Analysis Overview
SHA256
307119554d57a79005b8b76c692ff226ca961b17f7f9ad0d43590556632d3745
Threat Level: Known bad
The file Proforma fatura.msg was found to be: Known bad.
Malicious Activity Summary
AgentTesla
Downloads MZ/PE file
Executes dropped EXE
Reads WinSCP keys stored on the system
Reads user/profile data of web browsers
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Checks installed software on the system
Accesses Microsoft Outlook profiles
Enumerates connected drives
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Office loads VBA resources, possible macro or embedded object present
Modifies Internet Explorer Phishing Filter
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
outlook_win_path
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 12:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 12:10
Reported
2024-02-23 12:43
Platform
win7-20240221-en
Max time kernel
1902s
Max time network
1996s
Command Line
Signatures
AgentTesla
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe | N/A |
| Key enumerated | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe | N/A |
| Key enumerated | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2736 set thread context of 2588 | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe | C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe |
| PID 5776 set thread context of 4612 | N/A | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Google\Chrome\Application\debug.log | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\LMS-FS.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\msvcr80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\ADIso.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\msvcr100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\adshattrdefs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\esp_adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\msvcp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-namedpipe-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\HashCalc\is-TU4NG.tmp | C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp | N/A |
| File created | C:\Program Files (x86)\HashCalc\is-DHVUD.tmp | C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\rpcrt4.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\adfs_globals.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-math-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\HashCalc\is-TBDD7.tmp | C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\ADIsoDLL.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\trk_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-string-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\IsoBuster.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\jpn_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\ptb_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-convert-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-heap-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-time-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\chs_adshattrdefs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\nld_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\ProfUISad64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-handle-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-util-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\LGPL\libbfio\readme_lgpl.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-file-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-interlocked-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\HxD\is-QSIUS.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\cbfsconnect20.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\fra_adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\ita_adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Program Files (x86)\HashCalc\is-3NICC.tmp | C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\ptb_adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\HxD\HxD.exe | C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-profile-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\ucrtbase.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\HxD\is-G4K1P.tmp | C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp | N/A |
| File created | C:\Program Files (x86)\HashCalc\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\ad_globals.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\boost_thread-vc140-mt-1_59.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\icudt57.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-utility-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\adencrypt_gui.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\chs_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\nld_adencrypt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\boost_chrono-vc140-mt-1_59.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\libeay32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-datetime-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-core-file-l1-2-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\fra_adshattrdefs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\AccessData\FTK Imager\langs\kor_FTKI.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A31.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f89590a.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\StartMenu_E89932EF1F4845B58F97B52030E88CEA.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\Outlook\outlperf.h | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| File opened for modification | C:\Windows\inf\Outlook\outlperf.h | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f895909.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\NewShortcut4_B0DE7DF0970D443C9CCEB94A9DA01A19.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\StartMenu_E89932EF1F4845B58F97B52030E88CEA.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f89590c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\inf\Outlook\0009\outlperf.ini | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\NewShortcut4_B0DE7DF0970D443C9CCEB94A9DA01A19.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\f895909.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f89590a.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates physical storage devices
Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 809cf1c15166da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CNum_CpCache = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414852128" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ea6901cfc78d8d02b13a0b332d1dc9cab495eab3982fe30b66ce70090f6a0f6f000000000e80000000020000200000009fd78fa5c29549d95b3fc4233c60531fa3c16227748ecfb64f044171ffb4e30a40030000819de4dc6553422a858f6f5d66eeca9500cd53f546d07829d6cea6504b5d64bd17e97e8d2c22f75179cab927a3979b5e976455a4698cd0da98c8799d99f2e17b4a38a8b256e9d4f42c44de087696777a9f34e177d4c2e5f83a617bcd5b97cb8dd2c5c47b816de57cef3df1d1cbf081afc0fbbc65dce1c2fcf2311eb37a6a2e15a9a6d550dd9b816ad6bf5ee2bbaf29c28515e19fc4926a368c5966cfcd89a5127b908e1d53523ecc0d6e41c6cde09f1afe8fffd02df88c67a2f759297682e63ae1439fd13d3cce4c7fd9d1478741cb71f745db90c288a128ab721eb0668e70fd4c0a0b16b74bab68514f12147c4e1146065db7e9f7c5fabc5b4b01650b9e93634a88a2381728fcfa184c4219298a98863c6ffbbb6b2c0b5e6f2253d36486b2538b2711fe8a3e9b868261a5d1a7c37228558049280436cbf5c746cb79b01d4c6fc24a08cdb267bf61f70c967d55c4441e9f45feca098ca84d2289f5ebbc650bcc03190779163e325ec72e07b9d95082eed6e39c78bc86cf3375c23b5305dc61595de20761120fb130db86a86918dff9b4b7a595c3a4c999f56a58b6134653d7c28b422eb4c19c3294bd963d399ebf8cc46e28e6596eb6bc1a3da3a590e798a1a59b08af06d3322764d7f107932fa363952d2cca51bc537d858a285d5cfdaca8c40de5fa020a3f84b405242387defc55c6ed6dc67a80a70b2915a28258bb29145852a18a46d27ca605e7dbd656895a7978e44f20a411ff3bc0bc275edff17e8d5bc4013d1bf44b465a9682c6cd72a8927635f96e285d09e03150350c2f65e2f315bfd40e6cef4d13398033db2789bad5bff5449d8ca2578a00860d877235f8c4fdeb81bbb0293f9416fea63ad9aeae25a245233802bc1566628f2830d7de4ac12e5b3d31ff4f162946e0257b97389bd9e1a31644996ca5480cf7b1f82473257557e07bb59779730e85cc8f40e7fd4e357d681ef05ef27ace847fb907f4b6625c8b0ef4754e8bbe8aea8918fb09a1c8009e62a9c3a89b655079575f888b48112727fff5ac0c94bfa45cbe6655df20b2384c870a12616651bcd989f5329e071b3e184f0b139744d69ebd65ba24c160580984c0145694fd751cc93c1e4e389dfa60d2289b428ea73cd2fb17629913b34725911284a18e0b950fb1b65eeafe30ce0a7640000000c97d68c1e54a075ee0b4caeca6608a1c1d75a24441ed932340d71182f6a453d4695ea70e024c7dc69fa37af3ee14aad3925676cdf04f66f7773aba0d31280f49 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\AccessData\FTK Imager\FTK Imager.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000055206ad809547b8de131939f37dd34cbda0dfe9f465a41a2c4b1dd700983199c000000000e8000000002000020000000edef8762b1e080a09061b94efc42250785fe907288cba6dbde1baf281f21e5e020000000d2231ef9b964ab1628598179e785aa306349c5d2507a5f437c6ab0f6025814c14000000023ba4ff807297677c0828ea06447aa17dec284ca091e507b93e655333e85a9c40f1d74d405c99388d03b0758e3652e23d5f252af22ff8c7c3e6aee78c6935176 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpCache = e9fd0000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\SourceList\Media\1 = "DISK1;1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 6c003100000000005758f662100050524f464f527e310000540008000400efbe5758f6625758f6622a0000007adc0100000004000000000000000000000000000000500072006f0066006f0072006d00610020006600610074007500720061002000700064006600000018000000 | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\HxD\HxD.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\HxD\HxD.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\HxD\HxD.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell | C:\Program Files\HxD\HxD.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.adcf | C:\Program Files\AccessData\FTK Imager\FTK Imager.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\HxD\HxD.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings | C:\Program Files\HxD\HxD.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\PackageCode = "946F3CE78671D7449974A38ECD764B1A" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\SourceList\PackageName = "AccessData_FTK_Imager_(x64).msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\SnippingTool.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\AccessData\FTK Imager\FTK Imager.exe | N/A |
| N/A | N/A | C:\Program Files\HxD\HxD.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\HxD\HxD.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
outlook_win_path
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.mediafire.com%2ffile%2fn3pynq1ahyj3sp5%2fProforma%2bfatura%2bpdf.tgz%2ffile&umid=FF77B1C9-11F2-F806-B0B2-939DC61042D6&auth=63cded8e322153b72c43efd522ce71164e75829b-43e5315b7c99def4ba82db1e7773f265cbe0e71c
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"
C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
C:\Windows\SYSTEM32\WISPTIS.EXE
"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3248 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{53362C32-A296-4F2D-A2F8-FD984D08340B}
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Proforma fatura pdf.tgz"
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1992 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1976 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2284 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=2748 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2460 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3752 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2340 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2864 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2752 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=2284 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=2724 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3480 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=3972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=1916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=3776 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=4024 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=1320 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=4320 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=4228 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=4400 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=4296 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=4424 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=4408 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=5636 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=5608 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=5492 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=5380 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5860 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=6796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6684 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=4164 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=6816 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=5360 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=6732 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=4576 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=5424 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7660 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=5756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=5796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=5812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=4448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=4472 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=4344 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=6980 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=6912 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=6932 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=6992 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=5848 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=5508 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=7928 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=8584 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=8468 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=8300 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=6420 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=9612 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=9476 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=9448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=9432 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=9136 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=11040 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=10764 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=9364 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=9376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=10020 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=10448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=10604 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=10388 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=11160 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=8956 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=8996 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=9120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=2756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=4664 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=6800 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8092 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=4524 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=7240 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=8880 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=6476 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=4604 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=12484 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=7812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=10768 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=11092 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=6236 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --mojo-platform-channel-handle=5500 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8740 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\hashcalc\" -spe -an -ai#7zMap2464:78:7zEvent2865
C:\Users\Admin\Downloads\hashcalc\setup.exe
"C:\Users\Admin\Downloads\hashcalc\setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp" /SL4 $B0294 "C:\Users\Admin\Downloads\hashcalc\setup.exe" 256685 52224
