d5552bcb2466badb9f9531a2786dcc02c008d9b3eeaf25c

memory/912-4562-0x0000000000400000-0x0000000000469000-memory.dmp

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 2fe3ca4e8142e58819ec438c303962ed
SHA1 5856f36ab931e7f45ef9f84d40b9f6b74ac2b6b3
SHA256 056afe4cfd8de66267ea5d8358dbeba36be7f1035acd73fbbc7f9c7ae7e0b5ff
SHA512 6f0191a3feb9fe95664b348e7c5b9fa1d13d4fea85cc2ee54af161baef691853f0fbb72287412b2072b711ca367677b4b47b0de8ca43b0dfe35b8f32903bd277

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 91588821a961e0a6996a058817de0c71
SHA1 bd1df97ba0f00b1dbdfdee4479d67075b74ccc91
SHA256 31a8cec740f3ab077f004aee8690b81ed52370500d11282fa9e8376a404021f7
SHA512 9ab20423536ea01bcb9eed671256e375280f7381f79f0d0a116db7dbcb6ae2bf9462551872a2962f97f3ae5b68c8baf693ef0e2862d9ab4a8bf861275637aed2

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmxf

MD5 b04b3d6e2db97b6073dd3894bccd371a
SHA1 8037083b26eb923af38d7a21f47ce358a113ed10
SHA256 b1a98c212898cc2ba1bdc1ec980dfcd5b43a4798c8f20ccca68b90a43838e227
SHA512 3be1e0dd8af2cb3d052bb82d4994bddda69b68178010bad4b23f9cf347734ac13863f479d9778c7cf515f8b20e6ae87f253dceb214a9629f283457f756511604

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmx

MD5 308c12cd1c15d454bb8286005d9bebdd
SHA1 56e6563254e196b646d9f4bc05896a4fdb534d36
SHA256 0c3251fb84dad84123e26d924ddfe19048ae6bdc51f367eebccf21155b898036
SHA512 2d4deb3b2a8f0a510913ab9a206995ad6ba95091ef95313ceb2b0ae126c8f3650aaa03000559138297aed8339aa519bf05940229fb9861b02e788d91a20e1245

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmsd.lck\E01594.lck

MD5 5f931e379554f9d9ff66dc0ea7ff34a3
SHA1 9f766f5775f32fbf57040654f8f022ce47f838d3
SHA256 3ae780b0d1a119fbe4442d5f19a0473987e14d0d10d2b45bf5532828db496f2b
SHA512 1caef1cd3691d1ffebc998124e5bf559dc082bba9aa963eeae75126c3af4185548b381a26df9ca59e7b84651e4b119c2e62b948f7e17c90ca8d030aaf8e3a5e2

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit\Ubuntu 64-bit.vmdk

MD5 705a9c41e33ca911cf8988609dd87551
SHA1 ce90fc342e6aefb11cdf63c971c013984baeea9f
SHA256 a0216f6b627041042231707751eab5574490d32e5ec9d9b5b9e2ec5a55bed569
SHA512 96c9b81d926b1ac3c18654942478da6d7035b8972fc47911d6e6fb509f3c982c2179d9f146066bcca88eee4d5258f7c959d047a2063cedfdcf46a0d8932f7658

memory/5564-4734-0x000001DD1A570000-0x000001DD1A571000-memory.dmp

memory/5564-4736-0x000001DD1A5B0000-0x000001DD1A5B1000-memory.dmp

memory/5564-4735-0x000001DD1A5A0000-0x000001DD1A5A1000-memory.dmp

memory/5564-4740-0x00007FFA6D790000-0x00007FFA6D84E000-memory.dmp

memory/5564-4741-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp

memory/5564-4778-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 b7808afdc3699564633df57a8a5bb776
SHA1 718d339bce8cefbbacc1753a55bbb3ce6aec12db
SHA256 8962badf764d8c1b9bacb90ea963a6f144fc030bd0ffa23de310a3b527f4fd88
SHA512 6bf1794f2b69b69738b7426b49c6f51b756568fa6f67b580d9054fde727417859631e23fe764f433f42429163fe5a5ec47eabc42fdfd04a026a04d3347787ef9

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 12ac01fd8f60f302a77eb8f872f8941d
SHA1 9ffde4f3c2adabac464c645e074e4e2bcb921a79
SHA256 4cd41b9d280cfb81f82897a4a9e7b4cd5e35b39fb1e554d005b9b8f276f5c6bf
SHA512 6eecf60c09a590158b2deb03425c33e3cc9f5e13bba0575f6fff828beda5abb01253f77f304701aace996fbfe8d1ffb2f3de54ef45da9d4578bf4070cf3a79c3

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 adf1d775aeaeb295c75216a4361e62e8
SHA1 2653431bac9ec5514f9c6734605d35f41e861f6b
SHA256 c458be3a34dc0b6a2b4b21cedc2801f7bf14bb20b453feff85bac052c1a86748
SHA512 727dc4711e830479cc47627940c43d17ba7144c5ef33007fa6d15931b9ba7d0506e6cb8be65654fe45c9af9d2c3be71751752938300bee54f43071bdc0e8e64f

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 f689333423805fcb9574aec38059ef9f
SHA1 079d934164d1ea067acd0b6e00a3b472449a6a4d
SHA256 b809551ba05596414dc5c34d5a14e71e68923eebf0968cd6007bc70ef6798c71
SHA512 1319ac114f9d795cf12343e3f48ebe30ce5986f1e4941d89405234699dd902d2b67aa8e67f7797fbf8b4320cddbcff61c7a5f686464f6f133de78c05fb4183b5

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 bb324f399f82aff8bf87b3149e6d22f6
SHA1 f87a1006fdbe21061efd5941f588f7d921357416
SHA256 9a0baf8d214a41777a83090c1627d7b46d918850b0261ac7231069cdac329e4d
SHA512 c557516ffdf63d401a406d6d1c3e601d09651d0176f34302a5414b4151b40ca92bd8e5f5aa99d7576553060e142149bc1217d2099068bab71aa51baa68d6af7c

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 270ea0ba1ae7fa13789f516a504a331b
SHA1 1619eded4f0cf8bbba0aa9800b27aad6fde1a2f9
SHA256 dc92e8ceeae21e242bef0c213e386d9f853f9924591dace5f8e3377bf411ef8f
SHA512 3077bd6e91420b12405ec60d1976a8645dafb515fdec63be69bc9b3e43e79d3e686d71972a8d9ac07b8d41c02c074883caa8bc7fbec9e6108ff56b4630c2bc64

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2)-s002.vmdk

MD5 52ee0a3c88112817aca597776e97f5f9
SHA1 a5045078364fbaccf2126b911b928036aa9b2dff
SHA256 3353a565b6b7af4e6afe751fcb216d2da7d809b6c8faf9a8ad9a92dac590a628
SHA512 8fa725b34ea561ec7d0d40604b57f8d6ca7522325f3867b692a286717ab0ed848476ddf2f1b4449875d148bc75ed359dcf99f15b01713d813ce352dc337cc980

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2)-s001.vmdk

MD5 815d614a3cdfa6afbb2c997828bfbf9b
SHA1 fed240831e9d39054251575d00650de7ad07be9a
SHA256 6c5f2dae081ea33e969a3e10384e2bf8b4dcca3492fc84469de39722f2464c4d
SHA512 0355411913d344ac6a3f28ad43ee29bfe8fb4cafa8a82e53363e00b39ed3188e4b8f75563c350d2845b5f9819ae415144751d3f767780f9e660a011e658220f8

memory/2168-4906-0x0000000000400000-0x0000000000469000-memory.dmp

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 ecd47e51809d7ebc8204231289680001
SHA1 8fdf3e5b9a14a7b6b101564f42ede537643bb79f
SHA256 b9ec6b76cc8d7725b851b67e19fdc97c4f2b1acad75932bc6aa127c99e09a7fe
SHA512 87ba5763102ce28191beb478b3bdfe4bbf80e72079a51a99670aacb77df4269ff2ff33e67bd0d134b208639c5c244747492512e3abd9c77c1791c0bea0f4d08f

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmxf

MD5 84ae6d531d6d8c4b8177d3ad32da160d
SHA1 40ece4701d37109d29a2db0c2773134fef333aef
SHA256 3413c876fd66fa11af7881d19f91f27e156bbe838c5cce9fcb61dac99207df33
SHA512 dcb24b64e97e263089b43bfe401b1f44e4eae35ee7d70c17d2035d72d7ef7b416f1f105e25371bf8d285eaebdea291471e2affd1a9aef869d8ccd20d79f5783b

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmx

MD5 74159fe762e632264caced25f940a5a1
SHA1 a117c862237d1defdf718d053e3b78c454284676
SHA256 bec6a8b6b03415d5f89e690aa7e6f6c542cabb7a85e9c1a532df099870dfd281
SHA512 b65ca03ca8737db43f023d254de79737b7230e032aca0691811858884425ef98efa845d18ac6dc1c359bb4c04b5f6fac82668aec7eac220d0f68f2722e08d106

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmsd.lck\E47480.lck

MD5 00c2eb9f0a0303ff0dc7b4dadade58cf
SHA1 b6a420ae4371878def0d76bf7a6057d8aadff34a
SHA256 f913cf74187fe9ffb6e836ff4dbade374856060452ec241313a36fa6466fb786
SHA512 4e80d6014e974724ca2dfaf3f9b4d0b41fb872dce81e52914cfa590b555986edbb0b7703a2fbfb4d8ee98afd431c4d782b8b454048ff0f1aaa386c7a7127e7a3

C:\Users\Admin\Documents\Virtual Machines\Ubuntu 64-bit (2)\Ubuntu 64-bit (2).vmdk