C:\Program Files (x86)\HashCalc\HashCalc.exe
"C:\Program Files (x86)\HashCalc\HashCalc.exe" /install
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\HashCalc\README.TXT
C:\Program Files (x86)\HashCalc\HashCalc.exe
"C:\Program Files (x86)\HashCalc\HashCalc.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Proforma fatura pdf\" -spe -an -ai#7zMap31109:100:7zEvent22395
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --mojo-platform-channel-handle=904 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\" -spe -an -ai#7zMap4545:140:7zEvent7157
C:\Program Files (x86)\HashCalc\HashCalc.exe
"C:\Program Files (x86)\HashCalc\HashCalc.exe"
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8168 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=6956 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --mojo-platform-channel-handle=7384 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --mojo-platform-channel-handle=1040 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --mojo-platform-channel-handle=7540 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --mojo-platform-channel-handle=7352 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --mojo-platform-channel-handle=6156 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --mojo-platform-channel-handle=10232 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --mojo-platform-channel-handle=7404 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --mojo-platform-channel-handle=8940 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8924 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --mojo-platform-channel-handle=9944 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8912 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7352 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --mojo-platform-channel-handle=2780 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --mojo-platform-channel-handle=4052 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --mojo-platform-channel-handle=3760 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --mojo-platform-channel-handle=1960 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --mojo-platform-channel-handle=5840 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --mojo-platform-channel-handle=3772 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --mojo-platform-channel-handle=9596 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --mojo-platform-channel-handle=6308 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --mojo-platform-channel-handle=4184 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --mojo-platform-channel-handle=6100 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --mojo-platform-channel-handle=1028 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --mojo-platform-channel-handle=4120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --mojo-platform-channel-handle=5684 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --mojo-platform-channel-handle=7332 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --mojo-platform-channel-handle=3900 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --mojo-platform-channel-handle=4544 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --mojo-platform-channel-handle=7072 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=143 --mojo-platform-channel-handle=2060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --mojo-platform-channel-handle=9688 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --mojo-platform-channel-handle=1964 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --mojo-platform-channel-handle=3916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=147 --mojo-platform-channel-handle=3452 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --mojo-platform-channel-handle=6288 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=149 --mojo-platform-channel-handle=1084 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=150 --mojo-platform-channel-handle=7544 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --mojo-platform-channel-handle=2800 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --mojo-platform-channel-handle=4056 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --mojo-platform-channel-handle=4072 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --mojo-platform-channel-handle=9668 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=155 --mojo-platform-channel-handle=3840 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=156 --mojo-platform-channel-handle=9656 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --mojo-platform-channel-handle=3740 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2416 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9276 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --mojo-platform-channel-handle=8916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9964 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe
"C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe"
C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_4.7.1.exe
C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_4.7.1.exe /q"C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}" /IS_temp
C:\Windows\system32\MSIEXEC.EXE
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_(x64).msi" SETUPEXEDIR="C:\Users\Admin\Downloads" SETUPEXENAME="AccessData_FTK_Imager_4.7.1.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DC4DC103DFA8DC322E99A7CFF8C02624 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002A0" "0000000000000588"
C:\Program Files\AccessData\FTK Imager\FTK Imager.exe
"C:\Program Files\AccessData\FTK Imager\FTK Imager.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=165 --mojo-platform-channel-handle=4068 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=166 --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --mojo-platform-channel-handle=9636 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --mojo-platform-channel-handle=10220 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --mojo-platform-channel-handle=9904 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"
C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp" /SL5="$60302,2973524,121344,C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\HxD\readme.txt
C:\Program Files\HxD\HxD.exe
"C:\Program Files\HxD\HxD.exe"
C:\Program Files\HxD\HxD.exe
"C:\Program Files\HxD\HxD.exe" /chooselang
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9676 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8944 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"
C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
C:\Windows\SYSTEM32\WISPTIS.EXE
"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8920 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8
C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe
"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe"
C:\Program Files\HxD\HxD.exe
"C:\Program Files\HxD\HxD.exe"
C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe
"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe"
C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
C:\Windows\SYSTEM32\WISPTIS.EXE
"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2256 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3524 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2860 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3764 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | config.messenger.msn.com | udp |
| US | 64.4.26.155:80 | config.messenger.msn.com | tcp |
| US | 8.8.8.8:53 | ddei5-0-ctp.trendmicro.com | udp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2295.mediafire.com | udp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 199.91.155.36:443 | download2295.mediafire.com | tcp |
| US | 8.8.8.8:53 | ddei5-0-ctp.trendmicro.com | udp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 44.237.38.223:443 | ddei5-0-ctp.trendmicro.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| GB | 216.58.213.3:80 | www.gstatic.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | hashcalc.en.softonic.com | udp |
| US | 35.227.233.104:443 | hashcalc.en.softonic.com | tcp |
| US | 35.227.233.104:443 | hashcalc.en.softonic.com | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| IT | 99.86.159.15:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| IT | 99.86.159.15:443 | sdk.privacy-center.org | tcp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| IT | 108.138.190.144:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 35.227.233.104:443 | softonic.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.178.27:443 | storage.googleapis.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | tcp |
| IT | 99.86.159.15:443 | sdk.privacy-center.org | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| IT | 108.139.243.64:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| IT | 13.226.175.20:443 | api.privacy-center.org | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| IT | 13.226.175.20:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 54.194.115.74:443 | ap.lijit.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| IT | 108.157.179.185:443 | aax.amazon-adsystem.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 216.58.204.65:443 | 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com | tcp |
| IE | 54.73.193.1:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 216.58.204.78:443 | ampcid.google.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| IT | 13.226.175.20:443 | api.privacy-center.org | udp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 35.227.233.104:443 | en.softonic.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 54.194.152.196:443 | rtb.gumgum.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| GB | 2.17.4.21:443 | contextual.media.net | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 8.8.8.8:53 | medianet-match.dotomi.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| IT | 13.226.175.26:443 | api-2-0.spot.im | tcp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| IE | 34.248.80.148:443 | jadserve.postrelease.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| US | 3.218.186.210:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| IE | 34.248.80.148:443 | jadserve.postrelease.com | tcp |
| US | 3.218.186.210:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IT | 13.226.175.26:443 | api-2-0.spot.im | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 23.44.232.24:443 | c21lg-d.media.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 23.44.232.24:443 | c21lg-d.media.net | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| GB | 23.44.232.24:443 | c21lg-d.media.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 23.44.232.24:443 | c21lg-d.media.net | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | pixel-us-east.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | data.adsrvr.org | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | ads.avads.net | udp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| BE | 35.205.207.25:443 | ads.avads.net | tcp |
| IE | 99.80.159.252:443 | a.audrte.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IE | 52.213.48.86:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| IE | 52.211.215.251:443 | sync.crwdcntrl.net | tcp |
| GB | 2.17.4.21:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| GB | 172.217.169.38:443 | s0.2mdn.net | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 18.213.128.33:443 | aorta.clickagy.com | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| IT | 108.138.190.144:443 | www.datadoghq-browser-agent.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.194.115.74:443 | ap.lijit.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| IE | 54.73.193.1:443 | ad.360yield.com | tcp |
| IT | 108.138.190.144:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | udp |
| IT | 108.157.179.185:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | c5826862c7d2ea4c72424f25d4217c5d.safeframe.googlesyndication.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 216.58.204.65:443 | c5826862c7d2ea4c72424f25d4217c5d.safeframe.googlesyndication.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 35.227.233.104:443 | en.softonic.com | udp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.194.152.196:443 | rtb.gumgum.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.213.48.86:443 | pr-bh.ybp.yahoo.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 52.71.54.29:443 | sync.ipredictive.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 52.71.54.29:443 | sync.ipredictive.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| JP | 124.146.153.164:443 | tg.socdm.com | tcp |
| US | 64.74.236.127:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.127:443 | b1sync.zemanta.com | tcp |
| JP | 124.146.153.164:443 | tg.socdm.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | track.adform.net | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| DK | 37.157.4.29:443 | track.adform.net | tcp |
| US | 8.8.8.8:53 | u.ipw.metadsp.co.uk | udp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| NL | 35.214.166.72:443 | u.ipw.metadsp.co.uk | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| NL | 35.214.166.72:443 | u.ipw.metadsp.co.uk | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sonata-notifications.taptapnetworks.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| DE | 18.195.132.36:443 | sonata-notifications.taptapnetworks.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| IE | 34.248.80.148:443 | jadserve.postrelease.com | tcp |
| US | 3.218.186.210:443 | cs-server-s2s.yellowblue.io | tcp |
| IT | 13.226.175.26:443 | api-2-0.spot.im | tcp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.360yield.com | udp |
| IE | 54.77.71.210:443 | match.360yield.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| FR | 141.94.170.64:443 | pixel.onaudience.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| IE | 52.215.83.151:443 | pm.w55c.net | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 23.44.232.24:443 | cs.media.net | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 23.44.232.24:443 | cs.media.net | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| SE | 213.155.156.182:443 | d5p.de17a.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| FR | 141.94.242.204:443 | green.erne.co | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| NL | 173.231.181.122:443 | cm.adgrx.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| SE | 213.155.156.182:443 | d5p.de17a.com | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| SE | 213.155.156.182:443 | d5p.de17a.com | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| GB | 104.84.84.34:443 | images.sftcdn.net | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| IT | 108.138.190.144:443 | www.datadoghq-browser-agent.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| IE | 54.194.115.74:443 | ap.lijit.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| IE | 54.73.193.1:443 | ad.360yield.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | f053e1757edd3825151d1ca3f7eb599f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.playwire.com | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| GB | 216.58.204.65:443 | f053e1757edd3825151d1ca3f7eb599f.safeframe.googlesyndication.com | tcp |
| IT | 18.66.196.16:443 | cdn.playwire.com | tcp |
| IT | 13.226.175.99:443 | js.adscale.de | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| IT | 108.157.179.185:443 | aax.amazon-adsystem.com | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| GB | 23.48.165.134:443 | articles-img.sftcdn.net | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 52.57.189.237:443 | ih.adscale.de | tcp |
| DE | 157.90.33.72:443 | push-sdk.com | tcp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.intergient.com | udp |
| IT | 18.66.218.86:443 | cdn.intergient.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| GB | 96.16.109.251:443 | px.moatads.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | config.playwire.com | udp |
| IT | 108.139.243.20:443 | config.playwire.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.73.163.254:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.video.playwire.com | udp |
| IT | 18.66.218.93:443 | cdn.video.playwire.com | tcp |
| IT | 108.139.243.20:443 | config.playwire.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.180.10:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | gsf-fl.softonic.com | udp |
| US | 199.232.194.133:443 | gsf-fl.softonic.com | tcp |
| GB | 142.250.180.10:443 | imasdk.googleapis.com | udp |
| GB | 172.217.169.38:443 | s0.2mdn.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| IE | 54.194.115.74:443 | ap.lijit.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 89.149.192.76:443 | ssbsync.smartadserver.com | tcp |
| DK | 37.157.4.29:443 | track.adform.net | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| IE | 34.254.42.124:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 172.217.194.120:443 | csi.gstatic.com | udp |
| FR | 185.60.219.35:443 | www.facebook.com | tcp |
| FR | 185.60.219.35:443 | www.facebook.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| FR | 185.60.219.35:443 | www.facebook.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 34.248.80.148:443 | jadserve.postrelease.com | tcp |
| US | 3.218.186.210:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IT | 13.226.175.26:443 | api-2-0.spot.im | tcp |
| IE | 34.251.175.98:443 | match.prod.bidr.io | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| NL | 35.214.145.58:443 | csync.loopme.me | tcp |
| US | 52.72.28.150:443 | sync.srv.stackadapt.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| US | 18.213.128.33:443 | aorta.clickagy.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| IE | 52.215.83.151:443 | pm.w55c.net | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 23.44.232.24:443 | cs.media.net | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| US | 172.64.151.101:443 | dsum.casalemedia.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 23.44.232.24:443 | cs.media.net | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | rr3---sn-1gi7znek.googlevideo.com | udp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| CH | 74.125.108.200:443 | rr3---sn-1gi7znek.googlevideo.com | tcp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| IT | 18.66.196.16:443 | cdn.playwire.com | tcp |
| IT | 108.139.243.20:443 | config.playwire.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| IT | 18.66.218.93:443 | cdn.video.playwire.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 142.250.180.10:443 | imasdk.googleapis.com | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| GB | 18.154.77.98:443 | aax.amazon-adsystem.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| IE | 52.214.40.59:443 | ap.lijit.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| IE | 34.251.149.17:443 | ad.360yield.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.204.66:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | rr5---sn-1gi7znes.googlevideo.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| CH | 173.194.160.74:443 | rr5---sn-1gi7znes.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | udp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| DE | 195.201.193.117:443 | shb.richaudience.com | tcp |
| DE | 195.201.193.117:443 | shb.richaudience.com | tcp |
| NL | 18.239.81.214:443 | aax.amazon-adsystem.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| IE | 52.30.227.228:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 52.213.215.127:443 | ad.360yield.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.121:443 | push-sdk.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| SG | 172.217.194.120:443 | csi.gstatic.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| SG | 172.217.194.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | accessdata-ftk-imager.software.informer.com | udp |
| US | 100.25.93.238:443 | accessdata-ftk-imager.software.informer.com | tcp |
| US | 100.25.93.238:443 | accessdata-ftk-imager.software.informer.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| NL | 74.125.143.84:443 | accounts.google.com | udp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 172.217.16.238:443 | www.adsensecustomsearchads.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| GB | 172.217.169.38:443 | s0.2mdn.net | udp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| GB | 172.217.169.38:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | m.exactag.com | udp |
| GB | 142.250.187.194:443 | googleads4.g.doubleclick.net | tcp |
| DE | 213.202.235.10:443 | m.exactag.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | files.informer.com | udp |
| US | 208.88.224.211:443 | files.informer.com | tcp |
| US | 8.8.8.8:53 | ad-exe.s3.amazonaws.com | udp |
| US | 54.231.159.17:443 | ad-exe.s3.amazonaws.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 100.25.93.238:443 | software.informer.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.exterro.com | udp |
| US | 104.22.29.228:443 | www.exterro.com | tcp |
| US | 104.22.29.228:443 | www.exterro.com | tcp |
| US | 8.8.8.8:53 | tribl.io | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | tag.simpli.fi | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | fw-cdn.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| IT | 108.139.243.113:443 | static.hotjar.com | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| GB | 88.221.135.104:443 | snap.licdn.com | tcp |
| US | 104.16.136.15:443 | ws.zoominfo.com | tcp |
| IT | 13.226.175.31:443 | fw-cdn.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| IT | 108.156.2.69:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | cdn.seersco.com | udp |
| IT | 108.156.2.123:443 | cdn.seersco.com | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| US | 8.8.8.8:53 | exterro1-8e1610c834f6cc316989291.freshchat.com | udp |
| US | 104.22.29.228:443 | www.exterro.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| IT | 3.160.212.6:443 | widget.intercom.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 8.8.8.8:53 | js.intercomcdn.com | udp |
| IT | 108.138.189.102:443 | js.intercomcdn.com | tcp |
| IT | 108.138.189.102:443 | js.intercomcdn.com | tcp |
| US | 8.8.8.8:53 | wchat.freshchat.com | udp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| US | 8.8.8.8:53 | assetscdn-wchat.freshchat.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| IT | 18.66.218.121:443 | assetscdn-wchat.freshchat.com | tcp |
| IT | 18.66.218.121:443 | assetscdn-wchat.freshchat.com | tcp |
| IT | 18.66.218.121:443 | assetscdn-wchat.freshchat.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 3.222.169.126:443 | api-iam.intercom.io | tcp |
| US | 8.8.8.8:53 | s.ytimg.com | udp |
| US | 8.8.8.8:53 | go.exterro.com | udp |
| GB | 142.250.200.14:443 | s.ytimg.com | tcp |
| US | 52.54.96.194:443 | go.exterro.com | tcp |
| US | 8.8.8.8:53 | rts-static-prod.freshworksapi.com | udp |
| IT | 3.160.212.90:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 8.8.8.8:53 | storage.pardot.com | udp |
| IT | 13.226.175.119:443 | storage.pardot.com | tcp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| US | 8.8.8.8:53 | exterro.webpush.freshchat.com | udp |
| IT | 18.66.218.20:443 | exterro.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | udp |
| US | 16.182.74.217:443 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 104.22.29.228:443 | www.exterro.com | tcp |
| US | 3.222.169.126:443 | api-iam.intercom.io | tcp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 8.8.8.8:53 | fast.wistia.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| IT | 3.160.212.6:443 | widget.intercom.io | udp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 3.222.169.126:443 | api-iam.intercom.io | tcp |
| IT | 3.160.212.90:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| IT | 18.66.218.20:443 | exterro.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | edge-admin.us-east-1.freshedge.net | udp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | tcp |
| US | 44.195.157.51:443 | edge-admin.us-east-1.freshedge.net | tcp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | udp |
| NL | 74.125.143.84:443 | accounts.google.com | udp |
| NL | 74.125.143.84:443 | accounts.google.com | tcp |
| US | 52.54.96.194:443 | go.exterro.com | tcp |
| US | 52.54.96.194:443 | go.exterro.com | tcp |
| US | 8.8.8.8:53 | go.pardot.com | udp |
| US | 3.215.172.219:443 | go.pardot.com | tcp |
| US | 3.215.172.219:443 | go.pardot.com | tcp |
| IT | 13.226.175.119:443 | storage.pardot.com | tcp |
| US | 52.54.96.194:443 | go.pardot.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 52.54.96.194:443 | go.pardot.com | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | pi.pardot.com | udp |
| US | 3.92.120.28:443 | pi.pardot.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4---sn-1gi7znek.gvt1.com | udp |
| CH | 74.125.108.201:443 | r4---sn-1gi7znek.gvt1.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 104.22.29.228:443 | www.exterro.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| US | 3.222.169.126:443 | api-iam.intercom.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IT | 3.160.212.90:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| IT | 18.66.218.20:443 | exterro.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | ftk-imager.software.informer.com | udp |
| US | 100.25.93.238:443 | ftk-imager.software.informer.com | tcp |
| US | 100.25.93.238:443 | ftk-imager.software.informer.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| GB | 104.78.177.107:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 104.78.177.107:443 | sync.teads.tv | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| GB | 184.87.191.178:443 | servedby.flashtalking.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ad.atdmt.com | udp |
| GB | 172.217.169.38:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ajs-assets.ftstatic.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| IT | 3.160.212.100:443 | ajs-assets.ftstatic.com | tcp |
| US | 8.8.8.8:53 | agen-assets.ftstatic.com | udp |
| IT | 108.156.2.54:443 | agen-assets.ftstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| GB | 92.123.240.41:443 | cdn.flashtalking.com | tcp |
| GB | 92.123.240.41:443 | cdn.flashtalking.com | tcp |
| GB | 92.123.240.41:443 | cdn.flashtalking.com | tcp |
| IT | 18.66.218.84:443 | js.ad-score.com | tcp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| GB | 3.10.137.174:443 | ad-events.flashtalking.com | tcp |
| US | 8.8.8.8:53 | data.ad-score.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.flashtalking.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 92.123.240.41:443 | secure.flashtalking.com | tcp |
| NL | 74.125.143.84:443 | accounts.google.com | udp |
| US | 100.25.93.238:443 | ftk-imager.software.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 100.25.93.238:443 | ftk-imager.software.informer.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | js-staging.ad-score.com | udp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| GB | 3.10.137.174:443 | ad-events.flashtalking.com | tcp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| US | 44.195.157.51:443 | edge-admin.us-east-1.freshedge.net | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| NL | 74.125.143.84:443 | accounts.google.com | udp |
| US | 100.25.93.238:443 | ftk-imager.software.informer.com | tcp |
| BE | 23.55.96.51:443 | stat.flashtalking.com | tcp |
| US | 35.239.117.218:443 | js-staging.ad-score.com | tcp |
| US | 208.88.224.98:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| US | 8.8.8.8:53 | e2c50.gcp.gvt2.com | udp |
| US | 35.212.16.125:443 | e2c50.gcp.gvt2.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | www.exterro.com | udp |
| US | 172.67.30.176:443 | www.exterro.com | tcp |
| US | 8.8.8.8:53 | tribl.io | udp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IT | 108.139.243.113:443 | static.hotjar.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 8.8.8.8:53 | fast.wistia.com | udp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | wchat.freshchat.com | udp |
| US | 8.8.8.8:53 | exterro1-8e1610c834f6cc316989291.freshchat.com | udp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 34.197.142.160:443 | api-iam.intercom.io | tcp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 8.8.8.8:53 | rts-static-prod.freshworksapi.com | udp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| IT | 3.160.212.60:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| US | 8.8.8.8:53 | exterro.webpush.freshchat.com | udp |
| IT | 18.66.218.110:443 | exterro.webpush.freshchat.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 172.67.30.176:443 | www.exterro.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | edge-admin.us-east-1.freshedge.net | udp |
| US | 44.195.157.51:443 | edge-admin.us-east-1.freshedge.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| US | 172.67.30.176:443 | www.exterro.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | fw-cdn.com | udp |
| IT | 13.226.175.102:443 | fw-cdn.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| IT | 13.226.175.102:443 | fw-cdn.com | tcp |
| US | 54.172.247.4:443 | wchat.freshchat.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| US | 34.197.142.160:443 | api-iam.intercom.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IT | 3.160.212.60:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| IT | 18.66.218.110:443 | exterro.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | go.exterro.com | udp |
| US | 8.8.8.8:53 | storage.pardot.com | udp |
| US | 3.92.120.28:443 | go.exterro.com | tcp |
| US | 3.92.120.28:443 | go.exterro.com | tcp |
| IT | 13.226.175.119:443 | storage.pardot.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| NL | 95.101.78.218:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | pi.pardot.com | udp |
| US | 3.92.120.28:443 | pi.pardot.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | tribl.io | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 44.195.157.51:443 | edge-admin.us-east-1.freshedge.net | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 3.92.120.28:443 | pi.pardot.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| NL | 95.101.78.218:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| US | 3.92.120.28:443 | pi.pardot.com | tcp |
| US | 8.8.8.8:53 | d1kpmuwb7gvu1i.cloudfront.net | udp |
| IT | 108.138.187.168:443 | d1kpmuwb7gvu1i.cloudfront.net | tcp |
| IT | 108.138.187.168:443 | d1kpmuwb7gvu1i.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.exterro.com | udp |
| US | 172.67.30.176:443 | www.exterro.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.16.136.15:443 | ws.zoominfo.com | udp |
| IT | 108.139.243.113:443 | static.hotjar.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | widget.intercom.io | udp |
| US | 8.8.8.8:53 | wchat.freshchat.com | udp |
| US | 8.8.8.8:53 | exterro1-8e1610c834f6cc316989291.freshchat.com | udp |
| IT | 3.160.212.74:443 | widget.intercom.io | udp |
| US | 34.192.153.236:443 | wchat.freshchat.com | tcp |
| US | 76.223.64.65:443 | exterro1-8e1610c834f6cc316989291.freshchat.com | tcp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| US | 8.8.8.8:53 | api-iam.intercom.io | udp |
| US | 44.209.54.83:443 | api-iam.intercom.io | tcp |
| US | 8.8.8.8:53 | rts-static-prod.freshworksapi.com | udp |
| IT | 3.160.212.60:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 8.8.8.8:53 | nexus-websocket-a.intercom.io | udp |
| US | 35.174.127.31:443 | nexus-websocket-a.intercom.io | tcp |
| US | 8.8.8.8:53 | exterro.webpush.freshchat.com | udp |
| IT | 18.66.218.110:443 | exterro.webpush.freshchat.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| IE | 46.137.132.32:443 | tribl.io | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | edge-admin.us-east-1.freshedge.net | udp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | udp |
| US | 54.243.212.153:443 | edge-admin.us-east-1.freshedge.net | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.16.137.15:443 | ws.zoominfo.com | udp |
| US | 104.16.137.15:443 | ws.zoominfo.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | mh-nexus.de | udp |
| DE | 89.107.188.153:443 | mh-nexus.de | tcp |
| DE | 89.107.188.153:443 | mh-nexus.de | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| GB | 216.58.213.3:80 | www.gstatic.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | accdn.lpsnmedia.net | udp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 23.48.165.148:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | lpcdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | lptag.liveperson.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | publisher.liveperson.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 151.101.1.192:443 | publisher.liveperson.net | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| IT | 108.157.194.44:443 | cdnssl.clicktale.net | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 23.48.165.149:443 | analytics.tiktok.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| DE | 89.107.188.153:443 | mh-nexus.de | tcp |