MD5 cd6526cba6f4923055ceed1fcd13827f
SHA1 24a034ec83d84afab06aa66e357e11bd59b00146
SHA256 9e3a95825e77929331ec28b0b58dfc728f45261980d534bbdfe3d3dc8248a311
SHA512 7a0e368e8d4157268766b5060aaeddbf3afaaa8ee05afb217dda97aee49abfd2b0ca83c10ccd727a544d0d9e595dd7180bb511950a597b3b065466ecf897139e

memory/1384-5081-0x00007FFA6D790000-0x00007FFA6D84E000-memory.dmp

memory/1384-5082-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp

C:\Users\Admin\AppData\Roaming\VMware\inventory.vmls

MD5 e90d35f7866413a33181d13851b51a9b
SHA1 b9e5acf1a3bba22713dc6dd08f50387c6a26f7ab
SHA256 78fc7c69dcb020467ed8e7dbaaf6e0379274bee1fc17415fe0a335341ee9486e
SHA512 8c7fdbe0a557fc1cd7575e4a567e7a81369ffe3ca8c5f74e2268431f32031c61083a14b518a3acd704fd65e4fe5b26d408f57f57419a2f0fc46f8ab12df9815b

C:\Users\Admin\AppData\Roaming\VMware\inventory.vmls

MD5 5c1fc695572dba4092f186b94bcf6ff3
SHA1 426bfa32091e19434b4755deb80ad0e2375b929b
SHA256 da4bbdeb62229599b602ca6c7212d7c6fd6f32fa81b494c6c50c9746d40364c0
SHA512 5ecf65f3deff077a57a038b0acb7dc78ab425378760ad8d89cef3e9fdc0f643005ce65c4c1cff26d59093c95b5b475a4be5a6c6844cdd14a743485a6db08ed17

memory/1384-5127-0x00007FFA6CBE0000-0x00007FFA6CEA9000-memory.dmp

C:\Users\Admin\AppData\Roaming\VMware\preferences.ini.lck\E30628.lck

MD5 872a7d2501450932482886fe895d61f6
SHA1 59d01c4f52ad06220c881ab83f3b73a6c47ac65e
SHA256 4b8b968aaa500b012a60e06ca503d3d60d72b35c9d215f6241adf5942afaa426
SHA512 257eb39ee6ba1164d61face9644bdb1056b79135e5190fc8ef1250808a2f16d6429d4a009c4cfa538c47ab2a022cfb5c5a3a7bbdb4591dac129a87d7673215d6

C:\Users\Admin\AppData\Roaming\VMware\preferences.ini

MD5 41f23caa7ef134da8b0d235271e5349d
SHA1 ce3a5da27b11e81faf0dfe45191c6c76cff03001
SHA256 110031285d7bd5b57ca685fc8be873bd2217811336afc1e5dc6be7a3c75e72d4
SHA512 0320f884385b040c3b663ca032acb0fd8df37e59c0257ff02a8d7c815f60e8dd9e37424111ddcc004443b3d033b52cc58ac605e2d068c5705a6dda4f62e9593d

memory/972-5197-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp

memory/972-5199-0x00007FF6108F0000-0x00007FF610B74000-memory.dmp

memory/972-5198-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/972-5200-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/972-5201-0x00007FF6108F0000-0x00007FF610B74000-memory.dmp

memory/972-5202-0x000002A0A4BD0000-0x000002A0A4BE0000-memory.dmp

C:\Users\Admin\.VirtualBox\VirtualBox.xml-tmp

MD5 cf3f6e2c0c2880c6d887f48d29ce92db
SHA1 cf1a02f27372e407b6aed7b4c6a691355741d7a8
SHA256 7e2b53a87be27a2c267d9351b7bb6d4bdd6e325c3dd5d2c2679fc95b5fbf9073
SHA512 d4308dfdd6f513d2dffbe4d4f8219867fbbb18b453993dab3640113a133fe0a6443bd1155471e0373aabdaa0a2292ea1c6501338e0de3e08951fd76c5f9c7bad

memory/972-5211-0x000002A0AA130000-0x000002A0AA140000-memory.dmp

memory/972-5212-0x000002A0AA140000-0x000002A0AA150000-memory.dmp

memory/972-5213-0x000002A0AA150000-0x000002A0AA160000-memory.dmp

memory/972-5214-0x000002A0AA160000-0x000002A0AA170000-memory.dmp

memory/972-5225-0x000002A0AA2F0000-0x000002A0AA300000-memory.dmp

memory/972-5224-0x000002A0AA200000-0x000002A0AA210000-memory.dmp

memory/972-5223-0x000002A0AA1F0000-0x000002A0AA200000-memory.dmp

memory/972-5222-0x000002A0AA1E0000-0x000002A0AA1F0000-memory.dmp

memory/972-5221-0x000002A0AA1D0000-0x000002A0AA1E0000-memory.dmp

memory/972-5220-0x000002A0AA1C0000-0x000002A0AA1D0000-memory.dmp

memory/972-5219-0x000002A0AA1B0000-0x000002A0AA1C0000-memory.dmp

memory/972-5218-0x000002A0AA1A0000-0x000002A0AA1B0000-memory.dmp

memory/972-5217-0x000002A0AA190000-0x000002A0AA1A0000-memory.dmp

memory/972-5216-0x000002A0AA180000-0x000002A0AA190000-memory.dmp

memory/972-5215-0x000002A0AA170000-0x000002A0AA180000-memory.dmp

memory/972-5226-0x000002A0AA800000-0x000002A0AA810000-memory.dmp

memory/972-5227-0x000002A0AA810000-0x000002A0AA820000-memory.dmp

memory/972-5228-0x000002A0AA820000-0x000002A0AA830000-memory.dmp

memory/972-5230-0x000002A0AA840000-0x000002A0AA850000-memory.dmp

memory/972-5231-0x000002A0AA850000-0x000002A0AA860000-memory.dmp

memory/972-5229-0x000002A0AA830000-0x000002A0AA840000-memory.dmp

memory/972-5233-0x000002A0AABE0000-0x000002A0AABF0000-memory.dmp

memory/972-5232-0x000002A0AA860000-0x000002A0AA870000-memory.dmp

memory/972-5234-0x000002A0AABF0000-0x000002A0AAC00000-memory.dmp

memory/972-5235-0x000002A0AAC00000-0x000002A0AAC10000-memory.dmp

memory/972-5236-0x000002A0A4BD0000-0x000002A0A4BE0000-memory.dmp

memory/972-5245-0x000002A0AAC00000-0x000002A0AAC10000-memory.dmp

C:\Users\Admin\.VirtualBox\VirtualBox.xml

MD5 d15afe024d963312d841a56f7cd13297
SHA1 902b6d2fab0ec9a61fd2610fc278fd6efc111944
SHA256 2dfb44fe173247ffa6854165068df6445b3a395f1eaeaa5ea30dc3a2bd61037c
SHA512 c5dd0803ef47c52e25a31749ef8f0aff0e8fe344a1a28405e2eceb62c77abae8cf4130886a9c8f2d57c9dbdbde9467a3cd49a5b7433128493081508a1bce71bb

memory/3496-5278-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/5868-5279-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/5868-5280-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/3496-5282-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/3496-5283-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp

memory/3496-5281-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/3496-5284-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/3496-5285-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/3496-5286-0x000001FF2A5F0000-0x000001FF2A600000-memory.dmp

memory/3496-5287-0x00007FF602960000-0x00007FF602A74000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

MD5 4754e78dbe6cab9ac64014a5d73f4095
SHA1 a8e7f78e07163b87406bc752b06c6e951b7612a3
SHA256 b76d48404efb7ca1321e75a56627824c47d7d1d7dd645ae0811a1ab0fd8b6770
SHA512 f2c2f314953d293d9d197174bf77f981aeb44cd20b0218210cdc15496603d4cdfb4a123bcbed959a5af083b23794a788751ace7a8ddbd4b95d771ba5bd79bf0c

C:\Users\Admin\VirtualBox VMs\ubuntu 22\ubuntu 22.vdi

MD5 94ede82354ec700badc1b0c7b5a81905
SHA1 a80d4bc9646f6d6f636e0af40a3a6234b66cdeb8
SHA256 397f3040af0b4432d7f9b2c7398c7b803e61af2126a8c0db3de030c3b0219522
SHA512 80d0b5bd684bfbcadca2b7a060797d7354c9b87caa135063475f837ce533c6b692b00bd0936d9558388f70aea464d53735df747626fdcee3061b4616a969b4b2

memory/420-5315-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/2700-5316-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/420-5319-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp

memory/420-5317-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/420-5318-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/420-5320-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/420-5322-0x0000013362920000-0x0000013362930000-memory.dmp

memory/420-5321-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/420-5323-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/2880-5328-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/1544-5329-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/2880-5330-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/2880-5331-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/2880-5332-0x00007FFA4FE80000-0x00007FFA503C1000-memory.dmp

memory/2880-5333-0x00007FFA46150000-0x00007FFA47D2E000-memory.dmp

memory/2880-5334-0x00007FFA4E8B0000-0x00007FFA4E9F7000-memory.dmp

memory/2880-5335-0x000002137D4B0000-0x000002137D4C0000-memory.dmp

memory/2880-5336-0x00007FF602960000-0x00007FF602A74000-memory.dmp

memory/972-5343-0x000002A0AABF0000-0x000002A0AAC00000-memory.dmp

memory/972-5342-0x000002A0AABE0000-0x000002A0AABF0000-memory.dmp

memory/972-5341-0x000002A0AA860000-0x000002A0AA870000-memory.dmp

memory/972-5340-0x000002A0AA850000-0x000002A0AA860000-memory.dmp

memory/972-5339-0x000002A0AA840000-0x000002A0AA850000-memory.dmp

memory/972-5338-0x000002A0AA830000-0x000002A0AA840000-memory.dmp

memory/972-5337-0x000002A0AA820000-0x000002A0AA830000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\db\data.safe.bin