| US | 20.42.65.85:443 | browser.events.data.microsoft.com | tcp |
| DE | 89.107.188.153:443 | mh-nexus.de | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 142.250.113.94:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| DE | 89.107.188.153:443 | mh-nexus.de | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c64.gcp.gvt2.com | udp |
| US | 34.162.18.59:443 | e2c64.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
Files
memory/832-0-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/832-1-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
| MD5 | 7018b94647cfa7568c606442ef65f0b1 |
| SHA1 | 38cdeca7956767c69997f11ffe583697da55cdd8 |
| SHA256 | 52344bbe879c6870954dd51613c107862534e573eb756531f564ac6a696e3c4a |
| SHA512 | 9ca4f57a08f17cc1e4e0137c33475516ef7378dab76a0955ef0b846597759d89c8f9fc27aaf138c9e22f30acb35629d2cc0dc84824d01e331b98763dc677517e |
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
| MD5 | 48dd6cae43ce26b992c35799fcd76898 |
| SHA1 | 8e600544df0250da7d634599ce6ee50da11c0355 |
| SHA256 | 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a |
| SHA512 | c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31 |
memory/832-164-0x0000000069141000-0x0000000069142000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{074847D5-1762-4AA6-AFC7-7DAD2A2E6E81}.html
| MD5 | adf3db405fe75820ba7ddc92dc3c54fb |
| SHA1 | af664360e136fd5af829fd7f297eb493a2928d60 |
| SHA256 | 4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476 |
| SHA512 | 69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72 |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\Cab730E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar73ED.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3176c9acab3ddde45de0d07a7c0aec6 |
| SHA1 | 337b34656d642eb0c82051ecd9923b7757ece7b8 |
| SHA256 | 3a563214b6ca1bb0c95d50a6ed9602646a56f1093e5b2d42611370c45cd1a20b |
| SHA512 | a42afcb6a9adf97f33d25e4d624f78a1571a58045cdcbbf18e9163843af239c7fc1e96c3cf02b3174ce5950f5631c605a15d39e8d2d766426c348b52a345e531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c32559871a410cf8e56f56cdc9b4cfe6 |
| SHA1 | a16019582aa761bd7ceb9cf7ba98e938e8183732 |
| SHA256 | 80ce261b5023d4b4aa270c538894313c07896aa1e762b4551dfb80efdca1cb5e |
| SHA512 | 3002aa0ede5cbda4811a879bf934a2f3ac42c8d7fe99d915fcc358d425784faae8113480ad5e770bdd2afab8fd9bb1b29de377f77958ed0fb0eba5eff792bd5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c273c2fdb1df2ec1172fbaf04c23b458 |
| SHA1 | 4977991fa516ee8c499377e9d1f2ae02290f9d87 |
| SHA256 | 8b072a582225da807afcaa50a19da4a188554e8d87eae0f7e9bd3e8168648734 |
| SHA512 | b315aa6a678447a3ee3792f9d1cf52b9552cbe7f66485d2025b209f8569bb55462b0ca233ff45a64b0d54519e8ea66c8f9f71d509047253890f91e2bc7d19995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df22db4febdaf624d1efd6adbe484ab2 |
| SHA1 | bbd2eac35ddc078e386a99d8d98483da371340fc |
| SHA256 | 06e4504c6ee1bcfdf63e6bddf6b6e0a49784dda52ef4cf0301dc4714d7407aca |
| SHA512 | e81f3aa6d703ee6ee77a1346e4de01ddbb09b7ec01d0ba0ef60343503a712d2d672a11d88dd921af42ee35420d8709c405a287ba770697f1855817a8249a985a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c63bac47c3d642cb6b76ab812fcb9b55 |
| SHA1 | fa187256767d86d5e66f83b6bd690c8ce10dfc07 |
| SHA256 | 9acab734126930a82cb87ac6f8b6e787d7862c9c4fdb94c69af2b8afe521ffb9 |
| SHA512 | e37841373d1bc7d3b074fbf58a70a9326d302ab393b858c61da598fc20a436e5c9c2a2c10797af104607f47a52a171c7f7801b303c10985d66716ecdfd177825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdb9631f2f162e1c5a8d06123799148b |
| SHA1 | ee11ce51e0a272dffb4b878a0c6d644074631a76 |
| SHA256 | 0e76d77010724c509da2ca512733157a6c7e0177cb337e0ba91fade2e11762ac |
| SHA512 | 45030566bc904f5d7b1ca689f55d1f265206e2227db79bab744eb785b4d235f993b25c1d58e326714ca1acb50a28f95ab9de34adbffed6a7e4d09c235cdcb8e4 |
memory/832-408-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec34539f6945c315b5ef398d1a071c9d |
| SHA1 | e913b5e6f5725626c9722bb3eb22a59413d1872b |
| SHA256 | 6e1a41fa39fe36157aec0e0461b4303c076b6dabfd4c1c8bd7173d0bf5b19306 |
| SHA512 | 869617b28ee9a0a6effe496c2f828cd08c7cfc73c66823773521e0116496a281bd733a00ef68fdc64fe5de42ac827b05c546a9460f6518244c2a3ad7cd0a18da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e75e79a641fd88b45f9db777c2b210 |
| SHA1 | 4a0b3e36eab30ab9201a7de7f88024b2a7842f2b |
| SHA256 | 89f479f8b0d29c44f8f026abb7ef0157149922cd9822a428cea0bf3fff821f13 |
| SHA512 | 7bd37e0f47e55def4768cbe919ddf0c910600fb1c20f0df45b09ca87f6123c9f94095b7ec11bbe98d93fdc6bb591329dc0fa998a7db7332de4a7738e276bbc6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84ffd7412dfac92975bc8fe24977e687 |
| SHA1 | 7b4a9c3d893c24ce02c17689f06fdd5334f7ded9 |
| SHA256 | abe57bc893fdd1c58b2a7bc4890368c17d518277720f235165f5634839297e8f |
| SHA512 | 1f3ba12e764c9956a4d86564b161c271b0ffc2e7da5ef5017060db6acb7ed66872d114076471a10048dfdce9ceb88acd33db785e787f291f2111f6022d39bafc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72969103c602dd1256e558993975d9f4 |
| SHA1 | 017b3cae571c522bc3aa15bff3d82a0247bb9480 |
| SHA256 | 76aeec0cf9317041ed190dfd521e416625dcb8e48d30a8905c2520fc17732d30 |
| SHA512 | cc559abfd26aea4b52a6c91aa23d8531db4813677e8ea8b6592939f4759db6fb22e5d97d5da83c0e008e51c32e958cb3e338dd82ca2ca4bbb0e849048e575892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42f640d48a621403b6511b28a3623841 |
| SHA1 | f517bb8536808cf6ffeed4b65902a083d9b8af7f |
| SHA256 | 3cfdd37cdce7b6a8bae06a5b20fe0b168d15271335c023246c0ec9ff9f9b607a |
| SHA512 | fe880071e18c8e5c932629f3d3f059e049a06f2b332ddf82ee1c98060509f10146d7de1ef8e16c77a6e482632b1d1c93de780144133eed94478092407b2671e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a50d9cf700f8507a63cf2980d69e2dd |
| SHA1 | 7734c97a50ec92f839f3ab7fe5ed6752ef8cf7ae |
| SHA256 | e6a23532fbf7cc1ff86c46bf506fde0c3fb754463741a517830b82cc7ae64f5e |
| SHA512 | ae5083f65f0ddbcc45cfefa246dcf9aa81e3d5e96f2f372abf271bf19eca9520544e70a8749025b57844d148545c3d11a0608b7d16fcce0d3e56d2ff40d78ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4135ece227593446925b1c86566c615 |
| SHA1 | 2bd5826b978f37d151930f9903767b55facf989e |
| SHA256 | 15f0ea67227f12c25e00cfa39ed52575226de7c25b8f77ee82ea573184721b60 |
| SHA512 | 018066f8545585a750c03c5ecd46f9bc9785efd7861e30afe47b9e0220cf8d4e82e4c325e06b4577b7ccf9ecface2974c8b88d66d8447c345f2716f494a71c91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 029f8cca848122e7f750b82c38daf9f0 |
| SHA1 | 925adea6e21754586a1b65da7bbcd5078dba6ace |
| SHA256 | c653ca81b81c728f4d683b5f9ae86f5fd7dc8a82b3b36487eb02fd318131c0d1 |
| SHA512 | cd5f5d9392253c4e5de42c4c53a5f59f5aa35d0edb2aef4c3f66c0bd0dd2c1b625c32da191bb34a2904c930ec657d622e0928adf71c3ab29ba39a797d82a5053 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85a0a36eb430993aff8c989410cba8ea |
| SHA1 | 90d8b482acd6625bc41e67e22bec8ca159343e0e |
| SHA256 | 338e882ac7c9cd5ac91c20af89638c9992d7c8aedff8d533ae34a7491bcd89b1 |
| SHA512 | 0e7bd1f3e2262be4fa6cf0db6cd4cf6bd68a79b55e0368d83b7988c1b4dc10f2e95485c4f4a665579edea323cbbf37eea34b245c0ee80859973ab2d5ec168346 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8cadb4ebf406e6b9172742070dee49 |
| SHA1 | 4f6112a8faa413de5c19aa6cd1bed9176d6dbc2d |
| SHA256 | 5285b714a7b20fe30bb401477a4598502562e64f4b59d3d1f27ca46c8d118e3f |
| SHA512 | c21bd91dab7088f6464ca8a4fd68d74c0a8b5001c941b77bb3ca217243422adb6ead8c97aa252145e3652589982a4a29ce0f7fad669c484d3c826af4b1d558f5 |
memory/832-921-0x000000000AEB0000-0x000000000AF84000-memory.dmp
memory/1848-922-0x000000002F2A1000-0x000000002F2A2000-memory.dmp
memory/1848-924-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
| MD5 | aa8e12c4044f0487c366c6d55a9f22ce |
| SHA1 | e08a46168aa55ed5ed41360cbcc0581101a214cf |
| SHA256 | 9ea968f0b6b893350f6cdf031a00f3781e0ee3208ad53ffd51d7eda9d0385909 |
| SHA512 | 83d3ea9727c4655edc4e9682416fdec672b898e1456a22377d38e3dbde800af155404edcbeee8718fe19e81e0701780d528a54d553062d7c34eace91d43b4c97 |
memory/2340-939-0x0000000001EC0000-0x0000000001EC1000-memory.dmp
memory/1032-940-0x00000000022B0000-0x00000000022B1000-memory.dmp
\??\pipe\crashpad_2120_IMMQMWSZAAVSZAGH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
memory/1848-981-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6ee8d029-5783-4e40-8a5a-2f03572a4b04.tmp
| MD5 | 508375f73bb15e11bc65542fe201533b |
| SHA1 | 461a3efe15db2df76cd68217e8e911076a263e97 |
| SHA256 | c1db90144b4000eb242b016b96e224815c5d3176dc39a55758ccc6a689bdd57c |
| SHA512 | d5e1c03c160abcb27ef202b6408601a35b7c529e13b6124a06ca0b89764251e08fcec8dc0310dbe58ff8466576c1d0b448a37303646cb1844aa99e2f61d46b65 |
memory/1032-1076-0x00000000022B0000-0x00000000022B1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4d639dce120d7566dce49fcce46c883 |
| SHA1 | 25c474784476943dbef22fa8dd276f61f11a5a05 |
| SHA256 | 764da1abd589ea3413f27feb584317677b6a6699cd93bcfcba528889873401e6 |
| SHA512 | 9a71d4219fb3ee035d89803fc61b0f16d492fbff1a5f44ea0d3b5b920fe1de2a240808dd433c0a860848e6198006f10ae5069212a20d09f3eaafa933ca6d5fb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9d2b6871c8711c87a1d63bbc0b42721 |
| SHA1 | 9521264667401712f1261ed30bef855bc04f0133 |
| SHA256 | 8e65bfd0d901203d818dac340c397ea5ab75e5cb9450f6111366dcc2dfecf1d1 |
| SHA512 | 5aed9b69a5863a07b277f241ffd3058163864335aa9efb401e732dd83dc6ca25bad1cd6cbb4ca800e5d57afd281ea02f9232ba01f1fca8b8439d40384044e663 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bb70f69244eadfb1e530791bfb778ae |
| SHA1 | aba8a8265dbd5a97cc215f013b61027b363a6426 |
| SHA256 | 5bd790b292358760d6ca82e0f7445843490e90372cd8563b1a8b32cb092bc877 |
| SHA512 | af9523ad822c399a8496358e025b529673b0eb3f4b03541005583cd924b6e28c89df97f2d9a478bc1e0c1f1ba7a878e26fd28913b5f2088859d8dd375b0f10e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77788f0eaf3b83d5be911b9298c345b |
| SHA1 | 37897772026ffd9378192a6b063ed64459aa6e84 |
| SHA256 | a6ef0d82bbb81957c959ac363d7648aa46f03ec99b20a1b9a4ee5804466b3295 |
| SHA512 | a614faec1752e94d363cc6ecce5bb2a07843fbd49043a3d84df3908885f989159a90f8784f1f190c09408f9027538956bafe4703a89ef16a4728c796cf0e337f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe9a71fb9b254444fe2c79aead59ca55 |
| SHA1 | 6d927895d538ba898e29111d4aa4e10ea4f52e1b |
| SHA256 | 0d2e8a5ac6eb53b6dfcbcda19ba11a3dab8594b1b26f6065d6b7b75ba68d03b7 |
| SHA512 | 12b21cbe7fa1d1f4dd756efcb72b1a66cfa7ce535202b1fbcd37790aa81d63d6a9faf0661cb63d58e0248c53e209dd32c7daeec75aff009c1a2d3482199d759a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1e21c04b7989ef00185da4508aabf7 |
| SHA1 | 2bbf1aae72bc082894db4ff37067540873601f74 |
| SHA256 | c2d5a0f476dde198a2e50c14489d4c7f86c933f8224df378e2f8be6159048476 |
| SHA512 | 9fcc5001325bfdd75fdbef83ebc0ca8358932deac318561ba9bd2ec9ce54e541cccbd6f55e68644b02babb10ab633d34a9603f3313967769109db758b203f0a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdb1268b112d54b91c22d030df8e28f5 |
| SHA1 | ad2fd6792a4aeda5d3ee6481b3245a18e84778f4 |
| SHA256 | 4bb2575144cdc0346dd2564a84937163c6424ad21cfc00ae78fa193c46f99911 |
| SHA512 | 238f9c7b5ae7ace822e57c796797fd0ee7ec9d222462027a4518dfd023068da8e4511700f5fdcf26315e88db80eabeae20c13ae25896fd8a7843c8ec2a5f36a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379a24c63d2f6d549a025ae0988f97c9 |
| SHA1 | df808ebfa0aa8fcf4d547eead40d40db8f685a1a |
| SHA256 | 9c93258a89dfe67bb2f1796a92494761e43abd9bd8f4a3a0920692759c2aeada |
| SHA512 | 6decfd49ee61b1b2ac25ef2308b7c99cf7243b34963e4b187d41152d16376a862c29017d06ff8f65bbd07de40fdfbbcd825495bedde93c250b5932ad678303c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 376d3b52bca76f0f4bbb23fc3b4749f8 |
| SHA1 | 241c89f1859cdd1fef0d9b20f5ed3067044d7780 |
| SHA256 | 7e8e6a8ca92a90e858532e30817173457ac690d26af8375b37769a3c2a5aa5fe |
| SHA512 | 5f248738fa58fb3e6926aec1a8c7a03f9a194e4618d55063a60a6414646129b9d841fa9aa632d1e8ba822bc5d30c41786c2ce6db49ca6ffd297ca0fc1af40fe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d964e44d5aa900d37a65f8276c0724 |
| SHA1 | e6ae96a4a38a289a069c515db88d220de130c72b |
| SHA256 | 858da853fd348489b0d9c26facbc6c03578582fec4fee7d07a59d29fa55144ba |
| SHA512 | f3caf29cf6e25ae77f39a0126e08eac3f4579e721223cb72c06493774b8343ccebf6a80f03935f196c9dd77f77dc816b23f9d3393746a92223aa8fea55114ede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776457aef5022cd8511be6097b7738e9 |
| SHA1 | 085014d1be0343e1e78d5f5db0872b5eba7d5376 |
| SHA256 | 614166f80e803d823f2a5423129b857d5ac8ac0687f9a42139e832354e34bb00 |
| SHA512 | 67900ac3a7c1d497c18955038d2b7a83d8dbbd431159ec4c12528dc0c352b5154d3570d4393109feb3e5325a4088fde96aaeb47920e56cbeb3b406757c14684e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c307aada0379f74d8466e2c0e124352c |
| SHA1 | 962c15b6ed16165f8acc8a83425c5eff42efec70 |
| SHA256 | 1fa1be0be93a59cadf025bae8f70ce9aa7155c25399cd7f9cbcd0315c7cdf323 |
| SHA512 | 296981978ccfaf51801f25b776c77c653b704713f55d45415048229f04890ee0a02b8e643f7453412e9c4f808c25a5c6c36463d9cf6d72290571bcb6451d9628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a41b383de565fdd75853beeb134f0d49 |
| SHA1 | ebcb2f103d1c5498279de805822318facf6e735c |
| SHA256 | 0ca4dc6d82148728f153e5751e654eeec5ee9e5ea8d2c1d64f8df15ca7dd7c30 |
| SHA512 | cd805c12989a5c121f4259ec0fdecdbc986f051ab646369b884bd922c72a0fceff4c29faab8268c393aa2855fc075b07e569bdce8ca86d323bd9e00b7adf72cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab21f0d9837b3f9f50ef896d907fc18 |
| SHA1 | 261c55a389ff6989fb40e57e02051cbb6e126e81 |
| SHA256 | 6742d0eec4b33ed0799b2c5cb7e387cafc3c406ee49c3454b96050539b77a0f9 |
| SHA512 | 20325c38d533820ee1f9154e907a592fb2eb4939d5ca37abf434f80919a8ba8041ec9fe32b834eab988e385127605a13439cca3f2caa0df7daf750a9332dff54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\commercial-templates-responsive[1].css
| MD5 | d2d57678ffe35edddbc7b35d73fbcd59 |
| SHA1 | 7c5bcc3b8ce42fff32f58ca6d3cb3976080b4f16 |
| SHA256 | fbed34e2bdd33cfaed3e147ada81991ab68936acf4d730bd69d5bd8767b5c74f |
| SHA512 | 7c512946d2a21397e880d2dc2c3bd711e664ce9d08dbf72037739939799091eca5136d18a9172e42cf8a3fe64e05dcaac2bf46f39233eb01e6a105c588c9ceff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\logo_32[1].png
| MD5 | d724f117eec46e481190d199c7584219 |
| SHA1 | c58e1f52a0254e3b771ec84b9b1439a8deef1365 |
| SHA256 | 39e8aee62b2045144ecb70ec8c66558b4bf5d7167e7b3982bccb77a9df91a672 |
| SHA512 | be393a577bc8df17b7dc785ade82a799a52e588fac8dce2df46b5d859e0993d88495c212361e28d9d150cbcd041ef99a0e36930e08e241fc6758b9c88feca1b8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
| MD5 | 364c881a5e1330be34c28b08a8d7b6cf |
| SHA1 | 640585abafc32bcc4abd3f5fcc21a0bbb02122a6 |
| SHA256 | 18785031e81aa24a09c2d8685ebec357282784c1e6a60a47b993fa15571b3f2f |
| SHA512 | 34b55ba6cc15256875d719e3d0eb7f7a6e6b839c60873f02c9e9b40e04d757a38177194c4a74399c78c70ede1b5675dfc7d56886ee8f1fcf52a02d4a444f3ddd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\Interstate-ExtraLight-webfont[1].eot
| MD5 | 35071d00819547a959ef3450c129d77e |
| SHA1 | ea999c18c0e8e7e315b8d7da2dc415ad15508dd2 |
| SHA256 | ed4be0eeb281602511161bbaa52bf6ed5d1a3354ea63bfe579a2cb65e9de576d |
| SHA512 | 559c848b17a49e6fd4263f3c632dc9f65bdc7e7a76d06bee152ee8087c300952a9fc228959cb009ef0334a249b81ed08bc6d712f703292b45b9b966fd1e82be5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\bootstrap[1].css
| MD5 | 49c77034f0785fc340abcf78a2f0f702 |
| SHA1 | b1c879165b223337a7a60bcdcc49dd272a14765e |
| SHA256 | 90a80a481d428d8232aadbce17f45526f44a4afc51a138ec0dc3e40ff55233ba |
| SHA512 | 72c4babccab99a14f1ad7d5c37d74ce20735ec89f268ee2a47fb3fcfd6ef1c4c59eaf798e23a294b17782a65b9c9316a08355cf8fca77b652dd4d35e69e52490 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\bootstrap-responsive[1].css
| MD5 | 45721ca265adcc4c493011d76a1ded83 |
| SHA1 | 9b883050e161e6c84a3565f7afeb6b25919f3669 |
| SHA256 | 6c1402d8ea799caa8aedcfbade3122c261cfcd69e7938b472c2da551e2258c04 |
| SHA512 | a6e831dce3afc34445be90f60617cdf15503397e9afb4ad7dac1a35fbeb54452e5e012bd76ba947d20dcbc91121ac469e3ac700ca438277fd7d8e4aa586eb681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a323a4f79e8b41d416d582f0d43132dc |
| SHA1 | 961863621d3033f4e706bc42c8c446f19c82dc35 |
| SHA256 | 30e6461da373ec8eec38fa78b4e927f437c9901ee01a3421ca4deaeada884648 |
| SHA512 | 405e7be3e13350a0af0390995fbd72836ccaba579fb2a1b2c02b08ee698b94ecf6381c42ebb71638781fa8285cb7affabb23fa055fe674b968fc46d3445a69f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14ddc54a64d971d97c4990b8b1261fd1 |
| SHA1 | 5029e1a4cb6644e05bc7fd4cd2bb1e67cd4df25d |
| SHA256 | 546984126e8f1861b48ecdc9f37ea6ead39104762d031f56bd936e606204628c |
| SHA512 | 47b1ca968117a147dcb1887f0730e4ab9356e9472cc8bbed1f1f8b7b666eb922ce22e35c5cf2a031dcf65d95c1d45c0a745111cc587cf596221873d18d858ae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0893236af6d1dceaa0018171d9b57df4 |
| SHA1 | 073d519e65b8db5d48a57efb9e3da14d736cc320 |
| SHA256 | 2671e2e20dc52093df3a024adec7fcf0411ce103ad043d2a4cd7f8f34e810ae4 |
| SHA512 | a12cf4b2d73e1b75f87fe3cfca760e3a4bf88aaf6bb3ee5dd3d7fed7f7b6a852adf91140d8e62ba956e2064fd79af04e2cb0d2441259fe2c9905a2896dc11d86 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\commercial-templates[1].css
| MD5 | 5d2119dc79bbb888c6e9627dc0e861d0 |
| SHA1 | 411aa5cbee83b8bce91e79d066a030677a87368f |
| SHA256 | 68f5df4ec7c0f155d8a9ca37d7db209b0ae32eda220c0763ccb519c794dd2a44 |
| SHA512 | 6f11f6d3372870902dee35fc5b715c330be628dd8f4736caeb4b878bc4711a33304cc35af13290a8767dadfeb933689aafe90b3e247ef7dae96c2211615f71b4 |
memory/1032-2550-0x0000000002320000-0x0000000002330000-memory.dmp
memory/1528-2551-0x0000000000120000-0x0000000000122000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\Proforma fatura pdf[1].tgz
| MD5 | 4bb5a39a4ae33b5c902c76976c4b8d5f |
| SHA1 | 319b59e4d668b01d58d6c97b33f2361870c535ac |
| SHA256 | 832bf08d7eeebcfdb3671df26693eba42a18fc296152c747647760907c8bcda1 |
| SHA512 | b105ca80917d1c44ab03a1417ced4688bcb8639f515d2a7e5e47e6f3984d6f3e2ae4a04d08398ab5816c8c833cef459de9723dea676d348777dad09e4a7c981c |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | b50d98f029b191f1070ca4441ea42480 |
| SHA1 | 9a4748c0823456d45f697e2567555fed5979c7de |
| SHA256 | 0ae8985bf46e9f1e4a4861e3c072f092b9d2315b105125bc445ceaa224cdbc71 |
| SHA512 | 427959d019bd9182e529f4bf15419bfd9d8b17fc70afefa86ae5025816c46caec74b201b9789a21ca7aa35716f2fa8a427be4466b4af1058d49c9d5f9d4ec38d |
C:\Users\Admin\Desktop\Analysis.docx
| MD5 | 03067444b643f8c38d37f50cffed2ab3 |
| SHA1 | 90c2913e6437a913a7f542d67c82aab002f2660c |
| SHA256 | 92985d2b745bd76ac81b79417b45d026dff978485b09dad5ac3fad2d9101d15d |
| SHA512 | 06f26814bc328466fe21123ccba05189e7f1255debb4c960c0d2eb9b1fe2af161a22224ce46f47be99c855585af2d6eee1cc78eb57f124ce29fba416062eb370 |
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
| MD5 | 3d224ba8ba62dc112b7d560990e9841f |
| SHA1 | 20f0ea222f2c45bec0d67c51a0ef7f96214a4846 |
| SHA256 | 0bcf8081a872408b3354acb39557396ad770936afa76ffe0c060d2fd0188880b |
| SHA512 | 3c49041c8774fc6fa225c125cab43e79ebb41e9b2f3225b6795f3e518ad0d73bdccbaa837f284473c0632d7a109db65e6d38d9a59c04909b37ec43f5dad462b4 |
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
| MD5 | c6285eb53a09f56ee9a250e80ba1df10 |
| SHA1 | f5f2fe7b8dadadccdddb1c2512e0cf1b3121ae7e |
| SHA256 | 04a69d58520cb7784b0d9a51dd57d369a3734b90f6b1ca77b59abbd058f192c4 |
| SHA512 | 7addfe9332748f0c1cc75cc673885d1ad5419cbd024f50b8552e6fc8c4c341d1714f2fab4a01b331965a244dca8297fb244e4aff9de835704e8990cc5131bbad |
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
| MD5 | fd4c70be1c70edd5b8172ccc1886c280 |
| SHA1 | 81381311a76c49f4a8cbd9de9ed658500cba73cf |
| SHA256 | f3b9e9365893913ec7b1721332d02cc77ea9d4809ba9f73505a4c004bc5a1305 |
| SHA512 | e7f1020f7c89c3c809365a76d9558f986650764fb466fb93de4aeed91050e670eca0d696c82e817fbd6d0667efd3db729cdaf38f2d18e48b8aac306632638973 |
memory/2736-2607-0x0000000064230000-0x000000006491E000-memory.dmp
memory/2736-2606-0x0000000000FD0000-0x0000000001088000-memory.dmp
memory/2736-2609-0x0000000004BE0000-0x0000000004C20000-memory.dmp
memory/2736-2610-0x0000000000570000-0x0000000000590000-memory.dmp
memory/2736-2613-0x0000000000450000-0x000000000045E000-memory.dmp
memory/2736-2614-0x0000000000590000-0x00000000005A2000-memory.dmp
memory/2736-2615-0x0000000004C20000-0x0000000004CA4000-memory.dmp
memory/2588-2625-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2588-2623-0x0000000000400000-0x0000000000442000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
| MD5 | 7ae06db6e592d2bd974a4704993a0003 |
| SHA1 | 20545d62262ce3d2a498d1ca9a5b33c1a4fcb7bc |
| SHA256 | c0efb868ee8e05d605c91f0185e170f0d5aa9d3af5dd855a88dd41e856a1f046 |
| SHA512 | 7772adaf1cfc9b324ac1bbf84c00acb3d95e88d585da070589ec371196ceac4bdc91c8637b888eb62b9ae52dda379c1e7e686a3a3c66eacaca3128e4ce6cded6 |
memory/2588-2630-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2588-2627-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2588-2645-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2588-2621-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2736-2646-0x0000000064230000-0x000000006491E000-memory.dmp
memory/2588-2619-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2588-2617-0x0000000000400000-0x0000000000442000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe
| MD5 | 5dcf83bc7add78cb379d4da76936bac2 |
| SHA1 | 4bd94fe7d5dde3a864fe8a6136ca5ed7677ea1ac |
| SHA256 | a82c15e07acf24ea413f8bf60c0feb8392cdb5dca79f0f9b0f240d4a28ce6095 |
| SHA512 | d71eb567ef596061cf811130f6cc65c432db6422b6149ec0ddd32bb6ff25de60462f0f1e9ec4d29b055de36f56cecf28155ca47a106fee5577dbc41d461a565e |
memory/1848-2650-0x000000005FFF0000-0x0000000060000000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | a9d0a3e6e7fa1d867bfd880ba007f90e |
| SHA1 | 5da0862c321a357736dd520f1359d1e910e6dd61 |
| SHA256 | 803e1a1291596ddc7b8e3a0d4835c24e68b1c1f11835a06401a87737a0aa2339 |
| SHA512 | 423dfd6319e6d986157e470c8de748d8d89a8e6537f24595bae882fb2cae0f1db9a29e09779690cffb3e3827c47049182239edcca12f0280065719d9d96ba8e3 |
memory/1848-2651-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DF1DD6A2F6B093E416.TMP
| MD5 | 35db0bb76d750e84b36e495f159c3afb |
| SHA1 | 4ab25b2673273e180d001c4e6ec996efa2e0e21c |
| SHA256 | 7f0b751c7c34d134132485a0ba49449fe84d48b969593e571553f5383a6489b5 |
| SHA512 | 6c54219ce62f10d3d60c263382e42147d58459dd5a9a582611abfa67e9557cd990f89ffccb819f384ff4d573058b0684c548c08afe4a1c91dc236cd143afbcf4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\query[1].htm
| MD5 | e16a93d4d1ff492c2f93b0fe8698ed6a |
| SHA1 | c7e4076556754341e98c9cf82acd197294265d98 |
| SHA256 | 5ba361263b027b52bf0b1e467eb6c2674a2be320b21bd765492423d27c5cfd4d |
| SHA512 | 42dd88b564ae31dc70214f0c365e609f1d21475d52d268774fc6b2d540f68a480ad0f5b2e12310c7ea1a2e8150a73d5fe7cbc7c6571f517cea2ae9b473b8234c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 89f4922a7587a9f92f626d7868051285 |
| SHA1 | 9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702 |
| SHA256 | 16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7 |
| SHA512 | 009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | a2f36fd75efcba856d1371d330ed4751 |
| SHA1 | fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b |
| SHA256 | 561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f |
| SHA512 | 79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 9da150078721d34163ba987707da7b6c |
| SHA1 | f4d596d12b8f3328ea598cf8b1d6bd093d9f0bc3 |
| SHA256 | a76ac1e80e68311b079014a4e5259b0358fe4d9a75e8d16674cdac5c861c26d2 |
| SHA512 | a7ae7e06bb5d9e3b8dd271763fcc761f53f6dd0b59e75bbc1b861eb4829288bd46404e774092054a768ad426f4adec6d5abd712bcdf2f1135866ac0616ea99ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | 5985b66f43b0101f2551eed9694de895 |
| SHA1 | 210997c99c906621c1f5ac03c56834cbf8d662df |
| SHA256 | 84295b7ff170d99b3c39f5685469be69af5702f58bfb52bf3d2602f8848cbae2 |
| SHA512 | f1f2038c772e23bd41e0e49730e44b3d3e697d0ebf4b2e72b833f62119512aeda704c1087cae8d4db9a2cc9098ab20e9f964c1cb94114466cd3cc0692a5ac7cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | 1c0c23649f958fa25b0407c289db12da |
| SHA1 | 5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574 |
| SHA256 | d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf |
| SHA512 | b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13353163900937400
| MD5 | d5db8e288a831d74e29632f959644610 |
| SHA1 | 71bdef501609d2f6a7cfa4a4f782c51275199877 |
| SHA256 | 0781928e278c4ee0f7cdeff7e0e792483e82512a1bc8840d83bf6363d03f90b9 |
| SHA512 | f019b039cce038e02cd40d7a29c9076bad131cc32b230471f1190ba348d2fb37611f90c2f682fb05a8626e9612b9561a56a7b381401b43a3fa1f5e23fdc4d6d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 540869983ebf03f4e8ad36e3560d5371 |
| SHA1 | ab32b29ccb16df61cd290717145c57a8a434ee80 |
| SHA256 | 2d62b14fc2330ce24dcf8b98b10534b941b2bec67176b20052c3a8c302855643 |
| SHA512 | b04dc6e3fdda3e90f9635f44ce97db0286efc4f962c7c43ee3cfa910ac7c897549e69a16dd37832801ae5055b92a77253ccfa3ac4586791955d4bae365f5df8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | fe62c64b5b3d092170445d5f5230524e |
| SHA1 | 0e27b930da78fce26933c18129430816827b66d3 |
| SHA256 | 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4 |
| SHA512 | 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | 8ab225ff306b0773d7cc0d8a24462879 |
| SHA1 | e6022b87fb10627a496b1e4d067a8efd7aa4f7f5 |
| SHA256 | 6fe89086a58fb8a42660bb85ba4da2086d8d23044f7ebb809d43cc03c94e9ff2 |
| SHA512 | d5d77d43ac14812da6c49de8f2ac4b6b17e02f6e4caa9945922698f315800f2a2800758fe9ffe28e4c6ee125afebf0b4d722e447863e464c5fac70240a1850fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 7ece5d56ef4178f5576cfb1ba917aa13 |
| SHA1 | 01bcae654a1e4cc46e157961a115ca598b3c2f95 |
| SHA256 | fcf167f394a2c5625b9b5a0b26036703e4fd7de379a2485b50d31debaad51d0d |
| SHA512 | 2740ef54c7020533f705cf4b418587d848a1239bd3b1748014ae8a07db59ae80cb4474d16492491bdf8abac602d3580abf3c28b2a40efc66494612bd8159482c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | b4018e05571dfd1573cbc420fe0ca9f1 |
| SHA1 | aa492be59c577f07e981015aaaeef3ce1c3884a2 |
| SHA256 | 4c15984b51b2a0bc20450317ca4008b5eeadf8c1299bee38751da435747d293d |
| SHA512 | 657dff8b15604b6cad5696f9361b84bf6a594c86d9b0532546f0f8f8d8ceaf38be8afbe5c991be2aff5840b749b871fc6e7becc0c3a80876a50a19f63f6bcfe6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | fe7ac6296a783949264d5abc8d69b443 |
| SHA1 | 32bca04fb95f953deb38e3bc05c0314362420b76 |
| SHA256 | ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2 |
| SHA512 | e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | 03d881fc5a4ab4013bd1b30988abb179 |
| SHA1 | 9ad861569715575d7b676e5683b14dd3cffec304 |
| SHA256 | 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8 |
| SHA512 | 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 3e314bf74ae7be73a549b3cec6bdc8d5 |
| SHA1 | 6357691f4c4fd0068e29350c43852fdcfccd4bfb |
| SHA256 | f65d0dd2872ceb68ad39f36d0a358af77932d9d91fbfae18ce5bf255b00ca89a |
| SHA512 | e6218ef19a5db75edf5e2dc533a8a42c6324ed8b1419f50ee2e12d9dea3c2035acd20adc7ee1f22c363420496ddf2348a9174814f7cc831f61eae376aa27c727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | b197c1838a5ce3eb3b8e96220569a564 |
| SHA1 | 7f077aeab5782fcabdd9a880fc341ce1340c0ac2 |
| SHA256 | e4cd34f72382e1210f8bf092102c102d45bc32a973a5b207ad1c1f213ebcdaee |
| SHA512 | 4248e13c81bb4540921b4d276c0aff83548b19271858f75aa2f054cf5573017428d085079585c0dd09b1688a9516b65238b595a4d733bdd108a7c62ace9958c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bb66dcb5cfa4b9f61ce93bec672aa52 |
| SHA1 | 4978f3212c3d527da457dd61bdac9b9295953cb7 |
| SHA256 | 81e936e104af248348709c5a06148a36bd72e6c274371a8a2ae0e51b41219ab9 |
| SHA512 | b23f6e7b64ca0bfbd0d2a0be60934b0a5062519b9b86c87338c30739cf39ce727c0063182c8c3bc2a46cd6095258df686356e3f23a76132f29769b94c0143279 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 25abc125ef053cca06e0c9323dfae318 |
| SHA1 | 701763c50027fa1977ebcf76a0b5c4ca8f9b2fe1 |
| SHA256 | c0c9504fce4f594a573e2f7968fa05309642bf4952b207a11ca350178abfb82c |
| SHA512 | 2a9d372d852e2c78b5f857a6903260539c0d7e690ad92e472843d506f5163cfea1cecd94f33f099c3aef6a3f80b1bc60ca4b050c2e5ae4c01e992329c9878245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
| MD5 | e9c694b34731bf91073cf432768a9c44 |
| SHA1 | 861f5a99ad9ef017106ca6826efe42413cda1a0e |
| SHA256 | 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85 |
| SHA512 | 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
| MD5 | b6d5d86412551e2d21c97af6f00d20c3 |
| SHA1 | 543302ae0c758954e222399987bb5e364be89029 |
| SHA256 | e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191 |
| SHA512 | 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 72d492d5e9eaaa4fdce5fcd3a3b67efc |
| SHA1 | 81fafe230532c05a18564414b3b616127ef0436d |
| SHA256 | c3b219a457e89a1c610bf7dba32715bb38c62e0015821673336ae29dd5f32e69 |
| SHA512 | 891e328d59cd75f25faf5abca0c7841f699a3adc9328d2a1421d5aebe0af9e60679f39a618efddfbcbef1c280d1bb0320de5bd5029b68b66697e89f830e92f9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | debc83e05897f7be86426b03c0114f85 |
| SHA1 | 2e6e67d3a197b954ef8aef9b6e2b7666ccc1cc89 |
| SHA256 | 55777e426594681eca0ae8e77c844866b246b04578f57c4b88cc79db565a6e08 |
| SHA512 | a5e90b6e7e60d0ed025abc11b6da51f7e1eb38bb4cf1db54efcaf7d07d6e5640eb76398fe98cc1f1a6a511fdc6ef9678e29feeb35c5b836a6a73cbf9411dc67c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5743972e6125d34c1b54051441f802a7 |
| SHA1 | 3669fe21fb97f5fbeca2567296bc2fb0b43326b1 |
| SHA256 | 9119ba59b2f5ac5ea7bfb19a23f63d99b116ab6538c74a0bfdde92d343ce2bd4 |
| SHA512 | bdd536cd413817363aac7dfadc2c12f4267a21448f0f145649ed4c39b82a5d5f6e170430638e3bb38af55c73e89a514f056cd2f23fded9f41bd02f59933f3080 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2af5847f-39c4-4993-9ae0-232937240dab.tmp
| MD5 | c2d7db1a74fc748503f90b9e39ec473f |
| SHA1 | b1e1604cf87be362d2b6151a05f70d80a0d1d665 |
| SHA256 | df99820cb0f444b99a88697b607190b923dfff33e128113ca356e2c31d42931d |
| SHA512 | 5b75810403d7641e50db8a4aee9d7af301d6c7a0b177f5052bb6005764fba0052069d43c9272bb100cb75b911d7aa20056b3dc3b09439631c9350893856d1812 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 010c1bf055414026555305826cb8bf55 |
| SHA1 | 1ed0342d26ea0ea9b4862e81239d64656dd4839b |
| SHA256 | 85637d1a4e2e5f39f5a2c5653941367e23a073e6d61d8584ab966a9ea7a8a2f6 |
| SHA512 | da0241ba0fe961badf1b1ac8a9c9a044fa6e0aad73a9442b29c9962135c1308647d8481dcc0fd4983198656c33365a6e57d3ff6f6aa737c2583fb99134a3cc0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 450308d33d8ddc88f1dfae3b71b4a405 |
| SHA1 | 52d30d84a14496817b37d780049918e5c42af524 |
| SHA256 | 17a205113008346f66b0cda66d69733db93fb515736f6ef07435de939f3acc73 |
| SHA512 | 73e21440773b9d07ab6393f5f696799e58998fa3a6f50f30c05e268829b0d7946a5305829d0b8ef43217d3208a6770f1add8db93e7e74ac20a5e36535dc66702 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c71973c3e786b8f9f27bbc1ec6c8c2a2 |
| SHA1 | af627cd0fb7d280931e1992a115f42e45696124c |
| SHA256 | 7cd134feec5a6b076fc0c054eff2e9e60afacd57e10e6541d13885c9d92ab317 |
| SHA512 | bfa6573387911a62f556f0655fc04b9d9f377a444b2b5659f8bd3e5923e2d12fe6f4f0f29c8e61c7761941e9dc973d7f314e07113b44d8868ba0b1a892e9eac6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 625a1ffa0ed7dc2e7c84889fb232d34e |
| SHA1 | 3c8f3b1eeedbf841dc2a2a358a30883b8fe51cc3 |
| SHA256 | 042638b5348caccc1356a008ba5e8af9e86671c338e35604eb530f3872e9918b |
| SHA512 | db3cff075a5d8d3ca397eb0c09bec5a8dada3b336b43bfddd472916a5d9d596c020c46ff8f6f8183adabaf8a8bd052502d5240fe3b5d9793557cb4c893dd7700 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9685336a9eb6860ce873d9eff517fdae |
| SHA1 | 29a43b5314f81ebd832ee1f157e77ac0eec25d33 |
| SHA256 | 4052a6b19557e502959bbf74cc2d9fa1b0ac019e03894c7587216f90a19f6580 |
| SHA512 | 841ed116d61d07e5aed7a2ebfd33a602385ddbc5c636d81c0098e49a3835a9daf9e3c53a8983026ed59630624146bf936ff9d82816de35b165a7d2741aeb408e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b42fa4114baa138673893c8c8aa766f8 |
| SHA1 | e427260bae71dfe92a65436ab8510408a7fb70b4 |
| SHA256 | 611925e4ba41cf3ce4935413f2c1f8a5384e0634ec6f8529372438f134832802 |
| SHA512 | 1c8cc21107b5ddefee90131748d52211a693e8eeaf97def432ed7a0adb4cd13d61b3ad26e7fc3cd6ea794812707ef395cfe4c4611faa12a9303c99dc17ef8cc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd669729d33f4b183cdcd743d12f0e59 |
| SHA1 | e0be33dd3b4b2d509e2d65f21e9f243b65d6137c |
| SHA256 | 7815951a1d6328e060cf771c3dbe61e3d5819c6a13bc4f13899947145ab94717 |
| SHA512 | eec082270c538122afb20bf920a018397c3ba44e9198f2339e8aa514ab5d5c79e26c0957b671fe0f81f79e29ebf4e6aeabc8119407138ac912c64b4082eb3460 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b82445f2b43e9811268b3fec8ef51889 |
| SHA1 | d540e9a2ca0c5546286f93220cf1599317c02f01 |
| SHA256 | 636dbce3811c9866d24f29d75204ba8f7e0c72d6422a8d3fdb7a4dabe45bff5f |
| SHA512 | 29da48d05258504078a856172418efc5fd6e271a86aef5b5c9773a32b657bb396de1cba7888159d74e81dcaa94eccf11e43145ac75bab93dab48415c5dfa2a79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c
| MD5 | 1971e737391eabf87667012e84069a5a |