MD5 2a4329e1c47b5fa5a4581cba9af1ae82
SHA1 9c51e737e562e377952ae9130711029dd668fb7c
SHA256 9032ea3551ab1916a5293c58ff4c8154b7b2fb7c43a8e83e5f420884e1ff3097
SHA512 7e243f2ccdacf75570f4c32089795656aa6e3ba12ff968fbbe5d9d58585099addcf8a9a021669aab5979f01a5e3990c4cdde5e90cc93cd5dcff957f7789829e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\e1ae3af6-b746-4ccb-b3e6-1602b395288c

MD5 2397e056797a40fb3b438e1362556879
SHA1 f00924a9e52476429d0646f445cef370df664091
SHA256 7d51184d5a5c326e751c9a7ad462f60cad1a710ef0d68a406be96aa1f64a3014
SHA512 a2559b36a84f18560de19162a131810b2fee335ba23c38571b9bb84a6b01717bcd9e7f9e48e11a178f339285cc5ea9e4129919c371c5cb26a7a3d42e4c224eae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\a0fb5425-d0b2-444e-b5a3-ce94e15b77c9

MD5 bfb0019b4517218fa0e53a8e7f240924
SHA1 6f5c9d531fea7dc07ac8f1120c54eefc6ee5e80e
SHA256 8dec34d753c0ede0f3a61946bfdb18e2460f48e876223a2ba486cd4418a9706f
SHA512 38d09f8c3a6f2f5d13180829e439bf93b7060e904c3dae48971bdb7b7cd919a8e1e2a7132bf967edaf5f2b5e27eeb1fd318c2dfdd54e37feec684d1755086b86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js

MD5 4a7de3a8a322fae30c67f5f1da755243
SHA1 f7d476b94dcf603b0ea3f708b8d0c650991cfc00
SHA256 8acebde2941f7f262abe577ac8c2aa779771913f2839308ecfbd830eba967bae
SHA512 1a72153b521ef33132457a90cdbd1278893504d7bd6985fa49001b83b8670eeeaf98e2488fd6dc2935373c3f66a8cfe5c4bcc790c2db1cf8e4d9f9c1a5192f61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dbf033a04e8cdd560dbe4c3772d8281b
SHA1 86f3df2dc8382dc0a01b598dc364a935c98617b6
SHA256 67c1f1c3a39d563d6749f762fa0741cc803dff11ab3c619c53ade820f37f049a
SHA512 851a0a7dd1620e186f4b27a23419c54c042bc6ca692aeedc97457791d29222295fcec5762f638cec7c45f1730f5afafe2b7ed0dc45df961eedc1f1f0cf2bd4fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

MD5 870418114a4f77bde426491eb71f10b5
SHA1 cb736e83b6b8e1cadf41a22cf3958c6dad770be6
SHA256 ed1de9ef0cff3944007018b4f3902687b00714b74c93f21e6f162e16a3bfdcda
SHA512 4ca905347e83bb8dbd4365a96e8e8726c2984176d92121dd0ea6de23ea14013fb11845bca7b0c863e906757eb726adcf8f0789578d881a83b10f3b817bc4bfd9

C:\Users\Admin\Downloads\balenaEtcher-Setup-1.q3CnfjNr.18.11.exe.part

MD5 fbec950487efb6fea99d8f8e7b312116
SHA1 1e77075feb9217051858dadc5b2cbd48e8c254de
SHA256 39e4d997310a7b8fd1f14e8e83ab433856ab425308f5b802ffc739311bd92b84
SHA512 7a931898679eba4221deee449d6c67f8c51ce56d6de10225a41a0f7598e2281c264dd591f3804009a2bb50d65c5e8bd2ecde99ab8675ecf3ada3986079941de2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f6f029c1f29ee4a4ed00769b97a666ae
SHA1 0984aa10c1c0ef04bb3d8e8411ebd1e40b0928ed
SHA256 6efca0ffc0bbedcc719ef61c6e313efc08c6247d6195eeea6520160127e99968
SHA512 c2a1dadf01bc36683fdb59ff368e3dcd40267c3eea4e75118ab2f70cf3f0ea3fec518fbdf67f25e754ee168a3966726b57ae94571e2f3fedb0946b6c1ffb5820

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js

MD5 169e1da3a242bbab255c6e8a60dc63d7
SHA1 8a0aa95c5ac4683da52620fd14db2f70070b83d5
SHA256 92dd8ea4684378913ebc7a507824a08590fd658a08c9fa4ec19432d2ec50ca6e
SHA512 b515b459cde5074b52bfa5b8508dbf5d58f3d147f7e4faca40fdeaa3f3c3b3813e3f1cb023bcd0cd39ca084582a799206c84348785386a858e52219fd6447f11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

MD5 764539c529e29247ba139b0cc9e86544
SHA1 9af3b95526c809323a5304e2d06f5ca59361470e
SHA256 cfbbae632330fcae8c2d074799f0e104dbe20662475c74f5f389255600cdf661
SHA512 47ac6c481859635990fefd630808ac77890323c59da6e055972e4b6c62d10d54908311f80708d4494f329b190fa81f1a0cb4fe1903728e66d95a44e6de8e2934

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Programs\balena-etcher\balenaEtcher.exe

MD5 8f7704f2a910a1daae82ebf15945843c
SHA1 134803fdb7654d482f83c256407489a8475e9cce
SHA256 d4905e0acaff7840bb89b411b3e0b6167d91aa935b7b7e492c25b5b4f415a538
SHA512 a12ce783a4f582b758a2bf4b7f004fba37926145bc4445cc494c43515d35731ff114c6de98e59573e05a630bb18117b8459a91c59039d68d44aef7cb9c7f917d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\chrome_200_percent.pak

MD5 d88936315a5bd83c1550e5b8093eb1e6
SHA1 6445d97ceb89635f6459bc2fb237324d66e6a4ee
SHA256 f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25
SHA512 75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\ffmpeg.dll

MD5 469cf65fb73c9ebad0c607b1e7320ca4
SHA1 04caceca06251dd8ca5d0dad8df99508566df16c
SHA256 baa539b0ece82a6f5b21ef618f3494e886577fcfb206e1cba4a671dc156019e5
SHA512 ff6bd29cca637bab693af82bb53248ce98f3ed52b5e0642035f577baf358bcfe98e1bc10d94217eb47f5ba46a72ad5e981d74dda0d4c3fbde15242e98320780b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\af.pak

MD5 46f982ccd1b8a98de5f4f9f1e8f19fe5
SHA1 13165653f2336037d4fb42a05a90251d2a4bc5cf
SHA256 9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf
SHA512 2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\da.pak

MD5 875c8eaa5f2a5da2d36783024bff40c7
SHA1 d0cba9cfbb669bbb8117eee8eccf654d37c3d099
SHA256 6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5
SHA512 6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\el.pak

MD5 7dca85c1719f09ec9b823d3dd33f855e
SHA1 4812cb8d5d5081fcc79dbde686964d364bc1627e
SHA256 82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c
SHA512 8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fa.pak

MD5 a67bfd62dcf0ab4edd5df98a5bb26a72
SHA1 5def04429a9d7b3a2d6cac61829f803a8aa9ef3b
SHA256 890ca9da16efc1efcc97ee406f9efa6a8d288f19a2192f89204bdc467e2868d3
SHA512 3419c6bed5fc96e82f9b1f688609b2d2190003b527d95699e071576c25730934fbed3437fdde870fc836bdc5e690362cae1e612b7ff779c22b853baf3cfcaabf

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\it.pak

MD5 23d70fc1cc74275719c4f882400150e1
SHA1 e8235d0bd4dbfbd708deb80139f0acb1cc0fbdef
SHA256 75b37965b88933ba32119ebdd13cb98c54300b1e1e312080947eed6a94fc70b0
SHA512 ca9a6fc273d5b0b656e902fb87f8792de604a3b6ce598dc577d08541ce9f35256849b1503f15edbe5d1e1d5785cffc38ed12650d1d026aa23b5ce6f9c3ac4cb4

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\mr.pak

MD5 be22080b1e45301c313d92d825a7a9ed
SHA1 84c9370a4845ddfa1eab8ae334c1f4cc02ffaba6
SHA256 c09d274406a36f90c75a1daf018c5373d697c42bbc20771a827f62ebe08dab57
SHA512 9558690ae7ac41984553aea1e0133778301ee12e0dd6e16f5dc0380619b82a7a8d37cbe0ef59efcd53c05987ed6fdeb869dee8fe2224fda8880d473e932c2f87

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\th.pak

MD5 5abd2a1b2749449a0cbba60e32393f4f
SHA1 31097bf4728f752508482c298710cffecfb78d60
SHA256 c666359fc9fa137f6d7f868ccef01dac8701b457bb6bb51fcd581185d4bc8780
SHA512 094df53f3bac23eb384015e8f2500484556b6ebda0cb62bc12a773dd1d520d82c13cbad25eeb67fa04ceb209d80144fac70fe60eb792cfc1a0c5027513b7448f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\etcher.js

MD5 1e119110f460128f96bc2bcb1f2334db
SHA1 0526fa4374b329131cbdb8731f1e19c08f8cd442
SHA256 a7a6e4a6c3cdabf2cdc092d2ccb0c7a100c48c76ed5b11ff34e99e1a4bc63979
SHA512 5a45ee3d1f6c7099eef1ee7f08ccc2e8a98fba13d97206013a9fd913a29580be0ce1b0b3a586187055c736af1d945e076258d986ff87e16b61570db50dc18df3

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\lib\gui\app\css\fonts\SourceSansPro-SemiBold.ttf

MD5 83476a890be79f84e97b792c9c40d743
SHA1 9e10e37c75e13f896382fb5ff0475edc454f4589
SHA256 3ba5c382a7ee6a8831bdf90192addceabe6db4278a679e67fe7e9c0226b729cf
SHA512 fcf87cfefa1e700d47d59b05f9d427811a2104e0cf03ceecb7b0b52164540551725ca042dbfbfb65225c0792cef5ed5af76c6eb7af67fab4ef6cadd939a2c682