| SHA1 | 8fd29644afc6da70873c25f9bf9d1c495c759843 |
| SHA256 | c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3 |
| SHA512 | 23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 501c12d711b4a2782b4405cb18d150be |
| SHA1 | a8a8297e83f92611a659475f3f3c5c8563c27630 |
| SHA256 | 58f697b896dff041a0269124907bf106157c89950a12056b8284522e0c677a8b |
| SHA512 | 97a9e361dbe53d01cf9e8095cdadab3c4c94680572ba567f6c057cb42fef2c4a57e363cd9e2094b527447307f85d30207c8be0ca9a9f471e023317e3ab61be9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 89d6b9301722b7d446e5d88639d8bfb9 |
| SHA1 | 4d85b53f1bdbe32711205d2d5d529e31b1eaecd5 |
| SHA256 | fbe83e08416365d6759cb43f90ba15ca3423df8d888eac67bfa71751d735bf66 |
| SHA512 | e71a3ba44867cac03065a401d53ff0b4b7531629cfe4132f0999b1fdc6681d8df8d1117feefd6753dc0a2ff9d308fd32d75fd284ca060654249c6dc3e22acb95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | dc75b590a40d13a51463107e974c4446 |
| SHA1 | 742bc8855d65ca8ca16b7c2efe2e9fdf5ce34014 |
| SHA256 | 72b6cdad37cdd4cd296298647ac42284a6ea8a2ec5152d62b32a4f06045a8d1c |
| SHA512 | 3084361b6fec39e55bbf1c75860214464f8fb942c38f77791a7caa391a38439ac9991b5baf162b1445dd71a23334679040e1d43dc4afae6791106fdc30a799e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | f909660be05a416ca9cc39842bf33b9c |
| SHA1 | b136a5d370136a2639f6e9ef1d78c5bb9e04c741 |
| SHA256 | 341e52ff8eb70c74ccb06afb90ce0bea5fa7583ff5cc9e06f5df81805ce7ad52 |
| SHA512 | 750c4bec455c8943fcb2af8d2759ec8b28842c1a0c84cac738ab578e5ef523ef72fa25ae3b1478843ec330ec7b59cdf42170b0669e0a5c077da2658556673f59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 5fe82c87348d33ff41cd953130853ab9 |
| SHA1 | 520ee09f0b1e90fb029c077aeca5b6d4339fbf46 |
| SHA256 | 3d0a0fffc7cf63937ffc9ec2655d5ac522e3c9df49f68f1e4245343e515d8116 |
| SHA512 | 7ef0db39e6aa9def447acdff21f84ff40b0f2d38873c2e64bf31fb406b4239a429b1969ddc3346114ee99f8b99159cef999c4d7d83e9307520b883e31dd78adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 5627f81fefec7c1ba03b98202ca529fc |
| SHA1 | 65d3df8c490852fe2d92665489477092e1549f20 |
| SHA256 | c0f9ba97e23339deed2c0cd262887294d7567de9b5fd2ec88a8f7b9c63a8187a |
| SHA512 | a46a3a892cdb4ab16701930d78797b00845b4b428498e1f04bb1ad897175b1880bd2ee5a25da5588f2e7b4a74b682d1bebb29070d2570f2c1d75de488cd1b9cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | c0e8d427fa6040540921c876f02d4dd2 |
| SHA1 | d548dd2eb319fe2ec867678277b8361e7ef1b572 |
| SHA256 | 381de580d0cc5e4b3a4d8c992ef0a71c67ef3b0b8a698777f260dcb391df2788 |
| SHA512 | 20027ffb598f2d2c2832d509cdf283726830884848abae3c928e98d3fbba06e7df80387b413ecca6767a76b903858ed7b61e6b08b556d46fdee3597fc4ba8ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | 4787dd34ac59f7876fc7a3e8c4d3c01c |
| SHA1 | 0a2fa42f0b64a361f9404802fc4eea75da616df5 |
| SHA256 | cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee |
| SHA512 | fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | 8c31fbae90811804db0ab3b2456ced8c |
| SHA1 | 811d97a6c837cd2a3f834fc830bfe335b4425d7d |
| SHA256 | e61cc00bf5f00af417a795492269428bd803dd99d5395792e28ff3ce37b9e387 |
| SHA512 | 46587378ac67e667fb2ddd11934e95f515426f7ef7ffd5d3656fee6dd1cbbe47ba3bc37b1ed7ba4d61f9930d8ccdbb5568410098d911498eeb420765d3eb22d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 27315aa14fece0ef5233bf50b5440e24 |
| SHA1 | eb856f539d59c99a0fd42ed51593ddf8c83c8f0a |
| SHA256 | 6e74f48f100c80327b38bbb8f7c845ecd772f7a010aa41e50d96b95e13fe2ca6 |
| SHA512 | 75b0eb17321268b4e2c3fa1795d924949d4e95dd0e016b8fec61d238cf5f9dae1b6af6d2a336aab339ab6ec810340effb51161333b5ceb4f8e66ed200410e038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26f445ab825ab80bf56b6af90825055e |
| SHA1 | e764ee4a9b7c637493a60d81f299e662f5fa9c17 |
| SHA256 | 4a0dd8d38436b6c6a99419677b5f9295f07eaf91e48a20e7025d70dd07c7c09f |
| SHA512 | 47b6c0fd4b3783053146504ac395b4c0e97e744c34f4dabb945396a72f3af63a0fd5b220bd3f8bed0c5207806bea4277d06ac046d0b925e540283569e293458f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | e2b40aed3189f9692d3217cf524137a3 |
| SHA1 | cab7c49afd93aa6c6a7547507b769d854c356b0d |
| SHA256 | 16fbfaeb3b61fb8365f67c6585a0a218da653828467d8c16174522c7363006f6 |
| SHA512 | 07da8f70883e4ad17d415ff2fb68b24cd761a43eff8677e5ca860c87f468f49043529a74822b8ab6b08ef17d4c59cd2b03a5b59e96617960e17bc497a4812265 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
| MD5 | c798cfcf6e474347905784d759bdc9d8 |
| SHA1 | b52b669faee46fa11ac575cdc8c800612412ad92 |
| SHA256 | 6ddfe42853b7114514a6dd22c221c9e13831314c5de1f063cfcda1031be3c82f |
| SHA512 | bffdda1a1c71c13ec6516275f47cf3080530ff06d198a92c8426565bcb48a3611b422ee6f5945f1ba2cad48b80e9d5e1a7c3ccf9cd47f0a1e61cafc3a64787e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 130c715097c9a838a6b48f62e5e97a99 |
| SHA1 | a1cf3c1d63de2c340e9d337ed714b760a92e9120 |
| SHA256 | b5a8393ca9277ac7e2fd4033d13669afb04fa0a7e04e269e88a2316ae144fef1 |
| SHA512 | 7eb66b47004be11a508022056ffd24ce6273d53d9528a24234c8500dc52d592d3662cfb3e4985f82001661a8fb7ab0344da288ad31afcc2208214f844c5406e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
| MD5 | 9ce259904849c13e4e082bbb136b9bed |
| SHA1 | c5d49bd681e72e46a3f6afc0136e1c2b15a89248 |
| SHA256 | 6283b261e2faca0872cd4200b78788bff996ed8b50e99e5c50b10b07c2277285 |
| SHA512 | 2ed542c651031f4fe90ab86e80aa49132e024648f0885174ca11a64d4e9e4b765d70b55902be0a228a131ed34ea65f858fd342a636e35ac35525cd940e406c94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057
| MD5 | 5c9378ed9e195cd6b35e37ffb577e18f |
| SHA1 | 5d137828826e1dcd1ae6edb131b77ae1607f2df9 |
| SHA256 | 94d9f8df415b0619d37f22686b5e6ebb344289c4f4953cd890dcbd840603af82 |
| SHA512 | 7c581749a55a400d93083e0ccf968b3295766b3b6ffaa216510875e07505cec0fc792ba48dd788c6f89659a3ed852692d8ee9c8b3bc63d5bfba959e917036817 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
| MD5 | 56a2e179e1b1eedc4441c42366b96b36 |
| SHA1 | 85ab84df21d78c9781b69d689940b0e4f2320330 |
| SHA256 | 1feb26e74b9f0107264f8161462fc11a693376e2b0c79428bdd86565c2378f34 |
| SHA512 | 8ab4d4b46d5dbc72624a1fff12be51e71cbae916f6e6de48f6a8307b185c268e78772fc3d6b2cfeedc5f5f8823a5f44be26cc6d38919f1dfcd6a0af5a8e12e71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ffd888272957414e13a61e31c9fa9c6 |
| SHA1 | 48c4c533cb4a6ebe49b8a6f011e7f35a0ac6e8b7 |
| SHA256 | e6210e84bc72512fddbbba2e461c8759134678543f9ce0eb692a136262a2b399 |
| SHA512 | fe3a3e69a7dccaa2702494dfac9cbd395d23e2f470563519d8edb3f0c7c3628b75dda371cf83ce97257471e628a08df6f05e2f83b37ee39e05d9110df751f019 |
memory/3468-3299-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | eba178ef714bdecc50a18ab3c3135521 |
| SHA1 | 910dd72d58e354a0671644b59f0fc8441d24c61a |
| SHA256 | a65b53992909795ad2fd4ef04443125550e2ccc86f0fa98d013520817a5f19eb |
| SHA512 | 22a4d6eb207b84aefb73e0be4ca8bb13580b089161c61d770a3d507fbe32c6749daa576d3141d89d7ca5ea60116b3a7fcc695cfceaff6b374e60e3bc39fa07cc |
C:\Program Files (x86)\HashCalc\HashCalc.exe
| MD5 | e922301da3512247ab71407096ab7810 |
| SHA1 | 67559307995703808ed2f6ff723e00556dbb0e01 |
| SHA256 | 72b08ebee27f2e57670300acaaa274d1f127f8ab0383d90d7498e2a6257761fe |
| SHA512 | 832c9320490a6e558c87612da5f39117ceeddf0b89c69108d1e52c171f8e68aaae46e035e0a9bb1a4f9d1fdbcbe7b5274eb0529215105edb46dc6c43db865f50 |
memory/3520-3351-0x0000000000400000-0x00000000004B3000-memory.dmp
memory/3468-3352-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a
| MD5 | 9c48a0a5bd9686c757787bf4de4d332f |
| SHA1 | 9ac19a0d956bf1ed3335b3d9465cfdde99815f4e |
| SHA256 | 37062435ac62d6fa676dc75b1daa3721284b593e66e96854e00d1537daa0aa24 |
| SHA512 | c8f5f1082f3e5845346e3b463a2c6ac827b8c83e36f2da6b9f134980f674aea1293b5b7c9e80674bed7cf8276fbb19a82372b629d118b7b83e2b0bb29176ad7c |
memory/2588-3401-0x0000000000F90000-0x0000000000FD0000-memory.dmp
memory/2588-3402-0x0000000064230000-0x000000006491E000-memory.dmp
memory/2736-3403-0x0000000004BE0000-0x0000000004C20000-memory.dmp
memory/2588-3404-0x0000000000F90000-0x0000000000FD0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fe4a02373a2978be0cdb85dc1c707b46 |
| SHA1 | 3d95f7058d1860b6a38a113f41a8e0521634c254 |
| SHA256 | b7511eec94e293221c9b350f8faacaf6c7e1837a151e79e54b9a3dc701d5a017 |
| SHA512 | 294d572179f1f0ffd9a5b4af54b0757d021698b42e63911714bb07eadd032a05b5a4641441a452ed4f645fb3c08f32ee6853fba13fe1aeb74e55dd633dcc1d54 |
memory/4608-3441-0x000000002F6A1000-0x000000002F6A2000-memory.dmp
memory/4608-3443-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 7b527847c4c9fc7df868d8cdcc9dc384 |
| SHA1 | 22c8f2bcb58903de0eb8a540fa397a641e70dadb |
| SHA256 | 15761e6dcc1684cab10b1aaabfaae90b3687283fcdef7c8cfc9a86a32878e12a |
| SHA512 | 1cf018e55f76d44bd3f7287c2cf81549a3cd765bcf37158989fc06b56e956150ab0271a2a027e3b7a1bff969bc2a2c2eec51a740cc70d496ca4cbe2533132b47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b620e42e52d13cda60ad146b04de3574 |
| SHA1 | a6f0d1cc77456599a693b78f1eed284b7f887d5b |
| SHA256 | ccdeae50938b6063a2769ff26bf2ccd4bce06eadd124d3cddc129f429b7d1e06 |
| SHA512 | 085a171d5326cf1640a002c2bc943fca0d2a9854e1ea994f6893990a3ab375db2140797a6f7fbfb03342e0a56bc57a447bfe43ad8b5277a8ae885566527f10a0 |
memory/4608-3468-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\Desktop\Analysis.docx
| MD5 | c2d6fb1559a675f9c4663af96ae0e101 |
| SHA1 | fad807288b980cd3fcd95b755dab4cd23e46870a |
| SHA256 | b3e50b3ce090d4d803f179797eac7e4c2374fbc9ef2592a6a4377611ad0475d3 |
| SHA512 | eb3f16166ab72a4140e3f75c6bb751e8b958dc6e211b5a11629d52be72403f3c88188702c968f1f64cb1fb50218795f5e398b532da23e0a8c9c3c69538c3be6d |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 895a822ac04ff9e2e12bfd4bc786c012 |
| SHA1 | d5b34a85f27d772bd4c971f3d572052a2d554854 |
| SHA256 | c57e5d95e500e47d9eba03c7c566486765c9335ec3f561a526799817803f0242 |
| SHA512 | 6ea3f23e372cb55a390edee053eeccb3b30e46d1fd1246929f563f2240ec93930d5080a817c39a039ac1c298f9bcf9b8d771a1a0503764b1b83dd4d5f1500d35 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 060c653dc569e001bcfa28e85751ab5d |
| SHA1 | 7f45b0e6b6476d3b03cea03e5fdf84609c9d855c |
| SHA256 | 57e67854b172c454c39e4c08f7112f1dc21833875aa6b9b16b75537080fa9330 |
| SHA512 | ef27c0eb5db20845f2c3eec98b7d6019b23141b4a0d3280b6989df9b3206de3f1e1b6e1173fc42afc26dbe6470ef1e5175228326ad7688f5a54f8040823f9cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 38ed438830929617a8dd74e1566d2ea2 |
| SHA1 | 930bf27fe32357d4ac05549c548655f9dacd0a3b |
| SHA256 | d6de400af012ed0d0ed51543ddfdcb05099786eb6a44c208cefabb7ebbf285e7 |
| SHA512 | 078d85336246391b72ad54fed9bf58200cda9c1f3cbd1ae4914dc85e78e2108abfe3847b33c155828c404cb0dd8afa71e84eb13ff6372b0174695d2b292bf021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 03f0441f3fdea757d2d10ae402e4b9de |
| SHA1 | 9bc270b18582f750b9a9f33f6d584dfc8ae33716 |
| SHA256 | 78a0a639b2a9fe1126b45947b9706ef1deb1bc57669ea1c52ee31113360939d1 |
| SHA512 | 06c6cf1700574ecc574304bcf0db69eef5a84c6fefe03eca6cf428933fbf879934d19a3b95f769e4fa038d71435bea997d7fd4ec3ba0dc51dea2fe389ee70047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b6
| MD5 | 8d5a29da38f6a618f0e1eb3f5b1e26be |
| SHA1 | 1eb26474ef2908d939d8cc3da670e55ef8418219 |
| SHA256 | f9b094a95d2c3a0586c7b8638a4cfa73ae68e2f6164343806b750ca33e337ad1 |
| SHA512 | ec471da2cdd6a11248c85eb3dbf5bffeaafd11d5fb76043df0a294f27266b94eed4edd8041ce7eaab11c5337a7436d11fcffdec818280b1ddbadbbaad9874c50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf855d8b.TMP
| MD5 | d559948ea815026ad5047c882878a63e |
| SHA1 | b9bfd106861cddbbb8f6e98619da43ac168cf464 |
| SHA256 | 952243f1d4ffcaaea5269b14737b5bc08fd6cff0c3931a091c5c34c73ac838fd |
| SHA512 | f48208067d1b45c31430dbc391a4f76bdec1fa2ef94ffe7590c36960943b8000dd89b0acc2b299aafe6242d70e64c4601fd14c08fd3ec4976f3bca851712c628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3
| MD5 | caf5f3a8297bf43c8361cb43ca5a09f3 |
| SHA1 | 06157a78d6b8fb776ea3a267a6ba95f2b02a77db |
| SHA256 | 475c01150a456fe98679d0a4d58a1d146c9701c2f7f6acffb3f6ba6062a320ec |
| SHA512 | aea6de8c851f0aa4983162a57a8fc3ea97fa67372a7628567e5db3624d604381c3f28b789db0294d12c13d885bb97758000c6680b5207f0c81cefb930160d2e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6
| MD5 | d51c348f1dd081d4794c745cc822c862 |
| SHA1 | 9382ac8f070ef5574f18551bdc96c8059d83cbc1 |
| SHA256 | 594f64538e3c668910847cc64d68444cbcabab021d10a181ef4dc5d76891ea82 |
| SHA512 | 74d6a8c5f82dd086542ce22b12bd63e90693efc59e88f76546eb947b9c55482dbb92980c6673e156670aa93edde6cba1134d596c6a23daccbc232f25242f71cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4
| MD5 | dccb1a6b79c3380d54f7b758fde0c45b |
| SHA1 | c48ba6aea03abcd45ad6bffe643aee1148a35d0f |
| SHA256 | 227f5e83b31c944682f8fab4c094b0549c1f1ccad6040b1feafa595b477ea3ba |
| SHA512 | e72477fb24d197adfe5929c4eb442af5073049fb9d9781787bc3748504abc4ee714b22e4035b6c78203f9e1af6b1b1ac156086b404265fb6991889ff3952b00e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7
| MD5 | c85dc1509c5bd8a5158e5cd39ce45103 |
| SHA1 | dd1b86d16cfd9f2f2b06ca8eb100096df85b334b |
| SHA256 | 22976ac9bfb122c0be6eb218c7f94b23f90d16787f7520fe28b9a5b15de6df69 |
| SHA512 | 49df909efb1288f538b8e3c0b94cdb1b4f33931f6c1d667d0129d6f6ff6ae638cbcc4ce6d7b54440ec0cefde3491db2e0253ce9caf28546181ae9882c57bccc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca
| MD5 | 363a71c14b5c00ea220202b848b3d4d5 |
| SHA1 | c012c038c65400418ef7dd3ee4313480ed81ce73 |
| SHA256 | 4ef1631c0c086a74b4d5c88c08887b0e7669af300dab9a31b73c0609f7fb7430 |
| SHA512 | be3944a2da2ac3e2d71c664eda88e39b45152d5314488d21c2fa0eb5dc0a7a26d09434d6d596cbd9cd9425584a9a97897952637b9f2cb70d7c1112d3a77f094f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9043c9088706f0647e55c06787d053a5 |
| SHA1 | 14a1806d9f52bae8190f040d16f8a1a8d5256f06 |
| SHA256 | 084cd27dadeddb8c16186affb076d0c7790cba90b631d02e9e24b2f7cd7bda60 |
| SHA512 | 797a330c174e58c9442dd49d325809e30336ab545266d99110e20f78e9bd98d6fe93cf9a73cec445540668b46f5556f5cf4c7ee56b81094d82d9e3d675194a6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 890d712633f99096167db328ce6f9f60 |
| SHA1 | 67df48d1b7ae39b2b374140e0a4d0c590233b66e |
| SHA256 | 98c7c1db407bf1c4539a35c78b6a5d4c4ac3dd9fef9c1a53ea1bc9b332c95b36 |
| SHA512 | 7cc10857a413a37188d7263087da4109fa2269c9ff7f1c0b3449f5b1be23a189b5c97d2e58d3c25fb13b692c330f0951036397e3c029a9eecdb77cc225459aaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b
| MD5 | 11f43ee831b7d22dc47cd287a4e8622c |
| SHA1 | dd0090133f252a307084e8a56a18409b1423f416 |
| SHA256 | 3f0babfecde6ecc82e53eb595a9df23aceb9e0a7e6de748b9b2cec617ec30f24 |
| SHA512 | 8f2a88a1ecbf5ee62243dab484503b6151dd4121304f7dc92b8ca3663479fcef9078358172e15246631a7c4311ae90f9ce8736a53ee63ab9db5439cee81e832c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c
| MD5 | 6e7cb8c30f031f8b48d29dbe886e59ae |
| SHA1 | f32d598ffb8481e0e0aa808d07c85e3d2c841368 |
| SHA256 | b6b10e3e5049facee6921b96b5dac439668e79591e155bbf431aeb692bf0c858 |
| SHA512 | e6d893208f1527b727e76432bc4b338ee80b118fd8a7e660e6f89c0d656cb891033702c34f219cfaf963137a6968934ad443f6970b8af517c0a147c22cce7037 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d
| MD5 | 9c6da982c9a1da458ba2610cd7430414 |
| SHA1 | 3326f77b7d3642b0fd949bc8ef0613e1e422412b |
| SHA256 | 8a3cabe8938abb743fb97798ffa5f32dd7391fabde99567ba92539b1029f435b |
| SHA512 | 56708ef3f0eda5fc6e842cd2d964e4955e616d461da8b139e17dbab4cc5fa8710cf92c8d99a6a4e6d03bf57faa7bc3e7f7dd259ff96f80454d38637379e6a32f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | ae2fe4fe5be048ff183db4ad506d9b90 |
| SHA1 | d6e5f9925cc299aca646f3aaf55df324f2932063 |
| SHA256 | ee98519d80625f797d3a74f3c639c5dced9c7f8a06bb5a84d284683f3939811b |
| SHA512 | f68790de98aaaa2d292dea1ba2c613d44cb6abfd8e6706e50e4fefd7e7a2e19689ac1481069487f1c26394bbc512181769a2f6374c8da634865ebca6b29646c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | d2d0c427f1d093c36a9fd6751a9a9d61 |
| SHA1 | dbd596ab1f2256ed3e3816be5eeb75d34f38f821 |
| SHA256 | b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f |
| SHA512 | b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f
| MD5 | b40199dc9c07b6711abfa55f08c8b652 |
| SHA1 | e8bfdd813db3723b84fbd87688efbffb42e96876 |
| SHA256 | 50790dd84ab1c742aa88ac0f130d15afa91c9f3feb26959a702fab699edfefb4 |
| SHA512 | 0742a608d3a2414c19b31600770a4e8459054be49fe124f997cd7210f4c807bd824da41e9813c379a732ed92e24128341b9c4038fb2dcf5f9c512968a4b90aeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0
| MD5 | cb500843b3998731a5b5d71775802ed3 |
| SHA1 | 3aff072ae277aa005bd9c81be1dbe081a56a181b |
| SHA256 | d8b982b75de997ad9096e58b307b326eed9cd791d0d11e14f3ae1d3cca1f5ea4 |
| SHA512 | ca5f32cac41d33be688d5ccdd4c10e7430549a03abd12f9815446c109fd2121808d4fc5dda274df0afe39b32eff0391613baec31fcc9fb85ccee9b428f4d27b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 9125390530fc82d5befe5bb70726d018 |
| SHA1 | 6c063be5fe70e85fa0f2b8d475ea4fa3bb0781cf |
| SHA256 | 346628282b064ecac56cdb80d9b63f6d39c66bb5e4630601e95ad55a121e67af |
| SHA512 | 67e3b5e026c94c5e58dbc0990ff1bc91ee6064d2508fb5d211d3b9353c80333d68dce83f694ecc1ce93a74a4cbe5708a950ee77906dae96d073b8112d002e519 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | c458cebbc1cc55e3caef40d465516c1d |
| SHA1 | 38f462fd2ae0b0c2e11d66763c9f69b514f36790 |
| SHA256 | 67071a5eebcf402f7bae19b66197ab223ffd65414683bbcb09df50feff042523 |
| SHA512 | 65fd67db87ae0890a2fea75a925077fd8b4b5fb6b47141806e0823da37a196572fa6e5a8309379f8c0380e91c9cc282bc2c9c0312843057b2d4f81a0b6e09c2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | 35f356a1d71be1f4dab77980270257c7 |
| SHA1 | a42c561ad21d64a4c04cc309ef7515b640cea139 |
| SHA256 | 585ba528cdb68775a0afdfa8ff866a59f3eba6f755fd4a92e9b825b7d49868c1 |
| SHA512 | 7a65754031b5684b2d50a48771bd65976ef4aab6a552042a12baee8169430576f27a9affcc8e9d020732f548944bc9fd84268349be8a5da4d5fcccc6be9b02cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | df804cd1c930ad4346f76f8a391c3222 |
| SHA1 | 46f2e7a5960c97e53a3ca76a9d2866b78b2a594f |
| SHA256 | 20b227f99e1609f001f93305b4724e29dc7b29207c712754639803f51eeceacf |
| SHA512 | 77968ba98043a5d5bde4f970fc81244603d434266d332d22e7c73b4e0c5b75a12eb99d1869bf5a41d9316a558b3a7386aebf2253ea77cae155e410eff74c1da7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff8be2765b0bd3971de8fe56877d72a3 |
| SHA1 | 771d93ac57c2be2626fe90b06548dbf9ebf7e95e |
| SHA256 | b92a1faaa002a72b26b2a80b5c2cd1d9720445ab7998dae3e3a2c58574ce48bb |
| SHA512 | 6a90687c0bb01b0b030f39fc5db059a09c35a646e70ae24dec8ac39db7796981a86b4c3ea91f86b4d9b4cc945b906a590c71b076e6e95f4d296f6bf7765c94b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 650376655af076b751e0b55a6d3af932 |
| SHA1 | 4447ff1486c28b7e6357f364954601b6ed66c48f |
| SHA256 | b6a1bf69f0596d0c8200a3813e2b6aeef7e6a162a26ddf3fddca7b232f4f0de8 |
| SHA512 | 38de39370ff209df0f8dc902efaeeb7c97fd787166d2b3106a5c942d5f5f7745261ecfe7b2184469791c0d3cf328d0b681c70c582aa8cffa093e5f205a568830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc
| MD5 | 1291dbe3b41c93c5aee4f3ed10b07a66 |
| SHA1 | f24bb0f789d12f73fa7ed4dd720c1694567e8f3f |
| SHA256 | 6297a72a9d7714b5cf1d38b23909371ef13bd423d3efd85a1128bd47c988e0eb |
| SHA512 | 995816d095db3ad3204c6d541fa6817e45cf53ce27ab08efdd4fef4c716f427fc388b02c60950f4dbe8368e6f92472c6a7f43a45aa58c04e0766431524740dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd48e56d9f7395add4eab64d86fb6cc6 |
| SHA1 | bf96ba53d0843f7f774e5bfb6362d796824cc452 |
| SHA256 | e12d8f32ed3eaca5533e1c18f9d8399ef7c8b2d90893273a761a73e29f4dcff3 |
| SHA512 | bba764eef1185724c34eb04ea654d79f5422663ea009a7e014bc2ed1045e4618d45814fb92de06c499abab8de6252838882b4d53557307919d47f919c4fa4118 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f5777f7c2dd841409dcb4ef4814e021 |
| SHA1 | 82985170dbc3a0530cfe1771cdda6f055b48e88d |
| SHA256 | 401b52dff7a253d190ec3c7767690af5fca98c7f40f022f7b53b0c4be77874e4 |
| SHA512 | a9cd30927a9ffe1ceced0c25249743d44630bbd8ddd372408302f7c8a60ca930bba8544c1bd1568c88ec4d3a96d20ab2ec1e0c10fd11b1fabf53a27ccac3ec7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57057f3bc383372e27c0dd364eafe4f0 |
| SHA1 | d31e7541a748a269b62223003b7d4a38ffad4a10 |
| SHA256 | 8660b16202cab2852d8aadbcc86f8d91099c5added8f05325bac8ada55cff0cb |
| SHA512 | 42f2313ef4f75843cd7dcb71d29fbc3d8be92ff5a2b475f7483e8206486139f6a5e9565bbef7c4117427ee5f4052c4a921311906d11185a4408d4906321784c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4
| MD5 | 414cee8557edce864b518c328b355365 |
| SHA1 | 537020bd62ccc9dd9364961015ce5aa274d8a16e |
| SHA256 | 64724a6f121a92e515def1ee81d29a2094df5bf76a76fd09e890b024e8d54573 |
| SHA512 | c70b451bb622f60cfa0afa30f37582a15b2bd2151dec14f9b65adc201f9483bbd5451ed1626eb8449ee04abd8a90d531aca6f282f19e78127c25f5dd51e1fbad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7
| MD5 | 2f0e777d0a2ee92e9fafca1a70225268 |
| SHA1 | 45497d7aa2cdc72e048a6bf019417ecf6c887a44 |
| SHA256 | 6665a74f2561393b6d144f00c23caca7cb14584a33d98237884e909b1399a127 |
| SHA512 | ad940ba38fd285d7db9faeaa7d7a87324cdcd95d9b9e9e70f8e3ee0b449061380ec517d979ca801ce32219836c2c6a155f34a677ca5e583a60d2528831134f54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd
| MD5 | 28a57accf1fceed0fad3fba3f34d2b77 |
| SHA1 | 3c911b656eb8f29926b7d953db3a913d7557ead7 |
| SHA256 | 6266c913df95dd7ffda68b245f474f4bfabd72f4f81604374338ed87bd476c65 |
| SHA512 | d8bc5199b0932dee588c8456610a932fd7d23597200eebe0ce116afac5fa5ee4a63d7afd9a2753c3ded6d467636b56d739e73ade8c28c826f3e516761781bd6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1
| MD5 | 0260645c87659bcd756cccc584569d23 |
| SHA1 | b1c3bc8e3be479360e4a50c04b6f766c744b3f32 |
| SHA256 | 27ced2861c41bc5eb6a0a883c0bbe6510a389ff3d7b4cf738292986437fce027 |
| SHA512 | ae5e4d102009663de6e012ba27c787a0a0763d44e09d0e64d186da52d5c5fd874f3d1d2136cfe9e6c08b79b67da0fca24e4f0686cbe0ce343ac0faca085cf46a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0
| MD5 | 35c74e10d354e1166c41fd72674e0488 |
| SHA1 | a6daed87a1710aeae028bcb7664ef13551eda831 |
| SHA256 | 64c200f3c523349ff6189ca9e28c345bd5239a15b9716c71bf38968efeb5bc74 |
| SHA512 | f84de77a0d48f7259f5a6fc774bd656f95ccebc329ba5857789e28d82ed597b415ac1187393be3b91fd03e2e74ecb6209a842fbcbc1eb965d1feb594572bab68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e3
| MD5 | ffead408a8ec063166896442a35c4931 |
| SHA1 | 2a0defaa274e20743f68c853878b26695ae4a7e1 |
| SHA256 | 320b5d516e580677bec77556bede1861b47fc53d70578cde7620a8977db04606 |
| SHA512 | d4e9201b01a02a093301c90937bdcacf259925d905c662d694dc6ae74c7d1f756f40e3b0f6d290515fb566a00b0c992e9cf03d28d242ee97ac170c204ce54b1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e2
| MD5 | e85a14ff609eba880ff962addd9ab9fa |
| SHA1 | 79b85d7b164728860d75e25c113b6e546bd63714 |
| SHA256 | c5fc493565ba63255848726659df6c6e6448536ec2042a7883a07f3390c6e1cd |
| SHA512 | 3b67901c12424132bac2189d179e578ef64a737cb4ee9f07b7a863a527ea060a901b4e4443af0d7b510bf32816f0ec1866aea3ba42bfd38503bc4366a33abcf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e5
| MD5 | dd3bbbe883cd3fc64f025365ee1584af |
| SHA1 | 8dbb77929330fec4de3faa5befa81ed612cb7163 |
| SHA256 | a84cf0670ec2e14369916de8dfbdbe360452492b3bf7e71c236d2203ce10d6a6 |
| SHA512 | db63817b34c9a69f21f261118db745a709ba32b10792fa12c1a9eec0571753a3440ca2d64650a386fb9a84682fa443991165d2c29aaa35df87b90aecfb58a680 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6
| MD5 | e05d1d6f09589c2e0c377bf28e0d3897 |
| SHA1 | 01747539254426ad22a82281cb76f23718255142 |
| SHA256 | f2dafe644d535e74daa196bb0bba409378b744699c074c1a47e7eb7d9df634d5 |
| SHA512 | e4ec9a8a71f5fc8f27a47dd3f51a8c7a0b835ba79d04388dd2ad2d4ab6931732a7e5970b2b660a35017f5e306ab868fef6d7cf3472c88bf1967c3534ba477992 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7
| MD5 | 38d271e486a8212858ab6c431e821a03 |
| SHA1 | 390a228cf37f6f613c8ebd74c793885b12c0f3d2 |
| SHA256 | d656e17a6abaa613e4024a09930978ca9a7b99d8eb578f9cbba8b1e77e3ed4f4 |
| SHA512 | 940c2a42b56fe31764155a417178e23f900c701cf8af6aa404bf25058ce06042e2af15a8f0becbfcd5f08cc6a03318b26b00780cef063cb00f40bed5550eeca6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9
| MD5 | 6223f6893f268c3748f2f0ff2b6fa7cf |
| SHA1 | 1ff0927ce26cae1205773750ed2ecb868492d44d |
| SHA256 | f79e09af285d7164dcabe408c315cf2b33d0dcf6c584fe41931fdb991881ebc3 |
| SHA512 | 5fc1f6ef736e47cd94d449f9a6c8aa881f1317be9515f45d78930a33f70915fec51546eb3d8a06538d5169350a0dd554f5dafcda46b1c21c475aa44f42285246 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb
| MD5 | 2f5072cff6fed6f9e174205007f0fe52 |
| SHA1 | ab13f634980e2275a4537092d388fa6fbe7d82ff |
| SHA256 | f6dfe974f913ea0240aa9731bdad512e142c4a1bbd79eadbca5816d969435f4b |
| SHA512 | 31a166ab74094fbd4c0c10d2a903b608401ee27e1c235a371ccb0874db31d47aa0dcb1d000d66598e4068a03f2928e0a6f557d3e0da0042d8f2a5bf2cef329e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec
| MD5 | c5f9cdf4a6864de3ae23f535c315bbc5 |
| SHA1 | 222d2222bdbcc319f5d60ac4c3c9278207f4bb72 |
| SHA256 | 04321513f498253aab0a672aff1daf487a697c383e06ce6922c660fe37fbb70c |
| SHA512 | f9aee87c60b002c77ece3dc087ed8aa02666e39c043a0439c035898c9fe3506078e95a7647b1ece15bfde06af84249dd289f871e15ee479923129a094b8b1ef6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed
| MD5 | 90bc22d6aefa06156d317a4e79f7f2f0 |
| SHA1 | 7ee1745671139dce12528a5c52eabac50b68cff0 |
| SHA256 | f8b92238df0faa9ca1b0df86e631178292ce5f77f0b1172608f8396572a04018 |
| SHA512 | d72cf1ea6cb82196515778fde7dadd35e1ce58a278cadcdad18774dc27669aee7a94e845fc1c56ca4305133e9924189a31c5a694d07d44b932bdab619b4cda97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee
| MD5 | f60191624b31789c6e3a0e2e1791f276 |
| SHA1 | 199891de127ecd234929e81dfbc0a2e035c9f5ba |
| SHA256 | c881c37e3cd3e683c7de9f160e2c3aea076dd96a84fbf6b674c08c0ca8b006ef |
| SHA512 | b63e0e3ab9ea17992b916bc1608834241cfccd698255661b37a92983c8058bb9e69c5a9d0fb38d8ccbca0fd50eedcb925932cb1fb1668d6403634758f77ecfac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef
| MD5 | e9bc2d3579b20f366e023ae2a56779b2 |
| SHA1 | 1b00132e5dc6d8e437f339627074dd2eaeddd010 |
| SHA256 | 8580972287fd2442484926ca7534d038fd00ae79d65531c2bc38248347fbe9d3 |
| SHA512 | 0a5a1e39a4af04bce0419d2ad5201aa02085013a64676f69ea1587317ba68603904d7fce35301b75a4c4ca855e77d6f8addbfcb0387185fac85caaa11330c40c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f2
| MD5 | 7c0d218ccc4cbadfe144d28061c5b53e |
| SHA1 | 0e94fd815aeeb0e7f67d2a1c1c6cd9191e475bdc |
| SHA256 | 1c20daffc545ddff6687c56539fb5429541ed94ec5ffd6f60059b1741e072aaf |
| SHA512 | 463b2bfe11cd2bfb47535c2f89521aa78868657e60e2be11a19936bb9fcba8757070c23a207f4e35eb23f1c0f464def865c9985429d9f601ce2086f3bb2bb1e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f1
| MD5 | c7e41f017f8ddb9ca740abd9ed437b39 |
| SHA1 | d9d403a2041aaea2cad871f028af677edac99cb1 |
| SHA256 | 2539b3e31209e8d6e32cfcf3a9416529f61d9dda03c75b8634ed2e44034c1a00 |
| SHA512 | 914fdde6306034e92e32756766917431587963040fff244d730fe632d7236d907104fb0647db351ca4f1c33bbc4d3587a81471042bf8bc3c033ff49b4b74c340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d1
| MD5 | 42da71a380474bef9a5ffa22cc093df1 |
| SHA1 | cf07753e08db0de991b531326fbfe442942548bb |
| SHA256 | 281555adf43c791e9de1fb1974f1b257f690b640a0820af8a4cf82436e2cdcaf |
| SHA512 | 91b90f81215e71b71d8c427e2e67a9c2caada8d35b237e0d34e780c2cc5f015a6a07d23d75974288b3c5b8809c82e014e4f8402c008f48af51e1810736233140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e
| MD5 | 2c4d04903a5323786ceda717a29536c1 |
| SHA1 | 5dbf3cfc82fb511ab6932142d2b9244518db77af |
| SHA256 | 161acb2a60fba59c04ff000d2e060dbb5e216ff6ea947d77fb9aef111d9b549f |
| SHA512 | 9c584e14cff1063e57980e120d0614d27b6f539e7f66dd7c9c26942ffe02559e58979faf3a5faeb96b02ecf68a181d1a61c18a11d491a538dd5e83573987b1db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d3
| MD5 | aea3da1163d87a0d25349470ec3874bd |
| SHA1 | 5286396e22210051770be7925277b8ad2fd75bb0 |
| SHA256 | d17594a9ac6c37b280dd244dcc2bfaa91fefd3c73b920923a8364cc752bf537a |
| SHA512 | 3c1de54b93294227ee400a48f8b9b0595acabd7f0949319708a12d3d0d233a895be194a95673d2f718bd2037d5e83ad424e08dabe571150e738e045185be66e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010d
| MD5 | e2c2aa3f2d32159a3270d8c1d7c9d015 |
| SHA1 | 91f931e6f9396cae583ddcf7af7888e62a541b12 |
| SHA256 | c6367d91247cb8b62ca2eab760c2f87fa4217d7887bfe9a23b49a557237aeb33 |
| SHA512 | 795f9e610276a6037f6c2689cea21bc1f0024872139d7b4a87fcdacf35869b2e1f26d62597c257e5d7fb8eec9f2aa09d9682c8e094c4811e501d3ed5020e2c27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010e
| MD5 | 8099f571ccac0d27d8fedd2ce93e6e68 |
| SHA1 | aa49813df53e6a97d86412cc2c6db6903c6d4d97 |
| SHA256 | 1967bc4d3f937e71a565c1d818aae0dc7d1ba9af9c1b25c32f8f5f3c0307ee2f |
| SHA512 | b5d62ea1ce7d60fd0614e855e4eb141d8f2f04a0475395038f1e9b65d74e30ad396f6e30608e73c3bdf87520970d23022d8df82f4ca81cfe6ac209e1f5f5ee28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010f
| MD5 | 625678880d8c338450f204a33fec863b |
| SHA1 | b24c1d2f287bea376ff5ce79065e5800c43dda8f |
| SHA256 | a4c0d82e111e1bc9fc4565c5b0744b39fbeb888a2ba8c65fc56a41632b6a81b7 |
| SHA512 | 3192be30a7735c01268353e7d0ff9aecc76a672008c5fce756fd57b528933f419b30f45540aa0de525e941fe3ae93af0c5bc0d748cbe7ddda90ada428949ae9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | afacf56e86fb923146ee713b07f9226f |
| SHA1 | a806aecc5fa2d14df3395bc69ab3eb062e5aaeaa |
| SHA256 | e87eb74bcfe4b554ffb9eb4f97320e48ee8fc1f1b6367363068c79b0f3a844de |
| SHA512 | 2d85763ec15e512dfe7970c5e913008c0846f4d382ec230ed91334b1b4ede838615c8004724a766c4878a6d9bbb7ca1cce620c190ed03bbffd84834a643d70c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b9
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6
| MD5 | bd1bff2f4ee30910d601abef11a959aa |
| SHA1 | 3f39957891f1be0e5050edad6b87385e0e21162f |
| SHA256 | 0781f5ef9474fa5b0bd4dfb5e6addff118abd9ecba80e10a186165fd744a75c8 |
| SHA512 | e606de64d0fd07efadcce16f12d94264a439c7c42fc5e30dd6da1a6022df02f0afb1be969be7344ceff233a01f30ae89a83f77036ae32c0fa9a61d64bb5f0bbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de
| MD5 | b9d397a52a8fd828fabcbff6e203abad |
| SHA1 | 72f7c6b26de836616f9517870371d0f429ddc168 |
| SHA256 | 5ef01375f7ca1e6097adedb3b82c527b1ee107ae1ad3e02f42359102a23136ea |
| SHA512 | 29be3df6b247baf6994204664d6ea47c71957168399a0778031da15b27e605fdf02f49d07d1cb316e5d127fdaad00306cff569ad428640e005b155fe28ed45a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d9
| MD5 | a1ab0ad48f678dfcb425c4564b1ff110 |
| SHA1 | 3d3aaed9ea28d065040439618ac7e7bd3ca28622 |
| SHA256 | b96d0121f1ef79267bcdc05266b479e00648ab337a24c7c950d0558e310c8674 |
| SHA512 | da8c6dc345d930d729f7aeb2a082b8d635835b83525b16572a3f731eb4befd9e107dcf6041b5ee1a9c3510ab34f2954be5fb2c0b841092fb07947f59959dceee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000da
| MD5 | 84ba47b8448f7f8688d054ffebba49bc |
| SHA1 | 4d44d9ba404778e28949a76b56196ea90467ecae |
| SHA256 | 59c6057addee467689798b1a8562628cbd9e4d0f2e225406ca07d85682d2037d |
| SHA512 | 2e5d6550cdbae07e9c7f5843bbff24b27ccbc556e8058eeabb032b6a6f914b17927c0dca6609bcc6fbd464471674fbb448eedf355819f670e3bf703949c41a14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000df
| MD5 | cd55ec5278541988b90b7481119ce5e4 |
| SHA1 | 13d913783fa1ce1fff1f6c39ca238d18d1786695 |
| SHA256 | f48954ed0839f2929be07f4e65e6130410854c23264364845bbbc215fea168dd |
| SHA512 | 89e0cb4f3d3ee4362a19fc7d882ba9f116c700cb24cacb1583f9c0e951fdb04d53d1dd31be01a786c4fc79bebb185c6ce0fd722037d17ab88507c16b7d8778b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e4
| MD5 | 2f8794fa66f725d7c36fc6e31ea111c3 |
| SHA1 | 4db5057941dbc7da544c091a744f1f2f263bc821 |
| SHA256 | 4a9256302b9921af0a381a01509e0cc84db54a7de7cf4ec8e866991ea96c502d |
| SHA512 | ba82e72f8aec76237f465b38c6e966c85f9c1fcd5c0ff2897f884ed9128de7f21a661b433a418d52f33899c32f0e494aca8adc4d52bea5deec8d166834f8b48f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8
| MD5 | f16500423cc2867eff8b773df637c48f |
| SHA1 | 1cd32d75b59a89c3a70274e383151a61ce0594f4 |
| SHA256 | 6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7 |
| SHA512 | 2df5d23f6d2e1df8aa339ee51456e92a3544a9998b4a5f8d346623980f0b878a8223a247415080c490f51f083cd70440c434f5ed3b66f7be262a2837cf639917 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f0
| MD5 | a7f57cbce595380a83c779c07d5755d9 |
| SHA1 | b255aee78ffad06d0b18273e58693ac21112050e |
| SHA256 | 9868b2cc6ca39282925286d31903375b913f064c612b67be854a0e27bae40778 |
| SHA512 | cdac267d4d5948e92a8fdd4502e3987805521abc0721aa12d67ea569fbca97eacfe36d8f39528ed31318e2130b5acb96ba8087abce0a6fb30987d2712f3410d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea
| MD5 | c49b7c3643f781d71645c5a40a78b5bf |
| SHA1 | e71138026b38afc443fb60da5ffc2244c4f5eb11 |
| SHA256 | 8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808 |
| SHA512 | b71533f82f759ad7bec575c8fa3f4d76e78362718e56934d5d5629a906ab66bcd402e177a80d0072e816b1290ea7c091e919cf3eb8444bfeba116437ee2eb22e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f97ba933c504219b66e99fdc7357cfc5 |
| SHA1 | 4e395ac13a90b635478d80c575c251d59c9dffef |
| SHA256 | 21afb5c56625e8f79dad228f93c7c446d27925bfc515bb396f2e0d46c1d7b1fe |
| SHA512 | 7280af291a47b4a6340cbce04706c247ea7361cd053df53ddc51623165417637ed3cbed087f96c2ea1d43f3e8b0b658318b91c5b9b19b59dd9abc2b52a6068f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c3d2549641f8562c96c1b0ea767fcb66 |