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\media\icon.png

MD5 185ee8b41d0fdb31da295afc982f9094
SHA1 1ef6574e7d7d2a278c4b43c25c91ffaa3f82745d
SHA256 21762dedff586bffa6fb48fdeedd32dc8e7aa5fb3b4424e2865033857a52a547
SHA512 8abfa3077b1611d20f7994a4ff518417ceb80794e32db35e4c9227f3c5d6956dcc3bfd1d8d4b0da201d64b731ce3ac3d7d97537741e0fe98692abdbf098e35e1

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\@ronomon\direct-io\binding.node

MD5 3875dd98cac12d8e124821f68537b919
SHA1 31ef2da6a61d9a8c978b09c92610587b47bb028c
SHA256 1875078ca9ac6d52a381efb3f7dbee6713ebe4488b164651f7b790ed826deb9f
SHA512 4a24812afaa77ba072fed8657ff935ceeab81493a4d90b2cb7ac3cc87c8a6ff03f6c3c650888852bb3bc9e44a8ff1fc33584723b9852d746ddf7397a37ce6091

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\lib\gui\app\css\fonts\SourceSansPro-Regular.ttf

MD5 c1678b46f7dd3f50ceac94ed4e0ad01a
SHA1 fa4e303960cd8bf37a2171c4bc6186684f2d4178
SHA256 c9868de61ff2bab0b5a3a6d01c4b76f299459f08c6ae2f2c0383b4f9f6bedbf3
SHA512 1b3ee35f20fd8245f9178a34a7c7754e30eac6f863ebf686116f87f41eabf39465fa09f576a5df2369808a3c3cc0a8ecd2da9cf01a29e67db9123c5cd2be61b8

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\drivelist\build\Release\drivelist.node

MD5 7d9819737d8dad569eb3ad4d5b615266
SHA1 21c7d5bb6b02119cc61303341e17b71b4ec3a4c8
SHA256 bf464a84b9fb5c2754af379f575fd57224f2251617237c3b22ebfeaa623b9fbd
SHA512 0e1b8c3173e7a88d87d3c01284f4e280b0cc6dd6b811e61fbdb5aa7533bd5a45090276206a4fadbeadae7dbb3c515f973cbd66bc5b8d9aa01bed948908e590c8

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\lzma-native\prebuilds\binding\electron.napi.node

MD5 d2d128f02415b124386fb03333c35912
SHA1 399712f32ce33c5c65e9a9b673117f386c2b3e17
SHA256 1e4b7a157cc29a2dc14a8eb99fbd170a8c71e7009a9a7322c9273bae8920b535
SHA512 a976ea84e9005ca3b38c3fa765507e4b357f5406c34c1d60f564e4205d0b176476e5d99d2b1743a9b5c780992b5b27801cc6c539049a2c8ed242bb6b1a300e02

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\lzma-native\prebuilds\binding\liblzma.dll

MD5 2e91129e126d90edccef94ebf7abd6e1
SHA1 a8d221d3475216c11f4beaed8c9b9f33ccee32fc
SHA256 fc7348418be392d5ecebd7b9f07c1ae5bc530260fef923801b140088eddce96e
SHA512 dbae0120c0b3709811fe9a738a4d66da4b47a1d09f0e5be373a77330d57fd87068963c76f294eac81723856dac500e3b824e7def828a1646fef611230d42898d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\index.html

MD5 3e869155053ba30d71889308df6ec1b8
SHA1 c76c80fef0e1b28686bfa23f870f8d398816d470
SHA256 df168dfdcd2c6df4bfc54ecfc6214cfe288fad5e4746e4add90b2bac14248d16
SHA512 e46dec01c2fb25b1dbc7f9c815a4e684b8ea577c732fc67bc3474f92fef1b803aac0ea879ea4941d68f880133c91daac486d74eb76d8a9b074f0020e96e992c7

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\mountutils\build\Release\MountUtils.node

MD5 7cbe1f9236798c2cce04587d3cc1adcd
SHA1 3b33b911fdd15e01026dee1089578172a8af2b42
SHA256 0afbddbd457651fdf389954f01cba1903996e9da6738bdccce2884f1625087e1
SHA512 ee591b1ed8e32bfab15124e14394b8ae50c80915825ab85e859e31505245862c1c7da43519061fae75bf3936ab0128518efec91308867a0931a5011a5df8ee7b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\gui.js

MD5 5e64c177ec4d2b87656cd451adddedc5
SHA1 ae148530902201c4ffbe6bff7c228e28b13d08ed
SHA256 0778f5199625c6d338f312371c8709edafcd354caf72799cb19d1fe9eeac44a9
SHA512 39b4646bfc297efa4edee41eebe273c8bc0063cb7785bf5ae99cbecc76bbb769032f3bc1175cad1891b8f632068de88e1e38df4c7317f620658147a0683c8fe4

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\child-writer.js

MD5 b8dc9f52b4c6a75b2427d9a594263f7b
SHA1 f882b50944b28235df26bc27bb748fbfb0c4350a
SHA256 57e7c65d1bf5aadf853f8da1a62992de8609fdfcac7797120d63b87a010bc696
SHA512 964aff36cd87980c35f2c119044c45fb7ad24964889a1191deed8424e741d2e1936acf68311eaafb92591b9688d5ef6482eb1168eb11eca1c7e04015d15e5b52

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\cm4\start4.elf

MD5 30828eb2808cbb3a4b5e95c120bc850e
SHA1 b3148b971d75aea8338d22e0e184b74059de0b16
SHA256 4ad25336aa8ff470f2ef135e8c9ac8012dd25701f5951ded25169f7a8d83ca34
SHA512 ffd10fa2987fc933ef34ab62e5a1325c8380a5b7c0535f5e97a11f9a7f98e74045493556914d59d7e3e406ad127bbecd3b795039cbbe5affefe86514f50f0b71

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\cm4\bootcode.bin

MD5 40a3ad3088d52604b36ee221d0babe11
SHA1 b40b409d6d700e91663ebfbe21d1c8f7e46897f1
SHA256 98fc25663aa6f3d54e8365909f82eb0572717cdd369ae23fc1f7e173eb520837
SHA512 759ca1e33fb71b47bb40b9096b9ebfc1716b1bbf584c6405cf9d278b13b794ab72687ad0915877c9894dcc751fb1f8067f9e9e20e9648b1c0b9c06ae93d36f07

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-0-w.dtb

MD5 3af08c06258856737339c44fd0d7d2dc
SHA1 4138cde7704b53ca49fac85a63befd690ccaf780
SHA256 628dd911cd281df0b068c95f64f79442f9e7edf2753e83b848c51512684637ad
SHA512 73450c2fc0721fcfe73ab1ffc0138a5859654a2d0343f24d7f405e12a7048b058de1c91749be69e00e7df722cad369defaff2446b71023655100719dfbc5cb36

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\kernel.img

MD5 fe1c2cab2d8806716de1b5086618f29e
SHA1 295dcc555585bb252b10d27ac9a5f15e951dddbc
SHA256 bf3cbaafdfc4bcc423fdcd17b6faec016fe633ea96083a435bad7cc8a44ab71c
SHA512 b5d6190a37715702403a69ea9b6709aaed7269baeca509aafd950b5dc53de60753356d77922b57e049621474353c385ede45dd1ff54b953a998bdbf722a8e0f7

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\overlays\dwc2.dtbo

MD5 96d7487944d606ff3417043b7ad99984
SHA1 1dbaff02ebcecc688fe1b579a0c74a64e43172bd
SHA256 ea7c51f1ffda25568b314fc33956f7f1d985bfd9d2fe994a70740124521996bd
SHA512 d3b6f6d263a2a230d3741dadcbae4044b5cb49b51b1995153fae19d5174434175f6453e57538f7639ddec7d6c1a983b70f44e696e2dc465fb0bb7dc68b8fa174

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\usb\prebuilds\binding\node.napi.node

MD5 68f44e5e23babee7c0ef9a6dd57e29d5
SHA1 ac84e592f84f035d22fcaa09e4814d8dfd114425
SHA256 6fefbf9d7f12a1dd2cf9ce463b0e922dae4382ae76b77a4193b593f8bdc11180
SHA512 3916a77b66c6e737f9e9ff5271a3164f4d16efe153c772b7e7d9e578a7d961575dd4dacfd480309a97ddbbc99f6c83bfd984057358ed3d1ef17a9b954021cc42

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\start_cd.elf

MD5 6d39f0575059d6e28c75283bc20aafd4
SHA1 8e42e548b07c1ba6362ae72c4b61e08c177f78ec
SHA256 587cd66a13408e032f8439cd6920b93a76cc985050619ecb326b4b55cb482b93
SHA512 c98dd6274d2ea50678e687e36a95c9e2344a2748143a634cb6a495b996e6cf3d3eff494dfa9e89e3e635c72ed559eacd35ecc3bcd486585dcb8794462e0a20d0

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\winusb-driver-generator\build\Release\Generator.node

MD5 56d6f34724af40b7a41cb423306c3743
SHA1 5942068dd821c931765fa634126ed0c64625f939
SHA256 b3ac337761f6899209b88af2653ec223295d6c24803ed4d3253f09d12b910c3d
SHA512 a5d4b44c800fe6b091edca7ec0e746ee878cd9e88ee354dcefcaed35d6e0a6a2144a64fdfc982e7c50921f3cbfdf0321319801065ffbdcd7de57c06e79a7f179

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\LICENSE

MD5 4a4d169737c0786fb9482bb6d30401d1
SHA1 f1f38225ca1d134b166921daff75ca1a4d4c9cdb
SHA256 ba76edfc10a248166d965b8eaf320771c44f4f432d4fce2fd31fd272e7038add
SHA512 79a18b78ea9868b7053b7607f7d994f71f55458ca6079e883791b3a978d6bd9427d1922394cb570b70f735cb52eb2b25384a4cb11e5b7fb051f318be8acfa91e

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\xxhash-addon\build\Release\addon.node

MD5 91d491c50cc7fce475754a48df813ab6
SHA1 74ce6342ba58f12de5f65cf28132dbe1f64bf9ad
SHA256 2766e5c55baab5db65170d14a7cb444ad4603ee7713df4d18fc827c86c3ccf04
SHA512 945e661f9e9118ab02895025b607dc6782d3641cd3daeba1cdca071ea9a5778b9654a8b3e6ae898a3f5de6c89509e0590d5335ace263a94258fb72f13f1d7d64

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\kernel7.img

MD5 a9f2daa2cded0b0b5f39d115e944268e
SHA1 4186985a1a95c729e5c66d5ad812de57840f8fbb
SHA256 18241df422ae349cf47165d1eb9530da436d661f19c65dda7af76b2c26ad80db
SHA512 f88a04635a9042838904d295b99c0fe8ec5bf4c4bdda8e5ec31e07d2b01eb6f972daed288a4a87212f5a638fd69feae9998ae8c3655aab452d676aea973bc92f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\config.txt

MD5 6ab057d0d65875dac099bc312f86f864
SHA1 abddfa985616d52cb55541ecf1ab2caa84fe92ec
SHA256 002a45280651457f4185ebbc5532afc4d7070c68a344012dc6a854075f932816
SHA512 34169a6715313884608110934ae6d63bee3d4fa8c6c39724d828ff758b8a7c3612dc269e1515d824c0b569ea0d4f5c38faba12be7a963b38fcd73da980050eea

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\uk.pak

MD5 8162ec467ac9a8dac71d22c630a3e6a3
SHA1 4e9e8f49cbcc5e583b8acc3a65ffd87818c96e2a
SHA256 d1e07ac8b6a6ce53f06c66241d44407f98a1940259883e143a574f28a2ac170f
SHA512 e944e3f8f3e9b2c8c6f26e1a7606e441816406afe031bac9a5716ce060a63f03e01a95cc365342518629065b07fc72cf23d65ac84f0b58ef100cf9706a239b58

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\vi.pak

MD5 247e8cfc494fd37d086db9a747991abc
SHA1 bdc53c042a1c4bc2ebed6781b1b01091c8fb7a92
SHA256 4c4e69af3d7f7012e3cb19ba386fc69edd0c87ccd9be326dd6db902401d123f3
SHA512 852ddeb1ce8dbf13280e9dfa72dd10b646f8b06caf88055aeab32009f3fdc397a05764be48a04730e16f23c931d069880574d8bf9c7f4ef151e1d47467a7d60d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\zh-TW.pak

MD5 96620581f25ac84ddd4b9d0cd29b0749
SHA1 6413faf7b2e31755674f27de8cdab0788488526c
SHA256 2a674d423322d1772e97a627f1e291efba5f12b7efd0f174cdc99d1b1b376988
SHA512 7fd315ca93b431c59f92d31b803571effc5d758a52fc5d2f797a306fa63ea73162ac91805a892479b6940582aadc8903bdea6bb70168d660d58525bca4202520

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sr.pak

MD5 7cfb6dd166594df07bccb7c08774a667
SHA1 1c06a8adb81c357909ade0307a67a122c94c0cb7
SHA256 c3b5c6965affb7f30dcdb5fdb485767e83f3b5d694865a677783c64e3b84934d
SHA512 92febe5a65c90f105bd7609e2eff2626bf0e22b186d73d6c1aeb0497e49d9c34b2bb22d26e0abde4713da2c7cf51296723694ee9bc1decc5071a5225f60e650c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\lib\shared\catalina-sudo\sudo-askpass.osascript-zh.js

MD5 bb4cbf5a010d9aa9f08e14a707ea36e1
SHA1 7efdc63a95f46c191265e83b955e3ebc4d5fb816
SHA256 1dbd2bfc3d0089480229d944cf0d58bc0e94f28ea03dc7c075a7c80e185b56db
SHA512 c0f5ea287391796a7bc403f5e2c073405bbb1cdc8b3aa7ca08fa14846f314206a3224b82d6c98ee6b41e5fafa8ae72185aad125fae2b74bcc7811c067e269214

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\lib\shared\catalina-sudo\sudo-askpass.osascript-en.js

MD5 47814f752439d2f82de579b954dece15
SHA1 cc7550cbc9a33aafa158a3c02cdca7617ea9b239
SHA256 272e7d90c61bb7a45618c8c1e40a573f6db1f6961bad8acb41cf607f8983f8df
SHA512 673159a9584f8f4ecad73291949cec5f5da4a02a99944a25c15faa94247a5c2528c1c37f2495fb730ad377a08352b5d9f59c93001ff854f5870d4605dde78790

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ro.pak

MD5 5f6af740e111066ba5245a7fb58c3d38
SHA1 bb09d9f89ec6e1db0a45cd15f84930dc34011b16
SHA256 b9fee8754a5307751f197d1968dd02e163dba30f09a36c72f88b63b4ee5bcd26
SHA512 d2c74477bfa01e8b5b51fbb4393368dc967be362833cc2ac61fc989f41896f17b957d10c0e03b442fba1f3d6059637f355dd6e537e6e00c382eaacfc1b5d64e2

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bootcode.bin

MD5 61b2237ab2991e381de61089a998b768
SHA1 cedaeb8daa7728e9857d199b4f03d84936499b7f
SHA256 7b24659eb049333eec69f59cf0c5aa0d49eab5ed67726af3c6f0c9bcf1e3f9e3
SHA512 8ea339244e4b6d4248a341eeafef3bc5e0a2dd1dc40eb9c44bbae6a617d6340e1390f80198f86c52d93615112a3e4f912529d2578980bdfac0faa221e3c4cf02

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-cm3.dtb

MD5 8a7c953afe0a5fc484879c43b7737e8c
SHA1 2480dfd2043a69199d9fa4b7be10054f648f91b4
SHA256 deed502c6ed009f7141c18b94dd5077995e2fe74a9b8777d829db59f53414ac0
SHA512 d12e68267b42d9fbd0e8dc83e902296d3748d7ee8de2dd73d072982c84af9cb24a83ace648be84c452fb9c34519cb6467345f77cd5e47a5e708d25f7fdcf57b3

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-3-b.dtb

MD5 20ce58eab8638692b6af0dba081c3763
SHA1 19db51b441554ee5e0047989f30c721344b94be3
SHA256 aa0da4b66ebdbf16824b25b4d7afc090b585098758be205e4de83d9cdbd72034
SHA512 4e5d45bd90523b6e4c24c3a1d7d60f25861f15f1e105b79bd9f59c66634dc25dd196a654c7a0c54fa2071f8f2362e9622ced5b94c99e5400df4c65cce3a54d29

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2710-rpi-3-b-plus.dtb

MD5 604a83265187c6b495258f1029b26720
SHA1 d3acea7c1bf45438f67577d2112b6b911b446013
SHA256 ed9bcebb25ba378a8d2202686f93f6a55948c1883da1555e882c1ddd08110adf
SHA512 6aa35aca4921bcf8d344709fc9a01a907f001cf1b5081627c4fcaceb3111683712754a75c95b823ff3b167494843a4b67b066e38302fef74043cb4cf64b4a056

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2709-rpi-2-b.dtb

MD5 5363e77af7557926ea254db85667bee0
SHA1 339b61f3d66565a3cda65031b4bff2ea3b29b128
SHA256 49cf69c7ebcacebd9d5604501a6e74892d42d6118f496098927aede84686d2d5
SHA512 897f904ef81e0259a54064757d577b5fbebbba4a2853e2789219814f5727dd0081f3b0cab1018c362a55835d6568ff2323ba1f8d564602ab940df3a0cd6fcb47

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-cm.dtb

MD5 f8454543a07103caae04943933308371
SHA1 8004f2ea79b06d4e854555313109fe9d19759ab0
SHA256 5d6c87c59dbf2e93dec3f9453ed8a01a0f7d4d505682bb816f082ccd9fb4a89b
SHA512 56df097978a72cd5d5315359887ed2d75a94b7c28db109c483dbfa90f5f1bc003cf5a62a5611f9a29cde499d6fa91109bd76daf452830d35443cbcb5e31108c8

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-b.dtb

MD5 aaeca97637c02950f2d0a26640fd264a
SHA1 b662622ab7f73e1f79e799255add860d73493e6f
SHA256 1beabd7549cd1dac94ad3cdaea2bc40bc5d8ca3ced2d2dfd5caf43a9c7745725
SHA512 60c54b119ab92d666fddc044b456fb22748e69b69b8953848b22cc94fded8e421c1c7d61f4bf7a9790f54ab64f8396162052436cd73b6b3ff64a4a610f2b071d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\generated\modules\node-raspberrypi-usbboot\blobs\raspberrypi\bcm2708-rpi-b-plus.dtb

MD5 83ff064505cc83b1dc2e69e2d348ff8c
SHA1 3f598c67d10dcc6f539c40ce10ad987778d36920
SHA256 358f22c60f89f4cce5c6bc12d83f94152a9f06dd5482bb02c7362f99e72c7939
SHA512 8d85fa24468ca355c495f196fede8273b3a0766e12fec683f6d081f302c3368f2727a06006a28ffcd86f9c01af0ad37c5b0624a10aaa867e730150c12f7b14b1

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app\package.json

MD5 1787b1da712b1dd02b8bd7ff0ebd49ce
SHA1 187b01e8d0a19b2486e16801e3b0f98546865e20
SHA256 2febe2a37b2758e04c5eea46a4348440410a76f06354b015c8e002309fc097d7
SHA512 c7bfb27179a17236f02bb3a8df405f001b2717ecaa6a4ff83622e537856c40aa5d520062a9e60f6036fe082fe642adbafa3855ec6d98c6f0f7acfe1ae09c48ec

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\elevate.exe

MD5 4cc2b8d1c71ab0835e82c15fb2e1a443
SHA1 4b3fc0b242f7f9ed9dbd394b5547a8d18b553823
SHA256 cc39cac86cc1f7b33981d7b05eae9d5a01d18d48b6cb3f94c536e1d63bfbd214
SHA512 c4d01a9c3fe7e3ac12e248fe204a41d4d132d39c8ae327929421a4f0df72e0a52dfa2d4fbbd7f0be9d4e80913847a66461c3ddc924cc3a646364b90d54fb1cb4

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources\app-update.yml

MD5 d4ff3f267ba34f37c967c40c1d9cbdbb
SHA1 63e8c264da051c7db1fa1559376694ce63acf3f2
SHA256 08dc4a54ec6d94f3a6350d61d333b6a861f960b61f5229bc56a551e10d902908
SHA512 d50cb447efe9e8737a70225af9d2a17341dfbfdca1d2c248930f29abeaf5497e83322e9fb5b5f77f610f8d5247161394568fb13f8fbe8e26ff9a6ff674ec2154

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\zh-CN.pak

MD5 7507e95fbb433aa97dd9c2e3c2e08d0b
SHA1 f61227f2173ceece432289b099285d4a9322e2ef
SHA256 bf3fb791392d8044c2cb3552cc974d95adbfc1548eac617c9d2a981505fb89e1
SHA512 f8f42e09eb0af51aa48325ec824814e52244201f627734e81c9e84ea319f5c2166c2450e9b89edd3ce84d3959f0c9ba445ba7a32d4164cf730f0949e11dea082

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ur.pak

MD5 30ce113bc3c466751bdf8d50cc568ff8
SHA1 d0b434b8f196a320995f49845d64054dcaedb97f
SHA256 34d46d28af3012bb84767a418957f12d877789b88a13ea29b047c7926abafb41
SHA512 a8139d60e498082c122b068a478038e3d3a7d6fa71bb8cd2b1bd7976827ffc23f7117f989b18d600960b222178351f01dbfa0fcdc3e7f0917cd0d47b5902fb44

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\tr.pak

MD5 08b737a1b8ecb81c8ef4d7b8f6b5f503
SHA1 99d2cdbb720f114051627acbb79475ccc57ce6a6
SHA256 84f08423fc516988761517511d36bf5d3428866965addbf3ef4399a80f8278e8
SHA512 142c61f08e56a084f335dcf35c543dab872dee898c719052fb8d42be2050c5fe6d9245180ff9d0d0e07cd884daaaffa6ccb5428fee91ae00413e0ea38a5e8c9c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\te.pak

MD5 11c4c1ef8708db1f742333e71e312831
SHA1 ef432cf1d5df168039cb3d1b5f4d34bab76cd475
SHA256 9889b8d2e5f5fc5ed199831954af7b05028ec7a68f448b19ba74d91b97c223d6
SHA512 27c73d81271612bb2e4925d2091db9119859080484f5fa17536291c06bacdffadb1962ce56d0979d4f1f49add14990d73c5bafea45ce48141a36a2e55ade756c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ta.pak

MD5 ab1ece31afe29124d183b3826c7ef291
SHA1 e707a983f039310b867bf4b502165f1f512b9818
SHA256 5cabdecd2a89bd97782c13d9f5b24550ea00b28750cdb26a7843af7e75e34b22
SHA512 6510d54c2dd177be19ca6b250e936fe0e26036aee7bd1d48e141cffde743fe03a02be0cee22642c3e8a702b2277d7bf307bde69a863855bc65a55425a1f2f884

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sw.pak

MD5 a5f4010de863114025b898d78036b336
SHA1 0fa93fee8f60d1bf2fec4e01c5306404e831e94c
SHA256 8c58adbff7d672154c6f399ea29b549005460d80679e1f6cf997d95732857c30
SHA512 7f8b00ae7718f39c0ab91f3f63a3b5062d9878f224417282c3ff43ae9c88562a045c54f7c6f9f7447119a16bfd0ec40b48f762a52b64bc384ec80f53898c53c8

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sv.pak

MD5 b4d3ab3791e862711986bb585c1676fc
SHA1 2123c8879a70728657e72415d7056aac4a1527e2
SHA256 080ce56662a0a32a4164ba88f9c5081d7c43dc1908412368a70e789e1adcbf66
SHA512 b904f1741079a8c7ed7647efe42e9d7b9be403079de7e512539b70bc653e55420a3aca4b599e8a9d440245a61f94124476b3a5afa43b39ff1aa48cb48fc5c15d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sl.pak

MD5 c08d0d08fd48822c603a27aaad4e9557
SHA1 8b7d616ef86bd955cbdf68197cdf748aaf99240a
SHA256 ef205cf8911a96d772711675e75bc8df5866ce0d9d44ebb110bc07e4f340ff65
SHA512 480a23a25860616be8844ce29042fa15cc7f360e2c53b367f6701926b9a6df72d82ad6c5dc7c0fafd537202d4ea7c44dfe24589fb4a4f52b4440629865f8c19e

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\sk.pak

MD5 7cedcf98e68f4001cc13f2b761571681
SHA1 fba32c46564452fee5697777b6d3c60d69589528
SHA256 e6509f7a6c6b9912f2875c7efa34434ab9562df3cdcaf0546b6370d594ca46fb
SHA512 c90ca580c5da2fff68b5957940d9b2c377cb07632b1fc0c8a23fef9a076cd05da618890f197f5b2f7314583fba89be083ad180335201d28c27a7c8c21a55c72c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ru.pak

MD5 822750ab24d9ef1a54f3d987eee1acb5
SHA1 dc99948cfd029cc9d98c10e487625832db8f1855
SHA256 3906f069e6e2a3a0235826e9382624e7a4cfba309f00bbd0963ff0c9f2c179fa
SHA512 b0d9521e088c80470e5d15e310bf7e3e27b16464c5349f2bd6f29a78e7fdc7da36b3b1bee68e4496585b0e2f20098fa6b0b3360c4b43f2ed9718d292755f5be4

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pt-PT.pak

MD5 f7a822e3dedaa3df046c3172613e275d
SHA1 14c21d2cc296197a9a618f21dc103f0d6749b77f
SHA256 e2e84e23275190865c685e0712530245e35dc63ff82c4e854068494192917f3e
SHA512 0d08fedb423e9ea4f9ca54b55fcb6a88c4f4aa7ed71897b4a7625f093e8dc05733ec52e4577709dd4e4c7be001770e1dc85c0e10e0dad883f3291c515736b7c1

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pt-BR.pak

MD5 54efb4172a7110a567ad87f67cfcd551
SHA1 ea8eac6f2328b8a1b27249fced7c16154060dcf3
SHA256 c17ed07165ec47de5acdfa7e4783af4b417843e5f232e9f38ce02138c8bd1742
SHA512 ae8aa02e9bcb3bfd8b39329a2c37f789484661e283dc63297e1ec2dd5d14558b349c312990048dc6a03cc7040a1c6fea2571c6102b1a61a638f9ab615f5fc938

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\pl.pak

MD5 bc72c8e2426765839539a3b8340fe19e
SHA1 630bd0e844e673454477b819c808b7e18bebe0db
SHA256 6a97c2ce05545607a59df2f0daef5da71058dc1e1685f26263b7110edc431755
SHA512 a0f2c68ebb8e5e2ab5ad682b5ce0b1dc955aced7de32001a0decfafb924ca94ef322605ddf69ba74baf18871cfddbad97fc326c43e5b3168019e21912f7da421

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\nl.pak

MD5 1e5b9d923d5f8cef49c913badd2784ba
SHA1 6e42a558a7207b2cee2452263eb661843fe74d0d
SHA256 7a7be29044bf2fa9459a90dcce12ed531931660ba680dec8f32ad8a3364d973e
SHA512 e4392f91392b79fa14c3545c9733deb128f399163dcbee698bf51b2218b1abab6aef45c35130545ddc86626012599e4a8bd77205baa735c957258539c9b6d484

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\nb.pak

MD5 2f31dbf3f36906c58b68f7f88c433257
SHA1 55552671f81a9b24ef05d16249bcf5135d5a98c9
SHA256 ca435b5ca91a253129bde2155592d9c3876005c4ca4389e4ecf97adab9a6de4a
SHA512 079ea4f01582e9ab05e2c63850b654ab84ce3b8bb72390899dfe662e2c4138b82f869829fad3ee645546dd8e27c749d2ef20a0d5bc94db174a59c6e0d43ea27c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ms.pak

MD5 bff5ea1dbedfab0da766909c2b0beed3
SHA1 9ab6989c47ab4cea0d620fe70bba5c1e15a58a51
SHA256 6240e885116732ae850542cab40c80950bf83171c17a84bf02d7df9b1a2a98a4
SHA512 8bc32f7bade04932b51a2bc4e8d5d609d379a157accca63e43977a19f2604e87ba754bf545651a1237c74e05577f36d85e53d20fa1da41e7967e8ef8a657464d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ml.pak

MD5 a7f6cdc17eddc1550260489d478ec093
SHA1 3308eb8f7d1958fe6b9f94602599cdc56460aa89
SHA256 01a0e2f809fed45b9b67831202d297c3221077fa2dd84f3b635ab33016a07577
SHA512 42132ca4a62bd5de5928f8c313c930c1fab0ad918fe08612ccd118e421eca768956ad42f7551d6ce58d10be6c34cae7a2fef518bde9f0641c339f7af70f42688

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\lv.pak

MD5 28eeee40b2722e1cc42905c70367fbdb
SHA1 fd82465b1522d314b295207934a7641b3d257d66
SHA256 026e6a4ea0fd11c07375f0532a0756bffef585889a71f33243a116c462b0c684
SHA512 a99d203ce67a3e5d4f831064f83c730b045fb1eba47ca804ce6c407e04240f4c51b4114446c3494e2985a1109695533d1b1c5c7594a5555276be366c07d0b855

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\lt.pak

MD5 a3e29f4a3ca6f2058a6f464e49f914b6
SHA1 3fc632eaccf91e86b365d444e7acba6f9302aa5c
SHA256 ec70edca70373390f028aa751a74057fb1c2c583c310492723a228c863007c47
SHA512 eec22e3347affc0eb0f9452f3b9b239e8b714148a39be83ebe7979bac706a942da3a17de01e9a1b89dfec9e970692c3e9fe566750092fc139325ae25ed1c3e04

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ko.pak

MD5 27705557eb4977c33bc69f27c2ee9f96
SHA1 b0297538c4e68515b8f65d44371cb8f4cdbc489f
SHA256 de71f906636d2a8f5833a22e92b61161182c53e233b75b302dbe061ed57e9bdc
SHA512 53c8917049d72a9739bf7f2abdbde3120ed3124967cd9b1b71b172b7b36ed41a1ff970d3841c0f5eb5b53616dd9f8e03f65a79e6a6964b83da2c84174c1dd56f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\kn.pak

MD5 66867a2133ef0c73f385af7d5d2eed91
SHA1 8ca6e7e6d679255c2c151d38cf70a5f25cce059f
SHA256 407599a388bc151ccd2561181ea90ff620f4cb5c767317af8ca4748927ba7f35
SHA512 482c0b75c921470866b7c6ccf09cddd59ce81507e8df7a2158d3abf08c7201ebeed67c1ecd36f5cb015a8833ae9f1917ab6118f9f0a959364de958729295f37c

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ja.pak

MD5 781fec59b38a21dc663f3a482732196b
SHA1 1b660ba0bd9aaf67c5fe49a372687facd6d264ea
SHA256 3849f8b48b034fe6319112eff77b7c9f6a8d7b20cf7bc8400528a0a8458677da
SHA512 f2c3a6d8c23f72db8e70ec8cd87793eb103b58bdd3976e99f42867c33a6688a41c79eadcdf25c6ae01fd20920affd43f228a5134af28f83ee50fe02819665e95

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\id.pak

MD5 f6d153fa3087dab3fcef255b5afe8538
SHA1 99f123a133d3ce1a70349a7d1948a8d57981e1c4
SHA256 fa38d911dec71800d33802441412f20133e960bb316c79161bdc7f78ea1af3d7
SHA512 c092339a2a64dd10a45b516ba19013ad096c4c43d51df33e4c779c9ede6d71bcb59c18d5ba568f4876c0b5454ccdf05a1e632be0f97db5b4eaadf263e7d1967b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hu.pak

MD5 7317adfcba87621963e9cb2f44600e2f
SHA1 0398d795f9a3cde03ae85e8cd2c4723e7ef5f7e4
SHA256 6edcdaf17483c4b7b74d9c728c3f38d9e4704bfbdb618b578c7ccb6bbe6e824f
SHA512 e8ec0df2ddf67799194e8d3f722b5643553fb05026bd5f8d933d1cc18df6a641eb1b810e22114b44513b57a005d326b91a1fcf1c470a636cd42c5bc5fa0f254f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hr.pak

MD5 209efaa890532ddbb1673852e42ded7e
SHA1 8e9a3e643183d4cbdfad9fd2a116e749b5313a95
SHA256 3d01f9d2c51efa0c0d8d720dd832493b1b87d2429970396c42cee2199e7bef40
SHA512 5410b31ab46ccfd29b750f39d3796a533ec0c0a7b7b31b70977f59f348dd4190edc00c86db8d5b73df2117f27fd283de2057493c081cef69d04ad9894eb5c05b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\hi.pak

MD5 9697c9ecfa893db09d046e4feb8f1260
SHA1 db08fecfc31d278b3f74c85f98c34dc78b75f4fd
SHA256 de4b369e012831a5ced3ae02e34fd34374348b016274c99911a294de3f9bee5b
SHA512 ec9b87003853640c5f3c477f389dbd16bf1d75269c3fbd8620db43942ba7e323a3198fbbb16d27c10bbae40fd047cfdad170659b9ef26488928a24ee535885d7

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\he.pak

MD5 b2f893d17e118cd03055b55b0923206b
SHA1 99b6358438a3eaffae38dcf6a215d8c5f9bfdc26
SHA256 f6d1e2a269783f27b85c2db2ce9286f581ec2e16586ecac476ab5735cd8ae12f
SHA512 34fa1c4bce2f9e2c5c7b494a829f5b492b40e8f4f0bc586f564755de703b5765d81795c67e19a27d2f21d297ce3b7e5058a126118afe6911cc429fc58d67f13e

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\gu.pak

MD5 af5cc703c77e1a4b27233deb73c6ace8
SHA1 ea92dce379ec9405fd84274566d363ce302d7f1d
SHA256 cd761009ecbd4736b24383f020da05d2e6b9396c67a7ec1f4ac1966943cf9eab
SHA512 dd379cbab7a6fdce05b0ff34d339c2f3320f83f76d8e1fb7ebf20edcfebe541ae454490eeb83d8edc069aaf3db52d6b7de6d701672a13e75dfe59840e8f2c5df

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fr.pak

MD5 bc286000070c9a918a8e674f19a74e12
SHA1 41221bb668e41c13fbf5f110e7f2c6d900cdffd1
SHA256 d641d9d73262ca65a613ee0395204435d6830316dd551f8992407ae77ead4b64
SHA512 553dc84ffd09dd969802fc339ab20f6af3c36442c1ea23e4199519f2c5fb50be79874ae455ce5ff44511a3adcedae7f3030d13e0ecf2b456233d5f4ff186a5dd

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fil.pak

MD5 cb9fb6bc0e1ec2cb3a0c1f9c2dfbc856
SHA1 c3b5900a38354ea00b63622bb9044ffb4788723b
SHA256 945c0160938c3bcecda6659a411b33cd55dfac18814bed88575bfd100c53d42e
SHA512 6ed77d0fbbb1186ccb7493708f55f8a2c3005a1f1da759c16289713a853bcad4a2cc4846874d67f722f461b1950a763508a91a7970bc0eb5da686206aaa8489b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\fi.pak

MD5 aceed6757e21991632b063a7fe99c63c
SHA1 491b4aa5eaeb93e662f720c721736e892b9117e5
SHA256 370164e61142d8609d176ec0cc650540c526156009070563f456bcdb104e9c0f
SHA512 664c369e74930a61a8c9ccee37321c6610ffdeba8e4e8a5d4f9444d530097b0f4556e7b369dfd55323fe7df70b517c84ae9d62a89c1984a8cf56bae92d3e0455

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\et.pak

MD5 339133a26a28ae136171145ba38d9075
SHA1 60c40c6c52effb96a3eb85d30fadc4e0a65518a6
SHA256 f2f66a74b2606565365319511d3c40b6accdde43a0af976f8b6ac12e2d92ec9f
SHA512 d7dd2a1c51a7144f1fe25336460d62622c2503aa64658063edcb95f50d97d65d538ce4e8ae986af25f6f7882f6f6578bfb367c201e22da2abdd149c0bb4194c1

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\es.pak

MD5 b1c6b6b7a04c5fb7747c962e3886b560
SHA1 70553b72b9c382c0b25fa10fe2c967efbcfcb125
SHA256 e4db8f397cd85fc5575670b3cacfc0c69e4bf07ef54a210e7ae852d2916f1736
SHA512 7fcd9ae80791de19df8644424ffdf1feb299f18a38a5d5bc546e8fd3d20d3ced6f565981c3c03026bc5400fe0806dfa3af3064e7a70e18061f5d5fe6d6bde8d5

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\es-419.pak

MD5 d25865c02378b768ef5072eccd8b3bf0
SHA1 548dbe6e90ece914d4b79c88b26285efc97ed70c
SHA256 e49a13bee7544583d88301349821d21af779ec2ebfca39ee6a129897b20dbbd0
SHA512 817a5ed547ef5cca026b1140870754ce25064fca0a9936b4ac58d3b1e654bb49b3ffa8186750b01640ac7d308bf7de2eadc0f34b7df3879c112e517d2faabc94

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\en-US.pak

MD5 f982582f05ea5adf95d9258aa99c2aa5
SHA1 2f3168b09d812c6b9b6defc54390b7a833009abf
SHA256 4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d
SHA512 75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\en-GB.pak

MD5 db946e28e8cd67fc45a317a2d22943d3
SHA1 0e096f66915f75d06f2ec20eae20f78ad6b235e7
SHA256 7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe
SHA512 b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\de.pak

MD5 5e7ea3ab0717b7fc84ef76915c3bfb21
SHA1 549cb0f459f47fc93b2e8c7eb423fd318c4a9982
SHA256 6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403
SHA512 976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\cs.pak

MD5 df23addc3559428776232b1769bf505e
SHA1 04c45a59b1c7dce4cfabbac1982a0c701f93eed0
SHA256 c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0
SHA512 fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ca.pak

MD5 8fc109e240399b85168725bf46d0e512
SHA1 c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5
SHA256 799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62
SHA512 84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\bn.pak

MD5 be160a93d35402ed4f4404f2b1d05d95
SHA1 52db7af673b6e5318e6663751938dbbce4f6280e
SHA256 a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287
SHA512 c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\bg.pak

MD5 470dde3136a8da5752fcde269d4b6b43
SHA1 85196012cc0df090650244f7b55e51728c68806b
SHA256 cd6701f8b682b6d677ae2010abfb4bfd19555bb42847e2ffddc54e203d50b373
SHA512 b39397c8a3a081e61dd52ebbc0a4cc2ac33f9427c1ea9215995cd8915d705f30d2d3290742155890a61fc3819b6076c1ae41d278171517622ad35fc6f430702a

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\ar.pak

MD5 1b55e90455877384795185791bc692c2
SHA1 3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46
SHA256 ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df
SHA512 bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\locales\am.pak

MD5 15b05881e1927eda0e41b86698ce12da
SHA1 d629f23b8a11700b410d25f3dc439c8c353b0953
SHA256 4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd
SHA512 6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vulkan-1.dll

MD5 acc5484ae9cfff351ffc0341fae483dc
SHA1 616b6e2763a9e4ac5f1c959ebdc4d15b68ac0d7c
SHA256 1c7fe50af9f2c7722274ee55c28bc1e786effbed15943909d8da8f3492275574
SHA512 25a47e2e7947f358f993fee1bd564c4e5df8db1f72ba7fb376b5aed0e671fc024e1b9d47754a78cac90082a84debb0eaef772e91f8121a2d6f35a5df41cb8fe1

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\vk_swiftshader.dll

MD5 11308456ed9d5a9ebfdbc0f86160e797
SHA1 a56a42951a4365b0228bdac44a31cca6b789a60e
SHA256 18436e3ffaa5ad29f0fa0daba05cfd99ad6ae2ccc7d6a5bff9d4decd97c0993e
SHA512 062389e03d4480f51c2ff9538f98f8d14b14017393295e5599bef10171c5dce6a3bb6318baf2f5d3f03ec016541f7b657d4ab4e78bfb40c9016a62ff0fe5ff76

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\v8_context_snapshot.bin

MD5 1270ddd6641f34d158ea05531a319ec9
SHA1 7d688b21acadb252ad8f175f64f5a3e44b483b0b
SHA256 47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29
SHA512 710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\snapshot_blob.bin

MD5 2b09a6d421a1eb549237382c3cecd328
SHA1 98722a09a5be2512ec55ff6462a200c71b16ad2a
SHA256 f9c472794aa190e96eac204d6c2d86c9ef63bfd6fef8df69f39b85cf4ad853c0
SHA512 b3636d7d3c53326169dbd74087f1e1e9afe67ff794ed25eda0c9c86773a9068e2770857b47c1c4a49297128eaf628ea31078a852f9209d2e173fb7021146b721

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\resources.pak

MD5 c7b17b0c9e6e6aad4ffd1d61c9200123
SHA1 63a46fc028304de3920252c0dab5aa0a8095ed7d
SHA256 574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66
SHA512 96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\LICENSES.chromium.html

MD5 f0882b4f2a11c1f0c524388c3307aad7
SHA1 c8952b4076167de1374d0c1f62b1fde8fe69f4ae
SHA256 1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f
SHA512 1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\libGLESv2.dll

MD5 f96fc251bae55a5fc0f1ddaed8706015
SHA1 532c2b51f5e3256777ae3b9f40c8067b20eee0a2
SHA256 7897eb2441975523e3e78dbeabf2d9deba66534c69b6cefbf87ea638ee641ea6
SHA512 cf2f9f126204596e37bbe5517500a738ad06f306cb49e7a36bc050e38a61191a767e5d3fecd570410f08d67b64e77019101b2970867e8f0d41b35a6526d3d280

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\libEGL.dll

MD5 5de7e395632af0d31d8165ee5e5267dd
SHA1 740ae64850e72e5ab3d49e3bbc785399a30a933e
SHA256 44febbc02e69d492d39e2cd5d025bbf0d81b1889b37725bd700cc0c21e5ba22a
SHA512 788c3fa6d58b8d3ae258628805ed79d612d9e15e92dca39c27cb621a2a9aa42669a20c11b5c9a912a2d8cd68b0a7a53f7689e729067c6d87a8063e5b8b2c265d

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\icudtl.dat

MD5 c6ae43f9d596f3dd0d86fb3e62a5b5de
SHA1 198b3b4abc0f128398d25c66455c531a7af34a6d
SHA256 00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee
SHA512 3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\7z-out\chrome_100_percent.pak

MD5 0cf9de69dcfd8227665e08c644b9499c
SHA1 a27941acce0101627304e06533ba24f13e650e43
SHA256 d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88
SHA512 bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/2448-6416-0x00007FFA6D850000-0x00007FFA6D851000-memory.dmp

C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nszD4C8.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

MD5 47acf6a72ef514b5bef757c6251993fc
SHA1 ae9487e5f2501db1a0ac3140d422583ad9c0f724
SHA256 3ba17d80d9074a77150505afe90ac0c2ae393c3f3135fce066300bcbe13bc6ec
SHA512 c8b09282871f56c4b375b3c9544f1a981897ab6d103b6f46fedfabbe17582b09ffa5a699b373855c3304a6694039379257234f8f88900e3e5faea40056e40db4

C:\Users\Admin\AppData\Roaming\balena-etcher\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\balena-etcher\Preferences~RFe683258.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

memory/4428-6739-0x0000000063CC0000-0x0000000063CEC000-memory.dmp

C:\Users\Admin\AppData\Roaming\balena-etcher\sentry\scope_v2.json

MD5 97493532e52f9b9fe4d2275da3bea142
SHA1 29365e753093fe6e476fd16b23fb2e88db45e1f4
SHA256 b79fc4dccbd73259ef5be02a95e38807fb12ffc70260c4ca29c4367bdd547bb0
SHA512 9892107b97dc985aedec376d58ba95c02e4f09c399804b0a618e41c069d1edb0b73ba69d040d66ff58b0ed57cdbe9360fad89710d472cc9404fe242e7f1de9cb

C:\Users\Admin\AppData\Roaming\balena-etcher\sentry\queue\5fa6b78657364b109828be570e0888c2

MD5 b07785ff62036b52ce7cc22c62a9aba2
SHA1 b7a5318a4b1cf4a9c9f8b5e1f5f9120734f5ac04
SHA256 b6fc5fef392aedac2e1b0385031b57c75b8c323e82af7a5063191a3b1a31621c
SHA512 5bbcc4ea7990c5cae2bbbd6640df161896b3aeae598c4048aa7876ba6674afe2fe6838e01bf5a79852ac68b2a7425b57f6949c0653f22ad92317e096404d55ea

C:\Users\Admin\AppData\Roaming\balena-etcher\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\balena-etcher\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\balena-etcher\Network\TransportSecurity

MD5 d26be3e3ca55660f1a08eafe6e9043f8
SHA1 ea9c38a00de0e3be0091e0881ce9d350385b9219
SHA256 67484f71afb68a629952f60829054cebf2eed29d8749a4b1206e928f92533dc7
SHA512 19899afe05d2950f5cbca53d0086068f182278c336d04a2218189367e558760a6be4d676684851080e95524bf2a83c08d5e03941723c9ae2f767bbd3c2440db1

C:\Users\Admin\AppData\Roaming\balena-etcher\Network\TransportSecurity~RFe688327.TMP

MD5 b3b38bac9c64a14fbe4ed0cf1663d417
SHA1 f27d3732e2b3c9d0b78e61509e38cda0d64e0514
SHA256 da003ed6c1c276593bfacba4e5963f514df09ea62d359ce4d914f866d47f8e01
SHA512 302d5976c93bb526ffdbc4def441cb5554a2f59c4aade6a148957c1970f560ef300892390a4cc84626cbaa8316a56887a766cdda62fc371767d1c6d2510b7499

C:\Users\Admin\AppData\Roaming\balena-etcher\Network\Network Persistent State

MD5 cc582ec98c86447236180371c96db4f7
SHA1 beb45765310133e20ee8fc8e7dc2d28bfd14d58d
SHA256 eda2e2945f79e51c28843158410f8140c5ea8f857feaf2073bad5c9704ee795c
SHA512 a7f2febe714514dca8a4feb672a2c97c20e1c6f80ba37a412d311df39a07b80195fc1abdec7bcf04c1c9cb03fcb76b8d1bd7f37a90ce102561d44d6565d7b936

C:\Users\Admin\AppData\Roaming\balena-etcher\Network\Network Persistent State~RFe688327.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\balena-etcher\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

MD5 bae1d4ae7261a1816ea3598b86241e89
SHA1 254bb34854a4460adf9761bf47591ccffae8c451
SHA256 6b1927c64a9bb1ce566a4e75cf21de4f0e464e0e612960a28d84817430c12dc0
SHA512 f9c54275354fc596c1edc2d6e2e5582596cc0ba51999dd13523ee183d2055a5821ccb035d00e713dd9ad2957b01d948c33e5bfe24bd12619b109c2e076368134

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7a0baf68de52f508654bb01aaaf8116c
SHA1 0d6c7b6731c2df96d25853bce5b4faf4fd103f6d
SHA256 151be824e551a72d0b97e5b81b43b3d7efd06098ad4c489f77392d7d1e08f997
SHA512 c5298a532820afb41ca2012b7c18a65ba8c2e8c2e4e199f1f6d85f3e872cafe97f13b8c7363034c263cc10cb2188550fefbfe1159a04848e64076d30ed0db103

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

MD5 d39c7bf588c73f2859d0ae25f56cbe1c
SHA1 ac35cd19b38d1d6231ea91ccb8caa596e47aa4ac
SHA256 c3c04d5881cfe809a2972194ec0913990084b015182287f9501fe5cd3b55aeb9
SHA512 c5bf61876031ef25e89a2a402a95da508c2c34dd6115628dd19c505cb2113b2c95f56c2828c034dc29f9ba777909e50d7082a298be99099b764b57d0ae176d0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\targeting.snapshot.json

MD5 6b21b6fb29d0dc561d698955d995766c
SHA1 ae6e68e6d51716c5116377dd7398f10c774067fa
SHA256 47172dc73934eacee5c90a291be84fc49501357259642c77f9c3db512882e6b7
SHA512 2832d981a17a7136b8ec4e362fda31b159446bfd0bbedf417ff19db5f530ac11ba97a48ca9d934f678a3ecd9a6785c5853dc63d6da1288a4123dea78abd5cb8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\bookmarkbackups\bookmarks-2024-02-22_11_yGso89ZhjiFQzec63Sgphg==.jsonlz4

MD5 70bd74227ce43aa7457075fdd890a524
SHA1 94c002c2a1efb3f8bbcc5a0e02f26b229aadec67
SHA256 22c7362db229e91520fe221004c8a931e59bd84337e311ab9016514e62cb6c6b
SHA512 bca2d60de3774e0aefee4cd90106f269b37676a1890684792bf3113afa27d5f6a6ec7bbafa43970e792cfd25bd4a9eca24ca8c037aefceb5bbb368507611d6a9