| SHA1 | 2efe7a1011bad8c85c9640fc0270108717b9c254 |
| SHA256 | 16e8e80d532f39b2a61503ff80748ea6faff008e8f30cea788581d6a0eef6680 |
| SHA512 | e1251975f538d2c0ebbd50921a78d52361bc2613183f6341ae32224d3566cb04750b9488064eddbcdefcc17274ec306d9268f493fa5681bb58125a5e7ba59e72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed6b5ca94b182016567becce9817a394 |
| SHA1 | ed8353eb332197c588c47d88e9b90c5aec20ac48 |
| SHA256 | 4b7f6c532d417599bf6c679f408b9334a8a87bfdcadddb618ae8c6b2570e4fda |
| SHA512 | 3c25ed2e45ac0dcb43fb3afa68e47d6b61a1e9ad3e739923de333e74e2847ee54c5177ca85d18f62775f40515f5c08dfddc7f31b3794487ed8bf4c8fab0d9469 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f59d1515677b4bbba79c4bc6a0b270c |
| SHA1 | e937fef0f7b796326b3112499b2b5c77ddc7706c |
| SHA256 | d6e9987e62c695dee78d5cb1cf4af601423f17e79e03b4a4588743a5d2436786 |
| SHA512 | d852d44d30429fd16eb824aadf325db2cbee2c971b97744ef3c0f0afed61574b3d920cec799d811ebb111281f217ce613498fe7f9d8671d1379e7638a77ee052 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6cbd37fde76792613af081f61fcd55ae |
| SHA1 | 97976d3ec08f730e33481746570ad073c789dab4 |
| SHA256 | decf40d244c53c9fd4cc541f3909b8be726db03fa35f730490be774c142fac6c |
| SHA512 | 6c046c287515a6a63dd5a889193cd1ce7463ac8e4a20b57cb32bb1f7c92f0f623e6b91c9ef865c97939c36622aa906074daf23b60011a976da564c6b67385e12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7c88b1f6-dcb9-4b81-9963-b7172d21a261.tmp
| MD5 | 81965ef779ee2037b7c6a38ba30f0152 |
| SHA1 | b5f65e5caffb7458bdeae7d4ce9f519b183719c9 |
| SHA256 | c89f2f3620e0104a3a9cd88f63b2c37862105c9e2ab8b5bcc8c03a2bb20f22a5 |
| SHA512 | 6caa0638891d3e3294e141db1cd977bdf0cacf5f021742715f651f506517f8e641870219c0e7401b1b57185773bd6b63fe312878d531ee07999e585e68db64e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000102
| MD5 | 5fbc4922d2c5a701506cd95b1059404c |
| SHA1 | d3a4473bf83528ef56d0df9ba27ad44bac4fe6e1 |
| SHA256 | 5cfc8848b9bd875e636f43120607d1cfe4982ba94afcb7d9278c6465f1d1ea33 |
| SHA512 | bce1d5ee499e717257dd253a0e9199ea6b4a11225f3901f91509fbb7b09009dd486c0bfa685b8aa95e5ce455e1c25e3fbe9ca87638cdcfb15af264dbcfb32281 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000103
| MD5 | 7cf459fb6a385376d557bfc91d964087 |
| SHA1 | 43df1c5a3fd47487a815871ae01ff4da157bcac0 |
| SHA256 | 6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979 |
| SHA512 | a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000104
| MD5 | 8dc55d79ac6100ca1ab865d0ad91ff38 |
| SHA1 | 6e3b8312fed34b09d3d946a734d480aaf5a6c927 |
| SHA256 | d398f725280c2afe9a404fb93dcaa485f9092aab73809551ceef929576ed22e2 |
| SHA512 | 3eee1b1a1ff0b6e7c964d0ffc4299ed24e68248b3b1ead5913fab4e2d649595cfe1f4bf4341794aa6b07cfa9f8ba8164f24dd6dd32e1d14ea1cff23ac1de83f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000105
| MD5 | dfba732e543ac41249928b06f425f4f6 |
| SHA1 | bf6b71502f28f91be43b90da9f8673701195e0ac |
| SHA256 | 0c558171292ae786f682a8139aa26504c26c35ab48ade22497e133703e7d084f |
| SHA512 | 7c61df0058e73e95ab75d1348582fe53522fb0950aecde499ba4ab1c5bdb83d4ca4d8b26cb6e89b6695bf5f01b8c07b2e647f4f53dd12c61124322ec00aa817e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106
| MD5 | 8318db8ce08e20961a259124b01ed12e |
| SHA1 | cf66e2d5683836cc4c21369d3a422b4b9c177238 |
| SHA256 | adabe0cd0f13b34099125f1048d14a62bae093d484f41903f90da8e4ff23736d |
| SHA512 | 9737ae97918ed8c36856e29908da81f1e462f0ef7e3d3f742c634e3ed81b6e60d3e9225fea972def48ccda01c84c608da16461acfe7bef1e4ec9e24a11a164b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000107
| MD5 | 63f8ce93cd5b30f76b0a6cd029b7d354 |
| SHA1 | 3ff83134ad10ff1e5c8da09db619a0274e5e8546 |
| SHA256 | 35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab |
| SHA512 | 7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 429eb63bde4e365a367c27462904219e |
| SHA1 | 9b1c625b781d0620d6d5ca671bb9f83deaae53ba |
| SHA256 | a72fb1720131aee41861602d2682fd5184e8bb471b243a1c4600bbfe5a4a88be |
| SHA512 | 4f1a0ebf6b9e7db7f9898a3c3167629dfbb420cd9b694d1963f3777a9697d5e87a6377944cca6c293ab59ae735e55ae757f1af37dad55b0cd3552f26b740f864 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fa
| MD5 | 7c90010c33f34e01f2db93cfed1167e2 |
| SHA1 | 768aa01dfa616dcff23758be7e94e773becf06b6 |
| SHA256 | bcf09749b7ba5099d1c6c1d591a48c78616b5b4396363c47fd495a75f9c3b513 |
| SHA512 | d788f630a538b6d57ac33bd01a24839c43aba118ec76b0f4e9afce78eddff3621efe1c7d36627ee1328338218c64aee8b7fc9debbafbe1bfa8c041fb9205e55f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fc
| MD5 | ec3bb52a00e176a7181d454dffaea219 |
| SHA1 | 6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68 |
| SHA256 | f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c |
| SHA512 | e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100
| MD5 | 674d252d1d020643ae3ba6643638b3e7 |
| SHA1 | 05c8a5bb1c13cc1a7f418341497819e0b32be59f |
| SHA256 | 49a49bff422df8cc5843a5acb649e888b7769b62ac3337d1be569af15bc7f423 |
| SHA512 | c7a33b6b2b91c515f7219affcd28ae044226ddd7b848d5159cd2e7cfa362d724611f424b0e5428e0e1246a951a47e7ff016f23a45a7ff2d1713f3a0b4456385a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc710ef054c16496d5b6fbae7756eb87 |
| SHA1 | 6cf5d5675db4733386efeedc1b8a65c7c0419f9d |
| SHA256 | c0b20c41479ac54c69d237d236e2e74db5bd62e2c9f9b7bc8da935612bc15502 |
| SHA512 | d03c2ff020ff2fa8c23d985b0653feb1b2452e8c7f87480421a774c9b089b610a119ac6ce6e404b5e66fbbfbefa651a8a02073fda5e3d80f26702503eecb2330 |
C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\_ISMSIDEL.INI
| MD5 | 4af8ef7ae716f1072e1e033c6c917500 |
| SHA1 | 7f0d93ff9aa531c15ba3534c1acee0d64ac25579 |
| SHA256 | 4efd5ac78e06877f6db4e124c9a1ee4b13c285b91b4a61e2a41bb267eb877fd2 |
| SHA512 | 3d9b094bd2ed03b886470b01a3e83e77ebb3081e223dcd0a1c7d4fc6e6f2145a40634b8b05195d863e3be4336e0dac11f0d723791b0666824ffc92a4c12c56c6 |
C:\Users\Admin\AppData\Local\Temp\~DF8.tmp
| MD5 | c103a5dea86afd1418ef947af7805b8f |
| SHA1 | b9bd1209f76bfdd54b63d5f09d12ee1725883b16 |
| SHA256 | b4de52c07a92152b8a2a0421edfa24232b7c44e841c04c074cad96ea12cba8be |
| SHA512 | 59626df3a1b77b70f55381d31939b01331cca6c6717792fefe29aff8393bd7b443104be7b1bc54ddca79b9d41040129cb05daa7e2aea7acd13098641f152e3d0 |
C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\0x0409.ini
| MD5 | a108f0030a2cda00405281014f897241 |
| SHA1 | d112325fa45664272b08ef5e8ff8c85382ebb991 |
| SHA256 | 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948 |
| SHA512 | d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298 |
C:\Program Files\AccessData\FTK Imager\FTK Imager.exe
| MD5 | 75c4eaf8d121675f3f533f7ddd57d13b |
| SHA1 | 17749ca19d876b256208e525e683e8a3a4c52969 |
| SHA256 | 9d60caa20d860beeed4e21d5aee91b40597c7214021ae92fe3ccaa9d0f1b36d3 |
| SHA512 | 05d75e914470f59c733bc13dc509b3f967b3f6df5e4d6915b18b39724d1cba1dcb8857cd5a2dd7c311e6e1a858e7a30eaa63be7884d82d7562879bdd13c16f49 |
C:\Windows\Installer\f895909.msi
| MD5 | 63640acd19c0dedaa0945dd595ee6e43 |
| SHA1 | 09164f15e394b3f5ecf6b50273aa255d59a44fff |
| SHA256 | 8c039cb71051881e34dbd5e2ea53873fcb6e644c7874c38d5472a4612b082472 |
| SHA512 | 19aa5e05fce59976b0a0b5eeec86d3b94c970b8c77ff00683581dd2277a7153e8e975246b7d3cfb1ed7c4c52784f8d9295fd04bd6ceacb08d9e74144a7190a5a |
C:\Config.Msi\f89590b.rbs
| MD5 | 4e71d3acaeaa242270e456f3562a3fc4 |
| SHA1 | cc2bfef2fcc3d4e7da0dab84f9aa6607b3ff7d06 |
| SHA256 | 491c5d9fcc05e704d5f14b00fed074a9a6a7bfd9f1733d180f073c2bd97fb43c |
| SHA512 | 911ed8d94a1c80559a8643e071a8e37969823cae03269e982b1832ffdb6111c1ad9582cf2e96a84ae46bedb988360fa712c0a06afb9d3b5ea0922d182218e5db |
memory/6020-4747-0x0000000001750000-0x000000000175F000-memory.dmp
memory/6020-4748-0x00000000017C0000-0x00000000017FA000-memory.dmp
memory/6020-4749-0x0000000140000000-0x00000001418B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\_ISMSIDEL.INI
| MD5 | db9af7503f195df96593ac42d5519075 |
| SHA1 | 1b487531bad10f77750b8a50aca48593379e5f56 |
| SHA256 | 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13 |
| SHA512 | 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51a4fbe0e252f6709f5d2c5e0da227ee |
| SHA1 | 9e713992c536524aac207804caf394d7149572d7 |
| SHA256 | 722107c2ada500b124154ded34f3571a7a546f5ceeeebc6c86380dc8d6f69359 |
| SHA512 | e8f6981ecd942d13f9b2bc45502e07f4b5946eb4fe4e8318a32aac6d5dbab1a80532a0879b80f19f109a953bf88f34f36d4d1eb019365a1b1c74a4d04f9a91e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5f5c5ec2-edd8-458a-850f-563865002606.tmp
| MD5 | 858aed58d40111bd135bfb58d83e83e9 |
| SHA1 | 3c1d8d8f26684969b779f15871ff4aa665e9aaeb |
| SHA256 | 4ee6bf14343f4b9d18e1243b4eb66b311c21f02e30432eafbddb5c0e0b690a31 |
| SHA512 | 48742ab55f8e6f54770c66e69df5c1622a68161983dd8f1964ab8d201806b11b72037a7b3d8e3f46eee2f43be8e368d762f47263b57a6736feebc9c6dbfbb8d5 |
memory/3004-4876-0x0000000000400000-0x0000000000428000-memory.dmp
memory/3664-4881-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Program Files\HxD\HxD.exe
| MD5 | 881e8157dd6507eab30f5ff3b6f63596 |
| SHA1 | 1ed2b6e0cb8e31c17f565b0a8731d9ef0900e5c5 |
| SHA256 | 98a097e3c44a33ef88ce0eaf25d94e447e3f86be900fc9f4742afe16613ec139 |
| SHA512 | abf558b7e212cc8c7cf296e4e17c5693faebd3f4eff7f25a58ee38c60f47711ef34b64bc8b7c759f8ad1c14a328641482fe4ef3b52b0039225f643b6fb5ba198 |
memory/3664-4911-0x0000000000400000-0x000000000052E000-memory.dmp
memory/1540-4913-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/3004-4914-0x0000000000400000-0x0000000000428000-memory.dmp
memory/5896-4915-0x0000000000310000-0x0000000000311000-memory.dmp
memory/5896-4923-0x0000000000310000-0x0000000000311000-memory.dmp
memory/5896-4924-0x0000000004E40000-0x0000000004E41000-memory.dmp
memory/5896-4926-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4927-0x0000000004E40000-0x0000000004E41000-memory.dmp
memory/5896-4928-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4929-0x0000000002C40000-0x0000000002C41000-memory.dmp
memory/5896-4930-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4931-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4932-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4934-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4935-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4943-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4949-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/5896-4951-0x0000000000400000-0x0000000000AA8000-memory.dmp
memory/4048-4967-0x000000002FC61000-0x000000002FC62000-memory.dmp
memory/4048-4969-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 41124aa2c308429f847924402058b129 |
| SHA1 | abd4c11c942cea8ab26b7284cee514d6bb73afdc |
| SHA256 | 71ff1adfab485d68cb323b105ee985df02d2a6c1221bed41449df5169cf2dd42 |
| SHA512 | c3a871f5c80c105aa573124264c44103d3825ed4b764ad971a62f0ed2ca11ae0173162e2bd62b94515f30215cf1b0b9fdbeea3f6e39bded82dcce1854a261ca0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 20e07a72a690e0d905afef17db67108a |
| SHA1 | c20702e43c671fa6c394892b0df0f15bd0e1d085 |
| SHA256 | 6da870780cedd3bb05541acca9b385baa899789d88315447b243feab5857f4b7 |
| SHA512 | 055e6a8ccd1182059d438416a6097efef92d7f6565fa81a9d21d82ccb704da1a3585d996bfdc8fc47ba7061cac33d564d1533d98ca751824f55bf245cdde6880 |
C:\Users\Admin\Desktop\Analysis.docx
| MD5 | 874672d1754902c7f77c1a6dd0f25457 |
| SHA1 | 0519aed3eb535aeb0b7c3c930a44147d9ee65d87 |
| SHA256 | 8b2988432b76cf5dea49d3a02a28aad25d370f4c44d03b411fdd6b3cffaac975 |
| SHA512 | b619d3fdf79052fd74907bf4b355bbbfd94890b47017de6153ebeb7450435f57fecb1efb3e2ab79d04ac4e4ad8e690870bca78720e47cf81c74b90272f555d83 |
memory/4048-5011-0x000000007328D000-0x0000000073298000-memory.dmp
memory/2640-5029-0x00000000021A0000-0x00000000021A1000-memory.dmp
memory/5436-5030-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/2640-5031-0x00000000021A0000-0x00000000021A1000-memory.dmp
memory/5776-5064-0x00000000011C0000-0x0000000001278000-memory.dmp
memory/5776-5065-0x0000000064230000-0x000000006491E000-memory.dmp
memory/5776-5066-0x00000000005B0000-0x00000000005F0000-memory.dmp
memory/4036-5067-0x0000000000C00000-0x0000000000C01000-memory.dmp
memory/5776-5068-0x0000000000620000-0x0000000000632000-memory.dmp
memory/4612-5077-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/5776-5084-0x0000000064230000-0x000000006491E000-memory.dmp
memory/4612-5085-0x0000000064230000-0x000000006491E000-memory.dmp
memory/4612-5086-0x0000000001130000-0x0000000001170000-memory.dmp
memory/4036-5088-0x00000000050D0000-0x00000000050D1000-memory.dmp
memory/4036-5089-0x0000000000C00000-0x0000000000C01000-memory.dmp
memory/4612-5090-0x0000000064230000-0x000000006491E000-memory.dmp
memory/6136-5091-0x0000000001E40000-0x0000000001E41000-memory.dmp
memory/4612-5092-0x0000000001130000-0x0000000001170000-memory.dmp
memory/5740-5093-0x0000000001EC0000-0x0000000001EC1000-memory.dmp
memory/4036-5095-0x00000000050D0000-0x00000000050D1000-memory.dmp
memory/6136-5096-0x0000000001E40000-0x0000000001E41000-memory.dmp
memory/4856-5099-0x000000002FE51000-0x000000002FE52000-memory.dmp
memory/4856-5101-0x000000007328D000-0x0000000073298000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
| MD5 | 1abfdf2eeaced796088c9b38a882d2e8 |
| SHA1 | 76d73b061c70f658e15208fafe1f05e9a62aaefa |
| SHA256 | 16a366b2ee08891b1a129445732ac9b7441d3f243428b5262cac8717ca9253ff |
| SHA512 | b58c73e8f6ffa60a96e7b8fd67846cab53840ad6f08a16ce2c64d51c487d8e48e555fc844cfbdee899bce1d6a373b02e891cc87c0466ac68e870259eb98fe7bc |
memory/4856-5114-0x000000007328D000-0x0000000073298000-memory.dmp
memory/4036-5115-0x0000000003B00000-0x0000000003B01000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 0bd633e287348803be53b1f3c72dae89 |
| SHA1 | 562b80d283b561fe6ff20722e9b99077ae12c30b |
| SHA256 | d7062864344aa2e5a967ebb66396902475f3e54c5d7b5c2893ccf03a13a33bc1 |
| SHA512 | 83f41b74d1c7316d15151fc77776bc55c2e1008baa4b819c1deb8214bbf0bd4e7ae4256a5a35c2a1b4614814ab6f725dc8470bf5b40216fdb82a363f8dcaa994 |
C:\Users\Admin\Desktop\Analysis.docx
| MD5 | 8ce2d94d3b2b795be5bf36a6c194495f |
| SHA1 | da6a313960069867ea2512fa718d9297f9413bef |
| SHA256 | 39ae961cedcd41c2e41a47e4ff086bd47dbde240d0afc34df2d9abb6dd649759 |
| SHA512 | d4046b9b0b166ab68cc475409b9bf84683093d9765a8cb654d95565de780e3aea8cfe550376b0dfd9b3f55ce40c47a55c33a8f0a8c2e71e105d8bc4ed42d11f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\38ef09e4-bd5a-4476-ba00-ec65ef5d17a3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000013.dbtmp
| MD5 | a6813b63372959d9440379e29a2b2575 |
| SHA1 | 394c17d11669e9cb7e2071422a2fd0c80e4cab76 |
| SHA256 | e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312 |
| SHA512 | 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000016.dbtmp
| MD5 | edd71dd3bade6cd69ff623e1ccf7012d |
| SHA1 | ead82c5dd1d2025d4cd81ea0c859414fbd136c8d |
| SHA256 | befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6 |
| SHA512 | 7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157
| MD5 | 22e4aa0b73e04477efd65996e0fd4595 |
| SHA1 | ae3fc17a56c326507d19c10e2201c8e93a52848f |
| SHA256 | d79e602a3a8331ceaa3d9d49f4c95a3bd5d09cf9ddaee940a19035ca7459b7b1 |
| SHA512 | 33dd30f0f624c64641701d568f53bc606d308a42c6d61334f581a9f2b67057298e93ab7cef993f6980a4418dd6e599f273287f0d8117f734fb65cdafd017070c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{005AC50C-8870-477A-BD0C-AF450F755112}.tmp
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| SHA512 | 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0892524-1846-482a-acca-d28f02017db8.tmp
| MD5 | ee210bf9bbbca49e6f7088d2d467149e |
| SHA1 | 441026441639fc8919fe492ff79260fc9fd63ad0 |
| SHA256 | 337b304996e2a66a4b00403e3e98c0d3649c9b2b760f64f9e71fe37b4d5656f9 |
| SHA512 | bcf07b3297689c75a12124bedf87d191cf5b3a55b88340e4d1b916fc8ac0446e17e5203f373ae1ba2619ae127225b614781b8ac19d2247a5d4bd7d70bedb1209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 064734400ca5765a0729c3943e0d09a5 |
| SHA1 | 4d9c816392a25d8d592853c59375a872aba9f97c |
| SHA256 | adc119123c94dc3b95e0378384d88d89458a61fe4f3b4d7c3622d2b97648a469 |
| SHA512 | 107b54802fda4ca4df64fc0e315eae5325c798dc96f4cd08ae5702e54dc0264f9ed3d069f5d78a93cf2ee8214388a65394f5e4aada4c8fde796d7dc98b9fd463 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 12:10
Reported
2024-02-23 12:30
Platform
win10v2004-20240221-en
Max time kernel
445s
Max time network
1170s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 12:10
Reported
2024-02-23 12:30
Platform
win7-20240221-en
Max time kernel
837s
Max time network
837s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-02-23 12:10
Reported
2024-02-23 12:30
Platform
win10v2004-20240221-en
Max time kernel
422s
Max time network
1149s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |